Cisco s Appliance-based Content Security: IronPort E-mail and Web Security Hrvoje Dogan Consulting Systems Engineer, Security, Emerging Markets East 2010 Cisco and/or its affiliates. All rights reserved. 1
Cisco Security The Power for Advanced Protection Cisco IronPort E-mail Security Appliance Cisco IronPort Web Security Appliance Update Q&A 2010 Cisco and/or its affiliates. All rights reserved. 2
2010 Cisco and/or its affiliates. All rights reserved. 3
Overview Most Accurate Protection Against a Broad Range of Threats Global Threat Telemetry Cisco Threat Operations Center Global Threat Telemetry Dynamic Updates and Actionable Intelligence www Adaptive Security Appliances Intrusion Prevention Solution Email Security Appliances Web Security Appliances System Administrators 2010 Cisco and/or its affiliates. All rights reserved. 4 4
Key Components Powerful Ecosystem Enables Fast, Accurate Protection World s biggest, broadest and best traffic monitoring network Cisco SensorBase Cisco Threat Operations Center Global operation provides high responsiveness and accuracy Dynamic updates and actionable intelligence ensure fast, accurate protection Advanced Protection 2010 Cisco and/or its affiliates. All rights reserved. 5 5
2010 Cisco and/or its affiliates. All rights reserved. 6
Before IronPort After IronPort Internet Internet Firewall Firewall Encryption Platform Anti-Spam MTA DLP Scanner Anti-Virus Policy Enforcement DLP Policy Manager IronPort Email Security Appliance Mail Routing Groupware Groupware Users Users 2010 Cisco and/or its affiliates. All rights reserved. 7 7
Management Inbound Security, Outbound Control INBOUND SECURITY Spam Defense Virus Defense CISCO IRONPORT ASYNCOS EMAIL PLATFORM OUTBOUND CONTROL Data Loss Prevention Secure Messaging 2010 Cisco and/or its affiliates. All rights reserved. 8
SensorBase Reputation Filtering IronPort Anti-Spam Who? How? Verdict Where? What? Spam Blocked Before Entering Network > 99% Catch Rate < 1 in 1 million False Positives 2010 Cisco and/or its affiliates. All rights reserved. 9
Real Time Threat Prevention Known good is delivered Reputation Filtering IronPort Anti-Spam Suspicious is rate limited and spam filtered Incoming Mail Good, Bad, and Unknown Email Known bad is blocked Cisco on Cisco Our Corporate Email Experience Message Category % Messages Stopped by Reputation Filtering 93.1% 700,876,217 Stopped as Invalid recipients 0.3% 2,280,104 Spam Detected 2.5% 18,617,700 Virus Detected 0.3% 2,144,793 Stopped by Content Filter 0.6% 4,878,312 Total Threat Messages: 96.8% 728,797,126 Clean Messages 3.2% 24,102,874 Total Attempted Messages: 752,900,000 2010 Cisco and/or its affiliates. All rights reserved. 10 10
Defense in Depth Spam Protection Spam Botnets Spammer Networks SMS Spam Attachment-based Spam EMAIL REPUTATION Who? What? MESSAGE CONTENT Verdict WEB REPUTATION Where? How? MESSAGE CONSTRUCTION Malware/Phishes Image Spam Short-Texted Spam with URLs Spam created using Automation Tools 2010 Cisco and/or its affiliates. All rights reserved. 11 11
Management Inbound Security, Outbound Control INBOUND SECURITY Spam Defense Virus Defense CISCO IRONPORT ASYNCOS EMAIL PLATFORM OUTBOUND CONTROL Data Loss Prevention Secure Messaging 2010 Cisco and/or its affiliates. All rights reserved. 12
Virus Outbreak Filters Anti-Virus Engines Zero Hour Virus and Malware Detection Complementary Anti-Virus Engines 2010 Cisco and/or its affiliates. All rights reserved. 13
Zero Hour Malware Prevention SensorBase Virus Outbreak Filters In Action Dynamic Quarantine Since VOF we have not had a single virus outbreak! INTERNET Virus Filter Over 24,000 virus positive messages stopped in 9 months Virus Outbreak Filters Advantage Average lead time* over 13 hours Outbreaks blocked* 291 outbreaks Total incremental protection*. over 157 days VOF has stopped more than 12,000 separate viral messages in the last year 2010 Cisco and/or its affiliates. All rights reserved. 14
Management Inbound Security, Outbound Control INBOUND SECURITY Spam Defense Virus Defense CISCO IRONPORT ASYNCOS EMAIL PLATFORM OUTBOUND CONTROL Data Loss Prevention Secure Messaging 2010 Cisco and/or its affiliates. All rights reserved. 15
Simple Set Up Easy 3 click set-up using content filters Use pre-defined content categories or create / customize your own Can be applied to specific users under specific conditions 2010 Cisco and/or its affiliates. All rights reserved. 16
100+ Predefined Policies for Comprehensive Coverage 2010 Cisco and/or its affiliates. All rights reserved. 17 17
Management Inbound Security, Outbound Control INBOUND SECURITY Spam Defense Virus Defense CISCO IRONPORT ASYNCOS EMAIL PLATFORM OUTBOUND CONTROL Data Loss Prevention Secure Messaging 2010 Cisco and/or its affiliates. All rights reserved. 18
Single view of policies for the entire organization Categories: by Domain, Username, or LDAP Allow all media files Quarantine executables IT Mark and Deliver Spam Delete Executables SALES Archive all mail Virus Outbreak Filters disabled for.doc files IronPort Email Security Manager serves as a single, versatile dashboard to manage all the services on the appliance. PC Magazine LEGAL 2010 Cisco and/or its affiliates. All rights reserved. 19
Multiple data points Comprehensive Insight Unified Business Reporting Consolidated Reports Single view across the organization Real Time insight into email traffic and security threats Email Volumes Spam Counters Policy Violations Virus Reports Outgoing Email Data Reputation Service System Health View Actionable drill down reports 2010 Cisco and/or its affiliates. All rights reserved. 20
Message Tracking What happened to the email I sent 2 hours ago? Track Individual Email Messages Who else received similar emails? Forensics to Ensure Compliance 2010 Cisco and/or its affiliates. All rights reserved. 21
2010 Cisco and/or its affiliates. All rights reserved. 22
Ubiquitous Path In and Out of Enterprise Networks Growing business web usage FTP SOAP IM RPC Video Growing tunneled apps usage HTTP is the New TCP 2010 Cisco and/or its affiliates. All rights reserved. 23 23
Adressing Business Challenges Secure Against Malware Prevent Data Breaches Cisco IronPort S-Series Control Web Traffic and Applications 2010 Cisco and/or its affiliates. All rights reserved. 24
Consolidation Drives Operational Efficiency Before Cisco IronPort After Cisco IronPort Internet Internet Firewall Firewall Web Proxy and Caching Anti-Spyware Anti-Virus Anti-Phishing Cisco IronPort WSA URL Filtering Policy Management Users Users 2010 Cisco and/or its affiliates. All rights reserved. 25 25
A Powerful, Secure Web Gateway Solution Most effective defense against web-based malware Visibility and control for acceptable use and data loss High performance to ensure best end-user experience Integrated solution offering optimum TCO Management and Reporting Acceptable Use Policy Malware Defense Data Security AsyncOS for Web 2010 Cisco and/or its affiliates. All rights reserved. 26
Visibility and Control for the Web and Web Applications Management and Reporting Acceptable Use Policy Malware Defense Data Security AsyncOS for Web Enterprise-class URL filtering Applications and object filtering Integrated identity and authentication 2010 Cisco and/or its affiliates. All rights reserved. 27
Cisco IronPort Web Usage Controls Leading Efficacy, Rich Controls, Comprehensive Visibility Control Per user, per group policies Multiple actions: block, warn, monitor Time-based policies Unlimited custom categories Custom end-user notifications Visibility Easy to understand reports Extensive logging Comprehensive alerting Efficacy 200+ countries 50+ languages 65 categories Less than 1 in 1 million false positives 2010 Cisco and/or its affiliates. All rights reserved. 28
Access Control Policy Instant Messaging Facebook: Limited Apps Video: 512 kbps max Employee in Finance Access Control Violation File Transfer over IM Facebook Chat, Email P2P Granular control over HTTP, HTTP(s), FTP applications Dynamic signature updates maintained by Cisco SIO Granular Control over Application Usage 2010 Cisco and/or its affiliates. All rights reserved. 29 29
Edit Facebook Controls 2010 Cisco and/or its affiliates. All rights reserved. 30 30
Chat Messages (Email) Events Notes Video Photos Places 3 rd Party Applications 2010 Cisco and/or its affiliates. All rights reserved. 31
Business Community Education Entertainment Games Sports Other Utilities Control 75K+ Facebook Applications 2010 Cisco and/or its affiliates. All rights reserved. 32
User-Specific Acceptable Use and Data Security Policies Authentication against LDAP servers Transparent, single sign-on (SSO) authentication against Active Directory Multi-realm sequencing Multi-domain authentication Guest policies Re-Auth and Failed Auth policies NTLM/Active Directory Define Acceptable Use and Data Security Policies using Rich Identity Constructs 2010 Cisco and/or its affiliates. All rights reserved. 33
Native control for HTTP, HTTP(s), FTP applications Selective decryption of SSL traffic for security and policy Policy enforcement for applications tunneled over HTTP FTP, IM, video Collaboration Software as a Service Tunneled Applications ftp://ftp.funet.fi/pub/ HTTP 2010 Cisco and/or its affiliates. All rights reserved. 34
Multiple layers for Malware and Spyware Protection Management and Reporting Acceptable Use Policy Malware Defense Data Security AsyncOS for Web Malware landscape Multi-layered malware defense Network layer phone-home prevention Reputation filtering and signature scanning 2010 Cisco and/or its affiliates. All rights reserved. 35
Protection Against Today s Threats Layer 4 Traffic Monitor Web Reputation Filters Dynamic Vectoring and Streaming Engine Detects malicious botnet traffic across all ports Blocks 70 percent of known and unknown malware traffic at connection time\ Blocks malware based on deep content analysis 2010 Cisco and/or its affiliates. All rights reserved. 36
Preventing Phone-Home Traffic Cisco IronPort Layer 4 Traffic Monitor Scans all traffic, all ports, all protocols Detects malware bypassing Port 80 Prevents botnet traffic Packet and Header Inspection Users Network Layer Analysis Powerful anti-malware data Automatically updated rules Real-time rule generation using Dynamic Discovery Cisco IronPort S-Series Internet 2010 Cisco and/or its affiliates. All rights reserved. 37
Predictive, Real-Time Threat Prevention 200+ Parameters URL Blacklists URL Whitelists Cisco Security Intelligence Operations Dynamic IP Addresses Bot Networks URL Behavior Global Volume Data Domain Registrar Information Compromised Host List Real-Time Cloud Analysis SensorBase Network Security Modeling Web Reputation Scores (WBRS) -10 to +10 Network Owners Known Threat URLs 2010 Cisco and/or its affiliates. All rights reserved. 38
Cisco IronPort DVS Engine Dynamic Vectoring and Streaming Accelerated signature scanning Parallel scans Stream scanning Multiple integrated verdict engines McAfee, Webroot and Sophos Automated updates Decrypt and scan SSL traffic Selectively, based on category and reputation 2010 Cisco and/or its affiliates. All rights reserved. 39
Simplicity and Choice Management and Reporting Acceptable Use Policy Malware Defense Data Security AsyncOS for Web Data security imperative and reality Simple on-box data security Advanced off-box data security 2010 Cisco and/or its affiliates. All rights reserved. 40
On-box Common Sense Security Content metadata inspection, along with visibility and forensics Allow, block, log Based on file metadata, URL category, user and web reputation Multi-protocol HTTP(s), FTP, HTTP tunneled www.mypartner.com Users Allow, Block, Log Internet www.malwarrior.com 2010 Cisco and/or its affiliates. All rights reserved. 41
Simple Approach for Avoiding Web Data Breaches Who? John Smith, Finance John Smith, Finance Jane Doe, Sales What? FiscalPlan.xls FiscalPlan.xls CustomerList.doc Where? Webmail.com Taxfirm.com Personal-site.com, -9 Reputation score How? HTTPS (Encrypted) HTTPS (Encrypted) FTP Verdict 2010 Cisco and/or its affiliates. All rights reserved. 42 42
2010 Cisco and/or its affiliates. All rights reserved. 43
AnyConnect Secure Mobility Anytime, Anywhere Secure Access Cisco AnyConnect 2.5 Always-on, location-aware, extremely lightweight, invisible to user Supported on all major devices and OS Cisco Security Enforcement Array (SEA) 1 2 3 Powerful Enforcement Engines High Performance Application and Identity Aware Hybrid Hosted Delivery Policy Abstracted from enforcement layer Acceptable Use, Access Control, Data Security, Anti- Malware 2010 Cisco and/or its affiliates. All rights reserved. 44 44
Industry s Highest-Performance Integrated Solution Secure Control Prevent Multi-layered malware defense Web reputation filters Accelerated signature scanning (DVS engine) Prevent botnets and malware bypassing Port 80 (L4TM) Integrated authentication and SSO Enterprise-class URL filtering Applications and object filtering Web usage visibility and tracking On-box simple data security Off-box interoperability with third-party DLP Prevent malwareinitiated data breaches (L4TM) 2010 Cisco and/or its affiliates. All rights reserved. 45
Thank you.