Cisco Web Security Lösungen Stephan Meier smeier@cisco.com November 2013 2010 Cisco and/or its affiliates. All rights reserved. 1
Herausforderung Granulare Kontrolle der Vielzahl an Internetanwendungen Internetpolicies basierend auf Identität, Lokation und Inhalt erstellen Erkennung und blockieren durch Web-Reputation 2010 Cisco and/or its affiliates. All rights reserved. 2
Vereinfachter Einsatz und Management Durchgängige Policy und Security für alle User Internet Firewall Single-box Lösung für Traditional einfachen Betrieb Web Proxy Appliances Kann Cisco AnyConnect 1 Malware Client nutzen Engine Integriert URL Filtering sich einfach in vorhandene Cisco Policy Infrastruktur Management Reporting Internet Internet Firewall Cisco Web Security Appliance Web Proxy Multiple Malware Engines URL Filtering AVC Web Reputation SIO Updates Layer 4 Traffic Monitoring SIEM/DLP/SOCKS/FTP Policy Management Reporting Users Users 2010 Cisco and/or its affiliates. All rights reserved. 3
Jeder Click, Jedes Objekt Layer 4 Traffic Monitor Reputation Analysis URL and Threat Outbreak Filters Multi-Engine Anti-Malware End User fragt Web Site an Überwacht Ports und phone home Aktivitäten Web Reputation Score wird angewendet für die Site oder Sub- Sites Filtert Content gemäß Policy, analsiert Web Elemente wie Files, Links, iframes, etc. Mehrere AV/AM Engines bieten Echtzeit Malware Inspection Fortlaufendes Monitoring verhindert Datenverlust und schützt vor dynamischen Bedrohungen 2010 Cisco and/or its affiliates. All rights reserved. 4
SIO GLOBAL INTELLIGENCE Researchers, Analysts, Developers Researchers, Analysts, Developers Applied Mitigation Bulletins ISPs, Partners, Sensors IPS ASA ESA WSA ESA Umfangreiches Bedrohungsanalyse-System Abgestufte Gefahrenabwehr 700K+ globale Sensoren 5 Mrd. Web Anfragen/Tag 35% des globalen Email- Aufkommens Endgeräte Telemetry Reputation, Spam, Malware und Web- Kategorie Analyse und Applikations- Klassifizierung 2010 Cisco and/or its affiliates. All rights reserved. 5
Applikationen: Visibilität und Kontrolle Breite Klassifizierung des gesamten Verkehrs 1.000+ Anwendungen MicroApp Engine Detaillierte Klassifizierung von ausgesuchtem Verkehr 75.000+ MicroApps Anwendungsverhalten Granulare Kontrolle des Anwendungs- und Anwenderverhaltens 2010 Cisco and/or its affiliates. All rights reserved. 7
Vollständiger Context - Plus Threat Awareness Cisco SIO www.facebook.com GO 2010 Cisco and/or its affiliates. All rights reserved. 8
CWS Cloud WSA On- Premises Hotmail WSA Enterprise DLP Integration DLP Vendor Box 2010 Cisco and/or its affiliates. All rights reserved. 9
Reduce Disruptions from: Distracted users Legal liabilities Data loss via web traffic and web applications URL Filtering URL database covering over 50 million sites worldwide Real-time dynamic categorization for unknown URLs Application Visibility and Control Deep application control for more than 1,000 different applications, such as instant messaging, Facebook, collaboration, and webmail, as well as for over 150,000 microapplications Site content ratings 2010 Cisco and/or its affiliates. All rights reserved. 10
Monitor means do nothing here and continue in the pipeline Icon shows current setting Block and Warn pages can be customized Time-Based takes different actions for different times of day 2010 Cisco and/or its affiliates. All rights reserved. 11
Cisco AnyConnect for Cloud Web Security 2010 Cisco and/or its affiliates. All rights reserved. 12
Dynamic Vectoring and Streaming Signature and Heuristic Analysis Heuristics Detection Identify unusual behaviors DVS Engine Wide coverage with multiple signature scanning engines Identify encrypted malicious traffic by decrypting and scanning SSL traffic Seamless user experience with parallel scanning Signature Inspection Identify known behaviors Latest coverage with automated updates Parallel Scans, Stream Scanning 2010 Cisco and/or its affiliates. All rights reserved. 13
0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 0010 010 10010111001 10 100111 010 000100101 110011 01100111010000110000111000111010011101 1100001110001110 Cisco SIO 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 www.anysite.com +1.1 www.anysite2.com -3.5 WSA Outbreak Heuristics + Adaptive Scanning www.anysite3.com -5.5 Reputation + Content Type + Scanner Selection = Adaptive Scanning 2010 Cisco and/or its affiliates. All rights reserved. 14
Firewall Integrated (ASA + AVC/WSE) Cloud (Cloud Web Security) Web/URL Filtering!!! Appliance, Physical and Virtual (Web Security Appliance) Application Visibility and Control (AVC) Ports (all) Protocols (all) Ports (80, 443) Protocols (HTTP(S)) Ports (21, 80, 443) Protocols (HTTP(S), FTP) Malware Protection URL/IP reputation filtering URL/IP reputation filtering plus multiple scanners for malware URL/IP reputation filtering plus multiple scanners for malware Remote User Security VPN backhaul Direct to cloud VPN backhaul Deployment On the firewall Redirect to cloud via Cisco ASA, ISR, WSA, AnyConnect On-premises redirect Policy and Reporting On premises In the cloud On premises Licensing/ Subscription Based on ASA model 1Y / 3Y / 5Y Based on user count 1Y / 3Y / 5Y Based on user count 1Y / 3Y / 5Y 2010 Cisco and/or its affiliates. All rights reserved. 15
WEB SECURITY ESSENTIALS Application Visibility and Control (AVC),* URL Filtering, Reputation Filtering, and DLP ADVANCED WEB SECURITY Multi-Vendor Anti-Malware Scanning CENTRALIZED MANAGEMENT AND REPORTING Single Consoles for Cisco Web Security Appliance (WSA) or Cloud Web Security (CWS) Solution Appliance Virtual Cloud Router Firewall Mobile PROTECTING ANY USER ON ANY DEVICE IN ANY LOCATION *The Cisco ASA 5500-X with Web Security Essentials requires a separate license for AVC. 2010 Cisco and/or its affiliates. All rights reserved. 16
Adaptive Threat Defense und Flexible VPN Lösung in einem Gerät Netzwerk Firewall, Applikationskontrolle, Remote Access VPN Erweiterbar um Angriffserkennung, Malware-Schutz, und Next Generation Firewall Funktionen Minimiert Inbetriebnahme- und Betriebskosten Plattform Standardisierung, zentrales Management Erweiterbare Technologie gegen zukünftige Bedrohungen Spezialhardware, Adaptive Erkennung und Entschärfungsarchitektur ermöglicht noch nie dagewesene Erweiterbarkeit und Richtlinienkontrolle Die Cisco ASA 5500 Serie 2010 Cisco and/or its affiliates. All rights reserved. 17
Cisco ASA 5500 Firewall Portfolio ASA-CX ergänzt die Firewall Lösung ASA 5585-X SSP-60 (40 Gbps, 350K cps) ASA 5585-X SSP-40 (20 Gbps, 200K cps) ASA 5585-X SSP-20 (10 Gbps, 125K cps) Performance and Scalability ASA 5505 (150 Mbps, 4K cps) Multi-Service (Firewall/VPN und IPS) ASA 5512-X (1 Gbps, 10K cps) ASA 5515-X (1.2 Gbps,15K cps) NEW ASA 5525-X (2 Gbps,20K cps) NEW ASA 5555-X (4 Gbps,50K cps) ASA 5545-X (3 Gbps,30K cps) NEW NEW ASA 5585-X SSP-10 (4 Gbps, 50K cps) NEW ASASM (20 Gbps, 300K cps) SOHO Branch Office Internet Edge Campus Data Center 2010 Cisco and/or its affiliates. All rights reserved. 18
Simplified and Scalable Cloud-Based Deployments URL filtering Application Visibility and Control Multiple malware engines SIEM/DLP/SOCKS/ FTP SIO updates Policy management Reporting Multiple connector options Cloud Web Security Branch to enterprise Reuses appliances Eliminates desktop agent Reduces vendors Eliminates backhaul Cisco AnyConnect Direct to Cloud Cisco WSA Cisco ISR-G2 Cisco ASA 2010 Cisco and/or its affiliates. All rights reserved. 19
Secure Mobility, Form Factor Choice On-Premises Cloud WSA ASA Redirect to Premises or Cloud CWS Mobile User Acceptable use policies Always-on protection Cisco AnyConnect Client Malware threat protection CWS: User choice of towers when traveling Application usage controls 2010 Cisco and/or its affiliates. All rights reserved. 20
Vielen Dank.