Cisco IronPort Email & Web Security Greg Griessel Consulting Systems Engineer - Security greggr@cisco.com 2010 Cisco and/or its affiliates. All rights reserved. Ciscc 1
Application-Specific Security Gateways BLOCK Incoming Threats: Spam, Phishing/Fraud Viruses, Trojans, Worms Spyware, Adware Unauthorized Access Internet SensorBase (The Common Security Database) APPLICATION-SPECIFIC SECURITY GATEWAYS EMAIL Security Gateway WEB Security Gateway SECURITY MANAGEMENT Appliance 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Email Security, 2010 The Magic Quadrant is copyrighted 2010 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner s analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Cisco. 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Secure Web Gateway, 2011 The Magic Quadrant is copyrighted 2011 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner s analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Cisco. 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Cisco IronPort Email Security 2010 Cisco and/or its affiliates. All rights reserved. Ciscc 5
Junk Mail Privacy & Control Viruses Regulations 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
More and more targeted attacks 300 250 200 150 100 50 0 Daily Spam Volume (Billion) 2006 2007 2008 2009 2010 Targeted Attacks Spam Source: Cisco Threat Operations Center 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Statistics on more than 30% of the world s e-mail traffic New threats & alerts detection More than 200 parameters to build reputation scores Data Volume Message Structure Complaints Blacklists, whitelists Off-line data E-Mail Reputation Filters Reputation Score URL blacklists & whitelists HTML Content Domain Info Known bad URLs Website history Web Reputation Filters Reputation Score 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Cisco IronPort Email Security Appliance INBOUND SECURITY Spam Defense Virus Defense MAIL TRANSFER AGENT OUTBOUND CONTROL CISCO IRONPORT ASYNCOS EMAIL PLATFORM Data Loss Prevention Secure Messaging Management 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
For Security, Reliability and Lower Maintenance Before Cisco IronPort After Cisco IronPort Internet Internet Firewall Firewall Encryption Platform Anti-Spam MTA DLP Scanner Anti-Virus Policy Enforcement DLP Policy Manager Cisco IronPort Email Security Appliance Mail Routing Groupware Groupware Users Users 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Cisco IronPort Email Security Appliance INBOUND SECURITY Spam Defense Virus Defense MAIL TRANSFER AGENT OUTBOUND CONTROL CISCO IRONPORT ASYNCOS EMAIL PLATFORM Data Loss Prevention Secure Messaging Management 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Revolutionary Email Delivery Platform Traditional Email Gateways and Other Appliances Cisco IronPort Email Security Appliances 200 Connections Low Performance/ Peak Delivery Issue 1K 10K Connections High Performance/ Sure Delivery Disk I/O Bottlenecks Unable To Leverage Full Capability Components CPU Limited Solely By CPU Capacity 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Cisco IronPort Email Security Appliance INBOUND SECURITY Spam Defense Virus Defense MAIL TRANSFER AGENT OUTBOUND CONTROL CISCO IRONPORT ASYNCOS EMAIL PLATFORM Data Loss Prevention Secure Messaging Management 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
SensorBase Reputation Filtering IronPort Anti-Spam Who? How? Verdict Where? What? Spam Blocked Before Entering Network > 99% Catch Rate < 1 in 1 million False Positives 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Real Time Threat Prevention Known good is delivered Reputation Filtering IronPort Anti-Spam Suspicious is rate limited & spam filtered Incoming Mail Good, Bad, and Unknown Email Known bad is blocked Cisco s Internal Email Experience: Message Category % Messages Stopped by Reputation Filtering 93.1% 700,876,217 Stopped as Invalid recipients 0.3% 2,280,104 Spam Detected 2.5% 18,617,700 Virus Detected 0.3% 2,144,793 Stopped by Content Filter 0.6% 4,878,312 Total Threat Messages: 96.8% 728,797,126 Clean Messages 3.2% 24,102,874 Total Attempted Messages: 752,900,000 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Cisco IronPort Email Security Appliance INBOUND SECURITY Spam Defense Virus Defense MAIL TRANSFER AGENT OUTBOUND CONTROL CISCO IRONPORT ASYNCOS EMAIL PLATFORM Data Loss Prevention Secure Messaging Management 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
The First Line of Defense Early Protection with IronPort Virus Outbreak Filters 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Outbreak Filtering in Action Cisco SIO Verdict: Suspect IP / URL Action: Send to Cloud Verdict: Malicious Content Action: STOP 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Zero Hour Malware Prevention and AV Scanning Virus Outbreak Filters Anti-Virus T = 0 -zip (exe) files T = 5 mins -zip (exe) files -Size 50 to 55 KB T = 15 mins -zip (exe) files -Size 50 to 55KB - Price in the filename An analysis over one year: Average lead time over 13 hours Outbreaks blocked 291 outbreaks Total incremental protection. over 157 days 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Cisco IronPort Email Security Appliance INBOUND SECURITY Spam Defense Virus Defense MAIL TRANSFER AGENT OUTBOUND CONTROL CISCO IRONPORT ASYNCOS EMAIL PLATFORM Data Loss Prevention Secure Messaging Management 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Top Risk: Employees Biggest Impact: Customer Data 10% 12% 5% 4% 7% Information marked Confidential Top Data Loss Types 4% 8% 4% Personal client information 44% Personnel Information 21% Intellectual Property 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Comprehensive, Accurate, Easy Comprehensive 100+ Pre-defined templates Regulatory compliance Easy One-click activation Policy enable/disable Accurate Multiple parameters Key words, proximity, etc. 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Comprehensive, Accurate, Easy Comprehensive 100+ Pre-defined templates Regulatory compliance Easy One-click activation Policy enable/disable Accurate Multiple parameters Key words, proximity, etc. 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Ranked as Leader in Gartner Magic Quadrant Focus on accuracy: large research team staffed specifically to write and refine content polices RSA has strong described content capabilities enabled by a formal knowledge-engineering process - Gartner 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Reports by severity and policy Real time and scheduled reports available 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Instant Deployment, Zero Management Cost Message pushed to recipient User opens secured message in browser Gateway encrypts message Key is stored User authenticates and receives message key Cisco Registered Envelope Service Decrypted message is displayed Automated key management No desktop software requirements No new hardware required 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 Cisco
Confidential Contents No Forwarding Allowed without Permission Guaranteed Recall Guaranteed Read Receipts Message Expiry 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 Cisco
Anti-Spam SensorBase Reputation Filtering IronPort Anti-Spam RSA Email DLP 100+ predefined DLP policies Accurate Easy to Implement Inbound Security Cisco IronPort Email Security Solution Outbound Control Anti-Virus Virus Outbreak Filters (VOF) McAfee Anti-Virus Sophos Anti-Virus Encryption Secure Message Delivery Transport Layer Security Protect Employees From Identity Stealing Malware and Phishing Protect Company From Identity Data Leaks 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Cisco IronPort Email Security Appliance INBOUND SECURITY Spam Defense Virus Defense MAIL TRANSFER AGENT OUTBOUND CONTROL CISCO IRONPORT ASYNCOS EMAIL PLATFORM Data Loss Prevention Secure Messaging Management 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Single view of policies for the entire organization Allow all media files Quarantine executables Mark and Deliver Spam Delete Executables Archive all mail Virus Outbreak Filters disabled for.doc files IT SALES LEGAL with Delegated Administration Global Administrator Operator Read-Only Helpdesk.. PCI Auditor PCI Supervisor 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30 Cisco
Unified Business Reporting Consolidated Reports Single view across the organization Real Time insight into email traffic and security threats Actionable drill down reports Multiple data points Email Volumes Spam Counters Policy Violations Virus Reports Outgoing Email Data Reputation Service System Health View 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Appliances Hosted Hybrid Hosted Managed Award-Winning Technology Dedicated SaaS Infrastructure Best of Both Worlds Fully Managed on Premises Backed by Service Level Agreements 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Cisco IronPort Web Security 2010 Cisco and/or its affiliates. All rights reserved. Ciscc 33
Acceptable Use Control Malware Protection Data Loss Prevention SaaS Access Control Policy 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
Industry Leading Secure Web Gateway Security Malware Protection Secure Mobility Internet Control Data Security Acceptable Use Controls SaaS Access Controls Centralized Management and Reporting 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
80% of the web is uncategorized, highly dynamic or unreachable by web crawlers Botnets Dynamic content Password protected sites User generated content Short life sites Danger Malware Protection Data Security Danger Acceptable Use Controls The Known Web 20% covered by URL lists SaaS Access Controls 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
URL Lookup in Database www.sportsbook.com/ URL Database Uncategorized URL Keyword Analysis Gambling Industry-leading URL database efficacy 65 categories Updated every 5 minutes Real-time Dynamic Content Analysis www.casinoonthe.net/ Uncategorized Gambling Dynamic Content Analysis Engine Dynamic categorization identifies more than 90% of Dark Web content in commonly blocked categories Analyze Site Content Gambling 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
Industry Leading Secure Web Gateway Security Malware Protection Secure Mobility Internet Control Data Security Acceptable Use Controls SaaS Access Controls Centralized Management and Reporting 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
237% volume increase in 09 Over 70% of compromised web sites are legitimate Vulnerabilities in Adobe PDF emerged as the main target, followed by Flash 54% of malware encounters due to iframes and exploits Cross-Site Scripting and SQL Injection are top attack methods 83% of websites have at least 1 serious vulnerability 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
BoingBoing.net: A Popular Blog URLs in browser: 1 HTTP Gets: 162 Images: 66 from 18 domains including 5 separate 1x1 pixel invisible tracking images Scripts: 87 from 7 domains Cookies: 118 from 15 domains 8 Flash objects from 4 domains 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
BoingBoing.net: A Popular Blog 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
Predictive, Zero-day Protection Cisco Network and Content Security Deployments Threat Telemetry Threat Telemetry Cisco Security Intelligence Operations Outbreak Intelligence Cisco SensorBase Threat Operations Center Advanced Algorithms External Feeds Identifying Malware Lurking in the Dark Web Web Reputation Scores -10 to +10 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42 Cisco
New York Times: Victim of an Advertiser Attack! Seemingly legitimate ad turned malicious causing 3 redirects Ultimate destination: protection-check07.com Cisco Web Rep Score: -9.3 Default Action: BLOCK NYT site allowed but malicious redirect blocked Drive By Scareware Full-screen pop-up simulates real AV software, asks user to buy full version to clean machine. 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
Dynamic Vectoring and Streaming Signature and Heuristic Analysis Heuristics Detection Identify unusual behaviors DVS Engine Signature Inspection Identify known behaviors Parallel Scans, Stream Scanning Wide coverage with multiple signature scanning engines Identify encrypted malicious traffic by decrypting and scanning SSL traffic Seamless user experience with parallel scanning Latest coverage with automated updates 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
Layer 4 Traffic Monitor Users Packet and Header Inspection Network Layer Analysis Internet Cisco IronPort S-Series Preventing Phone-Home Traffic Scans all traffic, all ports, all protocols Detects malware bypassing Port 80 Prevents Botnet traffic Powerful Anti-Malware Data Automatically updated rules Real-time rule generation using, Dynamic Discovery Also available on the ASA as Botnet Traffic Filter 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
Industry Leading Secure Web Gateway Security Malware Defense Secure Mobility Internet Control Data Security Acceptable Use Controls SaaS Access Controls Centralized Management and Reporting 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
On-Box Common Sense Security Partner site Documents Log Allow Block Internet Webmail Allow, block, log based on file metadata, URL category, user and web reputation Multi-protocol: HTTP(s), FTP, HTTP tunneled Off-Box Advanced Data Security Documents DLP Vendor Box Log Allow Block Internet Deep content inspection: Structured and unstructured data matching Performance optimized: Works in tandem with accelerated on-box policies 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
Industry Leading Secure Web Gateway Security Malware Defense Secure Mobility Internet Control Data Security Acceptable Use Controls SaaS Access Controls Centralized Management and Reporting 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
Identity Application Job Sites Human Resource Instant Message No File Transfer Time Facebook Lunch hour Location Streaming Media 100 kbps/user P2P All Object Priority 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49
Access Control Policy Instant Messaging Facebook: Limited Apps Video: 512 kbps max Employee in Finance Access Control Violation File Transfer over IM Facebook Chat, Email P2P Granular control over HTTP, HTTP(s), FTP applications Dynamic signature updates maintained by Cisco SIO Granular Control over Application Usage 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50
Allow/Block thousands of Facebook Apps Allow/Block features like Chat, Messaging, Video & audio bandwidth Block Malware like Farm Town app ad that redirects users to fake antivirus software 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51 Cisco
Industry Leading Secure Web Gateway Security Malware Defense Secure Mobility Internet Control Data Security Acceptable Use Controls SaaS Access Controls Centralized Management and Reporting 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
Regaining Visibility and Control Through Identity Corporate Office Redirect @ Login SaaS Single Sign On Branch Office Home Office SaaS Single Sign On AnyConnect Secure Mobility Client User Directory No Direct Access X Visibility Centralized Enforcement Single Source Revocation 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53
Industry Leading Secure Web Gateway Security Malware Defense Secure Mobility Internet Control Data Security Acceptable Use Controls SaaS Access Controls Centralized Management and Reporting 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54
Security Management Appliance Centralized Management On-Box Centralized Reporting and Tracking Centralized Policy Management Delegated Administration In-Depth Threat Visibility Extensive Forensic Capabilities Insight Across Threats, Data and Applications Control Consistent Policy Across Offices and for Remote Users Visibility Visibility Across Different Devices, Services, and Network Layers 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55
Multi-Core Optimization Integrated Identity and Authentication NTLM/ Active Directory LDAP Secure LDAP Addresses latency issues associated with anti-virus scanning Enables multi-scan features for improved security efficacy Optimized for rich web content Identity Based Policies Transparent, single sign-on (SSO) authentication against Active Directory Guest Policies, Re-Auth 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56
Customers Pioneer in SaaS Web Security Over 34% market share in SaaS Web Security (IDC) Multi-award winning product portfolio Millions of users Billions of Web requests scanned every day 100% Availability Awards Partners 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57
With AnyConnect 3.0 Internet Traffic VPN Internal Traffic (optional) AnyConnect Secure Mobility 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58
Branch/Retail or Home Office RADIUS/ LDAP Corporate Office Internet ISR G2 with ScanSafe Connector SW Approved Content Blocked Blocked URLs Files Blocked Content 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59 Cisco
Thank you.