Cisco Cloud Web Security Key Functionality [NOTE: Place caption above figure.]

Similar documents
Security Practices for Online Collaboration and Social Media

Cisco Cloud Web Security

Cisco ISR Web Security with Cisco ScanSafe

Cisco ASA and Cloud Web Security: Best-in-Class Network Security Combined with Best-in-Class Web Security

Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

Top 10 Reasons Enterprises are Moving Security to the Cloud

Cisco Cloud Web Security Datasheet

How To Protect Your Mobile Device From Attack

Secure Your Mobile Workplace

Intelligent, Scalable Web Security

Putting Web Threat Protection and Content Filtering in the Cloud

DUBEX CUSTOMER MEETING

Readiness Assessments: Vital to Secure Mobility

Mitigating Web Threats with Comprehensive, Cloud-Delivered Web Security

How Cisco IT Protects Against Distributed Denial of Service Attacks

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

Firewall and UTM Solutions Guide

The enemy within: Stop students from bypassing your defenses

Cisco Advanced Malware Protection

INSTANT MESSAGING SECURITY

Symantec Protection Suite Add-On for Hosted and Web Security

Cisco AnyConnect Secure Mobility Solution Guide

IBM Managed Security Services (Cloud Computing) hosted and Web security - express managed Web security

HTTPS Inspection with Cisco CWS

Protect your internal users on the Internet with Secure Web Gateway. Richard Bible EMEA Security Solution Architect

On and off premises technologies Which is best for you?

Zscaler Internet Security Frequently Asked Questions

End to End Security do Endpoint ao Datacenter

End-user Security Analytics Strengthens Protection with ArcSight

Bandwidth consumption: Adaptive Defense and Adaptive Defense 360

AVG AntiVirus. How does this benefit you?

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

Content Security: Protect Your Network with Five Must-Haves

Symantec Endpoint Protection Datasheet

IP Telephony Management

Uncover security risks on your enterprise network

Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release

Protecting the Infrastructure: Symantec Web Gateway

Cisco Advanced Malware Protection. Ross Shehov Security Virtual Systems Engineer March 2016

Cascadia Labs URL Filtering and Web Security

Cisco Small Business ISA500 Series Integrated Security Appliances

Reducing the cost and complexity of endpoint management

Cisco RSA Announcement Update

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

Bring Your Own Device (BYOD) and 1:1 Initiatives: What Questions Do You Need to Answer Before Jumping In?

Content Inspection Director

Types of cyber-attacks. And how to prevent them

ISB13 Web security deployment options - which is really best for you? Duncan Mills, Piero DePaoli, Stuart Jones

Symantec RuleSpace Data Sheet

How Cisco IT Reduced Linksys Contact Center Outsourcing

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community

Cisco ASA 5500 Series Content Security Edition for the Enterprise

Introducing IBM s Advanced Threat Protection Platform

SHIDLER TELEPHONE INTERNET BROADBAND INTERNET SERVICE DISCLOSURES. Updated November 20, 2011

Cyan Networks Secure Web vs. Websense Security Gateway Battle card

Unified Security, ATP and more

Internet threats: steps to security for your small business

White Paper. What the ideal cloud-based web security service should provide. the tools and services to look for

REGULATORY OPTIONS TO FACILITATE THE ADOPTION OF INTERNET PARENTAL CONTROLS PUBLIC CONSULTATION RESPONSE FROM NETSWEEPER INC.

Managing Enterprise Security with Cisco Security Manager

Enterprise Buyer Guide

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Cisco Security Manager 4.2: Integrated Security Management for Cisco Firewall, IPS, and VPN Solutions

How To Secure Your Employees Online With Zscaler.Com And Your Website From Being Infected With Spyware Or Malware

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security

How Attackers are Targeting Your Mobile Devices. Wade Williamson

Cyber Security Solutions:

EndUser Protection. Peter Skondro. Sophos

Internet Content Provider Safeguards Customer Networks and Services

IBM Security Network Protection

Stopping secure Web traffic from bypassing your content filter. BLACK BOX

Replacing Microsoft Forefront Threat Management Gateway with F5 BIG-IP. Dennis de Leest Sr. Systems Engineer Netherlands

Proven LANDesk Solutions

Cisco Advanced Malware Protection for Endpoints

Farmers Mutual Telephone Company (FMTC) Network Management Practices Policy

Inspection of Encrypted HTTPS Traffic

A number of factors contribute to the diminished regard for security:

Using Lancope StealthWatch for Information Security Monitoring

User Documentation Web Traffic Security. University of Stavanger

AVeS Cloud Security powered by SYMANTEC TM

SSL VPN Client Installation Guide Version 9

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

Next Gen Firewall and UTM Buyers Guide

Enabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments

Innovations in Network Security

INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe

Transcription:

Cisco Cloud Web Security Cisco IT Methods Introduction Malicious scripts, or malware, are executable code added to webpages that execute when the user visits the site. Many of these seemingly harmless websites lead to unnoticed computer infection, pop-up advertisements, a blocked browser, redirection to other sites, or other potentially harmful or unwanted activities. Many more complex and targeted attacks leverage malware to gain access to user devices. Remediating the disruptions caused by malware infections creates significant workloads and costs for IT. For example, in a ninemonth period from late 2012 to early 2013, malware infections generated more than 200 cases for virus remediation and more than 2700 help desk cases, for a total cost of more than US$4 million to Cisco IT. These factors are why defense against malware has become an integral part of Cisco IT s security strategy. Malware can enter the Cisco network when an infected user PC connects over a direct link in the office or a VPN link from a remote location. For these connections, Cisco IT uses the Cisco Web Security Appliance (WSA) to protect the network from malware intrusion. However, WSA protection is not available when a user connects to the Internet directly, without connecting via the Cisco network, such as when using a public Wi-Fi service in a coffee shop. In this case, the user s PC can become infected with malware, which may disrupt the user s activity, spread to other networks and devices, and present the risk of a data security or privacy breach. Cisco IT uses the Cisco Cloud Web Security (CWS) solution to help protect user PCs from these malware infections. Together, Cisco WSA and Cisco CWS give Cisco IT a comprehensive way to reduce malware and the associated impacts in the Cisco network. More specifically, Cisco IT s deployment of Cisco CWS delivers advantages that address several business challenges: Reducing the number of malware infections: The strong protection of user devices offered by Cisco CWS means fewer malware infections enter the Cisco network. This protection reduces the potential for data theft, productivity loss, as well as the direct costs of IT resources needed to remediate these infections. Management overhead: Cisco CWS helps Cisco IT avoid the costly overhead of managing malware infections in a decentralized mode, especially as Cisco IT supports more remote and mobile workers. Consistent policy enforcement: Because Cisco CWS supports complete control of web traffic on user devices, Cisco IT gains better visibility and reporting of off-premises infections through consistent policies about user access to risky websites. Network complexity: The flexible options for Cisco CWS deployment helps Cisco IT cost-effectively serve the security demands of its complex global network. 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 5

Solution The Cisco CWS solution, previously known as Cisco ScanSafe, enforces secure communication to and from the Internet. It uses the Cisco AnyConnect Secure Mobility Client 3.0 to provide remote workers the same level of security as onsite employees when using a laptop issued by Cisco. Cisco CWS incorporates two main functions, web filtering and web security, and both are accompanied by extensive, centralized reporting. Figure 1 provides a conceptual view of the Cisco CWS solution. Figure 1. Cisco Cloud Web Security Key Functionality [NOTE: Place caption above figure.] The web-filtering service in Cisco CWS creates, enforces, and monitors web usage policies by applying real-time, rule-based filters and checking an up-to-date and accurate database for categorizing websites. By enforcing an organization's acceptable usage policy and reducing the volume of inappropriate content, Cisco CWS helps avoid potential legal liabilities, reduces bandwidth congestion, and improves employee productivity. When a user enters a URL in a web browser, that request is routed to the nearest Cisco CWS data center where the Cisco Security Intelligence Operations (SIO) service applies correlated detection technologies, automated machine-learning heuristics, and multiple scanning engines to detect and block known and unknown malware on websites. Cisco CWS operates independently from the user device; all control over URL access and malware detection is carried out in the cloud. Deployment Cisco IT has deployed Cisco CWS as a complement to the Cisco Web Security Appliance. All Internet traffic on the corporate network that arrives via VPN or on-premises connection uses Cisco WSA. Internet traffic from employee laptops that is sent over a public network uses Cisco CWS via the Cisco AnyConnect client. 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 5

In the Cisco IT pilot deployment, Cisco CWS has three main components: Cisco AnyConnect client for individual user connections Cisco Cloud Web Security cloud, which is hosted in Cisco data centers CWS database and reports The CWS service runs on scanning proxy servers, located in Cisco data centers around the world. The Cisco AnyConnect client and Cisco ISR G2 routers automatically route user traffic to the data center with the fastest response time to minimize latency. (Figure 2) Figure 2. Traffic Flow in the Cisco CWS Cloud Deployment The network traffic bypasses scanning proxies only when the Cisco AnyConnect client detects that it is connected to the trusted corporate network. In this scenario, all web traffic destined to the Internet will be subject to inspection by the WSA. The servers should be added in the Cisco AnyConnect client profile, because proxy exceptions and all HTTP traffic generated to or from them will be excluded from evaluation by the Cisco CWS service. Implementation of Cisco CWS within the Cisco corporate network will be accomplished in two phases. As of late 2013, the deployment is in a pilot phase of 250 users, which allows for service testing, documenting the architecture and design, and validating the full deployment plans. Users who had previously installed the Cisco AnyConnect client received instructions for downloading and configuring the CWS upgrade. The CWS feature is already configured for new users of the client. One issue that needed to be resolved before deployment was Cisco IT s policy on associating usernames with the URL requests stored in the CWS database. Cisco could face potential legal risks if the company chose to monitor who is making specific URL requests. With different local laws around the world, Cisco IT decided to make all user data anonymous. 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 5

Table 1 shows results from the Cisco IT pilot project for Cisco CWS from January 2013 to May 2013. Table 1. Cisco CWS Results from a 250-User Pilot Project Highest number phishing sites per day 17 Bandwidth of virus sites per day 77 Mb Highest number of viruses blocked per day 400 Highest number of adware blocked per day 1800 Top site adware blocked site Top site blocked application site Top Three Blocked Categories Highest number of blocks per day for all apps Top applications that consumed most bandwidth router.tlvmedia.com Youku Computers and Internet; Advertisements; Infrastructure and Content Delivery 3300 YouTube, Flash Video, Netflix, MPEG, Youku Remediating the disruptions caused by malware infections creates significant workloads and costs for IT. For example, in a ninemonth period from late 2012 to early 2013, malware infections generated more than 200 cases for virus remediation and more than 2700 help desk cases, for a total cost of more than US$4 million to Cisco IT. Management Cisco CWS offers the ScanCenter management portal that integrates all management and reporting capabilities. Cisco CWS reporting provides a centralized database of user URL requests for a clear picture into the threats and breaches presented by off-premises devices. By analyzing this data over time, Cisco IT identifies policy adjustments that will increase the benefits of Cisco CWS. Service and Support The internal Cisco WebEx Social site offers users an FAQ document and self-support tips for configuring the CWS service in the Cisco AnyConnect client. The Cisco IT help desk also provides full user support for the internal CWS service. Security Cisco CWS operates within the standard security architecture and procedures for the Cisco network. Lessons Learned Based on the pilot project, Cisco IT offers the following insights for implementing Cisco CWS: Run a limited pilot project and form a user team to identify any needed changes in the user experience. Integrate Cisco CWS into the overall remote access solution to help users adapt to the changes in how they access the Internet. Identify whether to use Cisco CWS only for Windows and Macintosh clients, or for all types of mobile devices. Review policies that govern user access to websites to verify that they are up-to-date with current laws and security concerns. 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 5

For More Information Determine whether you will allow users to override CWS when it blocks access to a particular website. Be prepared to answer user questions about why corporate policies restrict access to certain websites and about how their data is tracked and used in the CWS reports. Read more information about the Cisco products discussed in this document: Cisco Cloud Web Security: http://www.cisco.com/web/products/security/cloud_web/index.html Cisco AnyConnect Secure Mobility Client: www.cisco.com/go/anyconnect Cisco Web Security Appliance: http://www.cisco.com/en/us/products/ps10164/index.html To read additional Cisco IT case studies on a variety of business solutions, visit Cisco on Cisco: Inside Cisco IT www.cisco.com/go/ciscoit. Note This publication describes how Cisco has benefited from the deployment of its own products. Many factors may have contributed to the results and benefits described; Cisco does not guarantee comparable results elsewhere. CISCO PROVIDES THIS PUBLICATION AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer of express or implied warranties, therefore this disclaimer may not apply to you. 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information