Ironport 3 Cisco+Web+Security+Appliance
Ironport 3 Cisco+Web+Security+Appliance
Ironport 3 Cisco+Web+Security+Appliance
In our highly connected and increasingly mobile world, more complex and
sophisticated threats require the right mix of security solutions. Cisco delivers security
for all layers of network infrastructure with the strong protection, complete control, and
investment value businesses need. We also offer a broad set of web security
deployment options, along with market-leading global threat intelligence. The Cisco
Web Security Appliance (WSA) simplifies security with a high-performance, dedicated
appliance and the Cisco Web Security Virtual Appliance (WSAV) lets businesses
deploy web security quickly and easily, wherever and whenever its needed.
Overview
The Cisco WSA is the first secure web gateway to combine leading protections to help organizations address the
growing challenges of securing and controlling web traffic. You get advanced malware protection, application
visibility and control, acceptable use policy controls, insightful reporting, and secure mobility all on a single
platform.
The Cisco WSA enables simpler, faster deployment with fewer maintenance requirements, reduced latency, and
lower operating costs. Set and forget technology frees up staff once initial automated policy settings go live and
automatic security updates are pushed to network devices every three to five minutes. Flexible deployment options
and integration with your existing security infrastructure help you meet quickly evolving security requirements.
Virtual Appliance
With the growth of video and other rich media, traffic has become less predictable, resulting in overages and
degraded performance. Addressing these and other issues, administrators face long lead times when buying and
installing hardware, remote installation challenges, customs duties, and other logistical issues, especially in
multinational organizations.
2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 1 of 7
The Cisco WSAV significantly lowers the cost of deploying web security, especially in highly distributed networks,
by letting administrators create security instances where and when they are needed. The Cisco WSAV is a
software version of the Cisco WSA that runs on top of a VMware ESXi or KVM hypervisor and Cisco Unified
Computing System (UCS) servers. You will receive an unlimited license for the Cisco SMAV with the purchase
of any of the Cisco Email or Web Security software bundles, along with the corresponding SMA software license.
With the Cisco WSAV, administrators can respond instantly to traffic spikes and eliminate capacity planning. There
is no need to buy and ship appliances; new business opportunities can be supported without adding complexity to
a data center or requiring additional staff.
Receive fast and comprehensive web protection backed by the largest threat detection network in the world, with the
broadest visibility and largest footprint, including:
100 TB of security intelligence daily
1.6 million deployed security devices, including firewall, IPS, web, and email appliances
150 million endpoints
13 billion web requests per day
35% of the worlds enterprise email traffic
Cisco SIO and Sourcefire VRT are two separate Threat Detection services in the cloud that are merging into Talos,
providing a 24x7 view into global traffic activity to analyze anomalies, uncover new threats, and monitor traffic
trends. Talos prevents zero-hour attacks by continually generating new rules that feed updates to the WSA every
three to five minutes, providing industry-leading threat defense hours and even days ahead of competitors.
Combine traditional URL filtering with dynamic content analysis to mitigate compliance, liability, and productivity
risks. Ciscos continuously updated URL filtering database of over 50 million blocked sites provides exceptional
coverage for known websites, and the Dynamic Content Analysis (DCA) engine accurately identifies 90 percent of
unknown URLs in real time; it scans text, scores the text for relevancy, calculates model document proximity and
returns the closest category match. Administrators can also select specific categories for intelligent HTTPS
inspection.
Advanced Malware
Protection
Advanced Malware Protection (AMP) is an additionally licensed feature available to all Cisco WSA customers. AMP
is a comprehensive malware-defeating solution that enables malware detection and blocking, continuous analysis,
and retrospective alerting. It takes advantage of the vast cloud security intelligence networks of both Cisco and
Sourcefire (now part of Cisco). AMP augments the malware detection and blocking capabilities already offered in the
Cisco WSA with enhanced file reputation capabilities, detailed file-behavior reporting, continuous file analysis, and
retrospective verdict alerting. New: Customers now have the ability to sandbox PDF, Microsoft Office, archived files,
in addition to EXE files supported in the first AMP release. The Layer 4 Traffic Monitor continuously scans activity,
detecting and blocking spyware phone-home communications. By tracking all network applications, the Layer 4
Traffic Monitor effectively stops malware that attempts to bypass classic web security solutions. It dynamically adds
IP addresses of known malware domains to its list of malicious entities to block.
Easily control the use of hundreds of Web 2.0 applications and 150,000+ micro-applications. Granular policy control
allows administrators to permit the use of applications such as Dropbox or Facebook while blocking users from
activities such as uploading documents or clicking the Like button. The WSA supports visibility of activity across an
entire network. New: Customers can deploy customized bandwidth and time quotas per user, per group, and per
policy.
Prevent confidential data from leaving the network by creating context-based rules for basic DLP. The Cisco WSA
also uses Internet Content Adaptation Protocol (ICAP) to integrate with third-party DLP solutions for deep content
inspection and enforcement of DLP policies.
Roaming-User Protection The Cisco WSA protects roaming users by integrating with the Cisco AnyConnect Secure Mobility Client, which
provides web security to remote clients by initiating a VPN tunnel that redirects traffic back to the on-premises
solution. Cisco AnyConnect analyzes traffic in real time prior to permitting access. New: Cisco Identity Services
Engine (ISE) Integration Limited Deployment Release. With this exciting enhancement, customers can now leverage
the power of Cisco ISE for Cisco WSA upon request. Cisco ISE integration allows admins to create policy on the
Cisco WSA based on profile or membership info gathered by Cisco ISE through its single sign-on process.
2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 2 of 7
Centralized Management
and Reporting
Receive actionable insights across threats, data, and applications. The Cisco WSA provides an easy-to-use,
centralized management tool to control operations, manage policies, and view reports.
The Cisco M-Series Content Security Management Appliance provides central management and reporting across
multiple appliances and multiple locations, including virtual instances. The Cisco WSA also enables a custom Splunk
application with an interface thats similar to on-appliance reporting for scalability and flexibility.
Flexible Deployment
The Cisco WSAV offers all the same features as the Cisco WSA, with the added convenience and cost savings of a
virtual deployment model, including instant self-service provisioning. With a Cisco WSAV license, businesses can
deploy web security virtual gateways without being connected to the Internet, by applying the license to a new Cisco
WSAV virtual image file stored locally. Pristine virtual image files can be cloned, if needed, to deploy several web
security gateways immediately.
Run hardware and virtual machines in the same deployment. Small branch offices or remote locations can have the
same protection the Cisco WSA provides without having to install and support hardware at that location. Custom
deployment is easily managed with the Cisco M-Series Content Security Management Appliance.
Product Specifications
Table 1.
Large Enterprise
Users*
Model
Disk Space
RAID Mirroring
Memory
CPUs
6000-12000
S680
4.8 TB
32 GB
16 (2 Octa Core)
16 GB
Yes (RAID 1)
4 GB
(8x600 GB SAS)
Midsize Office
1500-6000
S380
2.4 TB
2.70 Ghz
(4x600 GB SAS)
SMB & Branch
< 1500
S170
500 GB
6 (1 Hexa Core)
2.00 Ghz
(2x250 GB SATA)
2 (1 Dual Core)
2.80 GHz
* Please confirm sizing guidance with a Cisco content security specialist to help ensure your solution will meet your current and
projected needs.
Table 2.
Cisco S380
Cisco S170
Form Factor
2U
2U
1U
Dimensions
3.5 x 19 x 29 in.
(8.9 x 48.3 x 73.7 cm.)
3.5 x 19 x 29 in.
(8.9 x 48.3 x 73.7 cm.)
Redundant P/S
Yes
Yes
No
Yes
Yes
No
DC Power Option
Yes
Yes
No
Hot-Swappable H/D
Yes
Yes
Yes
Fiber Option
Yes (Accessory)
No
No
Ethernet
Speed (mbps)
10/100/1000, auto-negotiate
10/100/1000, auto-negotiate
10/100/1000, auto-negotiate
Hardware Platform
2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 3 of 7
Table 3.
Cisco WSAV
Web Users
Web Users
Model
Disk
Memory
Cores
<1000
S000v
250 GB
4 GB
1000-2999
S100v
250 GB
6 GB
3000-6000
S300v
1024 GB
8 GB
Servers
Hypervisor
Cisco UCS
Table 4.
Model
Cisco M680
Cisco M380
Cisco M170
Users (Approx.)
10,000+
Up to 10,000
Up to 1,000
Deployment
The Cisco WSA is a forward proxy that can be deployed in either Explicit mode (proxy automatic configuration
[PAC] files, Web Proxy Auto-Discovery [WPAD], browser settings) or Transparent mode (Web Cache
Communication Protocol [WCCP], policy-based routing [PBR], load balancers). WCCP-compatible devices, such
as Cisco Catalyst 6000 Series Switches, Cisco ASR 1000 Series Aggregation Services Routers, Cisco Integrated
Services Routers, and Cisco ASA 5500-X Series Next-Generation Firewalls, reroute web traffic to the Cisco WSA.
The Cisco WSA can proxy HTTP, HTTPs, SOCKS, native FTP, and FTP over HTTP traffic to deliver additional
capabilities such as data loss prevention, mobile user security, and advanced visibility and control.
Licensing
A Cisco WSAV license is included in all Cisco web security software bundles (Cisco Web Security Essentials,
Cisco Web Security Antimalware, and Cisco Web Security Premium). This license has the same term as the other
software services in the bundle and can be used for as many virtual machines as needed.
2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 4 of 7
Policy management
Actionable reporting
URL filtering
Cisco Anti-Malware
AMP augments antimalware detection and blocking capabilities with file reputation scoring and blocking, file
sandboxing, and file retrospection for continuous analysis of threats.
McAfee Anti-Malware
Software updates and major upgrades to keep applications performing optimally at the most current
feature set
Access to Cisco Technical Assistance Center (TAC) for fast, specialized support
Online tools to build and expand in-house expertise and boost business agility
2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 5 of 7
Services
Cisco Branded Services
Cisco Security Planning and Design: Enables deployment of a robust security solution quickly and cost effectively.
Cisco Web Security Configuration and Installation: Mitigates web security risks by installing, configuring, and
testing appliances to implement:
Acceptable-use-policy controls
Reputation and malware filtering
Data security
Application visibility and control
Cisco Security Optimization Service: Supports an evolving security system to address security threats, design
updates, performance tuning, and system changes.
Collaborative/Partner
Services
Network Device Security Assessment: Helps maintain a hardened network environment by identifying gaps in
network infrastructure security.
Smart Care: Provides actionable intelligence gained from secure visibility into a networks performance.
Additional services: Cisco partners provide a wide range of valuable services across the planning, design,
implementation, and optimization lifecycle.
Cisco Financing
Cisco Capital can tailor financing solutions to business needs. Access Cisco technology sooner and see the
business benefits sooner.
2.
3.
b.
Follow the instructions in the Cisco Security Virtual Appliance Installation Guide to get started. Please note
that content security virtual appliance evaluations are not covered under SMARTnet and are therefore
unsupported.
2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 6 of 7
Warranty Information
Find warranty information on Cisco.com at the Product Warranties page.
Printed in USA
2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
C78-729630-06
03/15
Page 7 of 7