More Related Content
Similar to Cisco Content Security (20)
More from Cisco Canada (20)
Cisco Content Security
- 3. Cisco Confidential 3© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Web and Email use is changing
Making it more difficult to protect your network
Mobile Coffee shop Corporate Home Airport
- 4. Cisco Confidential 4© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Our Web Security Problems Aren’t Getting Any EasierAn Evolving Threat Landscape
Email and Web are the #1 Threat Vector
IPv6 Spam
Blended Threats
Targeted Attacks
APTs
Advanced Malware
Rootkits Worms
Trojan Horse
- 5. Cisco Confidential 5© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Content Security Challenges
Data Loss
Malware Infections
Acceptable Use Violations
• Blocking hidden malware
• Disarming malicious links
• Managing advanced threats
• Application visibility
• Granular usage control
• Consistent policy enforcement
• Safeguard vital data
• Detecting data breach
• Preventing data leakage
Visibility
• Across users and sites
• Proactive reporting (retrospective)
• Centralized data collection
- 6. Cisco Confidential 6© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Content Security with AMP
BEFORE
Discover
Enforce
Harden
DURING
Detect
Block
Defend
AFTER
Scope
Contain
Remediate
Malware Signature
File Reputation
File Sandboxing
File Retrospection
Threat Analytics
Actionable Reporting
Defense across the attack continuum
Reputation
Usage/App Controls
Filtering
- 7. Cisco Confidential 7© 2013-2014 Cisco and/or its affiliates. All rights reserved.
1.6 million
global sensors
100 TB
of data received per day
150 million+
deployed endpoints
600+
engineers, technicians,
and researchers
35%
worldwide email traffic
13 billion
web requests
24x7x365
operations
40+
languages
Cisco Content Security with AMP
Built on unmatched collective security intelligence
10I000 0II0 00 0III000 II1010011 101 1100001 110
110000III000III0 I00I II0I III0011 0110011 101000 0110 00
I00I III0I III00II 0II00II I0I000 0110 00
180,000+ File Samples per Day
FireAMP™ Community
Advanced Microsoft
and Industry Disclosures
Snort and ClamAV Open Source
Communities
Honeypots
Sourcefire AEGIS™ Program
Private and Public Threat Feeds
Dynamic Analysis
1010000II0000III000III0I00IIIIII0000III0
1100001110001III0I00III0IIII00II0II00II101000011000
100III0IIII00II0II00III0I0000II000
Cisco®
SIO
Sourcefire
VRT®
(Vulnerability
Research Team)
Cisco Collective
Security
Intelligence
Content Security
Email Endpoints Web Networks IPS Devices
WWW
- 8. Cisco Confidential 8© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco AMP delivers integrated…
Retrospective SecurityAdditional Point-in-time Protection
Continuous AnalysisFile Reputation & Sandboxing
- 9. Cisco Confidential 9© 2013-2014 Cisco and/or its affiliates. All rights reserved.
AMP strengthens the first line of detection
Reputation Filtering and File Sandboxing
Dynamic
Analysis
Machine
Learning
Fuzzy
Finger-printing
Advanced
Analytics
One-to-One
Signature
- 10. Cisco Confidential 10© 2013-2014 Cisco and/or its affiliates. All rights reserved.
0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110
1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00
AMP’s continuous retrospective security
Breadth and Control points:
File Fingerprint and Metadata
File and Network I/O
Process Information
Telemetry
Stream
Continuous feed
Web
WWW
Endpoints NetworkEmail
Continuous analysis
DevicesIPS
- 11. Cisco Confidential 11© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Web Security At-a-glance
Centralized Management & Reporting
Cisco Security Intelligence Operations (SIO)
WWW
URL
Filtering
Application Visibility and
Control (AVC)
Data Loss Prevention
(DLP)
Threat Monitoring &
Analytics
Advanced Malware
Protection
• Spots symptoms of infection
based on behavioral anomalies
(CWS only) and CNC traffic
• Blocks unknown files via
reputation and sandboxing
• Continues to monitor threat
levels after an attack
• Contains 50M known sites
• Categorizes unknown URLs in
real time
• Controls mobile, collaborative
and web 2.0 applications
• Enforces behaviors within web
2.0 applications
• Blocks sensitive information
• Integrates easily by ICAP with
3rd party vendors
Offers actionable insight across threats, data and applications
AllowWWW
Limited AccessWWW
BlockWWW
Monitors threats worldwide, filters on reputation and automatically updates every 3-5 min
PROTECTION CONTROL
- 12. Cisco Confidential 12© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Acceptable Use Controls
Beyond URL Filtering
URL Filtering
• Constantly updated URL
database covering
over 50 million sites
worldwide
• Real-time dynamic
categorization for
unknown URLs
HTTP://
Application Visibility and Control (AVC)
Hundreds of
Apps
Application
Behavior
150,000+
Micro-apps
• Control over mobile,
collaborative and web
2.0 applications
• Assured policy control
over which apps can
be used by which
users and devices
• Granular enforcement
of behaviors within
applications
• Visibility of activity
across the network
+
- 13. Cisco Confidential 13© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Cisco Email Security At-a-glance
Centralized Management & Reporting
Cisco Security Intelligence Operations (SIO)
Defense in Depth Policy Control DLP and EncryptionTargeted Threat Mitigation
Advanced Malware
Protection
• Prevent phishing and blended
threats
• URL Filtering for advance
policies
• Blocks unknown files via
reputation and sandboxing
• Continues to monitor threat
levels after an attack
• SenderBase Reputation
• Anti-Spam and Spoofing
• Anti-Virus with Outbreak Filters
• Dynamic update engines
• Enhanced control over inbound
and outbound traffic
• Enforces behaviors within web
2.0 applications
• Integration with RSA DLP policy
engine and lexicons
• Encrypt sensitive information
Offers actionable insight across threats, data and applications
Deliver Quarantine Drop
Monitors threats worldwide, filters on reputation and automatically updates every 3-5 min
PROTECTION CONTROL
Re-write URLs
- 14. Cisco Confidential 14© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Phishing Attack and URL Defense Controls
Integrated email and web security
Rewrite
Email Contains
URL
URL
Categorization
Cisco SIO
BLOCKEDwww.playboy.comBLOCKED
BLOCKEDwww.proxy.orgBLOCKED
Defang
Replace
Send to Cloud
Cisco Security
The requested web page
has been blocked
http://www.threatlink.com
Cisco Email and Web Security protects your
organization’s network from malicious software.
Malware is designed to look like a legitimate email
or website which accesses your computer, hides
itself in your system, and damages files.
- 15. Cisco Confidential 15© 2013-2014 Cisco and/or its affiliates. All rights reserved.
DLP and Compliance
Built-in Comprehensive DLP Solution with RSA: Accurate, Easy, and Extensible
Data Loss
Prevention
Incidents Policies
Accurate, Easy, and Extensible • Fast setup
• Low administrative overhead
• Comprehensive policy creation and
modification
• Exceptional accuracy
• Direct integration for enterprisewide
DLP deployments
• Secure delivery with on-box
encryption.
Data SecurityThreat Protection
- 16. Cisco Confidential 16© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Centralized Management and Reporting
Analyze, Troubleshoot and Refine Security Policies
Centralized ReportingCentralized Management
In-depth Threat Visibility
Extensive Forensic Capabilities
Centralized Policy
Management
Delegated
Administration
Insight
Across Threats,
Data and Applications
Control
Consistent Policy Across Offices
and for Remote Users
Visibility
Continuous Visibility Across Different
Devices, Services and Network Layers
- 17. Cisco Confidential 17© 2013-2014 Cisco and/or its affiliates. All rights reserved.
Flexible Licensing and Deployment Options
On-Premise or In the Cloud
Deployment
Options
Connection
Methods
On-premises Cloud
Cloud
FirewallRouter Roaming
Virtual NGFW
Roaming
Appliance
Appliance
Redirectors
WCCP PAC File Explicit WCCP PAC File Explicit
Advanced
Malware
Protection
Integrated on box – Licensed Plug-in Integrated - License