Professional Documents
Culture Documents
Presentation_ID
Cisco Confidential
Cisco IronPort
Unparalleled Market Leadership
IronPort funded in 2000,
acquired by Cisco in 2007
IronPort Positioned in the Leaders
Quadrant in Magic Quadrant Report
20,000+ customers
globally
400 million users
protected
Spam, Phishing/Fraud
Viruses, Trojans, Worms
Spyware, Adware
Unauthorized Access
Internet
SensorBase
(The Common
Security Database)
APPLICATION-SPECIFIC
SECURITY GATEWAYS
EMAIL
WEB
Security Gateway
Security Gateway
MANAGEMENT
Appliance
Cisco IronPort
Email Security
Presentation_ID
Cisco Confidential
Email Challenges
Standard Email does not natively offer
what is expected
Junk Mail
Viruses
Regulations
5
Internet
Internet
Firewall
Firewall
Encryption Platform
MTA
DLP
Scanner
Anti-Spam
Anti-Virus
DLP Policy
Manager
Policy Enforcement
Mail Routing
Groupware
Users
Groupware
Users
6
Spam Trends
300
)
s 250
n
o
il
li
b
(
e 200
m
u
l
o
V
m150
a
p
S
y
li
a 100
D
e
g
a
r 50
e
v
A
0
8
0
n
a
J
8
0
b
e
F
8
0
-r
a
M
8
0
-r
p
A
8
0
y
a
M
8
0
n
u
J
8
0
lu
J
8
0
g
u
A
8
0
p
e
S
8
0
-t
c
O
8
0
v
o
N
8
0
c
e
D
Month
9
0
n
a
J
9
0
b
e
F
9
0
-r
a
M
9
0
-r
p
A
9
0
y
a
M
9
0
n
u
J
9
0
lu
J
9
0
g
u
A
9
0
p
e
S
9
0
-t
c
O
9
0
v
o
N
7
TEXT SPAM
ATTACHMENT SPAM
(PDF, EXCEL, MP3)
2005
2007
2006
IMAGE SPAM
2008
TARGETED ATTACKS
Your Equitable
Your Equitable
Bank
account
Bank
account
is
closed,
call
is closed,
us
now at call
us now at
(802)354-4250
(802)354-4250
Your Equitable
Bank account
is closed, call
us now at
(802)354-4250
Image Spam
Data Volume
Message Structure
Complaints
Blacklists, whitelists
Off-line data
URL blacklists & whitelists
HTML Content
Domain Info
Reputation Score
MAIL TRANSFER
AGENT
OUTBOUND
CONTROL
Spam
Defense
Virus
Defense
Data Loss
Prevention
Management
INBOUND
SECURITY
Secure
Messaging
10
200
Connections
Disk I/O
Bottlenecks
Low Performance/
Peak Delivery Issue
1K 10K
Connections
Unable To Leverage
Full Capability
Components
CPU
High Performance/
Sure Delivery
Limited Solely
By CPU Capacity
11
Internet
163.24.127.3
Internet
163.24.127.4
163.24.127.5
1.
1.
2.
2.
MAIL TRANSFER
AGENT
OUTBOUND
CONTROL
Spam
Defense
Virus
Defense
Data Loss
Prevention
Management
INBOUND
SECURITY
Secure
Messaging
13
SensorBase
Reputation Filtering
IronPort Anti-Spam
Verdict
14
Reputation
Filtering
Suspicious
is rate limited
& spam filtered
IronPort
Anti-Spam
Incoming Mail
Known bad is
blocked
Ciscos Internal
Email Experience:
Message Category
Stopped by Reputation Filtering
Messages
93.1%
700,876,217
0.3%
2,280,104
Spam Detected
2.5%
18,617,700
Virus Detected
0.3%
2,144,793
0.6%
4,878,312
96.8%
728,797,126
3.2%
24,102,874
752,900,000
15
MAIL TRANSFER
AGENT
OUTBOUND
CONTROL
Spam
Defense
Virus
Defense
Data Loss
Prevention
Management
INBOUND
SECURITY
Secure
Messaging
16
Early Protection
with
IronPort Virus
Outbreak Filters
17
T = 5 mins
T=0
-zip (exe) files
Anti-Virus
T = 15 mins
MAIL TRANSFER
AGENT
OUTBOUND
CONTROL
Spam
Defense
Virus
Defense
Data Loss
Prevention
Management
INBOUND
SECURITY
Secure
Messaging
19
4%
7%
Information marked
Confidential
12%
4%
8% 4%
Personal client
information
44%
21%
Personnel Information
Intellectual Property
20
Comprehensive
100+ Pre-defined templates
Regulatory compliance
Easy
One-click activation
Policy enable/disable
Accurate
Multiple parameters
Key words, proximity, etc.
21
Email Encryption
Instant Deployment, Zero Management Cost
Message pushed to
recipient
User opens secured
message in browser
Gateway encrypts
message
Key is stored
Decrypted
message is displayed
22
MAIL TRANSFER
AGENT
OUTBOUND
CONTROL
Spam
Defense
Virus
Defense
Data Loss
Prevention
Management
INBOUND
SECURITY
Secure
Messaging
23
IT
SALES
LEGAL
Comprehensive Insight
Unified Business Reporting
Consolidated Reports
Real Time
insight into
email traffic and
security threats
Actionable drill
down reports
Single view
across the
organization
Email Volumes
Spam Counters
Policy Violations
Virus Reports
Outgoing Email Data
Reputation Service
System Health View
25
What happened to
the email I sent 2
hours ago?
9Track Individual
Email Messages
9 Forensics to
Ensure Compliance
26
Email Security
Hosted Offerings
Presentation_ID
Cisco Confidential
27
Hosted
Hybrid Hosted
Managed
Award-Winning
Technology
Dedicated
SaaS
Infrastructure
Best of Both
Worlds
Fully Managed
on Premises
Cisco IronPort
Web Security
Overview
Presentation_ID
Cisco Confidential
29
Malware Infections
Email Vector
Web Vector
Time
Malware infection vectors are
shifting from email to Web
30
URL classification is
reactive, has low coverage
Predictable,
easy to classify
Traffic Volume
Big
Head
Long Tail
# of Sites
31
Exploited Websites
An Invisible Threat
32
Drive-By Scareware
34
Internet
Firewall
Internet
Firewall
URL Filtering
Policy Management
Users
Users
PROXY CACHE
URL
Filters
Web Reputation
Filters
Management
L4 Traffic
Monitor
Anti-Malware
System
36
Handle
Handle extremely
extremely high
high traffic
traffic
volumes
volumes
Co-related
Co-related object
object storage
storage and
and
high-performance
high-performance caching
caching
Significantly
Significantly improved
improved
response
response times
times
PROXY CACHE
URL
Filters
Web Reputation
Filters
Management
L4 Traffic
Monitor
Anti-Malware
System
38
Users
Packet and
Header Inspection
Network Layer
Analysis
Internet
39
PROXY CACHE
URL
Filters
Web Reputation
Filters
Management
L4 Traffic
Monitor
Anti-Malware
System
40
Number of Webpages
Dynamic Web
User Generated &
Web 2.0 Content
Static Web
Traditional Content Publishers
Legacy URL Filtering Focus
1998
28 Million
webpages
2000
1 Billion
webpages
2008
1 Trillion
webpages
41
www.sportsbook.com/
URL Database
Gambling
Uncategorized
OBSCENE
PORN
ADULT
GAMBLING
42
www.sportsbook.com/
Gambling
URL Database
Industry-leading URL
database efficacy
Uncategorized
65 categories
Updated every 5 minutes
Powered by Cisco SIO
Gambling
www.casinoonthe.net/
Uncategorized
Dynamic categorization
identifies ~90% of Dark
Web content in commonly
blocked categories
Gambling
43
Customer
Administrators
URL Categorization
Requests
Uncategorized
URLs
Cisco SIO
Master URL
Database
External Feeds
Crawler Targeting
Crowd Sourcing
Manual
Categorization
Web
Crawlers
44
PROXY CACHE
URL
Filters
Web Reputation
Filters
Management
L4 Traffic
Monitor
Anti-Malware
System
45
Adware
Webroot
Trojans
Webroot +
McAfee
Worms
Viruses
McAfee
~35%AdditionalCoverage
Multiple integrated verdict engines
McAfee and Webroot
Automated updates
47
High-performance
scanning
- Parallel scans
- Stream scanning
Webroot
IRONPORT
IRONPORT
DVS
DVS ENGINE
ENGINE
McAfee
VERDICT
ENGINE
N
- Integrated, on-box
- Supported engines:
Webroot, McAfee
Policy
Policy Management
Management
48
49
File Transfer
Protocol
50
HTTPS Scanning
Selective, Based on Trust
Internet
Users
Web
Server
Cisco
IronPort
WSA
51
Log
Allow
Documents
Internet
Block
Webmail
Internet
Block
Content
Verdict
PROXY CACHE
URL
Filters
Web Reputation
Filters
Management
L4 Traffic
Monitor
Anti-Malware
System
53
Marketing
Block executables
Block gambling sites
Block all malware
Sales
Allow Skype
Monitor all traffic
Allow executables
IT
54
Delegated Administration
Flexibility to Support Organizational Requirements
Global administrator
defines roles and
access permissions
IT
No Media
No FTP
SALES
No Webmail
LEGAL
Comprehensive Reporting
In-depth Threat Visibility
- Web Traffic Overview
- Layer 4 Traffic Monitor
- Anti-Malware Category and Threat Details
- Client Malware Risk & Activity Detail
- Website Activity and Detail
56
Web Security
Hosted Offerings
Cisco Confidential
57
Awards
Securityproduct
oftheyear2008
Customers
monthly
Partners
Award-winning
58
59