Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cloud Web Security Update

Similar presentations

Presentation on theme: "Cloud Web Security Update"— Presentation transcript:

1 Cloud Web Security Update

2 ScanSafe is now Cloud Web Security (CWS)

3 Session Objectives At the end of the session, the participants should be able to: Articulate the strategy of the product Speak to the upcoming feature sets Understand the deployment mechanism Defend against competitive talking points

4 ASA-based Connector Update
Overview 5 beta customers with100% functional coverage Included strategic partners BT, CDW and key customers like Nike Positive’s Learning's Scale issues Transaction failures Concurrency issues Process hang due to blocking calls Fragmented HTTP packet sequences The NTLM code not properly tested with real world traffic and also with stress Management across two platforms Documentation clarity Configuration with the new identity mechanism via IDFW not fully stressed “ASA with ScanSafe is brilliant” - BT 3 customers tested the code in production Easy configuration and setup

5 Sizing Information ASA Platform Number of Users 5505 25 5510 75 5512-X
100 5515-X 250 5520 300 5525-X 500 5540 1,000 5545-X 1,500 5550 2,000 5555-X 3,000 5585-X SSP10 – 5585-X SSP60 7,500 Training for the solution in the upcoming weeks

6 AnyConnect WebSecurity
Our Strategy is Attach From IronPort / ScanSafe Pricebook with Multiple Buying Options Silo-ed Development of Features Perceived Product Complexity GPL Availability – May 2013 Convergence of Features within Web Security Portfolio Fewer deployment options, auto provisioning and configuration To Cloud Web Security ISR G2 ASA AnyConnect WebSecurity WSA Connector SERVICE Meets all core requirements for deploying a WebSecurity Solution Traffic Redirection and User Authorization Clear to see which solutions are for LAN and Roaming Reducing the options to deploy for ScanSafe does not remove the complexity of deploying a WebSecurity solution however the cloud is now just as complex to deploy as a Cisco firewall or branch router  Non-Cisco Install base: Meets Core ScanSafe deployment requirement & Advanced Identification requirements PLATFORMS

7 End Customer Experience Today
Time varies from 3 days to weeks Order Verification Provision & Capacity Deployment Service Enabled Specialized sales or CSE engagement Need details on customer’s network (IP, breakout’s etc.) Order verified; if information is incomplete sent back to customer via partner Portal provisioned and capacity allocated manually (towers, proxy etc.) TAM engages with customer to deploy CWS Can be time-consuming if network is complicated or poor sales qualification Lead time to deploy – days to weeks Delay in time or order Manual activation process not conducive to Cisco and partner-led sale Automated order-deployment process is key to higher attach

8 How Do We Simplify Business Ops Order & Quoting Next Gen Tower
Minimize touch points, integrate with GPL Order & Quoting Eliminate non-essential or double-entry of data Create a single source of truth for customer data Create a full Cisco kit for the datacenter; economies of scale Next Gen Tower Leverage UCS for scalability and cost savings Infrastructure Customers not tied to a tower; dynamically move customers Reduce manual steps in capacity allocation Smart Connector Self-deploying proxy Automatically configured ASA/ISR; reduce dependencies on the proxy Reduce the number of supported deployment mechanisms Deployment Portal 2.0 Faster, smarter and flexible. Rebrand to Cisco Ease-of-use Reduce CS overhead, enhance customer experience On-going Service Rebrand to Cisco Element of self diagnosis in the portal Category checker, notifications, exception management Open support tickets via portal, automated error report Simplified portal for reporting and policy, flexibility in design and customization

9 Security Services Convergence
Roadmap Pillars Security Services Convergence Simplification Enterprise Features Network Attach

10 Security Services Convergence
Simplification Enterprise Features Next Gen Tower Smart Connector CS tools Network Attach

11 Next Gen Tower Network Compute Storage
20 Gbps capable fully redundant network stack (2nd IP transit provider) and auto geo site DR Internet scale router for full upstream connectivity Peering capability Storage Virtualization layer (VMware) on scalable Cisco UCS hardware Proxy services: Thousands of VMs securing customer traffic Management services + Logging | Reporting | Monitoring | Debugging Future services + Room for product evolution and completely new products on same hardware SAN Based Fast | Flexible | Scalable storage Highly available

12 End customer experience should reflect that of AnyConnect WebSecurity
Smart Connector Features Support Monitoring Information User Details One format Configuration Auto Provisioning Identity Exception Smart Connector End customer experience should reflect that of AnyConnect WebSecurity

13 Revamped Portal (Artist Rendition)
Message from Cisco Cloud Web Security: New Feature - A Cloud first, click here for more information © 2011 Cisco and/or its affiliates. All rights reserved. Service Health Your Cloud Proxies Your Cloud Connector Your Cloud Identity Who’s Connected London San Francisco Paris Remote Users New York Cisco Cloud Web Security Policy Backup Tracer Submit Recat Website Checker Open : Ticket 1 Ticket 2 Ticket 3 Closed Ticket 4 Ticket 5 Ticket 6 Service Improvements Recommended Web Polices Use Delegated Admin Upgrade your Cloud Connector Service Tools Service Incident Tickets Service notifications – configure and view them Video Tutorials – self deployment guides, support videos , ATP guides Manuals - for products, features etc. Tech Specs – Support matrix, Whats supported and whats note Downloads – software, images etc.. Communities – blogs, support posts etc.

14 Support Tools 1 Web Filtering Tools 2 Customer Notification 3
BC: October 2012 Support Tools Rank Bucket Feature Priority 1 Web Filtering Tools Recat Checker / Submit Essential Policy Import / Backup 2 Customer Notification Ability to create notifications & allow customers to select how to receive the notification 3 Service Status Page Connector Status Tower Status Latency Monitoring tool 4 Customer Troubleshooting Website checker High ScanCenter Auditing 5 Customer Self Help Policy Tracer PAC filer validator improvements Templates (filtering + reporting) 6 Ad-Hoc Features ScanCenter UI Easy wins ScanCenter configuration page changes 7 Security Tools More information of block classification – Threat Defense

15 Self Deployment Process
Easy to follow deployment guides VODs of deployment options Projects to streamline service deployment process Beta process running successfully for months – Complete 8 customers and over 1400 seats self deployed Deployment for All Accounts with < 500 seats Deployment

16 Security Services Convergence
Simplification Enterprise Features Integrate Web Reputation Additional OI ScanLets Network Attach

17 Web Reputation Integration
We dynamically block web requests based on SIO Generated WBRS Scores Continuous monitoring by OI / SecApp The system will continue to work with the current WebRep db Mapping of Web Reputation threat types into Cloud Web Security types (e.g. Phishing, Spyware, Adware, Info) Provide whitelisting per company (for Operational use and NOT customer facing If the Web Reputation database updater breaks, the system will continue to work with the existing database. Efficacy degrades slowly overtime - rarely breaks.

18 Security Services Convergence
Simplification Enterprise Features SAML 2.0 Authentication WSA-based Connector iOS Protection Network Attach

19 How Does CWS Use SAML? ScanSafe uses the SAML technology to identify and authenticate users No need for Connector or other authentication method The SP is located within the ScanSafe cloud infrastructure All communication is performed via browser redirects and hidden forms containing SAML messages This solution is limited to any customer already using an IdP for Single Sign On (SSO) purposes BETA Customers include: HCA, GE, ABF

20 SAML 2.0 Data Flow

21 All these features will be available on the WSA-based Connector
What? How? Phase 1: High performance connector NTLM v2 Transparent identification Local caching support Offbox DLP integration Appliance based Web Security customer requirement: Transparent deployment Local logging / SIEM Caching DLP Integration Native FTP support All these features will be available on the WSA-based Connector Phase 2 (Not Committed): All of the above Native FTP scanning Local Logging Virtual form factor – VMware Phase 1 end of the year..- controlled aval. – have to no scope to add features and customer must accept the current feature End of Year 2012 Phase 2 © 2009, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr

22 AC Cloud Web Security (All PC’s)
Apple + CWS 3rd Party MDM Appliance CSM / ASDM MDM Manager AC VPN (All Mobile) AC Cloud Web Security (All PC’s) IronPort WSA CWS

23 Cisco Cloud Web Security BYOD Solution
Future Outside the Enterprise Hosted PAC CWS POC only !!!!!!! If successful  CCB MDM Manager 3rd Party MDM Appliance Why Cisco/network wins EasyID Hosted PAC + EasyID

24 Additional Resources

25 Competitive Strategy Focus on attach model Focus on Efficacy, Simplification of deployment, Enterprise integration Continued integration with Monish Pahwa’s team # ! % WebSense and BC updates at competitive forum Nov 5-9th

26 Empower the Field
To deploy a web sec solution u need two things the ability redirect traffic to the proxy as you need to get the traffic to the scanning element and perform user authorization, which is typically broken into user auth, to confirm the user is who they say they are and user identification to allow apply granularity acceptable usage policy This may seem simple but it is not!  _security.shtml - allation_and_configuration_guides_list.html


Download ppt "Cloud Web Security Update"

Similar presentations

Ads by Google