Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 Cloud WebSecurity Field Update.

Published byMarcus Bradley Modified over 8 years ago

Similar presentations

Presentation on theme: "Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 Cloud WebSecurity Field Update."— Presentation transcript:

1 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 Cloud WebSecurity Field Update

2 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 What Customers Want?Use CaseHow CWS Meets the Need Protection for Laptops Customers want protection for their roaming Laptops and do not want to back haul the internet traffic AnyConnect WebSec – Protect MAC / Windows Single Agent for customers needs Move to the cloud with ease Customers have an internal goal to move services to the cloud with minimal impact to their users Integration with Cisco Devices – ASA / ISR / WSA Premium Web Security Customers want Zero day protection SIO + Outbreak Intelligence Reliability and Scalability Customers want no disruptions to their service 22 DC’s with no down time Investment in Architecture Next Gen + Smart Connector

3 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 Internet EdgeInternet Edge Existing / New FirewallCustomer Transparent Redirect 25– 7500 users* Generally Available Direct to CloudDirect to Cloud Enterprise | Mid Market | SMB PAC File Scenarios with no ASA/ISRG2 Cloud based authentication Max users = N/A Generally Available Custom Deployment Advanced Proxy Features DLP needs Virtualized form factor 25-7500 Users* Phase 1 - Controlled Availably http://sswiki.cisco.com/index.php/WSA_Connector Enterprise Branch ISR ConnectorISR Connector Cloud ASA ConnectorASA Connector WSA ConnectorWSA Connector Roaming Users Existing AnyConnect / VPN customers Generally Available Laptop Users AnyConnect Existing/Potential ISR-G2 Customer Transparent Redirection No backhaul of internet traffic 120 – 1200 users Controlled Availably – http://wikicentral.cisco.com/display/GROUP/ISR+G2+Web+Se curity+Solutions+with+Scansafe+Portalhttp://wikicentral.cisco.com/display/GROUP/ISR+G2+Web+Se curity+Solutions+with+Scansafe+Portal ISR ConnectorISR Connector

4 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Web/URL Filtering  Application Controls Ports (all) Protocols (all) Ports (80, 443) Protocols (HTTP(S)) Ports (21, 80, 443) Protocols (HTTP(S), FTP, SOCKS) Malware Protection Basic (reputation) Advanced (reputation + content analysis) Advanced (reputation + content analysis) Remote User SecurityVPN BackhaulDirect to cloudVPN Backhaul DeploymentOn the firewall Cloud forward via ASA, ISR, WSA, AnyConnect On Premise Redirect Policy & ReportingOn PremiseIn the CloudOn Premise Licensing / Subscription Based on ASA model 1Y / 3Y / 5Y Based on user count 1Y / 3Y / 5Y Based on user count 1Y / 3Y / 5Y Firewall Integrated (ASA CX) Cloud (Cloud Web Security) Appliance, Physical & Virtual (Web Security Appliance)

5 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 Why is this important? Customers want no disruptions to the service Customers want a solution that can scale as they grow How does the solution solve this business problem? Better Network Connectivity 20 Gbps capable fully redundant network stack (2nd IP transit provider) and auto geo site DR Internet scale router for full upstream connectivity Peering capability More Computing power Virtualization layer (VMware) on scalable Cisco UCS hardware Proxy services: Thousands of VMs securing customer traffic BETA Customers start moving to new platform in July*

6 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 Web Security customer requirement: Transparent deployment Local logging / SIEM Caching DLP Integration Native FTP support All these features will be available on the WSA- based Connector Phase 1: High performance connector NTLM v2 Transparent identification Local caching support Offbox DLP integration (HTTP) Appliance based Phase 2 (Not Committed): All of the above Native FTP scanning Off Box DLP (HTTP + HTTPS) Local Logging Virtual form factor – VMware What? How? Released - CA Released - CA Road Map - EY 2013 Road Map - EY 2013 Customers want to move to the cloud but have appliance based features. Customers want to move the cloud but can not use ASA / ISR as a means to redirect traffic Why?

7 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Why? Add to CWS security capability Solution We dynamically block web requests based on SIO Generated WBRS Scores Continuous monitoring by OI / SecApp The system will continue to work with the current WebRep db Mapping of Web Reputation threat types into Cloud Web Security types (e.g. Phishing, Spyware, Adware, Info) Released

8 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Released CWS uses the SAML technology to identify and authenticate users No need for Connector or other authentication method The SP is located within the CWS cloud infrastructure All communication is performed via browser redirects and hidden forms containing SAML messages Example Use Case: 1.Customers wants to use CWS and need to apply a user level AUP but have a complex AD structure and they have implemented a Single Sign On (SSO) like SAML (PingFed / ADFS / Oracle etc.) infrastructure 2.Customers can use any method to redirect traffic to the cloud (ASA / ISR / WSA Connector / AnyConnect / PAC File) 3.With the CWS SAML Based Auth, they authenticate their end users using their SAML infrastructure to obtain the user / group information which allows them to enforce a granular AUP

9 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 FeatureUse CaseStatus Content Range Headers Enables uninterrupted video streaming with a smartphone / tablet device Released HTTPS Blank Screen With HTTPS Inspection enabled, when CWS doesn’t trust a certificate, user is given choice to accept certificate or not. Previously encountered blank white screen (confusing) Beta completed Target release May AnyConnect SSL Re-use Previously, each connection used a separate SSL thread. SSL threads are now re-used, improving AC performance for users, reducing load on towers, and increased AC capacity on existing towers Released – Still measuring but already seen improvements (in QA 20- 30% end user performance improvements) Portal Rebranding Cisco look and feel within ScanCenter, in-line with rest of Cisco’s security products portfolio Released CS Migration to TAC CWS CS migrated to Cisco TAC C3 systemCompleted. TAC cases now opened via CCO (cisco.com)

10 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 FeatureUse Case Additional AnyConnect Improvements Reduced memory usage on towers Reducing disk load (using RAM over disk for more content) Load balancer changes Additional HTTPS Inspection Improvements IP Range filters Do not inspect rule (seen also in reports) Reporting on which HTTPS inspection rules get hit PIM New DB for PIM data to improve scale / reliability HTTP Improvements Support for Put and Delete methods Better support for compressed encoding Rollout downstream keep-alive support Web Filtering Query Field Improvements Query params support (e.g. youtube.com/watch?id=12345) OCC dictionary support of queries (www.google.com/srch?q=suarez)www.google.com/srch?q=suarez ScanSafe Connector NTLM support improvements

11 Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 11

12 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 Target date is June 2013 Lessons learnt from IronPort Integration are being applied for CWS Less painful as no support contract migration  Should be simpler Trainings to be delivered prior to launch – invite to be sent in the next week Web Security Positioning – ASA CX / WSA / CWS Offer overview How to Order

13 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 http://wwwin.cisco.com/stg/products/web_security/cloud_web_security.shtml - http://wwwin.cisco.com/stg/products/web_security/cloud_web_security.shtml http://www.cisco.com/en/US/products/ps11720/products_installation_and_configuratio n_guides_list.html http://www.cisco.com/en/US/products/ps11720/products_installation_and_configuratio n_guides_list.html http://sswiki.cisco.com/index.php/Main_Page http://sswiki.cisco.com/index.php/Labs http://wikicentral.cisco.com/display/SSAFE/Home www.cisco.com/go/demo

14 Thank you.

Download ppt "Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 Cloud WebSecurity Field Update."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Cloud Web Security Update

Cloud Web Security Update
Stonesoft Roadmap WHAT FEATURES WILL COME IN 2013-2014.

Stonesoft Roadmap WHAT FEATURES WILL COME IN
Introducing New Additions to ProSafe Advanced Smart Switch Family: GS724TR and GS748TR (ProSafe 24 and 48-port Gigabit Smart Switches with Static Routing)

Introducing New Additions to ProSafe Advanced Smart Switch Family: GS724TR and GS748TR (ProSafe 24 and 48-port Gigabit Smart Switches with Static Routing)
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.

Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.
Introduction to ISA 2004 Dana Epp Microsoft Security MVP.

Introduction to ISA 2004 Dana Epp Microsoft Security MVP.
Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.

Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.
Lisa Farmer, Cedo Vicente, Eric Ahlm

Lisa Farmer, Cedo Vicente, Eric Ahlm
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Small Business RV320/RV325 Product Overview.

Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Small Business RV320/RV325 Product Overview.
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.

Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved.
Barracuda Networks Steve Scheidegger Commercial Account Manager 734-887-2422

Barracuda Networks Steve Scheidegger Commercial Account Manager
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.

Similar presentations

Ads by Google