cisco confidential © 2010 cisco and/or its affiliates. all rights reserved. 1 cloud web security...
TRANSCRIPT
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 1
Cloud Web Security Update
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
ScanSafe is nowCloud Web Security
(CWS)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Session ObjectivesAt the end of the session, the participants should be able to:
• Articulate the strategy of the product
• Speak to the upcoming feature sets
• Understand the deployment mechanism
• Defend against competitive talking points
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
5 beta customers with100% functional coverage
Included strategic partners BT, CDW and key customers like Nike
ASA-based Connector Update
Positive’s Learning's
• “ASA with ScanSafe is brilliant” - BT
• 3 customers tested the code in production
• Easy configuration and setup
• Management across two platforms
• Documentation clarity
• Configuration with the new identity mechanism via IDFW not fully stressed
Overview
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
http://sswiki.cisco.com/index.php/ASA
Sizing Information ASA Platform Number of Users
5505 25
5510 75
5512-X 100
5515-X 250
5520 300
5525-X 500
5540 1,000
5545-X 1,500
5550 2,000
5555-X 3,000
5585-X SSP10 – 5585-X SSP60 7,500
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
From
• IronPort / ScanSafe Pricebook with Multiple Buying Options
• Silo-ed Development of Features
• Perceived Product Complexity
• GPL Availability – May 2013
• Convergence of Features within Web Security Portfolio
• Fewer deployment options, auto provisioning and configuration
To
Our Strategy is Attach
Cloud Web Security
ISR G2 ASA AnyConnect WebSecurity
WSA ConnectorPLATFORMS
SERVICE
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
End Customer Experience Today• Time varies from 3 days to weeks
Order VerificationProvision & Capacity
DeploymentService Enabled
• Specialized sales or CSE engagement
• Need details on customer’s network (IP, breakout’s etc.)
• Order verified; if information is incomplete sent back to customer via partner
• Portal provisioned and capacity allocated manually (towers, proxy etc.)
• TAM engages with customer to deploy CWS
• Can be time-consuming if network is complicated or poor sales qualification
Manual activation process not conducive to Cisco and partner-led saleAutomated order-deployment process is key to higher attach
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
How Do We Simplify
Business OpsMinimize touch points, integrate with GPL
Order & Quoting
Eliminate non-essential or double-entry of data
Create a single source of truth for customer data
Portal 2.0Faster, smarter and flexible. Rebrand to Cisco
Ease-of-useReduce CS overhead, enhance customer experience
On-going Service
Rebrand to CiscoElement of self diagnosis in the portal
Category checker, notifications, exception managementOpen support tickets via portal, automated error report
Simplified portal for reporting and policy, flexibility in design and customization
Create a full Cisco kit for the datacenter; economies of scale
Next Gen TowerLeverage UCS for scalability and cost savings
Infrastructure
Customers not tied to a tower; dynamically move customers
Reduce manual steps in capacity allocation
Smart ConnectorSelf-deploying proxy
Automatically configured ASA/ISR; reduce dependencies on the proxy
Reduce the number of supported deployment mechanisms
Deployment
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Network Attach
Enterprise FeaturesSimplification Security Services Convergence
Roadmap Pillars
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Network Attach
Enterprise FeaturesSimplification Security Services Convergence
• Next Gen Tower
• Smart Connector
• CS tools
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Ne
two
rkS
tora
ge
Co
mp
ute
• 20 Gbps capable fully redundant network stack (2nd IP transit provider) and auto geo site DR
• Internet scale router for full upstream connectivity• Peering capability
• Virtualization layer (VMware) on scalable Cisco UCS hardware• Proxy services: Thousands of VMs securing customer traffic• Management services
+ Logging | Reporting | Monitoring | Debugging• Future services
+ Room for product evolution and completely new products on same hardware
• SAN Based• Fast | Flexible | Scalable storage• Highly available
Next Gen Tower
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Smart Connector
Features Support
Monitoring
Information
User Details One format
Configuration
Auto Provisioning Identity Exception
Smart Connector
End customer experience should reflect that of AnyConnect WebSecurity
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Message from Cisco Cloud Web Security: New Feature - A Cloud first, click here for more information
© 2011 Cisco and/or its affiliates. All rights reserved.© 2011 Cisco and/or its affiliates. All rights reserved.
Service Health
Your Cloud Proxies
Your Cloud Connector
Your Cloud Identity
Who’s Connected
LondonSan FranciscoParis
Remote Users
LondonParisNew York
Cisco Cloud Web Security
Policy Backup
Policy Tracer
Submit Recat
Website Checker
Open :Ticket 1Ticket 2Ticket 3
ClosedTicket 4Ticket 5Ticket 6
Service Improvements
1. Recommended Web Polices
2. Use Delegated Admin
3. Upgrade your Cloud Connector
Service ToolsService Incident Tickets
Revamped Portal (Artist Rendition)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Support ToolsRank Bucket Feature Priority
1 Web Filtering Tools Recat Checker / Submit Essential
Policy Import / Backup Essential
2 Customer Notification Ability to create notifications & allow customers to select how to receive the notification
Essential
3 Service Status Page Connector Status Essential
Tower Status Essential
Latency Monitoring tool Essential
4 Customer Troubleshooting Website checker High
ScanCenter Auditing High
5 Customer Self Help Policy Tracer Essential
PAC filer validator Essential
Whoami.scansafe.net improvements Essential
Templates (filtering + reporting) High
6 Ad-Hoc Features ScanCenter UI Easy wins Essential
ScanCenter configuration page changes Essential
7 Security Tools More information of block classification – Threat Defense Essential
BC: October 2012
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Self Deployment Process
• Easy to follow deployment guides
• VODs of deployment options
• Projects to streamline service deployment process
• Beta process running successfully for months – Complete
• 8 customers and over 1400 seats self deployed
DeploymentDeployment for All Accounts with < 500 seats
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Network Attach
Enterprise FeaturesSimplification Security Services Convergence
• Integrate Web Reputation
• Additional OI ScanLets
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Web Reputation Integration
• We dynamically block web requests based on SIO Generated WBRS Scores
Continuous monitoring by OI / SecApp
• The system will continue to work with the current WebRep db
• Mapping of Web Reputation threat types into Cloud Web Security types (e.g. Phishing, Spyware, Adware, Info)
• Provide whitelisting per company (for Operational use and NOT customer facing
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Network Attach
Enterprise FeaturesSimplification Security Services Convergence
• SAML 2.0 Authentication
• WSA-based Connector
• iOS Protection
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
How Does CWS Use SAML?
This solution is limited to any customer already using an IdP for Single Sign On (SSO) purposes
ScanSafe uses the SAML technology to identify and authenticate users
No need for Connector or other authentication method
The SP is located within the ScanSafe cloud infrastructure
All communication is performed via browser redirects and hidden forms containing SAML messages
BETA Customers include: HCA, GE, ABF
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
SAML 2.0 Data Flow
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
WSA-based Connector
Web Security customer requirement:
• Transparent deployment• Local logging / SIEM• Caching• DLP Integration• Native FTP support
All these features will be available on the WSA-based
Connector
Phase 1:• High performance connector• NTLM v2• Transparent identification• Local caching support• Offbox DLP integration • Appliance based
Phase 2 (Not Committed):• All of the above• Native FTP scanning• Local Logging• Virtual form factor – VMware
What? How?
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
3rd Party MDM Appliance
CSM / ASDM
MDM Manager
AC VPN (All Mobile)AC Cloud Web Security (All PC’s)
IronPort WSA
CWS
Apple + CWS
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Cisco Cloud Web Security BYOD Solution
• FutureOutside the Enterprise
3rd Party MDM Appliance
MDM Manager
Hosted PAC + EasyID
POC only !!!!!!!
If successful CCB
Hosted PAC
EasyID
CWS
Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 24
Additional Resources
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Competitive Strategy
Focus on attach model
Continued integration with Monish Pahwa’s team
WebSense and BC updates at competitive forum Nov 5-9th
Focus on Efficacy, Simplification of deployment, Enterprise integration
# ! %
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Empower the Field
• http://wwwin.cisco.com/stg/products/web_security/cloud_web_security.shtml -
• http://www.cisco.com/en/US/products/ps11720/products_installation_and_configuration_guides_list.html
• http://sswiki.cisco.com/index.php/Main_Page
• http://sswiki.cisco.com/index.php/Labs
• http://wikicentral.cisco.com/display/SSAFE/Home
www.cisco.com/go/demo
Thank you.