ironport #÷ òf æ v - cisco · self defending networks 3.0 a new framework for deep & wide...
TRANSCRIPT
![Page 1: IronPort #÷ òF æ V - Cisco · Self Defending Networks 3.0 A New Framework for Deep & Wide Security Solutions Managed and Professional Services Secure Network Platform Management:](https://reader034.vdocuments.us/reader034/viewer/2022050409/5f8600b27b14ef15205e9bc5/html5/thumbnails/1.jpg)
IronPort ( Web Security)( y)
(Kevin Hong) [email protected]
© 2008 Cisco Systems, Inc. All rights reserved. 1
Cisco Systems Korea
![Page 2: IronPort #÷ òF æ V - Cisco · Self Defending Networks 3.0 A New Framework for Deep & Wide Security Solutions Managed and Professional Services Secure Network Platform Management:](https://reader034.vdocuments.us/reader034/viewer/2022050409/5f8600b27b14ef15205e9bc5/html5/thumbnails/2.jpg)
Ci I P t O iCisco IronPort Overview
© 2008 Cisco Systems, Inc. All rights reserved. 2
![Page 3: IronPort #÷ òF æ V - Cisco · Self Defending Networks 3.0 A New Framework for Deep & Wide Security Solutions Managed and Professional Services Secure Network Platform Management:](https://reader034.vdocuments.us/reader034/viewer/2022050409/5f8600b27b14ef15205e9bc5/html5/thumbnails/3.jpg)
Adding Content Security to the NetworkDeeper + Wider = Improved VisibilityDeeper Wider Improved Visibility
Cross Layer Cross Protocol analysis of email and web
Content Security
Cross Layer, Cross Protocol analysis of email and web traffic
Port 25 Port 80Content Security
Network Security
© 2008 Cisco Systems, Inc. All rights reserved. 3
Locked the network doors, but email and web stayed open
![Page 4: IronPort #÷ òF æ V - Cisco · Self Defending Networks 3.0 A New Framework for Deep & Wide Security Solutions Managed and Professional Services Secure Network Platform Management:](https://reader034.vdocuments.us/reader034/viewer/2022050409/5f8600b27b14ef15205e9bc5/html5/thumbnails/4.jpg)
Self Defending Networks 3.0 A New Framework for Deep & Wide Security Solutions
Managed and Professional Servicesg
Secure Network Platform
Management: Policy Control, Visibility, Reporting, Reputation
Content Security(IronPort)
Email, IM, Web, P2P…
Application Security
XML, database
Network Security Trusted Network Client
Firewall, NIPS, VPN NAC, HIPS, Authentication
© 2008 Cisco Systems, Inc. All rights reserved. 4
![Page 5: IronPort #÷ òF æ V - Cisco · Self Defending Networks 3.0 A New Framework for Deep & Wide Security Solutions Managed and Professional Services Secure Network Platform Management:](https://reader034.vdocuments.us/reader034/viewer/2022050409/5f8600b27b14ef15205e9bc5/html5/thumbnails/5.jpg)
IronPort’s Content Security Story
EnforceMail Server End User Client
Internet
Block Incoming Th t
EnforcePolicy
Threats
SenderBase
CONTENTSECURITYGATEWAYS EMAIL WEB / IM
MANAGEMENT Controller
(the common security database)
EMAILSecurity Appliance
WEB / IMSecurity Appliance
LAN
Centralize admin:• Per-user policy• Per-user reporting• Quarantine
© 2008 Cisco Systems, Inc. All rights reserved. 5
• Archiving
Mail Server End User Client
![Page 6: IronPort #÷ òF æ V - Cisco · Self Defending Networks 3.0 A New Framework for Deep & Wide Security Solutions Managed and Professional Services Secure Network Platform Management:](https://reader034.vdocuments.us/reader034/viewer/2022050409/5f8600b27b14ef15205e9bc5/html5/thumbnails/6.jpg)
The SenderBase® Network
Sender Base:The most Comprehensive Global
Email and Web Traffic
1 50150 email parameter
Monitoring… Cisco Network Devices
email & Web trafficemail & Web traffic
80% URL email based
Botnet
© 2008 Cisco Systems, Inc. All rights reserved. 6Source: www.ciphertrust.com and www.borderware.com, August 6, 2006
![Page 7: IronPort #÷ òF æ V - Cisco · Self Defending Networks 3.0 A New Framework for Deep & Wide Security Solutions Managed and Professional Services Secure Network Platform Management:](https://reader034.vdocuments.us/reader034/viewer/2022050409/5f8600b27b14ef15205e9bc5/html5/thumbnails/7.jpg)
WSA O iWSA Overview
© 2008 Cisco Systems, Inc. All rights reserved. 7
![Page 8: IronPort #÷ òF æ V - Cisco · Self Defending Networks 3.0 A New Framework for Deep & Wide Security Solutions Managed and Professional Services Secure Network Platform Management:](https://reader034.vdocuments.us/reader034/viewer/2022050409/5f8600b27b14ef15205e9bc5/html5/thumbnails/8.jpg)
Web Traffic:
35% (IDC)
75%
(IDC)
© 2008 Cisco Systems, Inc. All rights reserved. 8
![Page 9: IronPort #÷ òF æ V - Cisco · Self Defending Networks 3.0 A New Framework for Deep & Wide Security Solutions Managed and Professional Services Secure Network Platform Management:](https://reader034.vdocuments.us/reader034/viewer/2022050409/5f8600b27b14ef15205e9bc5/html5/thumbnails/9.jpg)
IronPort ?
Malware
Vi
CrimewareSpyware
Viruses
Trojans
Worms
© 2008 Cisco Systems, Inc. All rights reserved. 9
![Page 10: IronPort #÷ òF æ V - Cisco · Self Defending Networks 3.0 A New Framework for Deep & Wide Security Solutions Managed and Professional Services Secure Network Platform Management:](https://reader034.vdocuments.us/reader034/viewer/2022050409/5f8600b27b14ef15205e9bc5/html5/thumbnails/10.jpg)
Layer 4 (L4) Traffic MonitorIntegrated Network Monitoringg g
MANAGEMENT TOOLSMANAGEMENT TOOLS
Anti-Malware System
Web Reputation Filters
URLFilters
L4 TrafficMonitor
IronPort AsyncOS™ Web Security Platform
© 2008 Cisco Systems, Inc. All rights reserved. 10
![Page 11: IronPort #÷ òF æ V - Cisco · Self Defending Networks 3.0 A New Framework for Deep & Wide Security Solutions Managed and Professional Services Secure Network Platform Management:](https://reader034.vdocuments.us/reader034/viewer/2022050409/5f8600b27b14ef15205e9bc5/html5/thumbnails/11.jpg)
L4 Traffic MonitorDetecting Existing Client InfectionsDetecting Existing Client Infections
L 4 / iLayer 4 / scanning
HTTP • Internet
Wire-Speed (up to 900Mbps)
“Dynamic Discovery”Firewall
Port 1935 Port 28555Dynamic Discovery
Anti-Malware L4 Traffic MonitorL4 Traffic Monitor
IronPort S-SeriesL4 Traffic MonitorL4 Traffic Monitor
© 2008 Cisco Systems, Inc. All rights reserved. 11
![Page 12: IronPort #÷ òF æ V - Cisco · Self Defending Networks 3.0 A New Framework for Deep & Wide Security Solutions Managed and Professional Services Secure Network Platform Management:](https://reader034.vdocuments.us/reader034/viewer/2022050409/5f8600b27b14ef15205e9bc5/html5/thumbnails/12.jpg)
IronPort URL Filters™
Acceptable Use Policy EnforcementAcceptable Use Policy Enforcement
MANAGEMENT TOOLSMANAGEMENT TOOLS
Anti-Malware System
Web Reputation Filters
URLFilters
L4 TrafficMonitor
IronPort AsyncOS Web Security Platform
© 2008 Cisco Systems, Inc. All rights reserved. 12
![Page 13: IronPort #÷ òF æ V - Cisco · Self Defending Networks 3.0 A New Framework for Deep & Wide Security Solutions Managed and Professional Services Secure Network Platform Management:](https://reader034.vdocuments.us/reader034/viewer/2022050409/5f8600b27b14ef15205e9bc5/html5/thumbnails/13.jpg)
IronPort URL Filters
database Categories
Advertisements & PopUps
52 , over 21M sites, ~3.5B web pages
24 x 7 monitoring
Arts
Blogs & Forums
Business
Chat 24 x 7 monitoringComputing & Internet
Downloads
Education
Entertainment
, Only action,
Fashion & Beauty
Finance & Investment
Food & Dining
Games yCustom notifications
Visibility
Government
Health & Medicine
Hobbies & Recreation
Hosting Sites
logging
© 2008 Cisco Systems, Inc. All rights reserved. 13
![Page 14: IronPort #÷ òF æ V - Cisco · Self Defending Networks 3.0 A New Framework for Deep & Wide Security Solutions Managed and Professional Services Secure Network Platform Management:](https://reader034.vdocuments.us/reader034/viewer/2022050409/5f8600b27b14ef15205e9bc5/html5/thumbnails/14.jpg)
IronPort Web Reputation Filters™
The Outer Layer of Defensey
MANAGEMENT TOOLS
Anti-Malware System
Web Reputation Filters
URLFilters
L4 TrafficMonitor
IronPort AsyncOS Web Security Platform
© 2008 Cisco Systems, Inc. All rights reserved. 14
![Page 15: IronPort #÷ òF æ V - Cisco · Self Defending Networks 3.0 A New Framework for Deep & Wide Security Solutions Managed and Professional Services Secure Network Platform Management:](https://reader034.vdocuments.us/reader034/viewer/2022050409/5f8600b27b14ef15205e9bc5/html5/thumbnails/15.jpg)
Web Reputation Filters
Metrics• Web Server Blacklists
• Domain Blacklists
• URL Categorization Data
SenderBaseData
Data Analysis/Security Modeling
Web ReputationScores (WBRS)
10 to +10
• HTML Content Data
• URL Behavior
• Global Volume Data -10 to +10 Global Volume Data
• Domain Registrar Information
• Dynamic IP Addresses
• Compromised Host Lists
• Web Crawler Data
• Known Threats URLs Known Threats URLs• Email Server Black & Whitelists• Spikes in URLs found in E il
© 2008 Cisco Systems, Inc. All rights reserved. 15
![Page 16: IronPort #÷ òF æ V - Cisco · Self Defending Networks 3.0 A New Framework for Deep & Wide Security Solutions Managed and Professional Services Secure Network Platform Management:](https://reader034.vdocuments.us/reader034/viewer/2022050409/5f8600b27b14ef15205e9bc5/html5/thumbnails/16.jpg)
Web Reputation Filters -
2008. 05 Adobe Flash
© 2008 Cisco Systems, Inc. All rights reserved. 16
![Page 17: IronPort #÷ òF æ V - Cisco · Self Defending Networks 3.0 A New Framework for Deep & Wide Security Solutions Managed and Professional Services Secure Network Platform Management:](https://reader034.vdocuments.us/reader034/viewer/2022050409/5f8600b27b14ef15205e9bc5/html5/thumbnails/17.jpg)
Web Reputation Filters -
WBRS
© 2008 Cisco Systems, Inc. All rights reserved. 17
![Page 18: IronPort #÷ òF æ V - Cisco · Self Defending Networks 3.0 A New Framework for Deep & Wide Security Solutions Managed and Professional Services Secure Network Platform Management:](https://reader034.vdocuments.us/reader034/viewer/2022050409/5f8600b27b14ef15205e9bc5/html5/thumbnails/18.jpg)
IronPort Anti-Malware SystemIronPort Dynamic Vectoring and Streaming (DVS) Engine™
MANAGEMENT TOOLS
Anti-Malware System
Web Reputation Filters
URLFilters
L4 TrafficMonitor
IronPort AsyncOS Web Security Platform
© 2008 Cisco Systems, Inc. All rights reserved. 18
![Page 19: IronPort #÷ òF æ V - Cisco · Self Defending Networks 3.0 A New Framework for Deep & Wide Security Solutions Managed and Professional Services Secure Network Platform Management:](https://reader034.vdocuments.us/reader034/viewer/2022050409/5f8600b27b14ef15205e9bc5/html5/thumbnails/19.jpg)
Anti-Malware (Multi-Layered Malware Defense)
Multi-engine, high-performance scanningWebroot Engine
Webroot & McAfee
Stream scanning
Engine
McAfee EngineIRONPORT
DVS ENGINEStream scanning DVS ENGINE
Verdict Engine X
© 2008 Cisco Systems, Inc. All rights reserved. 19
![Page 20: IronPort #÷ òF æ V - Cisco · Self Defending Networks 3.0 A New Framework for Deep & Wide Security Solutions Managed and Professional Services Secure Network Platform Management:](https://reader034.vdocuments.us/reader034/viewer/2022050409/5f8600b27b14ef15205e9bc5/html5/thumbnails/20.jpg)
Web Security Manager™
IP, Subnet :Application Blocking & TunnelingURL Category FilteringSize/Type Restrictions
Anti-Malware Settings• Allow Skype• Allow executables• Allow all applications• Allow all protocolsIT
Anti Malware Settings
• Block executables• Block gambling sites• Block all malware
Allow all protocols
SALES
• Block FTP• Block Media files• Allow all URL categories
LEGAL
© 2008 Cisco Systems, Inc. All rights reserved. 20
Allow all URL categories
![Page 21: IronPort #÷ òF æ V - Cisco · Self Defending Networks 3.0 A New Framework for Deep & Wide Security Solutions Managed and Professional Services Secure Network Platform Management:](https://reader034.vdocuments.us/reader034/viewer/2022050409/5f8600b27b14ef15205e9bc5/html5/thumbnails/21.jpg)
Web Security Monitor & Report
System
Client ActivityClient Activity
Client Detail
C D ilCategory Detail
Malware Details
Malware Trends
L4 Traffic Monitor
© 2008 Cisco Systems, Inc. All rights reserved. 21
Web Reputation
![Page 22: IronPort #÷ òF æ V - Cisco · Self Defending Networks 3.0 A New Framework for Deep & Wide Security Solutions Managed and Professional Services Secure Network Platform Management:](https://reader034.vdocuments.us/reader034/viewer/2022050409/5f8600b27b14ef15205e9bc5/html5/thumbnails/22.jpg)
© 2008 Cisco Systems, Inc. All rights reserved. 22
![Page 23: IronPort #÷ òF æ V - Cisco · Self Defending Networks 3.0 A New Framework for Deep & Wide Security Solutions Managed and Professional Services Secure Network Platform Management:](https://reader034.vdocuments.us/reader034/viewer/2022050409/5f8600b27b14ef15205e9bc5/html5/thumbnails/23.jpg)
© 2008 Cisco Systems, Inc. All rights reserved. 23