ScanSafe Overviewdocshare01.docshare.tips/files/6246/62466240.pdf · 2016. 7. 6. · Web Security...
Transcript of ScanSafe Overviewdocshare01.docshare.tips/files/6246/62466240.pdf · 2016. 7. 6. · Web Security...
-
ScanSafe Overview
-
§ScanSafe overview
§Solution highlights
§Deployment options
Agenda
-
Customers
•Industry’s most mature platform•20 Billion web requests per month•1,000’s of customers across 80 countries •200 Million Blocks per Month•Global network operations in 4 continents•SLA backed 99.999% service uptime
# 1 SaaS Web SecuritySolution “The first successful in-
the-cloud secureWeb gateway service”
-
Web Security – A Big Market Where Cisco is #1
Web Security Market§Large: Overall market $2.5B by 2013§Broad across size, industry, geography§Growing: Market Growth at 12.3% CAGR; But 46.5% CAGR for SaaS segment
-
Web Security – Market Shift to SaaS§ SaaS is growing much faster than legacy software/hardware as it delivers
lower TCO and effective security. Ideal for customers with distributed networks and mobile workers
§ Cisco ScanSafe is the dominant provider in SaaS, with 35% market share or 5x nearest competitor according to latest IDC research
-
Solution Overview
-
PositioningRequired Information:-§Overview of Prospect i.e. Seats/Locations/Gateways§Customer Project or Problem§Business Drivers – Compelling Mechanism§Timescales§BudgetWhy ScanSafe:-1.We do it cheaper, by saving time on cleaning infected PC’s & by managing
the software on a day to day basis2.We are more secure, 200 million malware blocks a month –
spyware/malware/viruses3.We are a complete solution – Internal users & External users are controlled
via the same service
FREE EVAL FOR 30 DAYS – NO OBLIGATION TO PURCHASE 1.
-
§Very significant market/vendor consolidation in past 2 years§Key Competitors:
ØWebsense– incumbent in large % of deals. Focus on renewal unless pushed. Increase in development in SaaS platform. Continued move to try and position as a security vendor
ØBlue Coat – incumbent in large % of deals. Not that security focused. Rarely lose new business deals
ØMessageLabs – focus on email security with web security offered for completeness. Low cost, low functionality
ØZscaler– small and relatively new, v. aggressive, may be acquired. Partnership with Microsoft. Less success in larger Enterprise customers.
1. Websense2. Blue Coat3.MessageLabs4. Zscaler
1. Websense2. MessageLabs3. Blue Coat4. Microsoft (?)
Today 12 months
Competitive Outlook
-
ScanSafe Competitive Differentiation
§ Clear market leadership position (~34% market share)§More customers than any other cloud Web security solution§ScanSafe sees more real-world Web traffic than any other
solution§ Leading content visibility & zero-day threat protection
§Large database of Web content used to “train” security engine§Uses combination of static & dynamic analysis§Proven to block >25% more malware than signature solutions
§ Proven reliability§Web is now business critical communication§100% uptime for 7 years
§ Superior reporting§Complete flexibility into reporting criteria§Allows end users to define exactly what data is important
-
§ScanSafe overview§Solution highlights§Deployment options
Agenda
-
Data Flow with ScanSafe
Web requests
Allowed traffic
Filtered traffic
-
Scalability & ReliabilityReliability
§15 Data Centers spanning four continents§Top tier certification§Thousands of devices deployed§100% availability, automated monitoring, full redundancy
San Francisco
Dallas Miami
New York
Chicago
London (2)
Paris
Copenhagen
Frankfurt Tokyo
Hong Kong
Sydney (2)
Singapore
Additional Data Centers planned
Scalability§Billions of Web requests/day§Highly Parallel processing§Multi-tenant architecture: average
-
Zero-day Protection with Outbreak Intelligence
-
Percentage of malw
are blocks
Outbreak Intelligence - The Results
Zeus Botnet / Luckysploit
Multiple injection attacksGumblar
-
§Multiple rules and schedules for User/Group granularity§Bi-directional content based policy enforcement§Dynamic content classification§Control over HTTP & HTTPS communications
ScanCenter - Management
-
§Over 24,000 report combinations covering more than 80 attributes in 11 reporting categories
§Cumulative, trending and search driven forensic reports, comprehensive drill down analysis
§Based on data warehouse infrastructure for performance §Scheduled reports can be sent securely to defined users§Granular reporting enables actionable remedies to issues
and unrivalled visibility into resource usage§
Web Intelligence Reporting
-
§ScanSafe overview§Solution highlights§Deployment options
Agenda
Deployment options
-
18
ScanSafe Deployment Options
-
•No User Granularity Required
•User / Group Granularity Required
•Connector-less Solutions•Roaming & Remote Users
Agenda
-
ScanSafe Deployment Options
No User Granularity Required
-
•Firewall directs port 80 traffic to web security service via Transparent Proxy / Port Forward (no browser changes required)
•Available with certain perimeter devices that have the ability to forward traffic based on port or protocol (BlueCoat, ISA, CheckPoint, Watchguard, SonicWall, Netgate etc…)
•Provides Site/External IP granularity• NOTE: Many Cisco devices are not
capable of port forwarding
Port Forwarding / Transparent Proxy
-
•Proxy Settings are pushed to browsers via Active Directory GPO
•Browsers connect through Firewall on port 8080 to Web Security Service
•Firewall blocks all other GET requests
•Provides Site/External IP granularity
Browser Redirection via GPO / PAC file
-
1.Through GPO, Desktop Users are configured to reference a PAC file with each browser session
2.A global PAC file can point to different ScanSafe towers dependant on internal IP
3.Web requests are sent directly to the ScanSafe towers
PAC File Deployment
-
Deployment - AD Group Policy
Can be targeted to the AD site, domain or individual OUs.
Supports various OS platforms:
ØWindows 2000ØWindows 2k3
ServerØWindows XPØWindows VistaØWindows 7
-
ScanSafe Deployment Options
•User / Group Granularity Required
-
§ Proxy Settings are pushed to browsers via AD,GPO or PAC file
§ Forwards web traffic to ScanSafe on port 8080/443 to the Cloud based Tower
§ Connector receives Client info and queries Active Directory Server for Group Information, then proxies to ScanSafe upstream
§ Set Firewall to block all other GET requests
§ Provides IP/End User/Group granularity
Standalone Connector
-
§ Web Security Service is configured as upstream proxy on currently installed proxy device
§ Current proxy device communicates with Connector ICAP (on box) to provide IP/User/Group information (5,500 Users max recommended)
§ Browser traffic is directed to existing Proxy via GPO or PAC files
§ Set firewall to block all other GET requests
§ Provides IP/End User/Group granularity
Enterprise Connector - Inline ISA
-
•Web Security Service is configured as upstream proxy on currently installed proxy device
•Current proxy device communicates with Connector via ICAP to provide IP/User/Group information
•Requires no further Client configuration
•Set firewall to block all other GET requests
•Provides IP/End User/Group granularity
Enterprise Connector - ICAP
-
ScanSafe Deployment Options
Connector-less Solutions
-
•Provides AD user and group granularity.•BCAAA must be installed and configured
within the Active Directory environment.•To also send internal IP address to the
ScanSafe Scanning towers, Blue Coat must be configured to include x-forwarded-for headers.
•BC can run in transparent or explicit proxy mode
•Set firewall to block all other GET requests
•Provides End User/Group (possible IP granularity)
BlueCoat Integration - Connector-less
-
•Proxy Settings are pushed to browsers via Active Directory GPO or PAC file OR PIM can be run in transparent mode with ISA / Bluecoat
•Login Script (or GPO etc) runs the PIM.EXE with required switches
•Requires no client installation•Firewall blocks all other GET
requests•Provides End User/Group
granularity
PIM - Passive Identity Management
-
•There are many customers that do not want to deploy proxy servers yet still want granular policy control. This can be because of the shear number of sites they have to manage or for other technical reasons
•Deploying a small number of proxy servers to where many different locations tunnel, negates a lot of the advantages of modern MPLS networks and increases latency and bandwidth costs
Why PIM?
-
•PIM adds -XS headers to the browser’s user agent string•Included in this string is a unique hash that identifies the user
in our Scanning tower•This detail is encrypted•Upon logon, PIM sends an out-of-bound request to the
scanning tower and uploads the group information for that user
•These groups are automatically created in ScanCenter•Following registration, each time a request to the Web is
made, only the hash is sent to us along with the request and we can indentify the user and apply the correct policy according to the relevant group/s
How Does PIM Work?
-
PIM Data Flow
The InternetCisco/ScanSafeDataCentre(s)Client running
PIM(IE/FireFox)CorporateFirewall
Internet request (Browsing)Directory Sync request (Registration)
-
ScanSafe Deployment Options
Roaming / Remote Users
-
•Installs a Network Driver which binds to all connections (LAN, Wireless , 3G)
•Automatic Peering Identifies nearest ScanSafe Datacenter and whether a connection is possible.
•AD information can be remembered from when the user was last on the corporate network using the Gpresult API (group policy)
Roaming Users (Anywhere+)
-
How Does it Work?•Authenticates and directs your external client Web traffic to
our scanning infrastructure•Numerous datacenters are located all over the world
ensuring that users are never too far from our in-the-cloud scanning services
•SSL encryption of all Web traffic sent improves security over public networks
37
-
Feature Known Environment( )Remote
+ Anywhere( )True Roaming
Access ScanSafe services from outside of corporate LAN
Suitable for home workers
Works with a VPN
Works through another proxy
Transparent to end user
( . . Works at a network which requires payment e g)Hotspot
Encrypts all web traffic to prevent eavesdropping
Tamper resistant
( )Location Aware reduces latency
Anywhere+ True Roaming Support
-
Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Slide 22Slide 23Slide 24Slide 25Slide 26Slide 27Slide 28Slide 29Slide 30Slide 31Slide 32Slide 33Slide 34Slide 35Slide 36Slide 37Slide 38Slide 39