presentación ironport products
TRANSCRIPT
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 2
Frontera Convencional
Policy
Corporate Border
Branch Office
Applications
and Data
Corporate Office
Attackers CustomersPartners
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 3
Cloud Computing esta “disolviendo”la frontera del Data Center
Policy
Corporate Border
Branch Office
Applications
and Data
Corporate Office
Home Office
Attackers Coffee ShopCustomers
Airport
Mobile User
Partners
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 4
Cloud Computing esta “disolviendo”la frontera del Data Center
Policy
Corporate Border
Branch Office
Applications
and Data
Corporate Office
Softwareas a Service
Platformas a Service
Infrastructureas a Service
X
as a Service
Home Office
Attackers Coffee ShopCustomers
Airport
Mobile User
Partners
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 5
Cloud Computing esta “disolviendo”la frontera del Data Center
Policy
Corporate Border
Branch Office
Applications
and Data
Corporate Office
Softwareas a Service
Platformas a Service
Infrastructureas a Service
X
as a Service
Home Office
Attackers Coffee ShopCustomers
Airport
Mobile User
Partners
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 6
Arquitectura para una seguridad sin fronteras
Policy
Corporate Border
Branch Office
Applications
and Data
Corporate Office
Home Office
Attackers Coffee ShopCustomers
Airport
Mobile User
Partners
Softwareas a Service
Platformas a Service
Infrastructureas a Service
X
as a Service
Bord
erle
ss
En
d Z
on
es
1B
ord
erle
ss
Inte
rnet
2B
ord
erle
ss
Da
ta C
en
ter
3
Policy (Access Control, Acceptable Use, Malware, Data Security)4
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 7
El desafio hoy esEquilibrar fuerzas….
Globalization
Collaboration
Data Loss
Mobility
Enterprise SaaS
Threats
Acceptable Use
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 8
Cisco Security Products OverviewComprehensive Security, Flexible Delivery
Cisco Security Intelligence Operations
Centralized
Management
Cisco AnyConnect VPN Client
ASA 5500ISR
ASA 5500IPS 4200Cisco IronPort
S-Series
Cisco IronPort
C-Series
ASA 5500IPS 4200
FWSM
Network
Admission Control
ACE Web App
Firewall
Branch Office
Teleworker
Data Center / Campus
Corporate HQ
Clientless Network Access
Cisco IronPort
S-Series
Network LevelApplication Level
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 9
Web Security | Email Security | Security Management | Encryption
Cisco IronPort Gateway Security Products
EMAILSecurity Appliance
WEBSecurity Appliance
Security
MANAGEMENT
Appliance
IronPort
SenderBase
APPLICATION-SPECIFIC
SECURITY GATEWAYS
CLIENTS
BLOCK Incoming Threats
PROTECT Corporate AssetsData Loss Prevention
CENTRALIZE Administration
Internet
ENCRYPTIONAppliance
Internet
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 10
Cisco IronPort Email Security Appliances
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 11
Top Exploits Email Security
1. Spam (mas del 85% del trafico mundial)
2. Viruses
3. False-positives
4. Denial-of-Service (DoS) Attacks
5. Misdirected bounces (Ataques de Rebotes)
6. Impersonation scams (Phishing)
7. Bot-Net Networks
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 12
IronPort Consolida la seguridad y arquitectura de la plataforma de Correo
Anti-Spam
Anti-Virus
Policy Management
Mail Routing
Antes de IronPort
IronPort Email Security Appliance
Internet
Firewall
MTAs
Groupware
Users
Despues de IronPort
Internet
Users
Groupware
Firewall
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 13
IronPort C Series - Features
MTA (Mail Transfer Agent) propietario, sistema operativo AsyncOS
Antispam
Antivirus
Filtro de epidemia de Virus (Proteccion preventiva Antivirus)
Reputation Filters ( Proteccion preventiva Antispam)
Encripcion
DLP – RSA integrado en el sistema operativo
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 14
Plataforma
Plataforma modular
Inspección de trafico modulo x modulo
Activacion de los modulo basado en las politicasconfigurados por usuario, dominio, IP o grupo.
Autenticacion y politicas integradas con AD, LDAP y Radius.
Proteccion contra Email Marketing
Intelligent Multiscan (doble motor Antispam para outbound traffic).
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 15
Man
ag
em
en
t
Arquitectura Email SecurityInbound Security, Outbound Control
Virus
Defense
CISCO IRONPORT ASYNCOS™
EMAIL PLATFORM
Data Loss
Prevention
Secure
Messaging
INBOUND
SECURITY
OUTBOUND
CONTROL
Spam
Defense
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 16
SenderBaseEmail Reputation Database
Global Volume
Data
Message
Composition
Data
Spam Traps
Complaint
ReportsIP Blacklists
& Whitelists
Domain
Blacklist &
Safelists
Compromised
Host Lists
Web Site
Composition
Data
Other Data
IP Reputation Score
+100- 10
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 17
IPSSensor
Cisco Security Intelligence OperationsProteccion en tiempo real
Network Security
IPS devices
Firewalls (700,000+ devices)
Content Security
30% global email
3B daily web requests
WebSensor
Email Security Solutions
Web Security Solutions
Firewalls IPS Devices
Cisco SecurityIntelligence Operations
IPSSensor
EmailSensor
WebSensor
FirewallSensor
WebSensor
FirewallSensor
EmailSensor
EmailSensor
IPSSensor
EmailSensor
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 18
Arquitectura Antispam
Multi-layer Spam Defense
IronPort
Anti-Spam
Senderbase
Reputation Filtering
Who? How?
What? Where?
Score
Block 90%
of Spam
>99% Catch Rate
< 1 in 1 mil False Positives
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 19
Arquitectura Antivirus
Multi-layer Virus Defense
Anti-VirusVirus Outbreak Filters
T = 0
-zip (exe) files
T = 5 mins
-zip (exe) files
-Size 50 to
55 KB
T = 15 mins
-zip (exe) files
-Size 50 to
55KB
-“Price” in the
filename
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 20
Control correo saliente
Security Enforcement Array
HIPPA
Trade Secrets
PCI
Corporate
Policies
Company
Reputation
HIPAA
PCI
SB-1386
SMTP
Encryption
DLP HR/Legal
Review
Encryption
Dropped
Attachment
Detection Remediation
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 21
Correo SeguroFacil de utilizar para el remitente
Automated key management
No desktop software requirements
No new hardware required
User Opens
Secured Message
in Browser
Decrypted Message
Is displayed
User Authenticates
and Receives
Message Key
1
3
2Key is Stored
TLS
Message is Encrypted &
Pushed to Recipient
1
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 22
Correo SeguroFacil de utilizar para destinatario
Open Attachment
1 2
3
Enter Password
View Message
Send to Anyone
no Certificates
no Plug-Ins
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 23
Visibilidad y ControlFacil para el Administrador
Guaranteed Read
Receipt
Guaranteed
Recall
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 24
Comprehensive Email Management
Configure Anti-Spam, Anti-Virus, Content Filters, Preventive AV, Encryption
and DLP all in one user interface
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 25
Modelos y sizing
C170 – hasta 1000 users.
C370 – hasta 5000 users.
C670 – mas de 5000 y hasta 10000 o mas usuarios.
Licenciamiento por cantidad de usuarios.
No se vende sin soporte.
No se vende el software sin el appliance.
No corre en VMWare.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 26
Performance
Soporta hasta 10.000 conexiones concurrentes
Mas de 250.000 mail/hora (C670) como MTA puro
Aproximadamente 110.000 mail hora con todos los servicios activos.
Mas del 80% del trafico spam es bloqueado en el borde sin entrar a la red del cliente
Soporta 2 engines AS (IPAS y Cloudmark)
Soporta 2 engines AV (Sophos y McAfee)
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 27
Licencias & Servicios
MTA y sistema operativo
Reputation Filters
Antispam
Antivirus
Filtro epidemia de virus (VoF)
Encripcion
Modulo DLP
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 28
Cisco IronPort Web Security Appliances
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 29
Web
Crecimiento en el mundo de los negocios
HTTP es el nuevo TCP
IMFTP
RPCVideoSOAP
Crecimiento en aplicaciones“tunelizadas”
Proliferacion de redes sociales
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 30
Desafios de la WEB
Acceptable Use Violations
Data Loss
MalwareInfectionsChallenges
Recursos e informacion casi ilimitados, pero no hay privacidad o seguridad garantizada
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 31
20% del trafico es “facil de clasificar”
Trafico predecible,
Dominios conocidos
# of Sites
Tra
ffic
Vo
lum
e
80% del trafico es “dificil de clasificar”
110M sitios, creciendo 40% anualmente
Mezcla de sitios legitimos, spyware y malware
Big
Head
Long Tail
Web TrafficThe Long Tail Gets Longer
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 32
Cisco IronPort S-SeriesNext Generation Secure Web Gateway
Cisco IronPort S-Series
Cisco IronPort
Web Reputation
Filters Proactive protection
against emerging threats
Blocks 70% of malware
traffic at the connection
level
Cisco IronPort DVS
Anti-Malware
Engine Blocks malware based on
deep content analysis
Multiple anti-malware and
anti-virus technologies
running in parallel
Data Security Integrated data security
for easy enforcement of
common sense policies
Integration with external
products for advanced
DLP
Cisco IronPort
Web Usage Controls Industry-leading visibility and
protection
Real-Time Dynamic Content
Analysis for the Dark Web
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 33
Users
Firewall
Next Generation Secure Web Gateway
Internet
After IronPort
IronPort S-Series
Internet
Firewall
Users
Before IronPort
Web Proxy & Caching
Anti-Spyware
Anti-Virus
Anti-Phishing
URL Filtering
Policy Management
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 34
Cisco IronPort S-SeriesA Powerful, Secure Web Gateway Solution
Most effective defense against web-based malware
Visibility and control for acceptable use and data loss
High performance to ensure best end-user experience
Integrated solution offering optimum TCO
Management and Reporting
AsyncOS for Web
Acceptable Use Policy
Malware Defense
Data Security
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 35
IronPort S Series - Features
Proxy (HTTP,HTTPS, FTP) y Web Cache
Monitor de L4 (Analisis de los 65535 TCP ports )
Inspección de trafico HTTPs
Cisco IronPort Web Usage Controls (URL Filter)
Web Reputation
Anti-Malware
Applications Control
Softwareas a Service
Tunneled Applications
Collaboration
ftp://ftp.funet.fi/pub/
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 36
Integrated L4 Traffic MonitorComprehensive Controls
Scans all 65,535 ports at wire speed
Supports “monitor only” or “monitor & block” modes
Ability to exempt sources and/or destinations
Automated updates
L4 TRAFFIC
MONITOR
PROXY
IronPort S-Series
Firewall
Internet
Port 80
X X
X X
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 37
Web Proxy & L4 Traffic Monitor
Web Proxy Deployment Options
Explicit Forward
Transparent off a WCCP Router
Transparent off an L4 Switch
L4 Traffic Monitor Deployment Options
Span Port off a Switch
Duplex Tap
Simplex Tap
P1/M1 used for
Web Proxy
T1 & T2 used
for L4TM
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 38
Intelligent Scanning
IronPort Web Reputation technology determines need
for scanning by
- IronPort Anti-Malware System
- Decryption Engine
Requested
URLs
Known good sites
aren’t scanned
Unknown sites are
scanned by one or
more engines
Known bad sites
are blocked
IRONPORT
WEB REPUTATION
FILTERS
ANTI-MALWARE
SYSTEM
DECRYPTION
ENGINE
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 39
URL Keyword Analysis
www.casinoonthe.net/Gambling
Introducing Cisco IronPort Web Usage ControlsA Spotlight for the Dark Web
Industry-leading URL database efficacy• 65 categories
• Updated every 5 minutes
• Powered by Cisco SIO
Real-time Dynamic Content Analysis Engine accurately identifies over 90% of Dark Web content in commonly blocked categories
Uncategorized
Dynamic Content Analysis Engine
GamblingAnalyze Site Content
Real-time Dynamic
Content Analysis
URL Lookup in Database
www.sportsbook.com/Gambling
URL Database
Uncategorized
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 40
Cisco IronPort Web Security Appliances on Customer Premises
Cisco Security Intelligence Operations (SIO)Unmatched Visibility Drives Unparalleled Efficacy
Crowd Sourcing
Manual
CategorizationWeb
Crawlers
External Feeds
Traffic Data from
Cisco IronPort Email
Security Appliances,
Cisco IPS, and Cisco
ASA sensors
Customer Administrators
Analysis and Processing
Uncategorized URLs
URL Categorization Requests
Crawler Targeting
Master URL Database
Updates published every 5 minutes
Cisco SIO
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 41
Industry-leading AccuracyWith Multiple Verdict Engines
Best-of-breed signatures - Webroot & Sophos
Broad coverage - Addresses full range of threats
Complete signature set - URLs, domains, CLSIDs, binaries, checksums, user agents and more
WEBROOT & SOPHOS
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 42
Modelos y sizing
S170 – hasta 1000 users.
S370 – hasta 5000 users.
S670 – hasta 10000 o mas usuarios.
Licenciamiento por cantidad de usuarios.
No se vende sin soporte.
No se vende el software sin el appliance.
No corre en VMWare
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 43
Performance
Soporta hasta 100.000 sesiones simultaneas
1900 a 2100 requests seg. (aprox. 7M/hora)
100 a 200Mb de throughput depende de los modulosactivos.
No in-line, baja latencia 5 a 15 ms
Un solo S670 capaz de soportar 10k o 20k users.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 44
Licencias & Servicios
Proxy (HTTP,HTTPS,FTP) y Web Cache
Monitor de L4
Inspección de trafico HTTPs
Web usage Controls (URL Filter)
Web Reputation
Anti-Malware
McAfee AntiMalware
Webroot AntiMalware
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 51
Q & A