web_sec_mgmt_ds
TRANSCRIPT
-
8/6/2019 web_sec_mgmt_ds
1/5
Scurity brachs causd by malwar intrusions hav mad oranizations worldwid into
inadvrtnt nwsmakrs. Companis ar also xposd to complianc and productivity risks
associatd with inappropriat wb usa. To protct thmslvs aainst intrnal and xtrnal
thrats that affct th bottom-lin, oranizations invst in th industrys ladin wb scurityapplianc. Cisco IronPort S-Sris wb scurity appliancs nforc accptabl us and
scurity policis to rduc non-complianc and rulatory risk and protct aainst wb-basd
malwar.
To handl ntwork complxity and hih trafc volums, oranizations typically dploy multipl
Cisco IronPort S-Sris appliancs. This crats a critical nd to cntrally mana policis and
provid consolidatd rportin data. Cisco IronPort M-Sris scurity manamnt appliancs
provid a platform to cntrally mana policis for multipl Cisco IronPort wb scurity appli-
ancs. Additionally, rportin capabilitis on th Cisco IronPort S-Sris provid insiht into
th oranization. For furthr analysis, Sawmill for Cisco IronPort wb scurity a customizdthird-party analytics tool allows oranizations to cntrally analyz and monitor malwar thrats
and wb usa. Ths manamnt faturs nabl oranizations to prform complx tasks
intuitivly and xtract th most valu out of thir wb scurity invstmnt.
C o m p l e t e v i s i b i l i t y a n d C o n t r o l
a C r o s s t h e e n t i r e o r g a n i z at i o n
Cisco IronPort mail and wb scurity products ar
hih-prformanc, asy-to-us and tchnically-innovativ
solutions, dsind to scur oranizations of all sizs.
Purpos built for scurity and dployd at th atway to
protct th worlds most important ntworks, ths products
nabl a powrful primtr dfns.
Lvrain th Cisco Scurity Intllinc Oprations cn-
tr and lobal thrat corrlation maks th Cisco IronPort
lin of appliancs smartr and fastr. This advancd tch-
noloy nabls oranizations to improv thir scurity and
transparntly protct usrs from th latst Intrnt thrats.
Cisco IronPort Wb ScurityApplianc Manamnt
t h e C i s C o i r o n p o r t d i f f e r e n C e
-
8/6/2019 web_sec_mgmt_ds
2/5
P A g e 2Cisco IronPort Wb Scurity Applianc Manamnt
C c c on th Cisco IronPort
M-Sris appliancs is providd by Ciscos powrful IronPort
Cntralizd Conuration Manar (ICCM). Usin Cisco
ICCM, administrators can cntrally dn all of thir wbscurity policis from a sinl Cisco IronPort scurity man-
amnt applianc and apply thm to multipl Cisco IronPort
S-Sris appliancs. Ths policis can b pushd to all,
or a subst of, Cisco IronPort wb scurity appliancs and
monitor th dployd policis from a sinl pa viw. Cisco
ICCM nsurs that accptabl us and scurity policis ar
nforcd uniformly across th oranization, prvntin any
brachs.
To simplify scurity administration, Cisco ICCM also of-
frs rol-basd accss control nablin administrators
to dlat policy administration to othr rols within th
oranization. Administrators can backup thir wb scurity
policis usin th Cisco IronPort M-Sris to safuard
aainst dvic, systm or ntwork failurs. Th nw Conu-
ration History Lo fatur nrats los whnvr a chan
is committd. This allows oranizations to know who mad
a conuration chan in ordr to satisfy complianc and
ovrnanc rquirmnts.
Cisco ICCM offrs th followin faturs for cntralizd
policy manamnt:
gUI-basd policy dnition and dploymnt simplis th
task of cratin wb scurity policis and liminats th
complxity of writin scripts. Th gUI is vr y similar to th
Cisco IronPort wb scurity applianc mnu (includin
Idntitis, Accss Policis, Dcr yption Policis and Custom
URL catoris), which allows a Cisco IronPort S-Sris ad-
ministrator to asily mirat to th Cisco IronPort M-Sris
applianc for cntralizd policy manamnt.
Rol-basd accss control offrs xibl pr-built
administrator rols includin wb administrator, wb policy
administrator, URL ltrin administrator and administrator
rol. Should ths rols not fulll an oranizations nds,th administrator can also crat custom usr rols for
ratr xibility.
Dlatd administration nabls th manamnt of a
subst of policis by othr administrators who hav rad-
writ accss to spcic policis. This provids an xtra lvl
of ranularity in policy dnition and dploymnt.
Conuration History Los allow oranizations to comply
with ovrnanc rquirmnts by kpin track of who
mad policy and conuration chans via a lo l that is
nratd whnvr a chan is committd. each lo l
contains a snapshot of th conuration which can b usd
to rstor policy and othr conuration sttins in cas of
an unxpctd failur.
r allows scurity oprations, ntwork oprations,
f e a t u r e s
Consistent policy application across geographic boundaries
Custom user roles based on LDAP
Policis NOT
editabl by Dlatd
Administrator
Policis editabl byDlatd Administra
Delegated administration simplies policy management
Cisco IronPortS-Sris
Cisco IronPort
S-Sris
Cisco IronPortS-Sris
Cisco IronPortM-Sris
-
8/6/2019 web_sec_mgmt_ds
3/5
P A g e 3Cisco IronPort Wb Scurity Applianc Manamnt
f e a t u r e s ( C o n t i n u e d )
human rsourcs and complianc staff to ain dp undr-
standin of th scurity and complianc thrats facin
thir oranizations. Actionabl and insihtful rports allow
oranizations to prform trndin, trackin, thrat analysisand troublshootin tasks. Cisco IronPort tchnoloy offrs a
complt rportin solution, startin with th Cisco IronPort
S-Sris wb scurity appliancs.
Cisco IronPort S-Sris appliancs fatur a rich st of
rports that allow oranizations to visualiz scurity and wb
usa trnds on th applianc itslf. Top N rports summa-
riz information on th wb trafc and scurity thrats sn
on th applianc. In addition, powrful drilldown rports as
wll as th ability to sarch for a spcic clint allow ora-
nizations to s spcic thrats on spcic clints as wll as
associatd wb usa activity.
Sawmill for Cisco IronPort, a customizd third-party analyt-ics tool, provids a rich st of pr-built rports for in-dpth
wb usa and scurity thrat analysis across all Cisco
IronPort S-Sris appliancs in th oranization. Powr-
ful drilldown capabilitis nabl scurity oprators to track
which machins ar pron to malwar attacks. Companis
can vn idntify risk y usr bhavior, which may rsult in
attacks. Similarly, any accptabl us policy violations can
b trackd down to an individual IP or authnticatd usr.
Powrful filtrs allow oranizations to focus on th subjct of
intrst. This allows oranizations to monitor situations that
would xpos thm to liabilitis, and rfin thir accptabl
us and scurity policis.
Sawmill for Cisco IronPort, hlps oranizations answr
important qustions such as:
Who visitd unaccptabl URL catoris?
Within ach URL catory, which spcic wbsits wr
visitd and whn?
Why is a particular usrs bandwidth usa soarin and
which wbsits is that individual visitin?
Is th oranization in complianc with various rulatory
rquirmnts?
This valuabl insiht limits th liabilitis of an oranization and
kps costs associatd with workr productivity and malwar
thrats in chck.
a w , basd on Ciscos industry-
ladin IronPort AsyncOS opratin systm, hlps powr th
Cisco IronPort M-Sris applianc. Cisco IronPort AsyncOS
dlivrs prformanc, robustnss and scalability capabl of
handlin th nds of all ntrpriss..
Security report for a specic Cisco IronPort S-Series appliance
Cisco IronPort S-Series Security and WebActivity Summary report
-
8/6/2019 web_sec_mgmt_ds
4/5
P A g e 4Cisco IronPort Wb Scurity Applianc Manamnt
s a Cisco IronPort scurity
manamnt appliancs simplify ovrall dploymnt of
Cisco IronPort wb scurity appliancs. To rduc
administrativ ovrhad, administrators can us th Cisco
IronPort M-Sris for cntralizd policy manamnt and
conuration updats for a roup of Cisco IronPort S-Sris
appliancs. Th nwly-introducd, rol-basd accss control
and dlatd administration faturs incras xibility and
ranularity for policy dnition and dploymnt.
g o i Powrful rportin ivs CXOs
visibility into wb usa includin URL browsin history,
businss usa mtrics, productivity loss mtrics and wb
usa trnds. This powrful tool assists with businss pro-
ductivity optimization by n tunin wb usa policis.
r gc Cc rq
Th cntralizd rportin and trackin faturs allow ora-
nizations to kp tiht control of accptabl us policis.
Th Confiuration History Lo fatur on th Cisco IronPort
M-Sris can b usd to crat a trail of all confiuration
chans. This not only rducs liability, but also hlps
oranizations rspond to ovrnanc and complianc
rquirmnts.
b e n e f i t s
Feature Available On
Intractiv Drill-Down Rportin Cisco IronPort S-Sris*
Accptabl Us Policy and Malwar Rportin Cisco IronPort S-Sris*
Cntralizd Policy Administration Cisco IronPort M-Sris
Rol-Basd Accss Control Cisco IronPort M-Sris
Dlatd Administration Cisco IronPort M-Sris
Policy Conuration Backup and Rstor Cisco IronPort M-Sris
f e a t u r e av a i l a b i l i t y m a t r i x
p r o d u C t l i n e
Cc ip m1060 Consolidatd manamnt applianc dsind to mt th nds of th most dmandin
ntworks in th world.
Cc ip m660 Sustd for oranizations with multipl atway scurity appliancs and thousands of usrs.
Cc ip m160 Dsind for oranizations with multipl atway scurity appliancs and lss than 2,000 usrs.
Th Cisco IronPort mail scurity, wb scurity and scurity manamnt product lins addrss issus facd by
oranizations ranin from small businsss to th global 2000.
* Fine-grained analysis and centralized reporting available via Sawmill for Cisco IronPort.
-
8/6/2019 web_sec_mgmt_ds
5/5
P A g e 5Cisco IronPort Wb Scurity Applianc Manamnt
s u m m a r y
C o n t a C t u s
Th bst plac to control and protct aainst th risks pos d by wb trafc is riht at th atway. Cisco IronPort S-Sris
appliancs ar th industrys most comprhnsiv scur wb atway providin bst-in-class protction aainst wb-
born malwar thrats such as viruss, spywar, Trojans and botnts, whil also nsurin ntrpris-class pr formanc. Th
Cisco IronPort M-Sris scurity manamnt applianc, combind with Sawmill for Cisco IronPort, provids a comprhn-
siv platform for cntralizd manamnt, cntralizd rportin and cntralizd trackin. Offrin th bnts of Ciscos
industry-ladin IronPort AsyncOS platform, ths appliancs simplify administrativ ovrhad and allow oranizations to
rspond to ovrnanc and complianc rquirmnts.
Throuh a lobal sals forc and rsllr ntwork, Cisco offrs a fr Try Bfor You Buy valuation of th Cisco
IronPort M-Sris scurity manamnt applianc. For additional information, call 650-989-6530 or visit us on th wb
at www.ironport.com/try.
P/N 435-0250 -1 5 /09
Cc ip m1060 Cc ip m660 Cc ip m160ChassisForm Factor 19 Rack-Mountabl, 19 Rack-Mountabl, 19 Rack-Mountabl,
2U rack hiht 2U rack hiht 1U rack hiht
Dimns ions 3.5 (h) x 17.5 (w) x 29.5 (d) 3.5 (h) x 17.5 (w) x 29.5 (d) 1.75 (h) x 17.5 (w) x 21.5 (d)
Powr Supplis 750 watts, 100/240 volts 750 watts, 100/240 volts 345 watts, 100/240 volts
Procssor, Mmory, and Disks
CPUs 2x4 (Quad Cors) Intl Xon 2x4 (Quad Cors) Intl Xon 1x2 Dual Cor Intl Xon
Disk Spac 3 TB 1.8 TB 500 gB
RAID RAID 10, battry-backd RAID 10, battry-backd RAID 1, battry-backd
256MB cach 256MB cach 256MB cach
Intrfacs
ethrnt 3xgiabit NICs, RJ-45 3xgiabit NICs, RJ-45 2xgiabit NICs, RJ-45
Fibr Ys No No
Wb Intrfac gUI-basd (HTTP or HTTPS) gUI-basd (HTTP or HTTPS) gUI-basd (HTTP or HTTPS)
Compatibility: Interfaces with all Cisco IronPort gateway security appliances.
t e C h n i C a l s p e C i f i C a t i o n s
ac hqCisco Systms, Inc.San Jos, CA
a pcc hqCisco Systms (USA) Pt. Ltd.Sinapor
e hqCisco Systms Intrnational BVAmstrdam, Th Nthrlands
Cisco has mor than 200 ofcs worldwid. Addrsss, phon numbrs, and fax numbrs ar listd on th Cisco wbsit at www.cc.c//c.
CCDe, CCeNT, Cisco eos, Cisco Lumin, Cisco Nxus, Cisco StadiumVision, Cisco TlPrsnc, Cisco Wbex, th Cisco loo, DCe, and Wlcom to th Human Ntwork ar tradmarks; Chanin th Way W Work,
Liv, Play, and Larn and Cisco Stor ar srvic marks; and Accss Ristrar, Airont, AsyncOS, Brinin th Mtin To You, Catalyst, CCDA, CCDP, CCIe, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, th Cisco Crtid
Intrntwork exprt loo, Cisco IOS, Cisco Prss, Cisco Systms, Cisco Systms Capital, th Cisco Systms loo, Cisco Unity, Collaboration Without Limitation, ethrFast, ethrSwitch, evnt Cntr, Fast Stp, Follow
M Browsin, FormShar, giaDriv, HomLink, Intrnt Quotint, IOS, iPhon, iQuick Study, IronPort, th IronPort loo, LihtStram, Linksys, MdiaTon, MtinPlac, MtinPlac Chim Sound, MgX, Ntworkrs,
Ntworkin Acadmy, Ntwork Ristrar, PCNow, PIX, PowrPanls, ProConnct, S criptShar, SndrBas, SMARTnt, Spctrum exprt, StackWis, Th Fastst Way to Incras Your Intrnt Quotint, TransPath, Wbex
and th Wbex loo ar ristrd tradmarks of Cisco Systms, Inc. and/or its afliats in th Unitd Stats and crtain othr countris.
All othr tradmarks mntiond in this documnt or wbsit ar th proprty of thir rspctiv ownrs. Th us of th word partnr dos not imply a partnrship rlationship btwn Cisco and any othr company.
(0809R)