Presentación IronPort Products

Dario Opezzo

Regional Manager – IronPortCisco - STBU

[email protected]

Cisco IronPort Products

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 2

Frontera Convencional

Policy

Corporate Border

Branch Office

Applications

and Data

Corporate Office

Attackers CustomersPartners


Cloud Computing esta “disolviendo”la frontera del Data Center

Policy

Corporate Border

Branch Office

Applications

and Data

Corporate Office

Home Office

Attackers Coffee ShopCustomers

Airport

Mobile User

Partners



Policy

Corporate Border

Branch Office

Applications

and Data

Corporate Office

Softwareas a Service

Platformas a Service

Infrastructureas a Service

X

as a Service

Home Office


Airport

Mobile User

Partners



Policy

Corporate Border

Branch Office

Applications

and Data

Corporate Office




X

as a Service

Home Office


Airport

Mobile User

Partners


Arquitectura para una seguridad sin fronteras

Policy

Corporate Border

Branch Office

Applications

and Data

Corporate Office

Home Office


Airport

Mobile User

Partners




X

as a Service

Bord

erle

ss

En

d Z

on

es

1B

ord

erle

ss

Inte

rnet

2B

ord

erle

ss

Da

ta C

en

ter

3

Policy (Access Control, Acceptable Use, Malware, Data Security)4


El desafio hoy esEquilibrar fuerzas….

Globalization

Collaboration

Data Loss

Mobility

Enterprise SaaS

Threats

Acceptable Use

http://images.google.com/imgres?imgurl=http://www.ehs.washington.edu/images/BIOSGN2.jpg&imgrefurl=http://www.ehs.washington.edu/Manuals/BSManual/AppendixA.pdf&h=1028&w=850&sz=124&tbnid=HeNi2BPYUAgJ:&tbnh=149&tbnw=124&start=14&prev=/images?q=biohazard&hl=en&lr=&safe=off


Cisco Security Products OverviewComprehensive Security, Flexible Delivery

Cisco Security Intelligence Operations

Centralized

Management

Cisco AnyConnect VPN Client

ASA 5500ISR

ASA 5500IPS 4200Cisco IronPort

S-Series

Cisco IronPort

C-Series

ASA 5500IPS 4200

FWSM

Network

Admission Control

ACE Web App

Firewall

Branch Office

Teleworker

Data Center / Campus

Corporate HQ

Clientless Network Access

Cisco IronPort

S-Series

Network LevelApplication Level


Web Security | Email Security | Security Management | Encryption

Cisco IronPort Gateway Security Products

EMAILSecurity Appliance

WEBSecurity Appliance

Security

MANAGEMENT

Appliance

IronPort

SenderBase

APPLICATION-SPECIFIC

SECURITY GATEWAYS

CLIENTS

BLOCK Incoming Threats

PROTECT Corporate AssetsData Loss Prevention

CENTRALIZE Administration

Internet

ENCRYPTIONAppliance

Internet


Cisco IronPort Email Security Appliances


Top Exploits Email Security

1. Spam (mas del 85% del trafico mundial)

2. Viruses

3. False-positives

4. Denial-of-Service (DoS) Attacks

5. Misdirected bounces (Ataques de Rebotes)

6. Impersonation scams (Phishing)

7. Bot-Net Networks


IronPort Consolida la seguridad y arquitectura de la plataforma de Correo

Anti-Spam

Anti-Virus

Policy Management

Mail Routing

Antes de IronPort

IronPort Email Security Appliance

Internet

Firewall

MTAs

Groupware

Users

Despues de IronPort

Internet

Users

Groupware

Firewall


IronPort C Series - Features

MTA (Mail Transfer Agent) propietario, sistema operativo AsyncOS

Antispam

Antivirus

Filtro de epidemia de Virus (Proteccion preventiva Antivirus)

Reputation Filters ( Proteccion preventiva Antispam)

Encripcion

DLP – RSA integrado en el sistema operativo


Plataforma

Plataforma modular

Inspección de trafico modulo x modulo

Activacion de los modulo basado en las politicasconfigurados por usuario, dominio, IP o grupo.

Autenticacion y politicas integradas con AD, LDAP y Radius.

Proteccion contra Email Marketing

Intelligent Multiscan (doble motor Antispam para outbound traffic).


Man

ag

em

en

t

Arquitectura Email SecurityInbound Security, Outbound Control

Virus

Defense

CISCO IRONPORT ASYNCOS™

EMAIL PLATFORM

Data Loss

Prevention

Secure

Messaging

INBOUND

SECURITY

OUTBOUND

CONTROL

Spam

Defense


SenderBaseEmail Reputation Database

Global Volume

Data

Message

Composition

Data

Spam Traps

Complaint

ReportsIP Blacklists

& Whitelists

Domain

Blacklist &

Safelists

Compromised

Host Lists

Web Site

Composition

Data

Other Data

IP Reputation Score

+100- 10


IPSSensor

Cisco Security Intelligence OperationsProteccion en tiempo real

Network Security

IPS devices

Firewalls (700,000+ devices)

Content Security

30% global email

3B daily web requests

WebSensor

Email Security Solutions

Web Security Solutions

Firewalls IPS Devices

Cisco SecurityIntelligence Operations

IPSSensor

EmailSensor

WebSensor

FirewallSensor

WebSensor

FirewallSensor

EmailSensor

EmailSensor

IPSSensor

EmailSensor


Arquitectura Antispam

Multi-layer Spam Defense

IronPort

Anti-Spam

Senderbase

Reputation Filtering

Who? How?

What? Where?

Score

Block 90%

of Spam

>99% Catch Rate

< 1 in 1 mil False Positives


Arquitectura Antivirus

Multi-layer Virus Defense

Anti-VirusVirus Outbreak Filters

T = 0

-zip (exe) files

T = 5 mins

-zip (exe) files

-Size 50 to

55 KB

T = 15 mins

-zip (exe) files

-Size 50 to

55KB

-“Price” in the

filename


Control correo saliente

Security Enforcement Array

HIPPA

Trade Secrets

PCI

Corporate

Policies

Company

Reputation

HIPAA

PCI

SB-1386

SMTP

Encryption

DLP HR/Legal

Review

Encryption

Dropped

Attachment

Detection Remediation


Correo SeguroFacil de utilizar para el remitente

Automated key management

No desktop software requirements

No new hardware required

User Opens

Secured Message

in Browser

Decrypted Message

Is displayed

User Authenticates

and Receives

Message Key

1

3

2Key is Stored

TLS

Message is Encrypted &

Pushed to Recipient

1


Correo SeguroFacil de utilizar para destinatario

Open Attachment

1 2

3

Enter Password

View Message

Send to Anyone

no Certificates

no Plug-Ins


Visibilidad y ControlFacil para el Administrador

Guaranteed Read

Receipt

Guaranteed

Recall


Comprehensive Email Management

Configure Anti-Spam, Anti-Virus, Content Filters, Preventive AV, Encryption

and DLP all in one user interface


Modelos y sizing

C170 – hasta 1000 users.

C370 – hasta 5000 users.

C670 – mas de 5000 y hasta 10000 o mas usuarios.

Licenciamiento por cantidad de usuarios.

No se vende sin soporte.

No se vende el software sin el appliance.

No corre en VMWare.


Performance

Soporta hasta 10.000 conexiones concurrentes

Mas de 250.000 mail/hora (C670) como MTA puro

Aproximadamente 110.000 mail hora con todos los servicios activos.

Mas del 80% del trafico spam es bloqueado en el borde sin entrar a la red del cliente

Soporta 2 engines AS (IPAS y Cloudmark)

Soporta 2 engines AV (Sophos y McAfee)


Licencias & Servicios

MTA y sistema operativo

Reputation Filters

Antispam

Antivirus

Filtro epidemia de virus (VoF)

Encripcion

Modulo DLP


Cisco IronPort Web Security Appliances


Web

Crecimiento en el mundo de los negocios

HTTP es el nuevo TCP

IMFTP

RPCVideoSOAP

Crecimiento en aplicaciones“tunelizadas”

Proliferacion de redes sociales


Desafios de la WEB

Acceptable Use Violations

Data Loss

MalwareInfectionsChallenges

Recursos e informacion casi ilimitados, pero no hay privacidad o seguridad garantizada


20% del trafico es “facil de clasificar”

Trafico predecible,

Dominios conocidos

# of Sites

Tra

ffic

Vo

lum

e

80% del trafico es “dificil de clasificar”

110M sitios, creciendo 40% anualmente

Mezcla de sitios legitimos, spyware y malware

Big

Head

Long Tail

Web TrafficThe Long Tail Gets Longer


Cisco IronPort S-SeriesNext Generation Secure Web Gateway

Cisco IronPort S-Series

Cisco IronPort

Web Reputation

Filters Proactive protection

against emerging threats

Blocks 70% of malware

traffic at the connection

level

Cisco IronPort DVS

Anti-Malware

Engine Blocks malware based on

deep content analysis

Multiple anti-malware and

anti-virus technologies

running in parallel

Data Security Integrated data security

for easy enforcement of

common sense policies

Integration with external

products for advanced

DLP

Cisco IronPort

Web Usage Controls Industry-leading visibility and

protection

Real-Time Dynamic Content

Analysis for the Dark Web


Users

Firewall

Next Generation Secure Web Gateway

Internet

After IronPort

IronPort S-Series

Internet

Firewall

Users

Before IronPort

Web Proxy & Caching

Anti-Spyware

Anti-Virus

Anti-Phishing

URL Filtering

Policy Management


Cisco IronPort S-SeriesA Powerful, Secure Web Gateway Solution

Most effective defense against web-based malware

Visibility and control for acceptable use and data loss

High performance to ensure best end-user experience

Integrated solution offering optimum TCO

Management and Reporting

AsyncOS for Web

Acceptable Use Policy

Malware Defense

Data Security


IronPort S Series - Features

Proxy (HTTP,HTTPS, FTP) y Web Cache

Monitor de L4 (Analisis de los 65535 TCP ports )

Inspección de trafico HTTPs

Cisco IronPort Web Usage Controls (URL Filter)

Web Reputation

Anti-Malware

Applications Control


Tunneled Applications

Collaboration

ftp://ftp.funet.fi/pub/


Integrated L4 Traffic MonitorComprehensive Controls

Scans all 65,535 ports at wire speed

Supports “monitor only” or “monitor & block” modes

Ability to exempt sources and/or destinations

Automated updates

L4 TRAFFIC

MONITOR

PROXY

IronPort S-Series

Firewall

Internet

Port 80

X X

X X


Web Proxy & L4 Traffic Monitor

Web Proxy Deployment Options

Explicit Forward

Transparent off a WCCP Router

Transparent off an L4 Switch

L4 Traffic Monitor Deployment Options

Span Port off a Switch

Duplex Tap

Simplex Tap

P1/M1 used for

Web Proxy

T1 & T2 used

for L4TM


Intelligent Scanning

IronPort Web Reputation technology determines need

for scanning by

- IronPort Anti-Malware System

- Decryption Engine

Requested

URLs

Known good sites

aren’t scanned

Unknown sites are

scanned by one or

more engines

Known bad sites

are blocked

IRONPORT

WEB REPUTATION

FILTERS

ANTI-MALWARE

SYSTEM

DECRYPTION

ENGINE


URL Keyword Analysis

www.casinoonthe.net/Gambling

Introducing Cisco IronPort Web Usage ControlsA Spotlight for the Dark Web

Industry-leading URL database efficacy• 65 categories

• Updated every 5 minutes

• Powered by Cisco SIO

Real-time Dynamic Content Analysis Engine accurately identifies over 90% of Dark Web content in commonly blocked categories

Uncategorized

Dynamic Content Analysis Engine

GamblingAnalyze Site Content

Real-time Dynamic

Content Analysis

URL Lookup in Database

www.sportsbook.com/Gambling

URL Database

Uncategorized


Cisco IronPort Web Security Appliances on Customer Premises

Cisco Security Intelligence Operations (SIO)Unmatched Visibility Drives Unparalleled Efficacy

Crowd Sourcing

Manual

CategorizationWeb

Crawlers

External Feeds

Traffic Data from

Cisco IronPort Email

Security Appliances,

Cisco IPS, and Cisco

ASA sensors

Customer Administrators

Analysis and Processing

Uncategorized URLs

URL Categorization Requests

Crawler Targeting

Master URL Database

Updates published every 5 minutes

Cisco SIO


Industry-leading AccuracyWith Multiple Verdict Engines

Best-of-breed signatures - Webroot & Sophos

Broad coverage - Addresses full range of threats

Complete signature set - URLs, domains, CLSIDs, binaries, checksums, user agents and more

WEBROOT & SOPHOS


Modelos y sizing

S170 – hasta 1000 users.

S370 – hasta 5000 users.

S670 – hasta 10000 o mas usuarios.

Licenciamiento por cantidad de usuarios.

No se vende sin soporte.

No se vende el software sin el appliance.

No corre en VMWare


Performance

Soporta hasta 100.000 sesiones simultaneas

1900 a 2100 requests seg. (aprox. 7M/hora)

100 a 200Mb de throughput depende de los modulosactivos.

No in-line, baja latencia 5 a 15 ms

Un solo S670 capaz de soportar 10k o 20k users.


Licencias & Servicios

Proxy (HTTP,HTTPS,FTP) y Web Cache

Monitor de L4

Inspección de trafico HTTPs

Web usage Controls (URL Filter)

Web Reputation

Anti-Malware

McAfee AntiMalware

Webroot AntiMalware


Q & A

Technology

Presentación IronPort Products