Transcription
I r o n P o r t A pp l ia n c e sP O W E R F U L M A LWA R EPROTECTION ENABLESTHE INDUSTRY’S MOSTCOMPREHENSIVEPERIMETER DEFENSEIronPort S-Series Web Security AppliancesOverviewSECURE AND CONTROL WEB TRAFFIC WITHTHE INDUST RY’S LEADING WEB SECURITYAPPLIANCEWeb traffic is now a major threat distributionvector, with clear and present risks. Existinggateway defenses are proving to beinadequate against a variety of Web-basedmalware, leaving corporate networksexposed to the inherent danger posed bythese threats. According to industry estimates,approximately 75 percent of corporate PCsare infected with spyware, yet less than10 percent of corporations have deployedperimeter malware defenses. The speed,variety and maliciousness of Web-basedmalware attacks highlight the importanceof a robust, secure platform to protect theenterprise network perimeter from suchthreats.Existing gateway defensesare proving to be inadequate against a variety ofWeb-based malware. Onlythe IronPor t S-Series Websecurity appliance providesa single platform solutionto enable the industr y’smost power ful protectionand control.In addition to the security risks introducedby Web-based malware and spyware, Webtraffic also exposes an organization tocompliance and productivity risks introducedby inappropriate usage of the Web within anorganization.The IronPort S-Series Web Security Applianceis the industry’s first and only Web securityappliance to combine traditional URLfiltering, reputation filtering and malwarefiltering on a single platform to addressthese risks. By combining these innovativetechnologies, the IronPort S-Series helpsorganizations address the growing challengesof both securing and controlling Web traffic.Customers enjoy low Total Cost ofOwnership (TCO), as these powerfulapplications are integrated and managed ona single appliance. Robust management andreporting tools deliver ease of administration,flexibility and control, and complete visibilityinto policy-related and threat-related activities.
IronPort S-Series Web Security AppliancesF e at u r e sI N N OVAT I V E S E C U R I T Y P L AT F O R MD E L I V E R S I N D U ST RY- L E A D I N GP E R F O R M A N C E A N D AC U R ACYIronPort S-Series appliances help enterprisessecure and control Web traffic by combining a secure application proxy for Web traffic, a Layer 4 (L4) Traffic Monitor, and theIronPort Dynamic Vectoring and Streaming(DVS) engine — a sophisticated scanningand vectoring engine that has been designedfrom the ground up to address the uniquechallenges posed by scanning Web transactions and objects. This provides a powerfulWeb security platform, optimized for performance and efficacy.A fast Web proxy provides control overall Web traffic and allows for deep contentanalysis, which is critical to accurately detectdevious and rapidly mutating Web-basedmalware. The industry’s first implementationof reputation-based caching enables fastdelivery of safe objects and content to theend-user. Powered by AsyncOS , IronPort’sproprietary operating system, the Webproxy easily ensures high performance andthroughput for even the largest of networks.An integrated Layer 4 (L4) Traffic Monitorscans all ports at wire speed, detecting andblocking spyware “phone-home” activity. Bytracking all 65,535 network ports, the L4Traffic Monitor effectively stops malwarethat attempts to bypass Port 80 and alsoprevents rogue P2P- and IRC-related activity.IronPort’s DVS Engine employs sophisticatedobject parsing and vectoring techniques,along with stream scanning and verdictcaching, resulting in up to ten times thescanning throughput of first-generationsolutions.pa ge M ulti-layer, Multi-vendorDEFENSE-IN-DEPTHIronPort URL Filters offer the broadestreach and the highest accuracy rate in controlling Web content. These filters compareusers’ Web traffic requests against administrator-set policies for 52 pre-defined (and anunlimited number of custom) categories, easily addressing acceptable use policy concerns.With a database that contains more than 20million sites (corresponding to over 3 billionwebpages) and global coverage across 70languages and 200 countries, IronPort URLFilters offer industry-leading coverage andaccuracy against Web traffic requests.The industry’s first Web reputation filtersprovide a powerful outer layer of defense.Leveraging SenderBase , IronPort WebReputation Filters analyze over 50different Web traffic and network-relatedparameters to accurately evaluate a URL’strustworthiness. Sophisticated securitymodeling techniques are used to individuallyweigh each parameter and generate a singlescore on a scale of -10 to 10. Administratorconfigured policies are dynamically applied,based on reputation scores.The industry-leading IronPort Anti-MalwareSystem leverages the IronPort DVS engineand multiple verdict engines (the first fromWebroot), to provide best-of-breed protection against the widest variety of Web-basedthreats. These threats can range fromadware, browser hijackers, phishing andpharming attacks to more malicious threatssuch as rootkits, Trojans, worms, systemmonitors and keyloggers.
IronPort S-Series Web Security Appliancespa ge F e at u r e sMANAGEMENT TOOLS(continued)Power at the Perimeter:The IronPor t S-Seriescombines revolutionar ytechnologies to providemulti-layered Web securityon a single appliance.IRONPORTL4 TRAFFICMONITORIRONPORTURLFILTERSIRONPORTWEB T ASYNCOS WEB SECURITY PLATFORMThe IronPort DVS engine was built toprovide an integrated single-appliance solution matching against multiple signaturetypes from different vendors. The first setcomes from Webroot, an industry-leadinganti-malware company. Webroot’s ThreatResearch team is backed by Phileas, thefirst automated spyware detection system,which identifies existing and new threats byintelligently scanning millions of sites daily.IronPort S-Series appliances are the first toinclude Webroot’s award-winning technology at the gateway perimeter to keep thesethreats from entering the network.Comprehensive M anagement andR eporting CapabilitiesIronPort Web Security Manager enablesgranular options for the enterprise based onauthenticated or non-authenticated users.Administrators manage all Web accesspolicies (including those for URL filtering,reputation filtering and malware filtering)from a single location. Administratorscreate and manage groups and users for allfiltering services on the appliance.IronPort Web Security Monitor providesvaluable insight into overall Web activity, aswell as threat identification and prevention,within corporate networks. These on-boxand off-box reports are designed to provideactionable information as well as historicaltrends. Enhanced reporting provides enterprises visibility into policy violations andsecurity violations.unified policy creation for all filteringservices on the appliance and providesQuickTime and adecompressorQuickTime and aare needed todecompressorsee this picture.are needed to see this picture.Group by LDAP, AD,Network Block FTP Allow Media files Allow all URL categoriesMarketing Block executables Block gambling sites Block all malwareSales Allow Skype Monitor all traffic Allow executables Allow all applicationsIT
IronPort S-Series Web Security Appliancespa ge F e at u r e s(continued)The IronPor t S-Series’sophisticated repor tingtools yield a completereal-time and historicalview of Web traffic, as wellas threat activity andprevention — providingunprecedented securityinsight.Multiple deployment modes enable flexibil-ity within a corporate network. Deploymentmodes include deployment as an explicitforward proxy for the network or transparent deployment off an L4 switch or a WCCProuter within the network. The IronPortS-Series appliance can be configured as astandalone proxy or to co-exist with otherproxies.An SNMP Enterprise MIB facilitates hands-offmonitoring and alerting for key system metrics including hardware, performance andavailability. A comprehensive enterprise classalert engine ensures oversight for all systemparameters – including hardware, security,performance and availability.Integrated authentication via standarddirectories (such as LDAP or Active Directory) and the ability to implement multipleauthentication schemes (such as NTLM orBasic) lets enterprises deploy the IronPortS-Series seamlessly, while taking advantageof pre-existing authentication and accesscontrol policies within their networks.Extensive logging allows enterprises tokeep track of all Web traffic, benign andmalware-related. Standard log formatsinclude Apache, Squid or Squid-detailed—along with the ability to specify custom logformats, consistent with enterprise loggingpolicies. Administrators can enable ordisable log subscriptions or set log subscriptions, or set log rollover and size limits,based on log types.
IronPort S-Series Web Security AppliancesB ENE F IT spa ge Single Appliance Security and ControlImplement Acceptable Use Policies (AUP)IronPort S-Series offers a single appliancesolution to secure and control the threegreatest Web traffic risks facing enterprisenetworks: security risks, resource risks andcompliance risks.By implementing acceptable use Web policies, enterprises have the opportunity tomonitor activities, but also generate awareness and increase education as to the risksbeing avoided with policies. Enterprises canincrease the amount of time employees workon business-oriented activities, reducing misuse of enterprise networks and bandwidth.Mitigate Malware Risks and Costs Withmalware infecting up to 75 percent of corporate desktops, there is considerable overheadaround managing infected desktops, ensuringminimal downtime to the end-user and minimizing the risk of information leakage.By stopping these threats at the networkperimeter with the IronPort S-Series, enterprises can significantly reduce the administrative costs, prevent attacker “phone-home”activity on networks, reduce support calls,enhance worker productivity and also eliminate the business exposure that accompaniesthese threats.Complete, Accurate Protection IronPort designed the IronPort S-Series appliancesfrom the ground up to address the broadest range of Web-based malware threats. Amulti-layered defense that includes IronPortURL Filters, IronPort Web ReputationFilters, and multiple types of malware signatures within IronPort’s DVS engine, ensuresindustry-leading accuracy.The IronPort S-Series’ multi-layered protection is based on a deep content applicationlayer inspection, as well as network-layerpattern detection, checking both inboundand outbound activities. These innovationsresult in the IronPort S-Series appliancesprotecting with the industry’s most accurateanti-malware solution.Comprehensive Visibility The IronPortS-Series appliances deliver real-time andhistorical security information, enablingadministrators to quickly understand Webtraffic activity. Real-time reports let administrators identify and track issues such aspolicy violations and security violations asthey occur. Historical reports allow administrators to identify trends and report on efficacy and ROI.Enterprise-Scale Performance Real-timescanning of Web traffic has been traditionally plagued by poor performance and highlatency. Consequently, enterprises have shiedaway from deploying signature-based protection at the HTTP layer. IronPort S-Seriesappliances scale to meet the unique scanning needs of Web traffic, thereby ensuringthat the end-user experience is maintained.IronPort’s performance focus (with technicalinnovations in AsyncOS, which includes TCPconnection management, reputation-basedcaching and adaptive object storage) ensuresa platform that can address the capacity requirements of even the largest of enterprises.Low Total Cost of Ownership Legacy ICAPbased solutions typically require multipleappliances or servers to address securingand controlling Web traffic against security,
IronPort S-Series Web Security AppliancesB ENE F IT s(continued)pa ge resource and compliance risks. Unlike othersolutions, the IronPort S-Series provides asingle platform that contains a complete, indepth defense — along with all the necessarymanagement tools — significantly reducinginitial and ongoing TCO.and management with an intuitive graphical user interface, support for automatedupdates, and comprehensive monitoring andalerting. The solution is also easy to deployand configure to match corporate-specificpolicies.Reduced Administrative Overhead Designedto minimize administrative overhead, theIronPort S-Series appliances offer easy setupProductlineS P ECS( M O DE L DE P ENDENT )S I Z I N G U P YO U R Web S ecurity S olutionIronPort Systems provides industr y-leading Web security appliances for organizations of all sizes.IronPort S650Designed to meet the needs of the most demanding networks in the world.Suggested for organizations above 5000 users.IronPort S350Suggested for organizations up to 5000 users.CHASSIS / PROCESSORForm FactorDimensionsCPUMemor yPower Supplies19” Rack-Mountable, 2U rack height3.5” (h) x 19” (w) x 29” (d)2x Dual Core Intel Xeon 5140, 4 MB Cache4 GBHot-plug redundant, 750 watts, 100/240 voltsSTORAGERAIDDrivesRAID 10 configuration, batter y-backed 256MB cacheSix hot-swappable, 146 GB SAS Drives, 876 GB TotalCONNECTIVITYEthernetSerial6x Gigabit NICs, RJ-451x RS-232 (DB-9) Serial Por tInterfaces/configurationWeb Inter faceCommand Line Inter faceFile TransferConfiguration FilesAccessible by HTTP or HTTPSAccessible via SSH or Telnet; Configuration Wizardor command-basedSCP, FTP or SYSLOGXML-based configuration files
IronPort S-Series Web Security AppliancesS u mm a r ypa ge T he Ultimate W E B Security SystemThe challenges of securing and controlling enterprise Web traffic is continually growing andchanging. The security risk is real, with Web-based malware a rapidly growing threat thatis responsible for significant corporate downtime, productivity losses and major strains onIT resources. Enterprises need control to understand when, where and how their employeesare using the Web. Additionally, an enterprise runs the risk of violating compliance and dataprivacy regulations if their networks become compromised. The legal exposure as a result ofthese violations comes at a significant cost. Malware infections also risk exposing an organization’s business-critical data and intellectual property assets.The best place to control and protect against these risks posed by Web traffic is right at thegateway. Combining Web traffic policies with deep application content inspection, througha Web proxy and Layer 4 Traffic Monitor, allows enterprises to ensure breadth of coveragewithin their networks. IronPort Web Reputation Filters and multiple malware signaturesfrom Webroot, integrated within IronPort’s DVS Engine and IronPort URL Filters, provideindustry-leading accuracy against suspicious Web traffic. With threats becoming morecomplex and sophisticated, IronPort S-Series offer the industry’s most comprehensive Websecurity solution — while also ensuring enterprise-class performance.c o n ta c t u sH OW TO G E T STA R T E D W I T H I R O N P O R TIronPort sales representatives, channel partners and sales engineers are ready to helpevaluate how IronPort products can make your corporate network infrastructure secure,reliable and easier to manage. If you believe that your organization could benefit fromIronPort’s industry-leading products, please call 650-989-6530 or visit us on the Web atwww.ironport.com/leaderIronPort Systems, Inc.IRONPORT S-Series06/07950 Elm Avenue, San Bruno, California 94066tel 650.989.6500 fax 650.989.6543email info@ironpor t.com web www.ironpor t.comDOC RELEASEIronPor t Systems, a Cisco business unit, is a leading provider of anti-spam, anti-virus and anti-spyware appliances fororganizations ranging from small businesses to the Global 2000. IronPort appliances utilize SenderBase, the world’slargest email and Web threat detection network and database. IronPor t products are innovative and easy-to-use—providing breakthrough per formance and playing a mission-critical role in a company’s network infrastructure.Copyright 2000-2007 Cisco Systems, Inc. All rights reser ved. IronPor t, the IronPor t logo and SenderBase are registeredtrademarks of Cisco Systems, Inc. All other trademarks are the proper ty of Cisco Systems, Inc. or their respective owners.While ever y effor t is made to ensure the information given is accurate, Cisco does not accept liability for any errors ormistakes which may arise. Specifications and other information in this document may be subject to change without notice.P/N 435-0120-4 6/07
IronPort Web Security Monitor provides valuable insight into overall Web activity, as well as threat identification and prevention, within corporate networks. These on-box and off-box reports are designed to provide actionable information as well as historical trends. Enhanced reporting provides enter-
