IronPort S-Series Web Security Appliances - Cisco
I r o n P o r t A pp l ia n c e sTHE INDUSTRY’S BESTW E B S E C U R I T Y G AT E WAY,P R O V I D I N G M A LWA R EPROTECTION AND HIGHPERFORMANCEIronPort S-Series Web Security AppliancesOverviewSECURE AND CONTROL WEB TRAFFIC WITHTHE INDUST RY’S LEADING WEB SECURITYAPPLIANCEThe number of security threats introduced byWeb traffic has reached epidemic proportions.Traditional gateway defenses are provingto be inadequate against a variety of Webbased malware, leaving corporate networksexposed to the inherent danger posed bythese threats. According to industry estimates,approximately 75 percent of corporate PCsare infected with spyware, yet less than10 percent of corporations have deployedperimeter malware defenses. The speed,variety and maliciousness of Web-basedmalware attacks highlight the importanceof a robust, secure platform to protect theenterprise network perimeter from suchthreats.Existing gateway defensesare proving to be inadequate against a variety ofWeb-based malware. Onlythe IronPor t S-Series Websecurity appliance providesa single platform solutionto enable the industr y’smost power ful protectionand control.In addition to the security risks introducedby Web-based malware and spyware, Webtraffic also exposes an organization tocompliance and productivity risks introducedby inappropriate usage of the Web within anorganization.The IronPort S-Series Web Security Applianceis the industry’s first and only Web securityappliance to combine traditional URLfiltering, reputation filtering and malwarefiltering on a single platform to addressthese risks. By combining these innovativetechnologies, the IronPort S-Series helpsorganizations address the growing challengesof both securing and controlling Web traffic.Customers enjoy low Total Cost ofOwnership (TCO), as these powerfulapplications are integrated and managed ona single appliance. Robust management andreporting tools deliver ease of administration,flexibility and control, and complete visibilityinto policy-related and threat-related activities.
IronPort S-Series Web Security AppliancesF e at u r e spa ge I N N OVAT I V E S E C U R I T Y P L AT F O R MD E L I V E R S I N D U ST RY- L E A D I N GP E R F O R M A N C E A N D ACC U R ACYAn integrated Layer 4 (L4) Traffic MonitorIronPort S-Series appliances help enterprisessecure and control Web traffic by offeringmultiple layers of malware defense on asingle, integrated appliance. Theselayers of defense include IronPort WebReputation Filters , multiple anti-malwarescanning engines and the Layer 4 (L4) TrafficMonitor, which detects non-Port 80 malwareactivity. IronPort designed and built thefirst solution to offer all of these featureson a single appliance. With the IronPortS-Series, administrators enjoy low TCO,simplified maintenance and configuration,greater efficacy in malware protection andhigher performance through engineeringoptimizations.A fast Web proxy is the foundation forsecurity and acceptable use policy (AUP)enforcement. It allows for deep contentanalysis, which is critical to accurately detectdevious and rapidly mutating Web-basedmalware. Powered by AsyncOS , IronPort’sproprietary operating system, the Web proxyincludes an enterprise-grade cache file system.This system efficiently returns cached Webcontent through intelligent memory, disk andkernel management – easily ensuring highperformance and throughput for even thelargest of networks.scans all ports at wire speed, detecting andblocking spyware “phone-home” activity. Bytracking all 65,535 network ports, the L4Traffic Monitor effectively stops malwarethat attempts to bypass Port 80. In addition,the L4 Traffic Monitor is able to dynamicallyadd IP addresses of known malware domainsto its list of ports and IP addresses to detectand block. Using this dynamic discoverycapability, the L4 Traffic Monitor canmonitor the movement of malware in realtime – even as the malware host tries toavoid detection by migrating from one IPaddress to another.M ulti-layer, Multi-vendorDEFENSE-IN-DEPTHIronPort URL Filters offer the broadestreach and the highest accuracy rate in controlling Web content. These filters compareusers’ Web traffic requests against administrator-set policies for 52 pre-defined (and anunlimited number of custom) categories, easily addressing acceptable use policy concerns.With a database that contains more than 20million sites (corresponding to over 3 billionwebpages) and global coverage across 70languages and 200 countries, IronPort URLFilters offer industry-leading coverage andaccuracy against Web traffic requests.MANAGEMENT TOOLSPower at the Perimeter:The IronPor t S-Seriescombines revolutionar ytechnologies to providemulti-layered Web securityon a single appliance.IRONPORTL4 TRAFFICMONITORIRONPORTURLFILTERSIRONPORTWEB T ASYNCOS WEB SECURITY PLATFORM
IronPort S-Series Web Security AppliancesF e at u r e s(continued)The industry’s first and best Webreputation filters provide a powerful outerlayer of malware defense. Leveraging theIronPort SenderBase Network (whichmeasures roughly one-third of the world’semail and Web traffic), IronPort WebReputation Filters use over 50 differenttraffic- and network-related parameters toaccurately evaluate a URL’s trustworthiness.Sophisticated security modeling techniquesare used to individually weigh eachparameter and generate a single score (on ascale of -10 to 10) for a given URL. Thisscore can then be used to block known badtraffic, while allowing known good trafficto proceed. In this manner, only “grey”traffic is passed on for further anti-malwarescanning. IronPort Web Reputation Filtersnot only provide high levels of securityand performance, but also offer effectivemeasures against malware outbreaks.The IronPort Anti-Malware System enablesthe IronPort S-Series to be the first solutionon the market that offers multiple antimalware scanning engines on a single,integrated appliance. This system leverages the IronPort Dynamic Vectoring andStreaming (DVS) engine , and verdictengines from Webroot and McAfee, toprovide best-of-breed protection against thewidest variety of Web-based threats. Thesethreats can range from adware, browserhijackers, phishing and pharming attacksQuickTime and adecompressorQuickTime and aare needed todecompressorsee this picture.are needed to see this picture.IronPor t Web SecurityManager makes it easy tocreate different sets ofpolicies for each group ofusers.pa ge to more malicious threats such as rootkits,Trojans, worms, system monitors and keyloggers.Scanning engines from Webroot andMcAfee are fully integrated into IronPortS-Series appliances. The Webroot scanningengine, backed by a threat research teamat Webroot, performs both request- andresponse-side scans. Efficacy and coverageare strengthened by Phileas (the first automated spyware detection system), whichidentifies existing and new threats by intelligently scanning millions of sites daily. TheMcAfee scanning engine is backed by AvertLabs, the world’s top threat research center.The McAfee database includes both virusand malware signatures and can be configured to perform both signature-based andheuristics-based scanning.The IronPort DVS engine was built toprovide an integrated single-appliance solution with multiple anti-malware scanningengines from different vendors. It employssophisticated object parsing and streamingtechniques to provide all of IronPort’s AUPand security features for Web traffic, whilemaximizing performance and minimizingend-user latency – even while Web contentis being scanned simultaneously by Webrootand McAfee. The result is a ten-fold improvement in performance when comparedto first-generation scanning solutions.Group by LDAP, ActiveDirectory, Network Block FTP Allow Media files Allow all URL categoriesMarketing Block executables Block gambling sites Block all malwareSales Allow Skype Monitor all traffic Allow executables Allow all applicationsIT
IronPort S-Series Web Security AppliancesCorporateNetworkpa ge IronPort S-SeriesReputation-aware SSLscanning on the IronPor tS-Series ensures privacyand security.1. DecryptWeb Server URL Filtering Web Reputation Filtering Anti-Malware Scanning(Webroot, McAfee) Other AUP and ApplicationControl2. InspectFor an incoming HTTPsconnection, decide whether todecrypt based on: Reputation Score URL Category Destination Source CombinationCASE 1: Decrypted HTTPs connection3. EncryptFor each direction of traffic, the Web gateway:1. Decrypts from the first conversation,2. inspects the decrypted traffic, then3. encrypts for the second conversation.CASE 2: Tunneled HTTPs connectionThe HTTPs connection tunnels through theWeb gateway. The gateway does not seeany traffic passing between the end-userand Web server through this connection.HTTPs Decryption enables the IronPortS-Series to enforce acceptable use andsecurity policies over HTTPs-decrypteddata. IronPort’s Web security solution is thefirst to use Web reputation and URL filteringto make HTTPs decryption decisions. Forexample, a banking site can be bypassed forHTTPs decryption, unless its Web reputationscore is low, in which case the HTTPs connection is decrypted to scan content for malware. With this ability, administrators nolonger have to sacrifice security for privacy.Comprehensive M anagement andR eporting CapabilitiesIronPort Web Security Manager providesa single, easy-to-understand view of allaccess and security policies configured onthe appliance.Administrators manage all Web accesspolicies (including those for URL filtering,reputation filtering and malware filtering)from a single location. Additionally, administrators can mix and match client-basedcriteria (e.g. client IP address, authenticatedusername, etc.) and destination-based criteria (e.g. URL, URL category, proxy port,etc.) to flexibly determine when each set ofpolicies is applied.IronPort Web Security Monitor providesvaluable insight into overall Web activity, aswell as threat identification and prevention,within corporate networks. These on-boxand off-box reports are designed to provideactionable information as well as historicaltrends. Enhanced reporting provides enterprises visibility into policy violations andsecurity violations.
IronPort S-Series Web Security Appliancespa ge F e at u r e s(continued)The IronPor t S-Series’sophisticated repor tingtools yield a completereal-time and historicalview of Web traffic, as wellas threat activity andprevention — providingunprecedented securityinsight.Multiple deployment modes enable flexibility within a corporate network. Deploymentmodes include deployment as an explicitforward proxy for the network or transparent deployment off an L4 switch or a WCCProuter within the network. The IronPortS-Series appliance can be configured as astandalone proxy or to co-exist with otherproxies.Basic) lets enterprises deploy the IronPort SSeries seamlessly, while taking advantage ofpre-existing authentication and access control policies within their networks. Featuressuch as multi-realm authentication (whichenables authentication against multipleauthentication domains) provide flexiblefailover scenarios and multi-organizationdeployments.An SNMP Enterprise MIB facilitates hands-offExtensive logging allows enterprises tokeep track of all Web traffic, benign andmalware-related. Standard log formatsinclude Apache, Squid or Squid-detailed—along with the ability to specify custom logformats, consistent with enterprise loggingpolicies. Administrators can enable ordisable log subscriptions or set log subscriptions, or set log rollover and size limits,based on log types.monitoring and alerting for key system metrics including hardware, performance andavailability. A comprehensive enterprise classalert engine ensures oversight for all systemparameters – including hardware, security,performance and availability.Integrated authentication via standarddirectories (such as LDAP or Active Directory) and the ability to implement multipleauthentication schemes (such as NTLM or
IronPort S-Series Web Security AppliancesB ENE F IT sSingle Appliance Security and ControlIronPort S-Series offers a single appliancesolution to secure and control the threegreatest Web traffic risks facing enterprisenetworks: security risks, resource risks andcompliance risks.Mitigate Malware Risks and Costs Withmalware infecting up to 75 percent of corporate desktops, there is considerable overheadaround managing infected desktops, ensuringminimal downtime to the end-user and minimizing the risk of information leakage.By stopping these threats at the networkperimeter with the IronPort S-Series, enterprises can significantly reduce the administrative costs, prevent attacker “phone-home”activity on networks, reduce support calls,enhance worker productivity and also eliminate the business exposure that accompaniesthese threats.Complete, Accurate Protection IronPortdesigned the IronPort S-Series appliancesfrom the ground up to address the broadest range of Web-based malware threats. Amulti-layered defense that includes IronPortURL Filters, IronPort Web ReputationFilters, and multiple anti-malware scanningengines using IronPort’s DVS technology,ensures industry-leading accuracy.The IronPort S-Series’ multi-layered protection is based on a deep content applicationlayer inspection, as well as network-layerpattern detection, checking both inboundand outbound activities. These innovationsmake the IronPort S-Series the industry’smost secure Web gateway.pa ge Enforce Acceptable Use Policies (AUP) Byimplementing acceptable use Web policies,enterprises can not only conserve resourcesfor work-related Web usage, but also informend-users to help shape Web access behavior over time. Enterprises can increase theamount of time that employees spend onbusiness-oriented activities, reducing misuseof enterprise networks and bandwidth.Comprehensive Visibility The IronPortS-Series appliances deliver real-time andhistorical security information, enablingadministrators to quickly understand Webtraffic activity. Real-time reports let administrators identify and track issues such aspolicy violations and security violations asthey occur. Historical reports allow administrators to identify trends and report on efficacy and ROI.Enterprise-Scale Performance Real-timescanning of Web traffic has been traditionally plagued by poor performance and highlatency. Consequently, enterprises have shiedaway from deploying signature-based protection at the HTTP layer. IronPort S-Seriesappliances scale to meet the unique scanning needs of Web traffic, thereby ensuringthat the end-user experience is maintained.IronPort offers industry-leading performancethrough its proprietary AsyncOS platform,an enterprise-grade Web proxy and cachefile system as well as an intelligent engine forrapid content scanning. Consequently, theIronPort S-Series is a platform that can address the capacity requirements of even thelargest of enterprises.
IronPort S-Series Web Security AppliancesB ENE F IT s(continued)ProductlineS P ECS( M O DE L DE P ENDENT )pa ge Low Total Cost of Ownership Legacy ICAPbased solutions typically require multiple appliances or servers to protect against security,resource and compliance risks. Unlike othersolutions, the IronPort S-Series provides asingle platform that contains a complete, indepth defense — along with all the necessarymanagement tools — significantly reducinginitial and ongoing TCO.Reduced Administrative Overhead Designedto minimize administrative overhead, theIronPort S-Series appliances offer easy setupand management with an intuitive graphical user interface, support for automatedupdates, and comprehensive monitoring andalerting. The solution is also easy to deployand configure to match corporate-specificpolicies.S I Z I N G U P YO U R Web S ecurity S olutionIronPort Systems provides industr y-leading Web security appliances for organizations of all sizes.IronPort S650Designed to meet the needs of the most demanding networks in the world.Suggested for organizations above 5000 users.IronPort S350Suggested for organizations up to 5000 users.CHASSIS / PROCESSORForm FactorDimensionsCPUMemor yPower Supplies19” Rack-Mountable, 2U rack height3.5” (h) x 19” (w) x 29” (d)2x Dual Core Intel Xeon 5140, 4 MB Cache4 GBHot-plug redundant, 750 watts, 100/240 voltsSTORAGERAIDDrivesRAID 10 configuration, batter y-backed 256MB cacheSix hot-swappable, 146 GB SAS Drives, 876 GB TotalCONNECTIVITYEthernetSerial6x Gigabit NICs, RJ-451x RS-232 (DB-9) Serial Por tInterfaces/configurationWeb Inter faceCommand Line Inter faceFile TransferConfiguration FilesAccessible by HTTP or HTTPSAccessible via SSH or Telnet; Configuration Wizardor command-basedSCP, FTP or SYSLOGXML-based configuration files
IronPort S-Series Web Security AppliancesS u mm a r ypa ge T he Ultimate W E B Security SystemThe challenges of securing and controlling enterprise Web traffic is continually growing andchanging. The security risk is real, with Web-based malware posing a rapidly growing threatthat is responsible for significant corporate downtime, productivity loss and resource strainon IT infrastructure. Enterprises need control to understand when, where and how their employees are using the Web. Additionally, an enterprise runs the risk of violating complianceand data privacy regulations if their networks become compromised. The legal exposure as aresult of these violations comes at a significant cost. Malware infections also risk exposing anorganization’s business-critical data and intellectual property assets.The best place to control and protect against these risks posed by Web traffic is right at thegateway. The IronPort S-Series provides multiple layers of defense against these risks, bothhorizontally (at the application layer) and vertically (up the protocol stack). IronPortURL Filters enforce acceptable use policy, while IronPort Web Reputation Filters and theIronPort Anti-Malware System – with simultaneous scanning by Webroot and McAfee forgreater efficacy – provide protection against Web-based malware. HTTPs decryption enablesthe IronPort S-Series to apply these same access and security policies to HTTPs-encryptedtraffic as well. Finally, the L4 Traffic Monitor detects and blocks “phone-home” malwareactivity that attempts to circumvent Port 80 security features. With threats becoming morecomplex and sophisticated, IronPort S-Series offer the industry’s most comprehensive Websecurity solution, while also ensuring enterprise-class performance.c o n ta c t u sH OW TO G E T STA R T E D W I T H I R O N P O R TIronPort sales representatives, channel partners and sales engineers are ready to helpevaluate how IronPort products can make your corporate network infrastructure secure,reliable and easier to manage. If you believe that your organization could benefit fromIronPort’s industry-leading products, please call 650-989-6530 or visit us on the Web atwww.ironport.com/leaderIronPort Systems, Inc.IRONPORT S-Series10/07950 Elm Avenue, San Bruno, California 94066tel 650.989.6500 fax 650.989.6543email info@ironpor t.com web www.ironpor t.comDOC RELEASEIronPor t Systems, a Cisco business unit, is a leading provider of anti-spam, anti-virus and anti-spyware appliances fororganizations ranging from small businesses to the Global 2000. IronPort appliances utilize SenderBase, the world’slargest email and Web threat detection network and database. IronPor t products are innovative and easy-to-use—providing breakthrough per formance and playing a mission-critical role in a company’s network infrastructure.Copyright 2000-2007 Cisco Systems, Inc. All rights reser ved. IronPor t, the IronPor t logo and SenderBase are registeredtrademarks of Cisco Systems, Inc. All other trademarks are the proper ty of Cisco Systems, Inc. or their respective owners.While ever y effor t is made to ensure the information given is accurate, Cisco does not accept liability for any errors ormistakes which may arise. Specifications and other information in this document may be subject to change without notice.P/N 435-0120-5 10/07
The IronPort S-Series Web Security Appliance is the industry's first and only Web security appliance to combine traditional URL filtering, reputation filtering and malware filtering on a single platform to address these risks. By combining these innovative technologies, the IronPort S-Series helps organizations address the growing challenges
IronPort Systems, Inc.1100 Grundy Lane, Suite 100 San Bruno, California 94066 tel 650.989.6500 fax 650.989.6543 email info@ironport.com web www.ironport.com IronPort C-Series IronPort C-Series Overview Overview IronPort C-Series Overview . email encryption, and content filtering. Centralized Management
IronPort X1050 Email Security System PAgE specs IronPort X1050 Built to meet the needs of the most demanding networks in the world. IronPort C650 Designed for large enterprises and service providers. IronPort C350 Suggested for medium to large enterprises. IronPort C350D Recommended for any co
Sawmill for IronPort includes an IronPort log format plug-in that processes Web Security appliance access logs to help you understand what is going on in your network. The IronPort log format plug-in allows you to create multiple types of profiles. When Sawmill for IronPort processes Web Security appliance access logs, it uses a profile you
conformance claims, and the ST organization. The TOE is IronPort Email Security Appliances (ESA), comprising the C160, C370, X1060, and X1070 appliance models, running IronPort AsyncOS software, version 7.1, and the C670 appliance model running IronPort AsyncOS version 7.3, from Cisco IronPort Systems LLC. The TOE is an
Network Security Trusted Client Content Security Cisco Security Intelligence Operations AnyConnect VPN Client ISR FWSM Network Admission Control ACE Web App Firewall IPS 4200 Cisco Virtual Office Cisco Security Manager Cisco Secure ACS IronPort Hosted Email Security IronPort S-Series IronPort C-Series Cisco Secure MARS ASA 5500 IronPort M .
Cisco IronPort Web Reputation Filters and the Cisco IronPort Anti-Malware System to provide a single, integrated solution that ensures that a corporation's web traffic is accurately scanned for both acceptable use violations and security threats. The CisCo ironPorT DifferenCe fasT, aCCuraTe ConTenT filTering for aCCePTable use PoliCy enforCemenT
IronPort's easily-deployed and easily-man-aged solution also enables intellectual prop-erty protection and enforces organizations' acceptable use policies. ironport email encryption gives administra-tors the ability to secure confidential data and comply with partner, customer or regulatory requirements. IronPort PXE technology
small group work, worksheets, and whole-class discussions. Students rotate through each station on some sort of schedule—either fixed or at the teacher’s discretion. Lab Rotation: This rotation model is similar to the one above, but the online learning component takes place in a learning lab that is designed primarily for this purpose.
