Contenu connexe
Similaire à Presentación IronPort Products (20)
Plus de Logicalis Latam (20)
Presentación IronPort Products
- 2. Frontera Convencional
Policy
Corporate Border
Applications
and Data
Corporate Office
Branch Office
Attackers Customers
Partners
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
- 3. Cloud Computing esta “disolviendo”
la frontera del Data Center
Policy
Corporate Border
Applications
and Data
Corporate Office
Branch Office
Home Office
Airport
Mobile User
Attackers Coffee Shop
Partners Customers
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
- 4. Cloud Computing esta “disolviendo”
la frontera del Data Center
Policy
Corporate Border Platform Infrastructure
as a Service as a Service
Applications Software X
and Data as a Service as a Service
Corporate Office
Branch Office
Home Office
Airport
Mobile User
Attackers Coffee Shop
Partners Customers
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4
- 5. Cloud Computing esta “disolviendo”
la frontera del Data Center
Policy
Corporate Border Platform Infrastructure
as a Service as a Service
Applications Software X
and Data as a Service as a Service
Corporate Office
Branch Office
Home Office
Airport
Mobile User
Attackers Coffee Shop
Partners Customers
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5
- 6. Arquitectura para una seguridad sin
fronteras
4 Policy (Access Control, Acceptable Use, Malware, Data Security)
Policy
3
Corporate Border
Data Center
Borderless
Platform Infrastructure
as a Service as a Service
Applications Software X
and Data as a Service as a Service
Corporate Office
2
Internet
Borderless
Branch Office
1
End Zones
Borderless
Home Office
Airport
Mobile User
Attackers Coffee Shop
Partners Customers
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6
- 7. El desafio hoy es
Equilibrar fuerzas….
Globalization
Threats
Mobility
Acceptable Use
Collaboration
Enterprise SaaS Data Loss
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7
- 8. Cisco Security Products Overview
Comprehensive Security, Flexible Delivery
Application Level Network Level
Data Center / Campus FWSM
ACE Web App Network ASA 5500
Firewall Admission Control IPS 4200
Corporate HQ Cisco Security
Cisco IronPort Cisco IronPort
C-Series S-Series IPS 4200 ASA 5500 Intelligence
Operations
Branch Office
Cisco IronPort ISR ASA 5500 Centralized
S-Series
Management
Teleworker
Clientless Network Cisco AnyConnect
Access VPN Client
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8
- 9. Cisco IronPort Gateway Security Products
Internet
Internet
IronPort
SenderBase
BLOCK Incoming Threats
APPLICATION-SPECIFIC
SECURITY GATEWAYS
ENCRYPTION EMAIL WEB
Appliance Security Appliance Security Appliance
CENTRALIZE Administration
PROTECT Corporate Assets
Data Loss Prevention
Security
MANAGEMENT
Appliance
CLIENTS
Web Security | Email Security | Security Management | Encryption
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9
- 10. Cisco IronPort Email Security
Appliances
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10
- 11. Top Exploits Email Security
1. Spam (mas del 85% del trafico mundial)
2. Viruses
3. False-positives
4. Denial-of-Service (DoS) Attacks
5. Misdirected bounces (Ataques de Rebotes)
6. Impersonation scams (Phishing)
7. Bot-Net Networks
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11
- 12. IronPort Consolida la seguridad y
arquitectura de la plataforma de Correo
Antes de IronPort Despues de IronPort
Internet Internet
Firewall Firewall
MTAs
Anti-Spam
Anti-Virus
IronPort Email Security Appliance
Policy Management
Mail Routing
Groupware Groupware
Users Users
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12
- 13. IronPort C Series - Features
MTA (Mail Transfer Agent) propietario, sistema
operativo AsyncOS
Antispam
Antivirus
Filtro de epidemia de Virus (Proteccion preventiva
Antivirus)
Reputation Filters ( Proteccion preventiva Antispam)
Encripcion
DLP – RSA integrado en el sistema operativo
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13
- 14. Plataforma
Plataforma modular
Inspección de trafico modulo x modulo
Activacion de los modulo basado en las politicas
configurados por usuario, dominio, IP o grupo.
Autenticacion y politicas integradas con AD, LDAP y
Radius.
Proteccion contra Email Marketing
Intelligent Multiscan (doble motor Antispam para
outbound traffic).
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14
- 15. Arquitectura Email Security
Inbound Security, Outbound Control
INBOUND Spam Virus
SECURITY
Defense Defense
Management
CISCO IRONPORT ASYNCOS™
EMAIL PLATFORM
Data Loss Secure
OUTBOUND
CONTROL Prevention Messaging
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15
- 16. SenderBase
Email Reputation Database
Domain
Complaint Blacklist &
Reports Safelists
IP Blacklists
& Whitelists
Compromised
Spam Traps
Host Lists
Message Web Site
Composition Composition
Data Data
Global Volume
Other Data
Data
IP Reputation Score
- 10 0 +10
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
- 17. Cisco Security Intelligence Operations
Proteccion en tiempo real
Firewall
Web
Sensor
Sensor
Web
Firewall
Email Sensor
Sensor
Email Sensor
Sensor IPS
Sensor
Web IPS
Sensor Sensor Email
Sensor
IPS Email
Sensor Sensor
Content Security Network Security
30% global email
Cisco Security IPS devices
Intelligence Operations
3B daily web requests Firewalls (700,000+ devices)
Email Security Web Security Firewalls IPS Devices
Solutions Solutions
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17
- 18. Arquitectura Antispam
Multi-layer Spam Defense
Senderbase IronPort
Reputation Filtering Anti-Spam
Who? How?
Score
What? Where?
Block 90% >99% Catch Rate
of Spam < 1 in 1 mil False Positives
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18
- 19. Arquitectura Antivirus
Multi-layer Virus Defense
Virus Outbreak Filters Anti-Virus
T=0 T = 5 mins T = 15 mins
-zip (exe) files -zip (exe) files -zip (exe) files
-Size 50 to -Size 50 to
55 KB 55KB
-“Price” in the
filename
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19
- 20. Control correo saliente
HR/Legal Corporate
DLP
Review Policies
HIPPA
HIPAA
Trade Encryption
Encryption PCI
Secrets SB-1386
Dropped Company
SMTP Attachment Reputation
PCI
Security Enforcement Array
Detection Remediation
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20
- 21. Correo Seguro
Facil de utilizar para el remitente
1
Message is Encrypted &
Pushed to Recipient
TLS 3
Key is Stored User Opens
1 2 Secured Message
in Browser
User Authenticates
and Receives
Message Key
Automated key management
No desktop software requirements
No new hardware required
Decrypted Message
Is displayed
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21
- 22. Correo Seguro
Facil de utilizar para destinatario
1 2
Open Attachment Enter Password
Send to Anyone
no Certificates
no Plug-Ins
3
View Message
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22
- 23. Visibilidad y Control
Facil para el Administrador
Guaranteed
Recall
Guaranteed Read
Receipt
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23
- 24. Comprehensive Email Management
Configure Anti-Spam, Anti-Virus, Content Filters, Preventive AV, Encryption
and DLP all in one user interface
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24
- 25. Modelos y sizing
C170 – hasta 1000 users.
C370 – hasta 5000 users.
C670 – mas de 5000 y hasta 10000 o mas usuarios.
Licenciamiento por cantidad de usuarios.
No se vende sin soporte.
No se vende el software sin el appliance.
No corre en VMWare.
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25
- 26. Performance
Soporta hasta 10.000 conexiones concurrentes
Mas de 250.000 mail/hora (C670) como MTA puro
Aproximadamente 110.000 mail hora con todos los
servicios activos.
Mas del 80% del trafico spam es bloqueado en el
borde sin entrar a la red del cliente
Soporta 2 engines AS (IPAS y Cloudmark)
Soporta 2 engines AV (Sophos y McAfee)
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26
- 27. Licencias & Servicios
MTA y sistema operativo
Reputation Filters
Antispam
Antivirus
Filtro epidemia de virus (VoF)
Encripcion
Modulo DLP
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27
- 28. Cisco IronPort Web Security
Appliances
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28
- 29. Web
HTTP es el nuevo TCP
Crecimiento en el
mundo de los
negocios
FTP IM
Crecimiento en
SOAP Video
aplicaciones
RPC
“tunelizadas”
Proliferacion de
redes sociales
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29
- 30. Desafios de la WEB
Recursos e informacion casi ilimitados, pero no hay privacidad o
seguridad garantizada
Acceptable Use
Violations
Data Malware
Loss Challenges Infections
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30
- 31. Web Traffic
The Long Tail Gets Longer
20% del trafico es “facil de clasificar”
Trafico predecible,
Dominios conocidos
80% del trafico es “dificil de clasificar”
110M sitios, creciendo 40% anualmente
Mezcla de sitios legitimos, spyware y malware
Traffic Volume
Big
Head
Long Tail
# of Sites
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31
- 32. Cisco IronPort S-Series
Next Generation Secure Web Gateway
Cisco IronPort
Web Usage Controls
Industry-leading visibility and
protection
Real-Time Dynamic Content
Analysis for the Dark Web
Data Security Cisco IronPort
Integrated data security Web Reputation
for easy enforcement of Filters
common sense policies Proactive protection
Integration with external against emerging threats
products for advanced Blocks 70% of malware
DLP traffic at the connection
Cisco IronPort S-Series level
Cisco IronPort DVS
Anti-Malware
Engine
Blocks malware based on
deep content analysis
Multiple anti-malware and
anti-virus technologies
running in parallel
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32
- 33. Next Generation Secure Web Gateway
Before IronPort After IronPort
Internet Internet
Firewall Firewall
Web Proxy & Caching
Anti-Spyware
Anti-Virus
IronPort S-Series
Anti-Phishing
URL Filtering
Policy Management
Users Users
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33
- 34. Cisco IronPort S-Series
A Powerful, Secure Web Gateway Solution
Most effective defense against web-based malware
Visibility and control for acceptable use and data loss
High performance to ensure best end-user experience
Integrated solution offering optimum TCO
Management and Reporting
Acceptable Use Malware
Data Security
Policy Defense
AsyncOS for Web
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 34
- 35. IronPort S Series - Features
Proxy (HTTP,HTTPS, FTP) y Web Cache
Monitor de L4 (Analisis de los 65535 TCP ports )
Inspección de trafico HTTPs
Cisco IronPort Web Usage Controls (URL Filter)
Web Reputation
Anti-Malware
Applications Control
Software Tunneled
Collaboration
as a Service Applications
ftp://ftp.funet.fi/pub/
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 35
- 36. Integrated L4 Traffic Monitor
Comprehensive Controls
Scans all 65,535 ports at wire
speed Internet
Supports “monitor only” or
“monitor & block” modes X X
Firewall
Ability to exempt sources
and/or destinations Port 80
Automated updates IronPort S-Series
PROXY
L4 TRAFFIC
MONITOR
X X
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 36
- 37. Web Proxy & L4 Traffic Monitor
T1 & T2 used
for L4TM
P1/M1 used for
Web Proxy
Web Proxy Deployment Options L4 Traffic Monitor Deployment Options
Explicit Forward Span Port off a Switch
Transparent off an L4 Switch Simplex Tap
Transparent off a WCCP Router Duplex Tap
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 37
- 38. Intelligent Scanning
Known good sites
aren’t scanned
ANTI-MALWARE
SYSTEM
IRONPORT
WEB REPUTATION
FILTERS
Unknown sites are DECRYPTION
Requested scanned by one or ENGINE
more engines
URLs
Known bad sites
are blocked
IronPort Web Reputation technology determines need
for scanning by
- IronPort Anti-Malware System
- Decryption Engine
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 38
- 39. Introducing Cisco IronPort Web Usage Controls
A Spotlight for the Dark Web
URL Lookup in Database Industry-leading URL
database efficacy
• 65 categories
Gambling
www.sportsbook.com/ URL Database • Updated every 5 minutes
Uncategorized • Powered by Cisco SIO
URL Keyword Analysis Real-time Dynamic
Content Analysis
Engine accurately
www.casinoonthe.net/
Gambling
identifies over 90% of
Real-time Dynamic Uncategorized
Dark Web content in
Content Analysis commonly blocked
categories
Dynamic Content Analysis Engine
Analyze Site Content Gambling
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 39
- 40. Cisco Security Intelligence Operations (SIO)
Unmatched Visibility Drives Unparalleled Efficacy
Cisco IronPort Web Security Appliances
on Customer Premises
Updates
published
every 5
Customer minutes
Administrators
URL Categorization Uncategorized
Requests URLs
Cisco SIO
Analysis and Processing
Master URL
Database
External Feeds Crawler Targeting
Traffic Data from
Crowd Sourcing Cisco IronPort Email
Security Appliances,
Manual Web Cisco IPS, and Cisco
Categorization Crawlers ASA sensors
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 40
- 41. Industry-leading Accuracy
With Multiple Verdict Engines
WEBROOT & SOPHOS
Best-of-breed signatures - Webroot & Sophos
Broad coverage - Addresses full range of threats
Complete signature set - URLs, domains, CLSIDs, binaries, checksums,
user agents and more
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 41
- 42. Modelos y sizing
S170 – hasta 1000 users.
S370 – hasta 5000 users.
S670 – hasta 10000 o mas usuarios.
Licenciamiento por cantidad de usuarios.
No se vende sin soporte.
No se vende el software sin el appliance.
No corre en VMWare
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 42
- 43. Performance
Soporta hasta 100.000 sesiones simultaneas
1900 a 2100 requests seg. (aprox. 7M/hora)
100 a 200Mb de throughput depende de los modulos
activos.
No in-line, baja latencia 5 a 15 ms
Un solo S670 capaz de soportar 10k o 20k users.
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 43
- 44. Licencias & Servicios
Proxy (HTTP,HTTPS,FTP) y Web Cache
Monitor de L4
Inspección de trafico HTTPs
Web usage Controls (URL Filter)
Web Reputation
Anti-Malware
McAfee AntiMalware
Webroot AntiMalware
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 44