Cisco IronPort Web Security Appliance Management

Complete visibility and Control a C r o s s t h e e n t i r e o r g a n i z at i o n

Security breaches caused by malware intrusions have made organizations worldwide into inadvertent newsmakers. Companies are also exposed to compliance and productivity risks associated with inappropriate web usage. To protect themselves against internal and external threats that affect the bottom-line, organizations invest in the industrys leading web security appliance. Cisco IronPort S-Series web security appliances enforce acceptable use and security policies to reduce non-compliance and regulatory risk and protect against web-based malware. To handle network complexity and high traffic volumes, organizations typically deploy multiple Cisco IronPort S-Series appliances. This creates a critical need to centrally manage policies and provide consolidated reporting data. Cisco IronPort M-Series security management appliances provide a platform to centrally manage policies for multiple Cisco IronPort web security appliances. Additionally, reporting capabilities on the Cisco IronPort S-Series provide insight into the organization. For further analysis, Sawmill for Cisco IronPort web security a customized third-party analytics tool allows organizations to centrally analyze and monitor malware threats and web usage. These management features enable organizations to perform complex tasks intuitively and extract the most value out of their web security investment.
the CisCo ironport differenCe

Cisco IronPort email and web security products are high-performance, easy-to-use and technically-innovative solutions, designed to secure organizations of all sizes. Purpose built for security and deployed at the gateway to protect the worlds most important networks, these products enable a powerful perimeter defense.

Leveraging the Cisco Security Intelligence Operations center and global threat correlation makes the Cisco IronPort line of appliances smarter and faster. This advanced technology enables organizations to improve their security and transparently protect users from the latest Internet threats.

Cisco IronPort Web Security Appliance Management

PA g e 2

f e at u r e s

Role-based access control offers flexible pre-built Centralized policy configuration on the Cisco IronPort administrator roles including web administrator, web policy M-Series appliances is provided by Ciscos powerful IronPort administrator, URL filtering administrator and administrator Centralized Configuration Manager (ICCM). Using Cisco role. Should these roles not fulfill an organizations needs, ICCM, administrators can centrally define all of their web the administrator can also create custom user roles for security policies from a single Cisco IronPort security mangreater flexibility. agement appliance and apply them to multiple Cisco IronPort S-Series appliances. These policies can be pushed to all, or a subset of, Cisco IronPort web security appliances and monitor the deployed policies from a single page view. Cisco ICCM ensures that acceptable use and security policies are enforced uniformly across the organization, preventing any breaches. To simplify security administration, Cisco ICCM also offers role-based access control enabling administrators to delegate policy administration to other roles within the organization. Administrators can backup their web security policies using the Cisco IronPort M-Series to safeguard against device, system or network failures. The new Configuration History Log feature generates logs whenever a change is committed. This allows organizations to know who made a configuration change in order to satisfy compliance and governance requirements.

Custom user roles based on LDAP

Delegated administration enables the management of a subset of policies by other administrators who have readwrite access to specific policies. This provides an extra level of granularity in policy definition and deployment.

Cisco IronPort S-Series

Cisco IronPort S-Series

Cisco IronPort S-Series

Policies NOT editable by Delegated Administrator Policies editable by Delegated Administrator

Cisco IronPort M-Series Consistent policy application across geographic boundaries Delegated administration simplifies policy management

Cisco ICCM offers the following features for centralized policy management: gUI-based policy definition and deployment simplifies the task of creating web security policies and eliminates the complexity of writing scripts. The gUI is very similar to the Cisco IronPort web security appliance menu (including Identities, Access Policies, Decryption Policies and Custom URL categories), which allows a Cisco IronPort S-Series administrator to easily migrate to the Cisco IronPort M-Series appliance for centralized policy management.

Configuration History Logs allow organizations to comply with governance requirements by keeping track of who made policy and configuration changes via a log file that is generated whenever a change is committed. each log file contains a snapshot of the configuration which can be used to restore policy and other configuration settings in case of an unexpected failure.

reporting allows security operations, network operations,

Cisco IronPort Web Security Appliance Management

PA g e 3

f e at u r e s ( C o n t i n u e d )

human resources and compliance staff to gain deep understanding of the security and compliance threats facing their organizations. Actionable and insightful reports allow organizations to perform trending, tracking, threat analysis and troubleshooting tasks. Cisco IronPort technology offers a complete reporting solution, starting with the Cisco IronPort S-Series web security appliances. Cisco IronPort S-Series appliances feature a rich set of reports that allow organizations to visualize security and web usage trends on the appliance itself. Top N reports summarize information on the web traffic and security threats seen on the appliance. In addition, powerful drilldown reports as well as the ability to search for a specific client allow organizations to see specific threats on specific clients as well as associated web usage activity. Sawmill for Cisco IronPort, a customized third-party analytics tool, provides a rich set of pre-built reports for in-depth web usage and security threat analysis across all Cisco IronPort S-Series appliances in the organization. Powerful drilldown capabilities enable security operators to track which machines are prone to malware attacks. Companies can even identify risky user behavior, which may result in attacks. Similarly, any acceptable use policy violations can be tracked down to an individual IP or authenticated user. Powerful filters allow organizations to focus on the subject of interest. This allows organizations to monitor situations that would expose them to liabilities, and refine their acceptable use and security policies.

Security report for a specific Cisco IronPort S-Series appliance

Sawmill for Cisco IronPort, helps organizations answer important questions such as: Who visited unacceptable URL categories? Within each URL category, which specific websites were visited and when? Why is a particular users bandwidth usage soaring and which websites is that individual visiting? Is the organization in compliance with various regulatory requirements? This valuable insight limits the liabilities of an organization and keeps costs associated with worker productivity and malware threats in check. a robust hardware platform, based on Ciscos industryleading IronPort AsyncOS operating system, helps power the Cisco IronPort M-Series appliance. Cisco IronPort AsyncOS delivers performance, robustness and scalability capable of handling the needs of all enterprises..

Cisco IronPort S-Series Security and Web Activity Summary report

Cisco IronPort Web Security Appliance Management

PA g e 4

benefits

simplify administration Cisco IronPort security respond to governance and Compliance requirements management appliances simplify overall deployment of The centralized reporting and tracking features allow orgaCisco IronPort web security appliances. To reduce nizations to keep tight control of acceptable use policies. administrative overhead, administrators can use the Cisco The Configuration History Log feature on the Cisco IronPort IronPort M-Series for centralized policy management and M-Series can be used to create a trail of all configuration configuration updates for a group of Cisco IronPort S-Series changes. This not only reduces liability, but also helps appliances. The newly-introduced, role-based access control organizations respond to governance and compliance and delegated administration features increase flexibility and requirements. granularity for policy definition and deployment. gain organizational insight Powerful reporting gives CXOs visibility into web usage including URL browsing history, business usage metrics, productivity loss metrics and web usage trends. This powerful tool assists with business productivity optimization by fine tuning web usage policies.
f e at u r e ava i l a b i l i t y m at r i x Feature Interactive Drill-Down Reporting Acceptable Use Policy and Malware Reporting Centralized Policy Administration Role-Based Access Control Delegated Administration Policy Configuration Backup and Restore Available On Cisco IronPort S-Series* Cisco IronPort S-Series* Cisco IronPort M-Series Cisco IronPort M-Series Cisco IronPort M-Series Cisco IronPort M-Series

* Fine-grained analysis and centralized reporting available via Sawmill for Cisco IronPort.

produCt line

The Cisco IronPort email security, web security and security management product lines address issues faced by organizations ranging from small businesses to the global 2000. Cisco ironport m1060 Cisco ironport m660 Cisco ironport m160 Consolidated management appliance designed to meet the needs of the most demanding networks in the world. Suggested for organizations with multiple gateway security appliances and thousands of users. Designed for organizations with multiple gateway security appliances and less than 2,000 users.

Cisco IronPort Web Security Appliance Management

PA g e 5

t e C h n i C a l s p e C i f i C at i o n s

Cisco ironport m1060

Chassis Form Factor Dimensions Power Supplies 19 Rack-Mountable, 2U rack height 3.5 (h) x 17.5 (w) x 29.5 (d) 750 watts, 100/240 volts

Cisco ironport m660

19 Rack-Mountable, 2U rack height 3.5 (h) x 17.5 (w) x 29.5 (d) 750 watts, 100/240 volts

Cisco ironport m160

19 Rack-Mountable, 1U rack height 1.75 (h) x 17.5 (w) x 21.5 (d) 345 watts, 100/240 volts

Processor, Memory, and Disks CPUs 2x4 (Quad Cores) Intel Xeon Disk Space 3 TB RAID RAID 10, battery-backed 256MB cache Interfaces ethernet Fiber Web Interface

2x4 (Quad Cores) Intel Xeon 1.8 TB RAID 10, battery-backed 256MB cache

1x2 Dual Core Intel Xeon 500 gB RAID 1, battery-backed 256MB cache

3xgigabit NICs, RJ-45 Yes gUI-based (HTTP or HTTPS)

3xgigabit NICs, RJ-45 No gUI-based (HTTP or HTTPS)

2xgigabit NICs, RJ-45 No gUI-based (HTTP or HTTPS)

Compatibility: Interfaces with all Cisco IronPort gateway security appliances.

summary

The best place to control and protect against the risks posed by web traffic is right at the gateway. Cisco IronPort S-Series appliances are the industrys most comprehensive secure web gateway providing best-in-class protection against webborne malware threats such as viruses, spyware, Trojans and botnets, while also ensuring enterprise-class performance. The Cisco IronPort M-Series security management appliance, combined with Sawmill for Cisco IronPort, provides a comprehensive platform for centralized management, centralized reporting and centralized tracking. Offering the benefits of Ciscos industry-leading IronPort AsyncOS platform, these appliances simplify administrative overhead and allow organizations to respond to governance and compliance requirements.
C o n ta C t u s

Through a global sales force and reseller network, Cisco offers a free Try Before You Buy evaluation of the Cisco IronPort M-Series security management appliance. For additional information, call 650-989-6530 or visit us on the web at www.ironport.com/try.

americas headquarters Cisco Systems, Inc. San Jose, CA

asia pacific headquarters Cisco Systems (USA) Pte. Ltd. Singapore

europe headquarters Cisco Systems International BV Amsterdam, The Netherlands

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices.
CCDe, CCeNT, Cisco eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, Cisco Webex, the Cisco logo, DCe, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIe, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, etherFast, etherSwitch, event Center, Fast Step, Follow Me Browsing, FormShare, gigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MgX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, Webex, and the Webex logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0809R)

P/N 435-0250-1 5/09