Transcription
At a GlanceCisco PublicCisco Secure Web ApplianceProtection, Control, Visibility, and ValueThe internet is indispensable, but not secure.How do you confidently protect your devicesand resources while also allowing users accessto the web, social media, and SaaS applications?BenefitsYou need a variety of protections against today’s fast- evolving cyber threats, malware,and ransomware. Only Cisco provides: Comprehensive control ofweb traffic, including dynamicweb content like social mediaapplications An all-in-one web gateway, when you need a physical or virtual appliance, withclass-leading threat intelligence and more comprehensive control than is offeredby next-gen firewalls A seamless user integration when you also require cloud-delivered web gatewayprotection, with Cisco Umbrella Integration and entitlement to Cisco SecureX, our open orchestration and XDRplatform that accelerates incident response 2021 Cisco and/or its affiliates. All rights reserved. Protects devices withsophisticated global threatintelligence from the Cisco Talos threat research team Enhanced threat response withgreater visibility and automationthat speeds incident response,with included Cisco SecureX entitlement Rapidly check system status andtroubleshoot via the System HealthDashboard Seamless identity, the CiscoUmbrella Seamless ID featureenables Cisco Secure WebAppliance to pass the useridentification information toCisco Umbrella Secure WebGateway after successful identityauthentication. More investment value for yoursecurity with Cisco Umbrellaand SecureX integration, flexibledeployment options, and awardwinning 24-hour support.
At a GlanceCisco PublicDisparate point security solutions from multiplevendors introduces complexity and massiveoperational overhead into your IT environment.But not so with Cisco Secure Web Appliance(see Figure 1). It not only offers you strongprotection, control, enhanced visibility, andinvestment value on its own, it’s also part ofthe larger Cisco Secure platform, which youcan choose to adopt at your own pace tostrengthen your security posture.Figure 1. Cisco Secure Web ApplianceStrong protectionThreat defenseCisco Secure Web Appliance’s threat intelligence ispowered by Cisco Talos, one of the industry’s leadingthreat research and analysis teams. Talos discovers wherethreats are hiding by pulling a massive amount of globalinformation across multiple attack vectors.Talos delivers early-warning intelligence, threat, andvulnerability analysis to help protect organizations againstzero-day advanced threats. It continually generates newrules that feed updates every three to five minutes so thatCisco Secure Web Appliance can deliver industry-leadingthreat defense hours and even days ahead of competitors.Comprehensive website reputation analysisSecure Web Appliance correlates threats collected acrossCisco’s global presence to produce a behavior scoreupon which to act. It applies and enforces web reputationscores on parent sites and subsites.Together with threat intelligence from Talos, webreputation filters defend against zero-day web malware 2021 Cisco and/or its affiliates. All rights reserved.through dynamic reputation analysis. The feature selectsthe most relevant scanner in real time — based on URLreputation, content type, and the efficacy of the scanner —and improves the catch rate by scanning high-risk objectsfirst during increased scan loads.Integrated, multilayer malware defense foradaptive protectionEffective web security used to mean simply blockingnavigation to bad URLs. But today, you’re more likely toget malware through legitimate websites. Cisco SecureWeb Appliance defends against threats with multiplelayers of antimalware technology and Cisco Talos threatintelligence, which is updated every three to five minutes.Every piece of web content accessed is analyzed usingsecurity and context-aware scanning engines.Cisco Secure Web Appliance analyzes traffic in real time,breaks it into functional elements, and pushes elementsto best-designed malware engines for inspection whilemaintaining high processing speed (see Figure 2).
At a GlanceCisco PublicFigure 2. Cisco SWA’s Layers of DefenseProxy BypassSettingsTransactionFiltersIP BasedBypassSubnetProtocolUser AgentInitial RequestAuthentication ction and CategoryCertificationCheckURL cationVisibility andControlWebrootSophos/McAfeeID etrospectionBlockSendmalicious non- decryptedweb traffictrafficexternallyPer Policy MatchingExternal estigationRemediation3rd Party Integrations 2021 Cisco and/or its affiliates. All rights reserved.WebTraffic TapReportingGranular Shadow ITDetectionCustomReportingCisco IntegrationsSandboxing andcontinuous analysisCisco Malware Defense(formerly AMP for Networks)is an additional licensedfeature for Cisco Secure WebAppliance. This capabilityprovides malware detectionand blocking, continuousanalysis, and retrospectivealert. It augments Secure WebAppliance’s core malwaredetection and blocking.Customers additionally cansandbox PDF, Microsoft Office,and archive/compressed files,as well as Windows portableexecutable files.
At a GlanceCisco PublicComplete controlCentralized managementCisco Secure Web Appliance’s intuitive managementinterface centralizes policy management and reporting,offering unified global control.Deep web usage and application visibilityGet deep visibility into evolving application and microapplicationcontent. Specifically, Cisco Secure Web Appliance identifiesand classifies the most relevant and widely used web andmobile applications, such as Facebook, and more than150,000 microapplications such as Facebook games.This is done by combining identity, time, content, location,and outbound compliance data to build and maintainapplication policy.Coupled with this visibility, it offers precise control ofapplication and usage behavior. It can regulate bandwidthconsumption and apply conditional controls, such asthrottling, based on the location, user profile, and device type.Additionally, it provides dynamic, context-based control ofuser access to applications based on user profile, device, 2021 Cisco and/or its affiliates. All rights reserved.and access mechanism. You can also set up policy tocontrol Software-as-a-Service (SaaS) applications, such asSalesforce.com or Cisco Webex .Cisco Secure Web Appliance includes integration andlicense entitlement with Cisco SecureX, which is anopen orchestration and XDR platform that integrates theCisco Secure portfolio of network, email, cloud, and userprotections. It delivers measurable reductions in threat dwelltimes, accelerated incident response, and other improvedoutcomes, like enhanced cross-team collaboration.Cisco Secure Web Appliance Manager also includes theSystem Health Dashboard for rapidly determining systemstatus and troubleshooting.Simplified configurationCisco Secure Web Appliance supports REST APIs forconfiguring network management and policies. WithRESTful APIs you can also retrieve and modify configurationinformation or change, add, and delete configuration datawithout requiring libraries or additional software.
At a GlanceCisco PublicData loss preventionCisco Secure Web Appliance blocks sensitive information from leaving the safetyof the network, helping to ensure compliance and reduce risk. This capability is inaddition to the controls for outbound content such as file-sharing applications. You’reable to prevent uploads to file-sharing services in the cloud, including iCloud andDropbox. You can also stop confidential data from leaving the network by creatingcontext-based rules for basic Data Loss Prevention (DLP) or by using the InternetContent Adaptation Protocol (ICAP) to integrate with any third-party DLP solution fordeep content inspection and enforcement of DLP policies (see Figure 3).Figure 3. Data loss preventionOutbound ControlEnhanced user experienceAuthentication efficiencyHeader rewriteWith Cisco Secure Web Appliance, custom header profiles can be configured forHTTP requests and multiple headers can be created under a header rewrite profile.The header rewrite profile feature enables the appliance to pass the user and groupinformation to another upstream device after successful authentication. The upstreamproxy considers the user as authenticated, bypasses further authentication, andprovides access to the user based on the defined access policies (see Figure 4).Figure 4. Header rewriteBasic DLPActiveDirectorySecure Web ApplianceAuthenticationCheckInternetReduce Risk of SensitiveInformation LeaksAdvanced DLPSecure Web ApplianceAuthentication RequestDLP Vendor BoxOn-Premises 2021 Cisco and/or its affiliates. All rights reserved.Enterprise DLPIntegrationthrough ICAPProtocolWSA inserts headersand sends it toUpstream Proxy/Cloud AppsHTTP RequestSubmits Username/PasswordUpstream ProxyUserSecure WebAppliance
At a GlanceCisco PublicX-Authentication header consumptionCisco Umbrella Seamless IDAlso, with Cisco Secure Web Appliance, the header-based authentication schemecan be configured where the downstream devices perform authentication and sendthe authentication information to WSA using authentication headers. Secure WebAppliance now processes this header information to identify users and applies thecorresponding policies, eliminating the need for reauthentication (see Figure 5).The Cisco Umbrella Seamless ID feature enables Secure Web Appliance to passthe user identification information to the cloud-delivered Umbrella Secure WebGateway after successful authentication. Umbrella Secure Web Gateway checksthe user information in the active directory based on the authenticated identificationinformation received from the Secure Web Appliance. Umbrella considers the user asauthenticated and provides access to the user based on the defined security policies.Secure Web Appliance passes the user identification information to Umbrella usingHTTP headers (see Figure 6).Figure 5. X- Authentication Header e 6. Umbrella Seamless IDActiveDirectorySubmits Username/PasswordUserDownstream Proxy inserts headersand sends it to the Upstream ProxyDownstream ProxyHTTP RequestSecure WebApplianceAuthentication RequestSubmits Username/PasswordWSA consumes the headersand applies access policies 2021 Cisco and/or its affiliates. All rights reserved.tivAuthenticationCheckHTTP RequestAuthentication RequestAceDirectorySyncBased on the destination in RoutingPolicy, WSA forwards the request toCisco Umbrella (upstream device)UserSecure Web AppliancePolicy andReportingSIG
At a GlanceCisco PublicInvestment valueLower total cost of ownershipCisco Secure Web Appliance delivers a consolidated solutionin a single appliance, unlike other solutions that often requireadditional devices for new features and functions. You spend lesstime troubleshooting, with 99.999 percent availability and uptime.You save time with automatic updates from Talos and stay tunedagainst the latest threats without intervention. Lastly, you can useyour existing VMware infrastructure in an unlimited number ofdeployments of Cisco Web Security Virtual Appliance.Models and available optionsPlease consult the Secure Web Appliance data sheet for the latestdetails on available configurations.For more informationLearn more about Secure Cloud Analytics can use VPC Flow Logs to protect yourcloud environment at https://www.cisco.com/go/SecureCloudAnalytics. 2021 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and othercountries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners.The use of the word partner does not imply a partnership relationship between Cisco and any other company.C45-730937-00 09/21Next stepsFind out more at the following link.Evaluate how Cisco Secure WebAppliance will work for you with aCisco sales representative, channelpartner, or systems engineer.
Figure 1. Cisco Secure Web Appliance Strong protection Threat defense Cisco Secure Web Appliance's threat intelligence is powered by Cisco Talos, one of the industry's leading threat research and analysis teams. Talos discovers where threats are hiding by pulling a massive amount of global information across multiple attack vectors.
