Cloud Web Security AAG ImageIn the ever-changing world of enterprise branch environments, a high number of businesses are planning to migrate their WAN to the Internet. To be exact, Nemertes Research (Benchmark 2012–13 Emerging WAN Trends) estimates that number to be close to 50%.  That’s 50% of businesses migrating to Internet for WAN.

And why is that happening? Enterprises are trying to optimize their WAN to increase ROI. Internet has become a much more stable platform, offering significant price-to-performance gains. Thus, the growth of new cloud traffic, high bandwidth applications, and video can be easily load balanced across multiple WAN lines, one of which or both can be Internet links. Some of the enterprises go even further and enable local Internet breakout from the branch. Not only does it eliminate the need to unnecessarily backhaul the traffic to the corporate HQ or data center, but also helps to free up the precious WAN bandwidth for critical business related applications. This enables enterprises to provide guest Internet access within the branch and then slowly offer the same services to corporate users, both for trusted public clouds applications and general Internet access.

While harnessing the power of Web within the branch, organizations must be mindful that they will have to deal with a consequence: becoming vulnerable to a whole new array of web-based threats that can negatively impact data, reputation, and operations.

Thus, security has gained tremendous business relevance today. Just think about it: one improperly secured branch that gets compromised can open the door to the whole enterprise including data centers, customers’ data, and intellectual property of the company. Exposing this data to the wrong hands can cause irreversible problems to the company and to their customers. To give you some perspective, Gartner reports that by 2016, 30% of advanced targeted threats — up from less than 5% today — will specifically target branch offices as an entry point.

Cisco realizes the importance of these threats, and makes branch Internet access without any security compromise a primary goal. A case in point is the Cisco Integrated Services Router (ISR) with Cisco Cloud Web Security (CWS) connector. The CWS connector on ISR offers comprehensive Web security for the enterprise: services ranging from basic URL filtering and web reputation, to advanced zero day threat protection using sand boxing, file reputation and retrospective analysis.

The beauty of the CWS ISR connector solution is that it requires no additional hardware or client software. If you are currently using Cisco ISR routers within the branch or plan to do a refresh, enabling the CWS connector is just a matter of minutes. The solution is cloud based and it helps you to avoid costs associated with deployment, maintenance, or complex configuration and support.

Furthermore, with the recent addition of Cisco Advanced Malware Protection from Sourcefire (AMP) into CWS cloud, we have expanded Cisco’s attack vector coverage by providing advanced malware protection “everywhere”. With this integration, Cisco addresses the broadest range of attack vectors across the extended network.

We are committed to continuously developing and making the CWS ISR connector an even a better solution than it is today. Some feature improvements, design and usability enhancements are under way and in the coming weeks, we will be announcing even more ways to help you stay secure in your branch.


Nikolay Poturnak

Product Manager - Security Services