Today the web is a favorite vector for threat actors to launch their attacks. According to the Cisco 2014 Midyear Security Report, More than 90 percent of customer networks observed in the first half of 2014 were identified as having traffic going to websites that host malware. More recently, Talos uncovered a massive malvertising network known as Kyle and Stan. Some 31,151 connections were observed to the network’s 6,491 domains.
In an effort to continue offering the most comprehensive protection to our customers, today we are announcing several important new features and expanded threat protection for the Cisco Web Security Appliance (WSA).
Leveraging the Power of Cisco ISE with Cisco WSA
Providing a single source of identity and contextual data for the Cisco WSA, this latest release couples Cisco Identity Services Engine (ISE) consistent secure network access for end-users and the Cisco WSA’s threat security and policy enforcement. With ISE integration, WSA can absorb security group tag information from ISE and create a web security policy based on that information. This enables consistent policy enforcement for a single user across multiple endpoints. This approach is especially well suited to BYOD environments, providing greater access to an on-premise laptop while restricting access for other endpoints, like an off-premise iPhone attempting to access the company intranet.
Extending Advanced Malware Protection (AMP)
Cisco Web Security Appliance is the only web security solution that offers retrospective security to identify and stop threats across the attack continuum. AMP on the WSA uses a combination of file reputation, file sandboxing, and retrospective file analysis to deliver effective protection against advanced and targeted attacks.
In terms of file sandboxing, customers who have AMP deployed on the WSA can conduct sandboxing on file types ranging from PDF and EXE to Microsoft Office files.
File retrospection in WSA provides a continuous analysis of files that have traversed the security gateway, using real-time updates from AMP’s cloud-based intelligence to stay abreast of changing threat levels. Once a malicious file is identified as a threat, the administrator is alerted and given visibility into who on the network may have been infected and when to address an attack quickly, before it has a chance to spread.
New Web Usage Controls
Cisco currently supports very strong web usage controls – for example, we can set up a policy to allow Facebook usage, but not allow users to play Facebook games or micro apps. With today’s announcement we are enhancing web usage controls by adding bandwidth and time quotas to manage bandwidth usage (think Netflix!) and limiting the time-windows allowed. Customers can deploy customized bandwidth and time quotas per user, per group, and per policy.
High Availability and Failover
Using Common Address Redundancy Protocol (CARP), a more secure version of Virtual Router Redundancy Protocol (VRRP), Cisco now offers a simple network layer redundancy for customers deploying a cluster of Cisco WSAs in explicit mode to achieve high availability and failover.
Virtual Security Management Appliance (SMAV)
This platform virtualization has the same look and feel as the Cisco Web Security Virtual Appliance (WSAV) and Cisco Email Security Virtual Appliance (ESAV). Packaging, deployment and licensing is the same as ESAV and WSAV. Customers have an easy way to evaluate the Cisco Security Management Appliance (SMA) if you don’t have one. Just download, apply the trial license, and run your virtual SMA. SMAV can manage both hardware and virtual appliances.
For more information on the Cisco Web Security Appliance, visit www.cisco.com/go/websecurity