ScanSafe Overview
Agenda
 ScanSafe overview
 Solution highlights
 Deployment options
 Demo
 Q&A
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
#1 SaaS Web Security Solution
• Industry’s most mature platform
• 20 Billion web requests per month
• 1,000’s of customers across 80 countries
• 200 Million Blocks per Month
• Global network operations in 4 continents
• SLA backed 99.999% service uptime
Customers
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
“The first successful inthe-cloud secure
Web gateway service”
Web Security – A Big Market Where
Cisco is #1
Web Security Market
 Large: Overall market $2.5B by
2013
 Broad across size, industry,
geography
 Growing: Market Growth at 12.3%
CAGR; But 46.5% CAGR for SaaS
segment
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Web Security – Market Shift to SaaS
 SaaS is growing much faster than legacy software/hardware as it delivers
lower TCO and effective security. Ideal for customers with distributed
networks and mobile workers
 Cisco ScanSafe is the dominant provider in SaaS, with 35% market share
or 5x nearest competitor according to latest IDC research
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Solution Overview
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Positioning
Required Information:-

Overview of Prospect i.e. Seats/Locations/Gateways

Customer Project or Problem

Business Drivers – Compelling Mechanism

Timescales

Budget
Why ScanSafe:1.
We do it cheaper, by saving time on cleaning infected PC’s & by
managing the software on a day to day basis
2.
We are more secure, 200 million malware blocks a month –
spyware/malware/viruses
3.
We are a complete solution – Internal users & External users are
controlled via the same service
FREE EVAL FOR 30 DAYS – NO OBLIGATION TO PURCHASE
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Competitive Outlook
 Very significant market/vendor consolidation in past 2 years
 Key Competitors:
Websense – incumbent in large % of deals. Focus on renewal unless pushed.
Increase in development in SaaS platform. Continued move to try and position as a
security vendor
Blue Coat – incumbent in large % of deals. Not that security focused. Rarely lose
new business deals
MessageLabs – focus on email security with web security offered for completeness.
Low cost, low functionality
Zscaler – small and relatively new, v. aggressive, may be acquired. Partnership with
Microsoft. Less success in larger Enterprise customers.
Today
Presentation_ID
12 months
1. Websense
1. Websense
2. Blue Coat
2. MessageLabs
3.MessageLabs
3. Blue Coat
4. Zscaler
4. Microsoft (?)
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
ScanSafe Competitive Differentiation
 Clear market leadership position (~34% market share)
 More customers than any other cloud Web security solution
 ScanSafe sees more real-world Web traffic than any other solution
 Leading content visibility & zero-day threat protection
 Large database of Web content used to “train” security engine
 Uses combination of static & dynamic analysis
 Proven to block >25% more malware than signature solutions
 Proven reliability
 Web is now business critical communication
 100% uptime for 7 years
 Superior reporting
 Complete flexibility into reporting criteria
 Allows end users to define exactly what data is important
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Agenda
 ScanSafe overview
 Solution highlights
 Deployment options
 Demo
 Q&A
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Data Flow with ScanSafe
Web requests
Allowed traffic
Filtered traffic
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Scalability & Reliability
Reliability
 15 Data Centers spanning four continents
 Top tier certification
 Thousands of devices deployed
 100% availability, automated monitoring, full redundancy
London (2)
Copenhagen
Chicago
San Francisco
New York
Frankfurt
Tokyo
Paris
Dallas
Miami
Hong Kong
Scalability
Singapore
 Billions of Web requests/day
Sydney (2)
 Highly Parallel processing
 Multi-tenant architecture: average <50 ms latency
 10Gb connectivity
 Redundant network providers
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Additional Data Centers planned
Cisco Confidential
Zero-day Protection with Outbreak Intelligence
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Outbreak Intelligence - The Results
60%
50%
40%
30%
20%
Percentage of malware blocks
70%
17-Dec-09
03-Dec-09
19-Nov-09
05-Nov-09
22-Oct-09
08-Oct-09
24-Sep-09
10-Sep-09
27-Aug-09
13-Aug-09
30-Jul-09
16-Jul-09
02-Jul-09
18-Jun-09
04-Jun-09
21-May-09
07-May-09
23-Apr-09
09-Apr-09
26-Mar-09
12-Mar-09
26-Feb-09
12-Feb-09
29-Jan-09
15-Jan-09
01-Jan-09
Cisco Confidential
© 2010 Cisco Systems, Inc. All rights reserved.
Presentation_ID
Zeus Botnet /
Luckysploit
80%
Multiple injection
attacks
Gumblar
100%
90%
10%
0%
ScanCenter - Management




Multiple rules and schedules for User/Group granularity
Bi-directional content based policy enforcement
Dynamic content classification
Control over HTTP & HTTPS communications
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Web Intelligence Reporting
 Over 24,000 report combinations covering more than 80
attributes in 11 reporting categories
 Cumulative, trending and search driven forensic reports,
comprehensive drill down analysis
 Based on data warehouse infrastructure for performance
 Scheduled reports can be sent securely to defined users
 Granular reporting enables actionable remedies to issues
and unrivalled visibility into resource usage
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Agenda
 ScanSafe overview
 Solution highlights
 Deployment options
 Demo
 Q&A
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
ScanSafe
Deployment
Options
2010
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
18
Agenda
• No User Granularity Required
• User / Group Granularity Required
• Connector-less Solutions
• Roaming & Remote Users
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
ScanSafe
Deployment Options
No User Granularity Required
20
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Port Forwarding / Transparent Proxy
Firewall directs port 80 traffic to web
security service via Transparent
Proxy / Port Forward (no browser
changes required)
Available with certain perimeter
devices that have the ability to
forward traffic based on port or
protocol (BlueCoat, ISA,
CheckPoint, Watchguard,
SonicWall, Netgate etc…)
Provides Site/External IP granularity
NOTE: Many Cisco devices are not
capable of port forwarding
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
ScanSafe
Websecurity Service
Port Forward
Browser Redirection via GPO / PAC file
Proxy Settings are pushed
to browsers via Active
Directory GPO
ScanSafe
Websecurity Service
Browsers connect through
Firewall on port 8080 to
Web Security Service
Firewall blocks all other GET
requests
Provides Site/External IP
granularity
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
DC
PAC File Deployment
1. Through GPO, Desktop Users are
configured to reference a PAC file with
each browser session
2. A global PAC file can point to different
ScanSafe towers dependant on internal IP
3. Web requests are sent directly to the
ScanSafe towers
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Deployment - AD Group Policy
Can be targeted to
the AD site,
domain or
individual OUs.
Supports various
OS platforms:
 Windows 2000
 Windows 2k3
Server
 Windows XP
 Windows Vista
 Windows 7
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
ScanSafe
Deployment Options
User / Group Granularity Required
25
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Standalone Connector
 Proxy Settings are pushed to
browsers via AD,GPO or PAC file
 Forwards web traffic to ScanSafe
on port 8080/443 to the Cloud
based Tower
 Connector receives Client info
and queries Active Directory
Server for Group Information,
then proxies to ScanSafe
upstream
 Set Firewall to block all other GET
requests
 Provides IP/End User/Group
granularity
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
ScanSafe
Websecurity Service
DC
Connector
Enterprise Connector - Inline ISA
 Web Security Service is configured
as upstream proxy on currently
installed proxy device
 Current proxy device communicates
with Connector ICAP (on box) to
provide IP/User/Group information
(5,500 Users max recommended)
ScanSafe
Websecurity Service
 Browser traffic is directed to existing
Proxy via GPO or PAC files
 Set firewall to block all other GET
requests
 Provides IP/End User/Group
granularity
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
DC
ISA Server
Enterprise Connector - ICAP
Web Security Service is configured
as upstream proxy on currently
installed proxy device
Current proxy device communicates
with Connector via ICAP to
provide IP/User/Group
information
Requires no further Client
configuration
Set firewall to block all other GET
requests
Provides IP/End User/Group
granularity
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
ScanSafe
Websecurity Service
Connector
3rd Party Proxy
DC
ScanSafe
Deployment Options
Connector-less Solutions
29
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
BlueCoat Integration - Connector-less
Provides AD user and group granularity.
BCAAA must be installed and configured
within the Active Directory environment.
To also send internal IP address to the
ScanSafe Scanning towers, Blue Coat
must be configured to include
x-forwarded-for headers.
ScanSafe
Websecurity Service
BCAAA
BC can run in transparent or
explicit proxy mode
Set firewall to block all other
GET requests
BlueCoat Proxy
AD Server
Provides End User/Group (possible IP
granularity)
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
PIM - Passive Identity Management
Proxy Settings are pushed to
browsers via Active Directory
GPO or PAC file OR PIM can be
run in transparent mode with ISA
/ Bluecoat
ScanSafe
Websecurity Service
Login Script (or GPO etc) runs the
PIM.EXE with required switches
Requires no client installation
DC
Firewall blocks all other GET
requests
Provides End User/Group
granularity
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
PIM.EXE Runs at Login
Why PIM?
There are many customers that do not want to deploy
proxy servers yet still want granular policy control. This
can be because of the shear number of sites they have to
manage or for other technical reasons
Deploying a small number of proxy servers to where many
different locations tunnel, negates a lot of the advantages
of modern MPLS networks and increases latency and
bandwidth costs
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
How Does PIM Work?
PIM adds -XS headers to the browser’s user agent string
Included in this string is a unique hash that identifies the user
in our Scanning tower
This detail is encrypted
Upon logon, PIM sends an out-of-bound request to the
scanning tower and uploads the group information for that
user
These groups are automatically created in ScanCenter
Following registration, each time a request to the Web is
made, only the hash is sent to us along with the request and
we can indentify the user and apply the correct policy
according to the relevant group/s
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
PIM Data Flow
Directory Sync request (Registration)
Internet request (Browsing)
Client running
PIM(IE/FireFox)
Presentation_ID
Corporate
Firewall
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Cisco/ScanSafe
DataCentre(s)
The Internet
ScanSafe
Deployment Options
Roaming / Remote Users
35
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Roaming Users (Anywhere+)
Installs a Network Driver which
binds to all connections (LAN,
Wireless , 3G)
Websecurity Service
Automatic Peering Identifies
nearest ScanSafe Datacenter
and whether a connection is
possible.
AD information can be
remembered from when the
user was last on the corporate
network using the Gpresult API
(group policy)
Hotspot
3rd Party Firewall
Anywhere+
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
3rd Party Proxy
How Does it Work?
Authenticates and directs your external client Web traffic to
our scanning infrastructure
Numerous datacenters are located all over the world
ensuring that users are never too far from our in-thecloud scanning services
SSL encryption of all Web traffic sent improves security
over public networks
37
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Anywhere+ True Roaming Support
Feature
Known Environment
(Remote)
Access ScanSafe services from outside of corporate LAN
Suitable for home workers
Works with a VPN
Works through another proxy
Transparent to end user
Works at a network which requires payment (e.g. Hotspot)
Encrypts all web traffic to prevent eavesdropping
Tamper resistant
Location Aware (reduces latency)
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Anywhere+
(True Roaming)
ScanSafe
Deployment Options
Q&A
39
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Presentation_ID
© 2010 Cisco Systems, Inc. All rights reserved.
Cisco Confidential