Overview:
In a highly connected and increasingly mobile world with more complex and sophisticated threats, only Cisco delivers the strong protection, complete control, and investment value businesses need. Cisco offers the broadest set of web security deployment options in the industry, combined with market-leading global threat intelligence. The Cisco Web Security Appliance simplifies security with a high-performance, dedicated appliance, and the Cisco Web Security Virtual Appliance enables businesses to deploy web security wherever and whenever it’s needed.
The Cisco Web Security Appliance (WSA) is the first secure web gateway to combine advanced malware protection, application visibility and control, acceptable use policy controls, insightful reporting, and secure mobility on a single platform, helping organizations address the growing challenges of securing and controlling web traffic.
The Cisco WSA enables simpler, faster deployment with fewer maintenance requirements, reduced latency, and lower operating costs. “Set and forget” technology frees up staff once initial automated policy settings go live, and automatic security updates are pushed to network devices every three to five minutes. Flexible deployment options and integration with the existing security infrastructure help customers meet demanding business needs.
Advanced Threat Defense
The Cisco WSA is powered by Cisco Security Intelligence Operations (SIO), our industry-leading threat intelligence organization. Cisco SIO detects and correlates threats in real time using the largest threat detection network in the world. It monitors 100 TB of daily security intelligence, 1.6 million deployed security devices, 13 billion daily web requests, and 35 percent of worldwide email traffic.
The Cisco WSA uses multiple layers of anti-malware technologies and intelligence from SIO updated every three to five minutes. It protects against hidden threats by analyzing every piece of web content accessed by the user, from HTML to images and Flash graphics.
Advanced Malware Protection
The Cisco WSA now includes Advanced Malware Protection (AMP), a malware-defeating solution that takes advantage of Cisco SIO and the vast cloud security intelligence network of Sourcefire (now a part of Cisco).
It delivers protection across the attack continuum—before, during, and after an attack—with malware detection and blocking, continuous analysis, and retrospective alerting. Users can block more attacks, track suspicious files, mitigate the scope of an outbreak, and remediate faster.
Protection across the Attack Continuum
Granular Acceptable Use Controls
Our WSA gives businesses complete control over how end users access the Internet. By identifying hundreds of applications and more than 150,000 micro-applications, the WSA helps administrators create policies that match the nuanced business needs of today. Specific features such as chat, messaging, video, and audio can be allowed or blocked, according to the requirements of businesses and users—without the need to block entire websites.
Vital Data Loss Prevention (DLP)
Using onboard DLP capabilities, administrators can create content control rules based on context. The Cisco WSA also integrates, using Internet Content Adaptation Protocol (ICAP), with DLP solutions from leading vendors. This helps to ensure consistent enforcement of DLP policies and deep content analysis.
Flexible Deployment
Cisco currently delivers the broadest set of web security deployment options in the industry. The Cisco WSA simplifies security with a high-performance, dedicated appliance. The Cisco Web Security Virtual Appliance (WSAV) helps businesses deploy web security wherever and whenever it's needed.
The WSAV offers all the same features as the WSA, with the added convenience and cost savings of a virtual deployment model. That includes instant self-service provisioning.
The Cisco Difference
Cisco IronPort email and web security products are high-performance, easy-to-use and technically-innovative solutions, designed to secure organizations of all sizes. Purpose built for security and deployed at the gateway to protect the world’s most important networks, these products enable a powerful perimeter defense.
Leveraging the Cisco Security Intelligence Operations center and global threat correlation makes the Cisco IronPort line of appliances smarter and faster. This advanced technology enables organizations to improve their security and transparently protect users from the latest Internet threats.
Features and Benefits:
The Cisco Web Security Appliance (WSA) combines advanced malware protection, application visibility and control, acceptable use policies, insightful reporting, and secure mobility on a single platform, helping to address the growing challenges of securing and controlling web traffic.
This all-in-one solution results in simpler, faster deployment with fewer maintenance requirements, reduced latency, and lower operating costs.
Strong Protection
Safeguards every device, everywhere, all the time
Cisco Security Intelligence Operations (SIO) provides zero-day threat protection to all users, regardless of location. SIO integrates with Cisco's family of network security offerings, enabling the WSA to deliver continuous real-time threat protection.
Cisco Security Intelligence Operations
The broadest worldwide threat telemetry network
Cisco SIO receives automatic updates every three to five minutes and provides a 24x7 view into global traffic activity, enabling Cisco to analyze anomalies, uncover new threats, and monitor traffic trends.
Cisco SIO delivers the industry's largest collection of real-time threat intelligence, including:
- 100 TB of security intelligence daily
- 1.6 million deployed security devices, including firewall, IPS, web, and email appliances
- 13 billion daily web requests
- 150 million endpoints
- 35 % of worldwide email traffic
Real-Time Malware Defense
Multilayer scanning and Layer 4 Traffic Monitoring
The Cisco WSA offers multiple layers of antimalware protection. Cisco Web Reputation Filters analyze web traffic and block URLs that fall short of an acceptable threshold. Adaptive Scanning then dynamically selects the most relevant scanner based on URL reputation, content type, and efficacy of the scanner, and improves the catch rate by scanning high-risk objects first during increased scan loads.
The Layer 4 Traffic Monitor continuously scans activity, detecting and blocking spyware "phone-home" communications. By tracking all network applications, the Layer 4 Traffic Monitor effectively stops malware that attempts to bypass classic web security solutions. It dynamically adds IP addresses of known malware domains to its list of malicious entities to block.
On-Premises Layer 4 Traffic Monitor
Complete Control
Enables control of all web traffic on all devices
Enforce policy and provide granular control over application and user behavior using context-aware inspection from a single, easy-to-use management interface.
Cisco Web Usage Controls
Includes URL filtering and Dynamic Content Analysis (DCA)
Combine traditional URL filtering with a dynamically updated URL database to defend against compliance, liability, and productivity risks. The proprietary Cisco Dynamic Content Analysis engine analyzes page content on unknown URLs to categorize them in real time. Categorizations are dynamically updated every three to five minutes from Cisco SIO.
Application Visibility and Control (AVC)
Ensures acceptable use and security policy enforcement
Easily set policy and control usage of hundreds of Web 2.0 applications and 150,000+ micro-applications. Granular policy control allows administrators to permit the use of applications such as Facebook or Dropbox while blocking users from activities such as uploading documents or clicking the "Like" button.
Cisco Secure Client (including AnyConnect)
Extends protection to roaming users
Safeguard data requested by roaming laptop devices. Cisco Secure Client (including AnyConnect) dynamically initiates a VPN that directs sensitive traffic to the primary web access point for real-time analysis prior to permitting access.
Data Loss Prevention (DLP)
Prevents leaks and data loss
Prevent confidential data from leaving your network by creating context-based rules for basic DLP. The WSA uses Internet Content Adaptation Protocol (ICAP) to integrate with third-party DLP solutions for advanced protection.
Investment Value
Delivers more for your investment
Get the benefits of several web security solutions on a single appliance. While other solutions require complex multidevice deployments, the Cisco WSA operates as a standalone solution, deployed alone or integrated with existing infrastructure. Multiple WSAs can be controlled using the Cisco S-Series Management Appliance (SMA).
Specifications:
Chassis / Processor |
Form Factor |
2U |
Dimensions |
3.5 x 17.5 x 26.8 in. |
Power Supply |
870W, 100/240V |
Redundant Power Supply |
Yes |
Processor, Memory, and Disks |
CPUs |
2x4 (2 Quad Cores) XEONs |
Memory |
8 GB |
Disk Space |
2.7 TB |
Hot Swappable Hard Drives |
Yes |
RAID |
RAID 10, Hardware |
Interfaces |
Ethernet |
5 x Gigabit NICs, RJ-45 |
Serial |
1xRS-232 (DB-9) Serial |
Fiber |
Optional |
Configuration, Logging, and Monitoring |
Web Interface |
GUI-based (HTTP or HTTPS) |
Command Line Interface |
SSH or Telnet (Configuration Wizard or command-based) |
Logging |
Squid, Apache, syslog |
Centralized Reporting |
Supported |
File Transfer |
SCP, FTP |
Configuration Files |
XML-based |
Centralized Configuration |
Supported |
Monitoring |
SNMPv1-3, e-mail alerts |
Deployment:
The Cisco WSA is a forward proxy that can be deployed in either Explicit mode (proxy automatic configuration [PAC] files, Web Proxy Auto-Discovery [WPAD], browser settings) or Transparent mode (Web Cache Communication Protocol [WCCP], policy-based routing [PBR], load balancers). WCCP-compatible devices, such as Cisco Catalyst 6000 Series Switches, Cisco ASR 1000 Series Aggregation Services Routers, Cisco Integrated Services Routers, and Cisco ASA 5500-X Series Next-Generation Firewalls, reroute web traffic to the WSA.
The WSA can proxy HTTP, HTTPs, SOCKS, native FTP, and FTP over HTTP traffic to deliver additional capabilities such as data loss prevention, mobile user security, and advanced visibility and control.
All-in-One Solution - Simplifies Deployment
Simplify web security deployment by aggregating several web security features in a single appliance. With its simplified architecture, the WSA reduces IT costs by having fewer devices to manage, support, and maintain.
All-in-One Solution
Licenses:
Term-Based Subscription Licenses
Licenses are term-based subscriptions of one, three, or five years.
Quantity-Based Subscription Licenses
The Cisco web security portfolio uses tiered pricing based on a range of users, not devices. Sales and partner representatives can help to determine the correct sizing for each customer deployment.
Web Security Software Licenses
Four web security software licenses are available: Cisco Web Security Essentials, Cisco Anti-Malware, Cisco Web Security Premium, and McAfee Anti-Malware. The major components of each software offering are provided below:
Bundles |
Description |
Cisco Web Security Essentials |
- Threat Intelligence via Cisco Security Intelligence Operations (SIO)
- Layer 4 Traffic Monitoring
- Application Visibility and Control (AVC)
- Policy management
- Actionable reporting
- URL filtering
- Third-party DLP integration via ICAP
|
Cisco Anti-Malware |
- Real-time malware scanning
|
Cisco Web Security Premium |
- Web Security Essentials
- Real-time malware scanning
|
McAfee Anti-Malware |
- McAfee real-time malware scanning available as a single, a la carte license
|
Software License Agreements
The Cisco End-User License Agreement (EULA) and the Cisco Web Security Supplemental End-User License Agreement (SEULA) are provided with each software license purchase.
Software Subscription Support
All Cisco web security licenses include software subscription support essential to keeping business-critical applications available, secure, and operating at peak performance. This support entitles customers to the services listed below for the full term of the purchased software subscription:
- Software updates and major upgrades to keep applications performing optimally at the most current featureset
- Access to Cisco Technical Assistance Center (TAC) for fast, specialized support
- Online tools to build and expand in-house expertise and boost business agility
- Collaborative learning for additional knowledge and training opportunities