Categories
CCNP Enterprise Core (350-401) Cisco Security

Cisco Web Security Appliance (WSA)

The Cisco Web Security Appliance is an all-in-one web gateway that contains a wide variety of protections to block hidden malware from suspicious and legitimate websites.

A web security appliance can be deployed in the cloud, as a virtual appliance, on-premises or as a hybrid solution

It uses real time intelligence from Cisco Talos and Cisco AMP Threat Grid to stay one step ahead of the threat landscape to prevent the latest exploits from infiltrating the network.

Multiple layers of malware defence and vital data loss prevention are included too

Before an Attack

Before an attack, the Web Security Appliance can actively detect and block threats before they happen by applying web reputation filters and URL filtering to control application usage.

Web Reputation Filter

Cisco Web Security Appliance detects and correlates threats in real time by leveraging Cisco Talos, allowing to find where threats hide.

Cisco Talos refreshes the web reputation filtering information every three to five minutes.

Web reputation filtering prevents client devices from accessing dangerous websites containing malware or phishing links.

Cisco Web Security Appliance can anaylse and categorise unknown URLs and block those that fall below a set threshold to help protect client devices

When a web request is made through the Cisco Web Security appliance, up to 200 different web and network traffic parameters are checked to determine the level of risk associated with the website being requested.

After these parameters are checked, the website is assigned a score between -10 for the most malicious and +10 for the safest instead of a binary good/bad calculation

Web Filtering

Traditional URL filtering combined with real time dynamic content analysis.

It is used to shut down access to websites known to host malware with a specific policy for URL filtering

Web filtering checks against a database of more than 50 million block websites.

Inappropriate content is scanned in real time to accurately categorise unknown URLs by using the Dynamic Content Analysis engine

The Dynamic Content Analysis engine can scan text and score that text for relevancy, and return the closest category match.

Every three to five minutes, Cisco Talos updates the URL filtering database with the latest information.

Cisco Application Visibility and Control

Cisco Application Visibility and Control identifies and classifies the most widely used web applications and more than 150,000 micro applications.

It provides network administrators the most granular control over application and usage behavoir.

AVC can be configured to allow access to Facebook or YouTube, but block particular YouTube channels or features of Facebook.

During an Attack

The web security appliance can use intelligence from cloud access security broker providers, Talos, and AMP for networks to identify and block zero-day threats that manage to infiltrate the network

Cloud Access Security

Web Security Appliance protects against hidden threats in the cloud applications by partnering with Cloud Access Security Broker providers such as CloudLock to monitor cloud app usage in real time.

Parallel Anti Virus Scanning

Cisco Web Security Appliance enhances malware defense coverage with multi anti-malware scanning engines running in parallel on a single appliance whilst maintaining high processing speeds.

Layer 4 Traffic Monitoring

All traffic, ports and protocols are checked to block any spyware “phone-home” communications with an integrated Layer 4 traffic monitor.

It can identify infected clients to help stop malware that attempts to bypass classic web security solutions

File Reputation and Analysis with Cisco AMP

Web Security Appliance assess files using the latest information from Cisco Talos.

Cisco Web Security Appliance uses information no older than 3 to 5 minutes to capture a fingerprint of each file to be reputation checked

Data Loss Prevention

Internet Control Adaption Protocol (ICAP) is used to integrate with Data Loss Prevention solutions from leading vendors.

Directing all outbound traffic to the third party appliance, content can be scanned and checked based on rules and policies.

Deep content inspection can be toggled on to check for regulatory compliance and intellectual property protection.

Outbound traffic can be scanned for confidential information such as files, credit card numbers and customer personal data.

After an Attack

After an attack, the web appliance will continuously check for undetected malware and breaches.,

If the web appliance detects malware or a breach, it can use its capabilities to scan files over a longer period of time using the latest detection capabilities and collective threat intelligence from Talos and Threat Grid.

Alerts are sent when a file disposition changes (from unknown to malware) to provide awareness into malware that has initially managed to avoid defences.

Global Threat Analytics (GTA), analyse web traffic, endpoint data from Cisco AMP for endpoints, and network data from Cisco Stealthwatch.

It can use machine learning to identify malicious software before the malware is able to exfiltrate sensitive data.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.