The Cisco® Integrated Services Router G2 (ISR G2) Family delivers numerous security services, including firewall, intrusion prevention, and VPN. These security capabilities have been extended with Cisco ISR Web Security with Cisco ScanSafe for a simple, cost-effective, on-demand web security solution that requires no additional hardware. Organizations can deploy and enable market-leading web security quickly and easily, and can enable secure local Internet access for all sites and users, saving bandwidth, money, and resources.
Figure 1. Typical Cisco ISR Web Security with Cisco ScanSafe Deployment
Cisco ISR Web Security with Cisco ScanSafe enables branch offices to intelligently redirect web traffic to the cloud to enforce granular security and control policy over dynamic Web 2.0 content, protecting branch office users from threats such as Trojans, back doors, rogue scanners, viruses, and worms. The Cisco ISR Web Security with Cisco ScanSafe feature will be available in the Security SEC K9 license bundle.
Cisco ISR Web Security with Cisco ScanSafe Features and Benefits
• Works independently but can also be used with Cisco IOS® Software-based security solutions such as Cisco IOS Firewall, Cisco IOS IPS, and Cisco IOS SSL and IPsec VPNs
• Enables enforcement of granular policy for web usage and security
• Can drastically reduce an organization's on-premise hardware footprint, pushing all high-resource-intensive tasks (such as content analysis, report storage, and generation) to the cloud
• Provides zero-day threat protection driven by Outbreak Intelligence™, which uses dynamic reputation- and behavior-based analysis
• Blocks over 25% more malware than traditional signature-based security solutions
• Eliminates the need to backhaul Internet traffic from branch offices, which allows the offices to access the web directly, without losing control of or visibility into web usage
The Cisco ISR G2 integrates with directory services such as Active Directory to enable policies to be defined and enforced right down to the individual user. Cisco ISR Web Security with Cisco ScanSafe offers web content filtering and zero-day malware protection and allows organizations to build a granular global policy for all web traffic, including SSL-encrypted communications. Security policy can be created based on categories, content, file types, schedules, and quotas. Integrated outbound policy helps ensure that confidential data, such as customer details or credit card numbers, does not leave the network.
Cisco ISR Web Security with Cisco ScanSafe analyzes every piece of web content accessed, including HTML, images, scripts, and Flash content. Each piece is analyzed using artificial-intelligence-based "scanlets" to build a detailed view of each web request and the associated security risk. All resource-intensive operations, from content analysis to global reporting, are cloud-based; as a result, the web security functionality does not impact the performance of the other ISR G2 services.
Why Choose Cisco ISR Web Security with Cisco ScanSafe?
• Lower total cost of ownership. Cisco ISR Web Security with Cisco ScanSafe helps you avoid costs associated with deployment and maintenance of on-premise software and hardware.
• Leading security and peace of mind. Real-time cloud-based scanning blocks malware and inappropriate content before it reaches the network.
• Scalibility and availability. Global network processes high volumes of web content at high speeds, everywhere, for a true global solution that is always available.
• Integration with other Cisco security products. Cisco ISR Web Security with Cisco ScanSafe integrates with Cisco AnyConnect to offer a web security solution for users both on and off the network.
• Consistent, unified policy. Acceptable Use Policy (AUP) can be applied to all users regardless of location, simplifying management.
• Predictable operational expenses. Clients can plan capacity and budget.
Cisco ISR Web Security with Cisco ScanSafe Management
Cisco ScanCenter: Centralized Management and Reporting
Cisco ISR Web Security with Cisco ScanSafe is managed through an intuitive web-based interface, ScanCenter, which integrates all management and reporting capabilities (Figure 2). Global web security policy can be created and enforced across the organization, even down to the group or user level, and any edits to the policy are rolled out in real time. ScanCenter offers reporting with overview data, ongoing trending, and forensic audits (Figure 3).
Figure 2. Example of ScanCenter Reporting Output
Figure 3. ScanCenter Web Filtering Reporting Output
Cisco Security Manager
Cisco Security Manager is an enterprise-class management application that is designed to configure firewall, VPN, and IPS security services on Cisco network and security devices. Its unified interface can be used to enable and activate the Cisco ISR Web Security with Cisco ScanSafe feature in Cisco IOS Software when deploying ISR G2 routers in large-scale deployments.
Table 1 lists the platforms that support Cisco ISR Web Security with Cisco ScanSafe.
