At-a-Glance

More Sophisticated Web Security for More Sophisticated ThreatsTraditional web security measures are not enough to stop today’s advanced threats. As modern networks have expanded beyond the traditional perimeter, new threat vectors have emerged, leaving gaps in protection. Sophisticated attackers understand how security technologies work and where they are deployed. They can outsmart point-in-time defenses by creating targeted, environment-aware malware that can modify its behavior to evade detection and infiltrate the extended network where it is difficult to locate, let alone eradicate.

To deal with these threats, you need a web security solution that provides continuous monitoring and analysis across the extended network and throughout the full attack continuum: before, during, and after an attack. You need the Cisco® Web Security Appliance with Advanced Malware Protection (AMP).

Why AMP Is So ImportantEffective web security today requires a lot more than blocking navigation to bad URLs. You can download viruses or malware through legitimate websites as well. And there are new vulnerabilities with mobile access, social media, and interactive applications. These dangers require a variety of focused protections. That’s why we have added AMP to our Web Security Appliance.

Figure 1. Retrospective Analysis with AMP

Point-In-TimeDetection

Analysis Stops

Actual Disposition = Bad = Too Late!!

Actual Disposition = Bad = Blocked

Blind toscope ofcompromise

Not 100%

Initial Disposition = Clean

Initial Disposition = Clean

ContinuousMonitoring

Analysis Continues

Retrospective AnalysisAMP

SandboxingAntivirus

Identi�esthreats afteran attack

Cisco Web Security with Advanced Malware Protection

Benefits• Get advanced security to fight

advanced threats: Instead of relying on malware signatures, which can take weeks or months to create for each malware sample, AMP uses powerful features such as file reputation and dynamic malware analysis (sandboxing) to identify and block suspicious files where no known signature exists. Retrospective file analysis gives you the unique ability to go back in time to pinpoint when an outbreak occurred and to surgically remediate the threat.

• Protect web traffic across the attack continuum - before, during, and after an attack: Spam filters and zero-day threat intelligence from the Cisco Talos Security Intelligence and Research Group stop threats before they enter the network, while file reputation and file sandboxing identify threats during an attack. Retrospective analysis provides protection after an attack when advanced malware has slipped past other layers of defense. © 2015 Cisco and/or its affiliates. All rights reserved.

AMP adds malware detection, blocking, continuous analysis, and retrospective alerting (Figure 1) to your Web Security Appliance license. It uses the vast cloud security intelligence networks of the Cisco Talos Security Intelligence and Research Group to give you superior protection across the attack continuum: before, during, and after an attack. It’s also very easy to deploy and cost effective.

With AMP you get a combination of file reputation, file analysis, and file retrospection to identify and stop threats. Features include:

• Flexibility and choice: The integration of AMP with existing Cisco security gateways gives you another option for deploying AMP in a way that makes the most sense for your environment. By activating AMP as an additionally licensed feature on Cisco web security, you can take advantage of the simplest, most cost-effective way to gain advanced malware protection. For organizations that have compliance or policy restrictions on submitting malware samples to the cloud, the AMP Threat Grid appliances combine advanced malware analysis with comprehensive threat analytics and content in one on-premises appliance.

• File reputation: AMP captures a fingerprint of each file as it traverses the Cisco web security gateway and sends it to Cisco’s cloud-based intelligence network for a reputation verdict. With these results, you can automatically block malicious files and apply administrator-defined policies. The Cisco web security user interface and the policy-reporting frameworks are similar to the ones you already know.

• File analysis: Powered by AMP Threat Grid technology, this feature provides both static and dynamic analysis (sandboxing) of unknown files that traverse the Cisco web security gateway. Threat Grid analyzes samples in a highly secure environment using more than 350 behavioral indicators and global threat intelligence to glean precise details about a file’s behavior and threat level. This disposition is then fed into the AMP cloud data set, providing enhanced detection and performance by reducing the need to continuously analyze the same file.

• File retrospection: We’ve solved the problem of malicious files that pass through perimeter defenses but are subsequently deemed a threat. Even the most advanced techniques may fail to identify malware at the perimeter because techniques such as polymorphism, obfuscation, and sleep timers are highly effective at helping malware avoid detection. Malicious files simply wait until they are inside the network to do their dirty work. With file retrospection, AMP provides a continuous analysis of files that have traversed the security gateway, using real-time updates from Cisco Talos to stay up to date on changing threat tactics. Once a file is identified as a threat, administrators are alerted by AMP and shown who on the network may have been infected and when. As a result, AMP helps you identify and address an attack quickly, before it has a chance to spread.

At-A-Glance

At-a-Glance

© 2015 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) C45-730851-02 08/15

• Gain new visibility and control: Data-rich and user-friendly reports provide visibility into the reputation and behavior of files that have attempted to enter the network and alert you to any change in disposition, including who on your network may have been infected and when.

Next Steps Find out more about the Cisco Web Security Appliance with AMP at http://www.cisco.com/go/wsa.

A Cisco sales representative, channel partner, or systems engineer can help you evaluate how Cisco web security will work for you.

Learn more

At Insight, we’ll help you solve challenges and improveperformance with intelligent technology solutions.

Work smarter