Router Security

Cisco ISR Web Security with Cisco ScanSafe Data Sheet

  • Viewing Options

  • PDF (602.4 KB)
  • Feedback

Cisco Enterprise Branch Web Security

The Cisco® Integrated Services Router G2 (ISR G2) Family delivers numerous security services, including firewall, intrusion prevention, and VPN. These security capabilities have been extended with Cisco ISR Web Security with Cisco ScanSafe for a simple, cost-effective, on-demand web security solution that requires no additional hardware. Organizations can deploy and enable market-leading web security quickly and easily, and can enable secure local Internet access for all sites and users, saving bandwidth, money, and resources.

Figure 1.      Typical Cisco ISR Web Security with Cisco ScanSafe Deployment

Cisco ISR Web Security with Cisco ScanSafe enables branch offices to intelligently redirect web traffic to the cloud to enforce granular security and control policy over dynamic Web 2.0 content, protecting branch office users from threats such as Trojans, back doors, rogue scanners, viruses, and worms. The Cisco ISR Web Security with Cisco ScanSafe feature will be available in the Security SEC K9 license bundle.

Cisco ISR Web Security with Cisco ScanSafe Features and Benefits

   Works independently but can also be used with Cisco IOS® Software-based security solutions such as Cisco IOS Firewall, Cisco IOS IPS, and Cisco IOS SSL and IPsec VPNs

   Enables enforcement of granular policy for web usage and security

   Can drastically reduce an organization’s on-premise hardware footprint, pushing all high-resource-intensive tasks (such as content analysis, report storage, and generation) to the cloud

   Provides zero-day threat protection driven by Outbreak Intelligence, which uses dynamic reputation- and behavior-based analysis

   Blocks over 25% more malware than traditional signature-based security solutions

   Eliminates the need to backhaul Internet traffic from branch offices, which allows the offices to access the web directly, without losing control of or visibility into web usage

The Cisco ISR G2 integrates with directory services such as Active Directory to enable policies to be defined and enforced right down to the individual user. Cisco ISR Web Security with Cisco ScanSafe offers web content filtering and zero-day malware protection and allows organizations to build a granular global policy for all web traffic, including SSL-encrypted communications. Security policy can be created based on categories, content, file types, schedules, and quotas. Integrated outbound policy helps ensure that confidential data, such as customer details or credit card numbers, does not leave the network.

Cisco ISR Web Security with Cisco ScanSafe analyzes every piece of web content accessed, including HTML, images, scripts, and Flash content. Each piece is analyzed using artificial-intelligence-based “scanlets” to build a detailed view of each web request and the associated security risk. All resource-intensive operations, from content analysis to global reporting, are cloud-based; as a result, the web security functionality does not impact the performance of the other ISR G2 services.

Why Choose Cisco ISR Web Security with Cisco ScanSafe?

   Lower total cost of ownership. Cisco ISR Web Security with Cisco ScanSafe helps you avoid costs associated with deployment and maintenance of on-premise software and hardware.

   Leading security and peace of mind. Real-time cloud-based scanning blocks malware and inappropriate content before it reaches the network.

   Scalibility and availability. Global network processes high volumes of web content at high speeds, everywhere, for a true global solution that is always available.

   Integration with other Cisco security products. Cisco ISR Web Security with Cisco ScanSafe integrates with Cisco AnyConnect to offer a web security solution for users both on and off the network.

   Consistent, unified policy. Acceptable Use Policy (AUP) can be applied to all users regardless of location, simplifying management.

   Predictable operational expenses. Clients can plan capacity and budget.

Cisco ISR Web Security with Cisco ScanSafe Management

Cisco ScanCenter: Centralized Management and Reporting

Cisco ISR Web Security with Cisco ScanSafe is managed through an intuitive web-based interface, ScanCenter, which integrates all management and reporting capabilities (Figure 2). Global web security policy can be created and enforced across the organization, even down to the group or user level, and any edits to the policy are rolled out in real time. ScanCenter offers reporting with overview data, ongoing trending, and forensic audits (Figure 3).

Figure 2.      Example of ScanCenter Reporting Output

Figure 3.      ScanCenter Web Filtering Reporting Output

Cisco Security Manager

Cisco Security Manager is an enterprise-class management application that is designed to configure firewall, VPN, and IPS security services on Cisco network and security devices. Its unified interface can be used to enable and activate the Cisco ISR Web Security with Cisco ScanSafe feature in Cisco IOS Software when deploying ISR G2 routers in large-scale deployments.

Table 1 lists the platforms that support Cisco ISR Web Security with Cisco ScanSafe.

Table 1.       Platform Support


Platforms Supported

Cisco 800 Series Routers

Cisco 819, 860VAE, 880VA, 881, 881W, 887V, 888E, 888EA, 888, 888W, 891, 891W, 892, 892F, 892FW, and 892W

Cisco 1900 Series Integrated Services Routers

Cisco 1905, 1921, 1941, 1941W

Cisco 2900 Series Integrated Services Routers

Cisco 2901, 2911, 2921 and 2951

Cisco 3900 Series Integrated Services


Cisco 3925, 3925E, 3945, 3945E

Additional Resources

For more information about Cisco Integrated Services Routers and Cisco ISR Web Security with Cisco ScanSafe visit:

   Cisco ISR G2 platform:

   Cisco ScanSafe Cloud Web Security: