Products & Services

Cisco Cloud Web Security Data Sheet

  • Viewing Options

  • PDF (459.7 KB)
  • Feedback

Today’s highly connected and fast-moving world is filled with complex and sophisticated web security threats. Cisco delivers the strong protection, complete control, and investment value that businesses need. We offer among the broadest set of web security deployment options in the industry, each of which uses Cisco’s unparalleled global threat intelligence infrastructure. With a proven, mature, and scalable platform, Cisco® Cloud Web Security provides continuous protection across the extended network.


Cisco Cloud Web Security (CWS) provides industry-leading security and control for the distributed enterprise. Through a combination of best-in-class uptime, unmatched zero-day threat protection, advanced malware protection, and cutting-edge analytics, Cisco CWS provides continuous monitoring and analysis across the extended network and throughout the full attack continuum: before, during, and after an attack.

Administrators can select specific categories for intelligent HTTPS inspection, and a single management interface delivers global control and comprehensive reporting. When using Cisco CWS, users are protected everywhere, all the time, through Cisco’s worldwide threat intelligence footprint. Cisco CWS also comes with Cisco’s award-winning 24-hour support.

As a cloud service, Cisco CWS offers ease of deployment, a 30 to 40 percent lower cost than on-premises products, and the ability to centrally set and enforce policies for an entire organization, regardless of where users are located. Cisco CWS also uses the power of cloud computing to stop threats.

Cisco CWS enhances the Cisco network infrastructure by using its built-in connector capability to tightly integrate with Cisco ASA Adaptive Security Appliance firewalls, Cisco Integrated Services Routers Generation 2 (ISR G2), Cisco Web Security Appliances, and the Cisco AnyConnect® Secure Mobility Client. This integration enables web traffic to be redirected to the Cisco CWS cloud using criteria such as user identity. It empowers businesses to extend web security across their infrastructure, including branches and devices used by roaming users.

Features and Benefits

Real-Time Threat Intelligence

Receive fast and comprehensive web protection backed by the largest threat-detection network in the world, with the broadest visibility and largest footprint, including:

100 terabytes of security intelligence daily
1.6 million deployed security devices, including firewall, IPS, web, and email appliances
150 million endpoints
13 billion web requests per day
35 percent of the world’s enterprise email traffic

Cisco Security Intelligence Operations (SIO) provides a 24-hour view into global traffic activity that enables Cisco to analyze anomalies, uncover new threats, and monitor traffic trends. Cisco SIO generates new rules and updates every three to five minutes, providing threat defense hours and even days ahead of competitors.

Zero-Day Threat Protection

Defend against zero-day web malware through dynamic reputation and real-time threat intelligence from Cisco SIO. All inbound web traffic is scanned in real time to identify and block untrusted domains.

In addition, every piece of web content accessed is analyzed using context-aware scanning engines. CWS identifies unknown, unusual behaviors through Cisco Outbreak Intelligence, a heuristics-based engine that runs webpage components in a highly secure environment before permitting user access.

Advanced Malware Protection

Advanced Malware Protection (AMP) is an additionally licensed feature available to all Cisco CWS customers. It is a comprehensive malware-defeating solution that enables malware detection and blocking, continuous analysis, and retrospective alerting. It uses the vast cloud security intelligence networks of both Cisco and Sourcefire (now part of Cisco).

AMP augments the antimalware detection and blocking capabilities already offered in Cisco CWS with enhanced file reputation capabilities, detailed file behavior reporting, continuous file analysis, and retrospective verdict alerting. Learn more.

Cognitive Threat Analytics

Cisco Cognitive Threat Analytics is a cloud-based solution that reduces time to discovery of threats operating inside the network. It addresses gaps in perimeter-based defenses by identifying the symptoms of a malware infection or data breach using behavioral analysis and anomaly detection.

Unlike traditional monitoring systems, Cisco Cognitive Threat Analytics relies on advanced statistical modeling and machine learning to independently identify new threats, learn from what it sees, and adapt over time. Learnmore.

Granular Application Visibility and Control

Control the use of hundreds of Web 2.0 applications, such as Facebook, and more than 150,000 microapplications, such as Facebook games. Cisco CWS combines identity, time, content, location, and outbound compliance to build and maintain an application policy.

Web Usage Controls

Defend against compliance, liability, and productivity risks by combining traditional URL filtering with real-time dynamic content analysis (DCA). Cisco’s continuously updated URL-filtering database of more than 50 million blocked sites provides exceptional coverage for known websites, while the DCA engine accurately identifies top categories of unknown URLs in real time.

Roaming User Protection

Protect roaming users who connect directly to the Internet through the nearest cloud proxy. By eliminating the need to backhaul web traffic via VPN, Cisco CWS relieves web congestion at headquarters, reducing bandwidth usage while improving the end-user experience.

Centralized Management and Reporting

Receive actionable insight across threats, data, and applications. A powerful centralized tool controls both security operations, such as management, and network operations, such as analysis of bandwidth consumption. Administrators have access to a variety of predefined reports and can create customized reports and notifications. All reports are generated and stored in the cloud, so they are delivered in seconds as opposed to hours. Reports can be also be saved and scheduled for automated delivery. These capabilities provide flexibility, offer detail down to the user level, and enable administrators to spotlight potential issues quickly.

Outbound Content Control

Block sensitive information from leaving the safety of the network, helping to ensure compliance and reduce risk. Cisco CWS protects data by controlling the type of web content that is uploaded, using criteria such as file name, file type, webpage keywords, or other preconfigured IDs to identify and mitigate potential risks. This content control is in addition to the Cisco Application Visibility and Control (AVC) monitoring of outbound content such as file-sharing applications.

Industry-Leading Uptime

Help ensure data protection with 99.999 percent availability and uptime. Cisco CWS requires less time spent troubleshooting. With automatic updates from Cisco SIO, Cisco CWS stays tuned to the latest threats, without intervention. Once initial automated policy settings go live, staff are free to focus on other priorities.


The Cisco CWS service forwards web traffic to assigned proxies in Cisco CWS data centers, which scan it for malware and policy enforcement. An organization can connect to the Cisco CWS service directly or through connectors integrated into Cisco network products. Cisco CWS scales with the number of users employing the service.

The Cisco CWS solution can be deployed by using a proxy autoconfiguration (PAC) file either as an explicit proxy or as a transparent proxy using existing Cisco ISR G2 routers, Cisco ASA firewalls, and Cisco Web Security Appliance (WSA) devices as connectors. Deploying Cisco CWS using a transparent proxy through a connector enables a business to get the most out of its existing infrastructure. Scanning is offloaded from the hardware appliances to the cloud, lessening the burden on the hardware and reducing network latency. Cisco CWS is also effective when deployed directly, providing every benefit of Cisco’s industry-leading web security solution with 99.999 percent uptime and no hardware installation or maintenance.

Direct to Cloud

Cloud Connection Methods

Includes software for on-premises appliances like Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ISR G2 routers, and Cisco WSA devices, redirecting traffic to Cisco CWS for web security functions.

Although only one deployment method is needed, Cisco CWS can integrate with multiple Cisco network infrastructure elements to enhance flexibility and capability. For example, you can deploy Cisco CWS through Cisco ISR G2 routers at branch offices to easily extend security coverage without backhauling Internet traffic. You can use a Cisco WSA device at headquarters to take advantage of advanced proxy capabilities. Or you can deploy the Cisco AnyConnect Secure Mobility Client to protect roaming users.

Every Cisco CWS deployment option has built-in user authentication methods that enable end-user identification. These include authentication built into connectors, as well as clientless cookie-based authentication methods that work independently or with a connector. The range of authentication options makes available a variety of methods for directory integration, including NT LAN Manager (NTLM), Security Assertion Markup Language (SAML), and IP surrogates. These directory integration methods allow you to set precise policies based on usernames and groups as well as to log the web activity of each individual.


Term-Based Subscription Licenses

Licenses are term-based subscriptions of one, three, or five years.

Quantity-Based Subscription Licenses

The Cisco Web Security portfolio uses tiered pricing based on the number of users, not devices. Sales and partner representatives can help to determine the correct tier for each customer deployment.

Software License Agreements

The Cisco End-User License Agreement (EULA) and the Cisco Web Security Supplemental End-User License Agreement (SEULA) are provided with each software license purchase.

Software Subscription Support

All Cisco Web Security licenses include software subscription support essential to keeping business-critical applications available, highly secure, and operating at peak performance. This support entitles customers to the services listed below for the full term of the purchased software subscription:

Software updates and major upgrades to keep applications performing optimally with the most current feature set

Access to Cisco Technical Assistance Center (TAC) for fast, specialized support

Online tools that build and expand in-house expertise and boost business agility

Additional knowledge and training opportunities through collaborative learning

Cloud Web Security Software Licenses

Three separate licensing options are available: Cisco Cloud Web Security Essentials, Advanced Malware Protection à la carte, and Cisco Cloud Web Security Premium. The major components of each software offering are provided below:



Cisco Cloud Web Security (CWS) Essentials

Cloud Web Security Essentials includes antimalware protection and web content analysis; web usage controls with granular application visibility and control; and secure mobility for easy integration with Cisco Any Connect client.

Cisco Cloud Web Security (CWS) Premium

Cloud Web Security Premium includes all features from the Cisco Web Security Essentials bundle, as well as Advanced Malware Protection (see below) and Cisco Cognitive Threat Analytics, a cloud-based solution that reduces time to discovery of threats operating inside the network using behavioral analysis and anomaly detection.

A la Carte Offerings


Advanced Malware Protection

Advanced Malware Protection (AMP) is an additionally licensed feature available to all Cisco CWS customers. AMP is a comprehensive malware-defeating solution that enables malware detection and blocking, continuous analysis, and retrospective alerting. It takes advantage of the vast cloud security intelligence networks of both Cisco and Source fire (now part of Cisco).

AMP augments the antimalware detection and blocking capabilities already offered in Cisco CWS with enhanced file reputation capabilities, detailed file behavior reporting, continuous file analysis, and retrospective verdict alerting.


Cisco Branded Services

Cisco Security Planning and Design: Enables deployment of a robust security solution quickly and cost‑effectively.

Cisco Web Security Configuration and Installation: Mitigates security risks by installing, configuring, and testing solutions.

Cisco Security Optimization: Supports an evolving security system to address security threats, design updates, performance tuning, and system changes.

Collaborative/Partner Services

Cisco Network Device Security Assessment: Helps maintain a hardened network environment by identifying gaps in network infrastructure security.

Cisco Smart Care: Provides actionable intelligence gained from highly secure visibility into a network’s performance.

Additional services: A wide range of valuable services provided by Cisco partners across the planning, design, implementation and optimization lifecycle.

Cisco Financing

Cisco Capital® can tailor financing solutions to business needs. Access Cisco technology sooner and see the business benefits sooner.

Warranty Information

Find warranty information on at the Product Warranties page.

For More Information

Find out more at Evaluate how Cisco CWS will work for you with a Cisco sales representative, channel partner, or systems engineer.