Cisco Web Security Appliance

Does the Cisco Web Security Appliance (WSA) provide malware/spyware protection?

Document ID: 117952

Updated: Jul 16, 2014

Contributed by Dominic Yip and Siddharth Rajpathak, Cisco TAC Engineers.



Does the Cisco Web Security Appliance (WSA) provide Malware/Spyware protection?

Cisco Web Security Appliance (WSA) provides the industry's most comprehensive gateway defense against spyware and web-based malware. This includes everything from Adware (which causes the most supportability issues and consumes significant network resources) to more malicious threats such as Trojans, Browser Hijackers, Browser helper Objects, Phishing, Pharming, System Monitors, Keyloggers, Worms, etc.

Key differentiators of the Cisco Web Security solution include:

  1. An integrated Layer 4 (L4) Traffic Monitor scans all ports at wire speed, detecting and blocking malware and phone-home activity. By tracking all 65,535 network ports, the L4 Traffic Monitor effectively stops malware that attempts to bypass Port 80 and also prevents rogue P2P and IRC related activity.
  2. Proxy-Layer Processing: The Cisco Web Security Appliance also includes an extremely high performance Web proxy, along with integrated caching & content acceleration capabilities. Built on Cisco's proprietary operating system, AsyncOS, the Cisco Web proxy appliance can support up to 100,000 simultaneous connections as much as 10x more than traditional UNIX-based proxy servers. Being a Web proxy allows for comprehensive content inspection at the application layer - a critical requirement towards ensuring accuracy against web-based malware.
  3. The industry's first Web Reputation Filters provide a powerful outer layer of defense. Leveraging SenderBase®, Cisco Web Reputation Filters analyze over 50+ different Web traffic and network-related parameters to accurately evaluate a URL's trustworthiness. Sophisticated security modeling techniques are used to individually weigh each parameter and generate a single score on a scale of -10 to +10. Administrator configured policies are dynamically applied, based on reputation scores.
  4. Accelerated signature scanning using the Dynamic Vectoring & Streaming Engine (DVS Engine). Unlike legacy architecture solutions which rely on ICAP and a multi-box deployment to ensure malware scanning, Cisco's WSA has introduced the DVS Engine for an integrated on-box scanning solution. This innovative platform employs sophisticated object parsing and vectoring techniques, along with stream scanning and verdict caching, resulting in up to a 10x scanning throughput increase over first-generation ICAP-based solutions.
  5. Industry-leading Cisco's Anti-Malware System leverages the DVS engine and multiple signature types from Webroot to provide best of breed protection against the widest variety of Web-based threats. These threats can range from adware, browser hijackers, phishing and pharming attacks to more malicious threats such as Trojans, System monitors and Keyloggers. WSA offers the industry's largest malware signature database at the gateway.
Updated: Jul 16, 2014
Document ID: 117952