The Cisco® Content Security Management Appliance (SMA) centralizes management and reporting functions across multiple Cisco Email Security Appliances (ESAs) and Web Security Appliances (WSAs). This integration simplifies the administration and planning of email and web security, improves compliance monitoring, enables a consistent enforcement of acceptable use policies, and enhances threat protection.
Features and Benefits
Organizations must often coordinate the management and administration of multiple appliances across geographically dispersed teams and must do so with limited staff and budget. The Cisco SMA addresses these challenges with industry-leading protection and control. Built on a robust platform optimized for reporting and tracking, the Cisco SMA delivers high performance and scalability for lasting investment value.
Specific features and benefits of the Cisco SMA are discussed in the following sections and described in more detail in Table 1.
Simplified Administration and Planning
Using the Cisco SMA's easy-to-use intuitive interface, network managers can publish policy settings and configuration changes from a single console to multiple Cisco ESAs and WSAs. Alternatively, organizations can dedicate specific appliances to individual applications for high-volume deployments.
In addition, network managers can be notified when security appliances exceed their recommended capacity. The Cisco SMA reports the number of transactions per second and the system's latency, response time, and proxy buffer memory. This information enables network managers to determine when they need to reconfigure the system or install additional appliances.
Improved Compliance Monitoring and Enforcement
Centralized reporting and tracking helps to determine which users are in violation of acceptable use policies, identify policy infractions across any department or site, and monitor the use of Web 2.0 applications such as Facebook and YouTube as well as visits to URLs in specific categories such as "gambling" or "sports."
By centralizing the management of multiple appliances, administrators can enforce consistent acceptable use policies across the organization.
Enhanced Threat Protection
The Cisco SMA delivers a comprehensive view of an organization's security operations, providing better threat intelligence, defense, and remediation. Important features include the centralized management of email spam quarantine, comprehensive threat monitoring across multiple web security gateways, web reputation scoring, and botnet detection. The Cisco SMA's reporting capabilities can also be used to help administrators identify and address activities involving data loss prevention (DLP).
High Performance and Scalability
The Cisco SMA has two proprietary databases optimized for reporting and tracking, rather than a single generic database. Appropriate computations are applied to each query for the rapid generation of real-time reports.
Built on the high-performance Cisco AsyncOS operating system, the Cisco SMA provides industry-leading scalability to meet the demands of small, medium-sized, and large enterprises as well as service providers.
Table 1. Features and Benefits of the Cisco SMA
Centralized management and reporting
The Cisco SMA simplifies administration by publishing configurations from a single management console to multiple Cisco ESAs and WSAs. Updates and settings are managed centrally on that console rather than on the individual appliances. Organizations can dedicate specific appliances to individual applications for high-volume deployments.
Fully integrated reporting allows traffic data from multiple Cisco ESAs and WSAs to be consolidated.
Data is aggregated from multiple Cisco ESAs, including data categorized by sender, recipient, message subject, and other parameters. Scanning results, such as spam and virus verdicts, are also displayed, as are policy violations.
A record of individual web transactions is maintained, with information such as IP address, username, domain name, time accessed, and other details. Visibility is provided into employee use of Web 2.0 applications such as Facebook, YouTube, and instant messaging.
Web tracking information is aggregated in real time and displayed in a high-level, easy-to-use graphical format. Reporting features help administrators determine the websites, URL categories, and applications that employees can access on company devices.
Spam and marketing messages are stored centrally with the easy-to-use self-service Cisco Spam Quarantine solution. Large enterprises with multiple Cisco ESAs can offload their spam traffic to one location for easier tracking and provide a single point for employee access.
Data about web-based threats is provided in real time, including, for example, which users are encountering the most blocks or warnings, and which websites and URL categories pose the biggest risks. Malware and other threats that Cisco WSAs have detected and blocked are also reported.
This feature provides detailed information about the reputation scores of the websites that users access. These scores are based on data provided by Cisco WSAs, which analyze web server behavior and assign a score to each URL that reflects the likelihood that it contains malware.
Ports and systems with potential malware connections are displayed. Data from the Layer 4 traffic monitoring feature on Cisco WSAs can help organizations detect and remediate botnet-infected hosts.
Cisco SMAs are built to meet the requirements of organizations of different sizes and to complement all Cisco ESAs and Cisco WSAs. Table 2 presents the performance specifications, Table 3 presents the hardware specifications, and Table 4 presents the ordering information for the Cisco SMA.
Table 2. Cisco SMA Performance Specifications
Number of Users*
10,000 or more
Cisco SMA M1070
3.6 terabyes (TB)
(6 x 600-GB SAS)
Yes (RAID 10)
8 (2 quad cores)
Cisco SMA M680
(8 x 600-GB SAS)
Yes (RAID 10)
12 (2 hexa cores)
1000 to 10,000
Cisco SMA M670
(6 x 300-GB SAS)
Yes (RAID 10)
8 (2 quad cores)
Cisco SMA M380
(4 x 600-GB SAS)
Yes (RAID 10)
12 (2 hexa cores)
Small business or branch office
Up to 1000
Cisco SMA M170
(2 x 250-GB SATA)
Yes (RAID 1)
2 (1 dual core)
* Please confirm sizing guidance with a Cisco content security specialist to help ensure that your solution will meet your current and projected needs.
Cisco M1070 (for organizations of more than 10,000 users)
Cisco M680 (for organizations of more than 10,000 users)
Cisco M670 (for organizations of up to 10,000 users)
Cisco M380 (for organizations of up to 10,000 users)
Cisco M170 (for organizations of up to 1000 users)
Security is more critical to your network than ever before. As threats and risks persist, along with concerns about confidentiality and control, security is necessary for providing business continuity, protecting valuable information, and maintaining brand reputation. Cisco security solutions embedded into the fabric of your network enable you to connect to the right information with a high degree of security without disrupting your business. No organization understands network security like Cisco. Our market leadership, industry-leading threat protection and prevention, innovative products, and longevity make us the right vendor to serve your security needs.
For More Information
For more information about the Cisco Content Security Management Appliances, visit http://www.cisco.com/go/sma or contact your local account representative.
The best way to understand the benefits of the Cisco Content Security Management Appliances is to participate in the Try Before You Buy program. To receive a fully functional evaluation appliance to test in your network, free for 30 days, visit http://www.cisco.com/go/sma.