Get Accurate, High-Performance Malware Protection
Malware threats are a very real and costly problem that most companies face today. IDC estimates that 75 percent of corporate desktops are currently, and unknowingly, infected with spyware. Spyware and other types of malware can result in:
- Loss of confidential information
- System and network downtime
- Reduced employee productivity
- Escalating customer support costs
The Cisco IronPort Anti-Malware System uniquely combines the Cisco IronPort Dynamic Vectoring and Streaming (DVS) engine, a high-performance scanning engine, with industry-leading signature-based verdict engines. This combination provides a powerful, fully integrated antimalware defense.
Obtain Another Layer of Defense
As the second layer of defense on the Cisco IronPort S-Series, Cisco IronPort Anti-Malware rapidly scans web content as it is downloaded against malware signatures. This system:
- Eliminates a broad range of known and emerging web-based threats
- Reduces infections and desktop cleanup costs
Get Industry-Leading Accuracy and Performance
The Cisco IronPort Anti-Malware System is optimized for exceptional performance integrated into a single appliance solution. Cisco IronPort built the system to be fast and accurate. It relies on a less computationally intensive single scan to evaluate for multiple threats, including a broad range of:
- Malware
- Phishing
- Pharming
- Malicious rootkits
- Other threats
With an exceptionally large malware signature database located at the gateway, the Cisco IronPort Anti-Malware System gives you industry-leading protection against these threats.
Deploy the Cisco IronPort DVS Engine
The powerful Cisco IronPort DVS engine employs rapid object parsing and vectoring techniques, along with:
- Stream scanning
- Early exit algorithms
- Reputation-based caching
This combination greatly increases scanning throughput over that of existing first-generation Internet Content Adaptation Protocol (ICAP)–based solutions.
The Cisco IronPort Anti-Malware System is designed to support verdict engines from multiple vendors, which increases efficacy.
Obtain Broad Threat Categorization
Broad threat categorization identifies new and more sophisticated security threats, both on the request side and the response side. The Cisco IronPort Anti-Malware System:
- Conducts deep archive scanning to detect viruses and malware concealed within archive packages
- Detects rootkits, hidden malicious software that provides root-level access to, and control over, a computer without owner knowledge
Block Threats at the Corporate Gateway
Blocking threats at the corporate gateway helps prevent infection and reduces cleanup costs. By stopping threats before they enter the network, the Cisco IronPort Anti-Malware System prevents initial and ongoing damage.
Get a Broad Range of Signatures
Scanning engines from Sophos, Webroot, and McAfee are fully integrated into the Cisco IronPort Anti-Malware System (Figure 1). These three industry-leading solutions help you scan for web-based threats in parallel, providing superior protection and performance.
Sophos Protection
Sophos offers award-winning protection against known and unknown threats using its Genotype and Behavioral Genotype Protection. Genotype virus-detection technology proactively blocks families of viruses. Behavioral Genotype Protection automatically guards against previously unknown threats by analyzing the behavior of the code before it executes, protecting against:
- New and existing viruses
- Trojan horses
- Worms
- Spyware
- Other adware
Webroot Scanning Engine
The Webroot scanning engine, backed by a threat research team at Webroot, performs both request- and response-side scans. Efficacy and coverage are strengthened by Phileas (the first automated spyware detection system), which identifies existing and new threats by intelligently scanning millions of sites daily.
McAfee Scanning Engine
The McAfee scanning engine is backed by Avert Labs, an industry-leading threat research center. The McAfee database includes both virus and malware signatures, and can be configured to perform both signature-based and heuristics-based scanning.
Figure 1: Webroot and McAfee Scanning Engines Are Fully Integrated into the Cisco IronPort Anti-Malware System
Use a Broad Range of Gateway Threat Categories
An exceptionally large variety of threat categories for a web gateway gives the Cisco IronPort Anti-Malware System granular visibility into threat activity and specialized policy creation. Sixteen threat categories provide your enterprise with significant control to manage and balance risk management versus user needs.
Gain Powerful Management Capabilities
Web-Based GUI
A web-based GUI provides exceptional control for initial configuration and ongoing management. The comprehensive, easy-to-use Cisco IronPort Anti-Malware System deploys in multiple modes, including "monitor only" or "monitor and block."
Malware Categories and Actions by Verdict Type
Malware categories and actions by verdict type are managed within Cisco IronPort Web Security Manager. This product helps administrators:
- Create and easily manage custom antimalware policies
- Enable or disable malware filtering on a per-user or per-group basis
The Cisco IronPort Anti-Malware System offers distinct settings for "known" and "suspect" malware and helps your enterprise set its own custom thresholds for malware-positive verdicts.
Point-and-Click Functionality
Cisco IronPort Web Security Manager also provides point-and-click functionality to:
- Enable and disable the service
- Select deployment modes
- Set thresholds
- Configure automated updates and more
Automated, timely, and highly secure updates can be scheduled for as frequently as every 5 minutes. These updates help ensure coverage against the latest emerging virus and malware threats.
Use Real-time Monitoring and Full Reporting
Real-Time Visibility
The Cisco IronPort Anti-Malware System delivers real-time visibility into trouble spots in your network's web traffic requests. Generated reports:
- Include top malware sites detected, malware threats and categories identified and blocked, and others
- Provide actionable information, such as a list of top clients infected, as well as historical trends
Through Cisco IronPort Web Security Manager, administrators have comprehensive visibility and can correlate malware activity with clients (Figure 2).
Figure 2: Reports Provide Detailed Information on Malware, Including Client Correlation and Trend Data
Sophisticated Alert Engine
A sophisticated alert engine, which is included with every Cisco IronPort S-Series appliance, also benefits the Cisco IronPort Anti-Malware System. Administrators can set up individual alert subscriptions for the system, based on severity levels. Alerts are calibrated in three categories:
- Informational
- Warning
- Critical
This alerting system gives administrators clear visibility into the application and helps them take appropriate and timely action, if required.
Benefit from High Accuracy and Low Latency
Optimized for accuracy and performance, the Cisco IronPort Anti-Malware System helps ensure industry-leading efficacy, without any perceptible change to the end-user experience. The system combines:
- Rapid parsing and vectoring capabilities of the Cisco IronPort DVS engine
- Extensive and accurate signature-based verdict engines, Webroot and McAfee
Both engines rely on next-generation, automated research technologies to proactively identify new threats. Webroot and McAfee in-house research teams can then rapidly develop and test signatures for new threats before they infect corporate networks. The Cisco IronPort Anti-Malware System is updated in real time to help ensure the most current protection available.
Protect Against a Range of Web-Based Malware
The Cisco IronPort Anti-Malware System quickly and accurately detects and blocks a full range of known and emerging threats, including:
- Viruses
- Adware
- Trojans
- System monitors
- Keyloggers
In addition, it protects against:
- Rootkits
- Malicious and tracking cookies
- Browser hijackers
- Browser helper objects
- Phishing
Pay Near-Zero Administrative Overhead
The Cisco IronPort S-Series web-based GUI is easy to use and makes initial configuration and setup simple. Cisco IronPort Anti-Malware System scanning accuracy cuts customer support calls and costly desktop cleanup to almost zero. Automated, timely, and highly secure updates eliminate the need for ongoing manual tuning and maintenance to catch new and emerging threats.
Gain Comprehensive Visibility
The Cisco IronPort Anti-Malware System controls the malware threat to a corporate environment. But administrators and executive management may require information to better understand ever-evolving corporate threats. The system's comprehensive reporting:
- Gives administrators powerful insight into threats monitored or blocked, as well as the presence of infected clients
- Offers a better view of user actions, providing data to help promote additional network and desktop protection policies
Get Low Total Cost of Ownership
First-generation, ICAP-based antimalware solutions require ownership and administration of multiple servers. Unlike those products, however, the Cisco IronPort Anti-Malware System is delivered as a high-performance, single-appliance solution.
Implement a Strong Defense and Cut Cleanup Costs
The strong perimeter defense provided by the Cisco IronPort Anti-Malware System prevents client infections and greatly reduces cleanup costs. As an important part of the Cisco IronPort S-Series appliance, this defense-in-depth solution combines exceptional accuracy and high performance. It delivers powerful protection with no perceptible change to the end-user experience.