Intelligent, Real-Time Protection
Malware threats are a very real and costly problem that most companies face today. IDC estimates that 75 percent of corporate desktops are currently, and unknowingly, infected with spyware. Spyware and other types of malware can result in:
- Loss of confidential information
- System and network downtime
- Reduced employee productivity
- Escalating customer support costs
The Cisco IronPort Anti-Malware System uniquely combines Cisco IronPort Web Reputation Technology and Adaptive Scanning technology with industry-leading signature-based verdict engines. This combination provides a powerful, fully integrated antimalware defense.
Web Reputation: First Layer of Defense
Cisco IronPort Web Reputation was a pioneering technology and is the most established web reputation system in the market today. This technology uses over 150 different criteria (such as domain registration in¬formation, use of dynamic IPs, traffic volumes, and patterns in the URL being requested) to analyze each object on a page and determine a web reputation score in real time. Read more about Cisco IronPort Web Reputation scores here.
Webpages are given a score from -10 to +10, with -10 indicating the highest threat risk. You can block webpages with a high risk profile with your Cisco IronPort S-Series appliance.
Adaptive Scanning: Dynamic, Targeted Protection
Adaptive Scanning is an additional layer of security on top of Cisco IronPort Web Reputation Filters, which analyze more than 20 billion web transactions daily.
Read the Adaptive Scanning data sheet At A Glance for more information.
Sophos offers award-winning protection against known and unknown threats using its Genotype and Behavioral Genotype Protection. Genotype virus-detection technology proactively blocks families of viruses. Behavioral Genotype Protection automatically guards against previously unknown threats by analyzing the behavior of the code before it executes, protecting against:
- New and existing viruses
- Trojan horses
- Other adware
Webroot Scanning Engine
The Webroot scanning engine, backed by a threat research team at Webroot, performs both request- and response-side scans. Efficacy and coverage are strengthened by Phileas (the first automated spyware detection system), which identifies existing and new threats by intelligently scanning millions of sites daily.
McAfee Scanning Engine
The McAfee scanning engine is backed by Avert Labs, an industry-leading threat research center. The McAfee database includes both virus and malware signatures, and can be configured to perform both signature-based and heuristics-based scanning.
Figure 1: Webroot and McAfee Scanning Engines Are Fully Integrated into the Cisco IronPort Anti-Malware System
Use a Broad Range of Gateway Threat Categories
An exceptionally large variety of threat categories for a web gateway gives the Cisco IronPort Anti-Malware System granular visibility into threat activity and specialized policy creation. Sixteen threat categories provide your enterprise with significant control to manage and balance risk management versus user needs.
Gain Powerful Management Capabilities
A web-based GUI provides exceptional control for initial configuration and ongoing management. The comprehensive, easy-to-use Cisco IronPort Anti-Malware System deploys in multiple modes, including "monitor only" or "monitor and block."
Malware Categories and Actions by Verdict Type
Malware categories and actions by verdict type can be easily managed on the Cisco IronPort S-Series Appliance GUI. The easy-to-use web interface helps administrators:
- Create and easily manage custom antimalware policies
- Enable or disable malware filtering on a per-user or per-group basis
The Cisco IronPort S-Series appliances System offer distinct settings for "known" and "suspect" malware and helps your enterprise set its own custom thresholds for malware-positive verdicts.
The Cisco IronPort S-Series appliances also provides point-and-click functionality to:
- Enable and disable the service
- Select deployment modes
- Set thresholds
- Configure automated updates and more
Automated, timely, and highly secure updates can be scheduled for as frequently as every 5 minutes. These updates help ensure coverage against the latest emerging virus and malware threats.
Use Real-time Monitoring and Full Reporting
The Cisco IronPort S-Series appliance offers comprehensive on-box reporting that delivers real-time visibility into trouble spots in your network's web traffic requests. Generated reports:
- Include top malware sites detected, malware threats and categories identified and blocked, and others
- Provide actionable information, such as a list of top clients infected, as well as historical trends
With on-box web security reports, administrators have comprehensive visibility and can correlate malware activity with clients.
Figure 2: Reports Provide Detailed Information on Malware, Including Client Correlation and Trend Data
Benefit from High Accuracy and Low Latency
Optimized for accuracy and performance, the Cisco IronPort Anti-Malware System helps ensure industry-leading efficacy, without any perceptible change to the end-user experience. The system combines:
- Rapid parsing and vectoring capabilities of the Cisco IronPort DVS engine
- Extensive and accurate signature-based verdict engines, Webroot and McAfee
Both engines rely on next-generation, automated research technologies to proactively identify new threats. Webroot and McAfee in-house research teams can then rapidly develop and test signatures for new threats before they infect corporate networks. The Cisco IronPort Anti-Malware System is updated in real time to help ensure the most current protection available.
Protect Against a Range of Web-Based Malware
The Cisco IronPort S-Series appliances quickly and accurately detect and block a full range of known and emerging threats, including:
- System monitors
In addition, it protects against:
- Malicious and tracking cookies
- Browser hijackers
- Browser helper objects
Pay Near-Zero Administrative Overhead
The Cisco IronPort S-Series web-based GUI is easy to use and makes initial configuration and setup simple. Scanning accuracy cuts customer support calls and costly desktop cleanup to almost zero. Automated, timely, and highly secure updates eliminate the need for ongoing manual tuning and maintenance to catch new and emerging threats.
Gain Comprehensive Visibility
The Cisco IronPort S-Series appliance controls the malware threat to a corporate environment. But administrators and executive management may require information to better understand ever-evolving corporate threats. The system's comprehensive reporting:
- Gives administrators powerful insight into threats monitored or blocked, as well as the presence of infected clients
- Offers a better view of user actions, providing data to help promote additional network and desktop protection policies
Get Low Total Cost of Ownership
First-generation, ICAP-based antimalware solutions require ownership and administration of multiple servers. Unlike those products, however, the Cisco IronPort Anti-Malware System is delivered as a high-performance, single-appliance solution.
Implement a Strong Defense and Cut Cleanup Costs
The strong perimeter defense provided by Cisco IronPort Web Reputation and Adaptive Scanning prevents client infections and greatly reduces cleanup costs. As an important part of the Cisco IronPort S-Series appliance, this defense-in-depth solution combines exceptional accuracy and high performance. It delivers powerful protection with no perceptible change to the end-user experience.