Cisco Web Security

Cisco Anti-Malware System

Web Reputation: First Layer of Defense

Cisco Web Reputation was a pioneering technology and is a market leader in web reputation systems today. To analyze each object on a page and determine a web reputation score in real time, this technology uses more than 150 different criteria, such as:

  • Domain registration information
  • Dynamic IPs
  • Traffic volumes
  • Patterns in the URL being requested

Webpages receive a score ranging from -10 to +10, with -10 indicating the highest threat risk. You can block webpages with a high-risk profile by using your Cisco S-Series Appliance.

Adaptive Scanning: Dynamic, Targeted Protection

Adaptive Scanning is a new content scanning logic that was introduced on the Cisco S-Series. This new security feature greatly increases the catch rate for malware that is embedded in images, JavaScript, text, and Flash files. Adaptive Scanning helps block up to 35 percent more malware by intelligently selecting scanners based on numerous criteria, such as:

  • Web reputation score
  • Content type
  • Scanner catch rate for a given content type
  • Scanning cost of a given scanner

Adaptive Scanning is an additional layer of security on top of Cisco Web Reputation Filters, which analyze more than 20 billion web transactions daily. Our scanning engines include Sophos, Webroot, and McAfee.

Sophos Protection

Sophos offers award-winning protection against known and unknown threats by using its Genotype and Behavioral Genotype Protection. Genotype virus-detection technology proactively blocks families of viruses. Behavioral Genotype Protection automatically guards against previously unknown threats by analyzing the behavior of the code before it executes, protecting against:

  • New and existing viruses
  • Trojan horses
  • Worms
  • Spyware
  • Other adware

Webroot Scan Engine

The Webroot scan engine, backed by a threat research team at Webroot, performs both request-side and response-side scans. Efficacy and coverage are strengthened by Phileas (the first automated spyware detection system), which identifies existing and new threats by intelligently scanning millions of sites daily.

McAfee Scan Engine

The McAfee Scan Engine is backed by AvertLabs, an industry-leading threat research center. The McAfee database includes both virus and malware signatures, and can be configured to perform both signature-based and heuristics-based scanning.

Figure 1
Figure 1 Webroot and McAfee Scan Engines Are Fully Integrated into the Cisco Anti-Malware System

Advanced Malware Protection

The Cisco Anti-Malware System now includes Advanced Malware Protection (AMP). This malware-defeating solution takes full advantage of the vast cloud security intelligence network of Sourcefire (now part of Cisco).

AMP protects across the attack continuum: before, during, and after an attack. This comprehensive solution uses file reputation, dynamic file analysis, and retrospective alerting for superior defense against and visibility into malicious files within web traffic. Users can block more attacks, track suspicious files, mitigate the scope of an outbreak, and remediate faster.

Use a Broad Range of Gateway Threat Categories

An exceptionally large variety of threat categories for a web gateway gives the Cisco Anti-Malware System granular visibility into threat activity and specialized policy creation. Sixteen threat categories provide your enterprise with significant control to manage and balance risk management against user needs.

Gain Powerful Management Capabilities

Web-Based GUI

A web-based GUI provides exceptional control for initial configuration and ongoing management. The comprehensive, easy-to-use Cisco Anti-Malware System deploys in multiple modes, including "monitor only" or "monitor and block."

Malware Categories and Actions by Verdict Type

Malware categories and actions by verdict type can be easily managed on the Cisco S-Series Appliance GUI. The simple web interface helps administrators:

  • Create and easily manage custom antimalware policies
  • Enable or disable malware filtering on a per-user or per-group basis

The Cisco S-Series Appliance offers distinct settings for "known" and "suspect" malware and helps your enterprise set its own custom thresholds for malware-positive verdicts.

Point-and-Click Functionality

The Cisco S-Series Appliance also provides point-and-click functionality to:

  • Enable and disable the service
  • Select deployment modes
  • Set thresholds
  • Configure automated updates and more

You can schedule automated, timely, and highly secure updates for as frequently as every five minutes. These updates help ensure coverage against the latest emerging virus and malware threats.

Use Real-Time Monitoring and Full Reporting

Real-Time Visibility

The Cisco S-Series Appliance offers comprehensive on-box reporting that delivers real-time visibility into trouble spots in your network's web traffic requests. Generated reports:

  • Include top malware sites detected, malware threats and categories identified and blocked, and others
  • Provide actionable information, such as a list of top clients infected, as well as historical trends

With on-box web security reports, administrators have comprehensive visibility and can correlate malware activity with clients.

Figure 2
Figure 2 Reports Provide Detailed Information on Malware, Including Client Correlation and Trend Data

Benefit from High Accuracy and Low Latency

Optimized for accuracy and performance, the Cisco Anti-Malware System helps ensure industry-leading efficacy, without any perceptible change to the end-user experience. The system combines:

  • Rapid parsing and vectoring capabilities of the Cisco distributed virtual switch (DVS) engine
  • Extensive and accurate signature-based verdict engines, Webroot, and McAfee

These engines rely on next-generation, automated research technologies to proactively identify new threats. Webroot and McAfee in-house research teams can then rapidly develop and test signatures for new threats before the threats infect corporate networks. The Cisco Anti-Malware System is updated in real time to help ensure the most current protection available.

Protect Against a Range of Web-Based Malware

The Cisco S-Series Appliance quickly and accurately detects and blocks a full range of known and emerging threats, including:

  • Viruses
  • Adware
  • Trojan horses
  • System monitors
  • Keyloggers

In addition, it protects against:

  • Rootkits
  • Malicious and tracking cookies
  • Browser hijackers
  • Browser helper objects
  • Phishing

Pay Near-Zero Administrative Overhead

The Cisco S-Series web-based GUI is easy to use and makes initial configuration and setup simple. Scanning accuracy cuts customer support calls and costly desktop cleanup to almost zero. Automated, timely, and highly secure updates eliminate the need for ongoing manual tuning and maintenance to catch new and emerging threats.

Gain Comprehensive Visibility

The Cisco S-Series Appliance controls the malware threat to a corporate environment. But administrators and executive management may require information to better understand ever-evolving corporate threats. The system's comprehensive reporting:

  • Gives administrators powerful insight into threats that are monitored or blocked, as well as the presence of infected clients
  • Offers a better view of user actions, providing data to help promote additional network and desktop protection policies

Get Low Total Cost of Ownership

First-generation Internet Content Adaption Protocol–based antimalware solutions require owning and administering multiple servers. The Cisco Anti-Malware System, however, is delivered as a high-performance, single-appliance solution.

Implement a Strong Defense and Cut Cleanup Costs

The strong perimeter defense provided by Cisco Web Reputation and Adaptive Scanning technology prevents client infections and greatly reduces cleanup costs. As an important part of the Cisco S-Series Appliance, this defense-in-depth solution combines exceptional accuracy and high performance. It delivers powerful protection with no perceptible change to the end-user experience.

Related Pages

Web Security