Cisco Cisco Web Security Appliance S670 Information Guide
Does the Cisco Web Security Appliance (WSA)
provide malware/spyware protection?
provide malware/spyware protection?
Document ID: 117952
Contributed by Dominic Yip and Siddharth Rajpathak, Cisco TAC
Engineers.
Jul 16, 2014
Engineers.
Jul 16, 2014
Contents
Question
Question
Does the Cisco Web Security Appliance (WSA) provide Malware/Spyware protection?
Cisco Web Security Appliance (WSA) provides the industry's most comprehensive gateway defense against
spyware and web−based malware. This includes everything from Adware (which causes the most
supportability issues and consumes significant network resources) to more malicious threats such as Trojans,
Browser Hijackers, Browser helper Objects, Phishing, Pharming, System Monitors, Keyloggers, Worms, etc.
spyware and web−based malware. This includes everything from Adware (which causes the most
supportability issues and consumes significant network resources) to more malicious threats such as Trojans,
Browser Hijackers, Browser helper Objects, Phishing, Pharming, System Monitors, Keyloggers, Worms, etc.
Key differentiators of the Cisco Web Security solution include:
An integrated Layer 4 (L4) Traffic Monitor scans all ports at wire speed, detecting and blocking
malware and phone−home activity. By tracking all 65,535 network ports, the L4 Traffic Monitor
effectively stops malware that attempts to bypass Port 80 and also prevents rogue P2P and IRC related
activity.
malware and phone−home activity. By tracking all 65,535 network ports, the L4 Traffic Monitor
effectively stops malware that attempts to bypass Port 80 and also prevents rogue P2P and IRC related
activity.
1.
Proxy−Layer Processing: The Cisco Web Security Appliance also includes an extremely high
performance Web proxy, along with integrated caching & content acceleration capabilities. Built on
Cisco's proprietary operating system, AsyncOS, the Cisco Web proxy appliance can support up to
100,000 simultaneous connections as much as 10x more than traditional UNIX−based proxy servers.
Being a Web proxy allows for comprehensive content inspection at the application layer − a critical
requirement towards ensuring accuracy against web−based malware.
performance Web proxy, along with integrated caching & content acceleration capabilities. Built on
Cisco's proprietary operating system, AsyncOS, the Cisco Web proxy appliance can support up to
100,000 simultaneous connections as much as 10x more than traditional UNIX−based proxy servers.
Being a Web proxy allows for comprehensive content inspection at the application layer − a critical
requirement towards ensuring accuracy against web−based malware.
2.
The industry's first Web Reputation Filters provide a powerful outer layer of defense. Leveraging
SenderBase
SenderBase
®
, Cisco Web Reputation Filters analyze over 50+ different Web traffic and
network−related parameters to accurately evaluate a URL's trustworthiness. Sophisticated security
modeling techniques are used to individually weigh each parameter and generate a single score on a
scale of −10 to +10. Administrator configured policies are dynamically applied, based on reputation
scores.
modeling techniques are used to individually weigh each parameter and generate a single score on a
scale of −10 to +10. Administrator configured policies are dynamically applied, based on reputation
scores.
3.
Accelerated signature scanning using the Dynamic Vectoring & Streaming Engine (DVS Engine).
Unlike legacy architecture solutions which rely on ICAP and a multi−box deployment to ensure
malware scanning, Cisco's WSA has introduced the DVS Engine for an integrated on−box scanning
solution. This innovative platform employs sophisticated object parsing and vectoring techniques,
along with stream scanning and verdict caching, resulting in up to a 10x scanning throughput increase
over first−generation ICAP−based solutions.
Unlike legacy architecture solutions which rely on ICAP and a multi−box deployment to ensure
malware scanning, Cisco's WSA has introduced the DVS Engine for an integrated on−box scanning
solution. This innovative platform employs sophisticated object parsing and vectoring techniques,
along with stream scanning and verdict caching, resulting in up to a 10x scanning throughput increase
over first−generation ICAP−based solutions.
4.
Industry−leading Cisco's Anti−Malware System leverages the DVS engine and multiple signature
types from Webroot to provide best of breed protection against the widest variety of Web−based
threats. These threats can range from adware, browser hijackers, phishing and pharming attacks to
more malicious threats such as Trojans, System monitors and Keyloggers. WSA offers the industry's
largest malware signature database at the gateway.
types from Webroot to provide best of breed protection against the widest variety of Web−based
threats. These threats can range from adware, browser hijackers, phishing and pharming attacks to
more malicious threats such as Trojans, System monitors and Keyloggers. WSA offers the industry's
largest malware signature database at the gateway.
5.