Cisco Cisco Web Security Appliance S670 User Guide
W H A T ’ S N E W I N V E R S I O N 6 . 0
C H A P T E R 1 : G E T T I N G S T A R T E D W I T H T H E W E B S E C U R I T Y A P P L I A N C E
3
W H A T ’S N E W I N VE R S I O N 6 . 0
This section describes new features and enhancements added in the AsyncOS 6.0 for Web
release.
release.
New Feature: IronPort Data Security
AsyncOS for Web 6.0 includes the IronPort Data Security Filters to provide you visibility and
control over data leaving your network via the web and FTP. This feature allows you to create
policies and take actions based on relevant parameters like the source (user), destination (URL
categories and web reputation), and file metadata (file name, file type, and file size). For
example, you can enforce the following business policies using IronPort Data Security:
control over data leaving your network via the web and FTP. This feature allows you to create
policies and take actions based on relevant parameters like the source (user), destination (URL
categories and web reputation), and file metadata (file name, file type, and file size). For
example, you can enforce the following business policies using IronPort Data Security:
• Do not allow members in the Finance department to send Excel files.
• Do not allow attachments in outgoing web-based emails to exceed 100 KB.
Additionally, IronPort Data Security logs all the upload transactions so that you can retain the
record for HR investigations if a data loss incident is reported.
record for HR investigations if a data loss incident is reported.
To use IronPort Data Security, first you enable the IronPort Data Security Filters, and then you
create IronPort Data Security Policies to create the business policies you want to enforce.
create IronPort Data Security Policies to create the business policies you want to enforce.
New Feature: External Data Loss Prevention
AsyncOS for Web 6.0 interoperates with leading Data Loss Prevention (DLP) vendors for
advanced web DLP. The Web Security appliance sends the outbound traffic to the configured
third party external DLP server, and enforces the verdict returned by the DLP server. This
allows you to use content scanning, dictionaries, file fingerprinting and other techniques to
satisfy advanced web DLP use cases like regulatory compliance and case management.
advanced web DLP. The Web Security appliance sends the outbound traffic to the configured
third party external DLP server, and enforces the verdict returned by the DLP server. This
allows you to use content scanning, dictionaries, file fingerprinting and other techniques to
satisfy advanced web DLP use cases like regulatory compliance and case management.
To use data loss prevention, first you define external DLP servers on the Web Security
appliance, and then you create External DLP Policies.
appliance, and then you create External DLP Policies.
Even when the appliance uses External DLP Policies, IronPort recommends that you also use
IronPort Data Security in parallel because this combination has better performance than using
External DLP Policies alone. IronPort Data Security Policies can block uploaded content
sooner than External DLP Policies in many cases. For example, you might use the IronPort
Data Security Policies to block data uploads to websites with a low reputation score. This
way, the data is never sent to the External DLP system for a deep content scan, which
improves overall performance. Content that needs deeper inspection can be selectively
passed to the External DLP server for content analysis.
IronPort Data Security in parallel because this combination has better performance than using
External DLP Policies alone. IronPort Data Security Policies can block uploaded content
sooner than External DLP Policies in many cases. For example, you might use the IronPort
Data Security Policies to block data uploads to websites with a low reputation score. This
way, the data is never sent to the External DLP system for a deep content scan, which
improves overall performance. Content that needs deeper inspection can be selectively
passed to the External DLP server for content analysis.