Cisco Cisco Web Security Appliance S370 Leaflet

Figure 3. Cisco WSA’s Layers of Defense

www

Cisco® Web Security Appliance (WSA)

Appliance

Before

Web

Reputation

Web

Filtering

Parallel AV

Scanning

File

Reputation

Data Loss

Prevention

File

Sandboxing

File

Retrospection

Webpage

Application

Visibility and

Control

Cognitive

Threat

Analytics

During

After

Virtual

Talos

www

Traffic

Redirections

WCCP

Load Balancer

Campus Office

Branch Office

Roaming User

Allow

Warn

Block

Partial Block

Explicit/PAC

PBR

Admin

Management

Reporting

Log Extraction

AnyConnect®

www

Client

Authentication

AMP

Sandboxing and Continuous Analysis

Advanced Malware Protection (AMP) is an additionally licensed feature available to all Cisco WSA
customers. AMP is a comprehensive malware-defeating solution that provides malware detection
and blocking, continuous analysis, and retrospective alerting (see Figure 4). AMP augments the
malware detection and blocking capabilities already offered in the Cisco WSA with enhanced file
reputation capabilities, detailed file-behavior reporting, continuous file analysis, and retrospective
verdict alerting. Customers now have the ability to sandbox PDF, Microsoft Office, and
archive/compressed files files, in addition to Windows portable executable files.

Figure 4. Retrospective Analysis with AMP

Actual Disposition = Bad = Too Late!!

Not 100%

Sandboxing
Antivirus

Initial Disposition = Clean

Actual Disposition = Bad = Blocked

POINT-IN-TIME

DETECTION

Analysis Stops

CONTINUOUS

MONITORING

Analysis Continues

AMP

Initial Disposition = Clean

Blind to

scope of

compromise

Identifies

threats after

an attack

Retrospective Analysis