At-A-Glance
Cisco Web Security Virtual Appliance (WSAV)
Web Security Challenges
Real-Time Malware Defense
Web security administrators once planned their hardware purchases based on peak
traffic expectations. With the growth of video and other rich, bandwidth-intensive
content, traffic is now less predictable, leading to overages or drops in performance.
Multilayer scanning and Layer 4 Traffic Monitoring
Administrators also had to allow for long lead times, remote installation challenges,
customs duties, and other logistical issues involved with buying and installing hardware,
especially in multinational organizations.
Cisco Web Security Virtual Appliance
The Cisco Web Security Virtual Appliance (WSAV) functions as an all-in-one web
security solution that significantly lowers the cost of deploying web security, especially
with highly distributed networks, by letting administrators create security instances
where and when they are needed.
The WSAV is a software version of the Cisco Web Security Appliance that is available
at no charge with the purchase of Cisco web security software bundles and individual
licenses. With the WSAV, administrators can respond instantly to traffic spikes and
eliminate capacity planning. There is no need to buy and ship boxes; new business
opportunities can be supported without adding complexity to a data center or requiring
additional staff.
The Cisco WSAV uses multiple layers of antimalware protection. Cisco Web Reputation
Filters analyze web traffic and block URLs that fall short of an acceptable threshold.
Adaptive Scanning then dynamically selects the most relevant scanner based on URL
reputation, content type, and efficacy of the scanner, and improves the catch rate by
scanning high-risk objects first during increased scan loads.
The Layer 4 Traffic Monitor continuously scans activity, detecting and blocking spyware
phone-home communications. By tracking all network applications, the Layer 4
Traffic Monitor effectively stops malware that attempts to bypass classic web security
solutions. It dynamically adds IP addresses of known malware domains to its list of
malicious entities to block.
Figure 1. On-Premises Layer 4 Traffic Monitor
Packet and
Header Inspection
Network
Layer Analysis
Strong Protection
Safeguards every device, everywhere, all the time
Cisco Security Intelligence Operations (SIO) provides zero-day threat protection to all
users, regardless of location. SIO integrates with Ciscos family of network security
offerings, enabling the WSAV to deliver continuous real-time threat protection.
Cisco Security Intelligence Operations
The broadest worldwide threat telemetry network
Cisco SIO receives automatic updates every three to five minutes and provides a 24x7
view into global traffic activity, enabling Cisco to analyze anomalies, uncover new
threats, and monitor traffic trends.
Cisco SIO delivers the industrys largest collection of real-time threat intelligence, including:
WSAV
Internet
Users
Preventing Phone-home Traffic
Preventing Anti-malware Data
Scans all traffic, all ports, all protocols
Automatically updated rules
Detects malware bypassing port 80
Generates rules in real time using
dynamic discovery
Preventing botnet traffic
100 TB of security intelligence daily
1.6 million deployed security devices, including firewall, IPS, web, and email appliances
13 billion daily web requests
150 million endpoints
35% of worldwide email traffic
2013 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks.
Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
�At-A-Glance
Complete Control
Investment Value
Enables control of all web traffic on all devices
Delivers more for your investment
Enforce policy and provide granular control over application and user behavior using
context-aware inspection from a single, easy-to-use management interface.
Cisco Web Usage Controls
Includes URL filtering and Dynamic Content Analysis (DCA)
Combine traditional URL filtering with a dynamically updated URL database to defend
against compliance, liability and productivity risks. The proprietary Cisco Dynamic
Content Analysis engine analyzes page content on unknown URLs to categorize them
in real time. Categorizations are dynamically updated every three to five minutes from
Cisco SIO.
Application Visibility and Control (AVC)
Get the benefits of several web security solutions on a single virtual machine. While
other solutions require complex multidevice deployments, the Cisco WSAV operates as
a standalone solution, deployed alone or integrated with existing infrastructure. Multiple
WSAVs can be controlled using the Cisco S-Series Management Appliance (SMA).
All-in-One Solution
Simplifies deployment
Simplify web security deployment by aggregating several web security features in a
single software solution. With its simplified architecture, the WSAV reduces IT costs by
having fewer devices to manage, support, and maintain.
Figure 2. All-in-One Solution
Ensures acceptable use and security policy enforcement
Easily set policy and control usage of hundreds of Web 2.0 applications and 150,000+
micro-applications. Granular policy control allows administrators to permit the use of
applications such as Facebook or Dropbox while blocking users from activities such as
uploading documents or sharing photos.
Internet
Firewall
Firewall
Web Proxy
Cisco AnyConnect Secure Mobility Client
Malware
Extends protection to roaming users
Safeguard data requested by roaming laptop devices. AnyConnect dynamically initiates
a VPN that directs sensitive traffic to the primary web access point for real-time
analysis prior to permitting access.
Internet
Traditional
Appliances
URL Filtering
Cisco Web Security
Virtual Appliance
Policy Management
Data Loss Prevention (DLP)
Reporting
Prevents leaks and data loss
Prevent confidential data from leaving your network by creating context-based rules
for basic DLP. The WSAV uses Internet Content Adaptation Protocol (ICAP) to integrate
with third-party DLP solutions for advanced protection.
Users
Users
Learn More
Find out more at http://www.cisco.com/go/wsa.
Evaluate how Cisco products will work for you with a Cisco sales representative,
channel partner, or systems engineer.
2013 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks.
Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
C45-727197-01 10/13
