Introduction to

IronPort Products

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

Table of Contents
History and Overview of IronPort Products
Technical details about the product line

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

History and Overview of

IronPort Products
Email, Web and Encryption Appliances

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

IronPort Hardware Product Portfolio

Web Security (WSA): S-Series HW, subscriptions, support
S160, S170, S360, S370, S650, S660, S670

Email Security (ESA): C-Series HW, subscriptions, support

C160, C170, C360, C370, C660, C670, X1060, X1070

Management (SMA): M-Series HW, software, support

M160, M170, M660, M670, M1060, M1070

Encryption (IEA): HW, software, support

IEA360, IEA370

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

Business Overview: Product Mix

Installed Base
Appliance (k)

Email

Web

2010 Cisco and/or its affiliates. All rights reserved.

Management

Product

Count

ESA

41k

WSA

10k

SMA

3k

IEA

0.7k

Encryption

Cisco Confidential

Supplemental Information

Additional Corporate
Background

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

IronPort Company Overview

Acquistion

Announce:
Jan 4, 2007
Close: Jun
19, 2007

Headquarters Founded

San Bruno,
CA

2000

Employees

Products

Subscription Services

Primary
Markets (ENT
& SP)
C-Series:
Email security
appliance
S-Series:
426
Web security Software
employees/63
appliance
Blades:
Contractors
M-Series:
VOF
R&D=140
Managment Anti-Virus
Sales&Market
Anti-Spam
ing=197
___________ DLP
G&A=32
___________ CM
Operations=5
_____

7
Primary
Market (SMB)

Software as a
Service
Model
Platinum
Platinum
Plus

Blocker
(Sold via Dell
experiment
only)

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

The Products Are Ready

Leader in Four Magic Quadrants, Accelerating in All

Network Access Control

Source: Gartner (July 2010)

Email Security Boundaries

Source: Gartner (August 2010)

2010 Cisco and/or its affiliates. All rights reserved.

SSL VPN

Source: Gartner (July 2010)

Secure Web Gateway

Source: Gartner (May 2010)

IPS / Threat Management

Source: Gartner (December 2010)

Firewall

Source: Gartner (October 2010)

Cisco Confidential

Technical Details
Email, Web and Encryption Appliances

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

IronPort Gateway Security Products

Internet
Internet

IronPort
SenderBase

BLOCK Incoming Threats

APPLICATION-SPECIFIC
SECURITY GATEWAYS

ENCRYPTION

EMAIL

WEB

Appliance

Security Appliance

Security Appliance

CENTRALIZE Administration
PROTECT Corporate Assets
Data Loss Prevention
Security
MANAGEMENT
Appliance

CLIENTS

Web Security | Email Security | Security Management | Encryption

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

10

Email Security Appliance

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

11

IronPort Consolidates the Network

Perimeter
For Security, Reliability and Lower Maintenance
Before IronPort

After IronPort

Internet

Internet

Firewall

Firewall
Encryption Platform
MTA

DLP
Scanner

Anti-Spam
Anti-Virus

DLP Policy
Manager

IronPort Email Security Appliance

Policy Enforcement
Mail Routing

Groupware

Users

2010 Cisco and/or its affiliates. All rights reserved.

Groupware

Users

Cisco Confidential

12

IronPort Architecture for Multi-Layered

Email Security
MANAGEMENT TOOLS

SPAM
DEFENSE

VIRUS
DEFENSE

DATA LOSS
PREVENTION

EMAIL ENCRYPTION

THE IRONPORT ASYNCOS EMAIL PLATFORM

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

13

The IronPort SenderBase Network

Global Reach Yields Benchmark Accuracy

30B+ queries daily
150+ Email and Web
parameters
25% of the Worlds Traffic
Cisco Network Devices
View into both email & Web
traffic dramatically
improves detection
80% of spam contains
URLs
Email is a key distribution
vector for Web-based
malware
Malware is a key
distribution vector for Spam
zombie infections
2010 Cisco and/or its affiliates. All rights reserved.

Combines Email & Web Traffic Analysis

IronPort
SenderBase

IronPort EMAIL

IronPort WEB

Security Appliances

Security
Appliances

Cisco Confidential

14

The IronPort SenderBase Network

Data Makes the Difference

150 Parameters
Complaint Reports

THREAT PREVENTION IN REAL TIME

Spam Traps
Message
Composition Data
Global Volume Data
URL Lists
Compromised
Host Lists
Web Crawlers

SenderBase
Data

Data Analysis/
Security Modeling

SenderBase
Reputation Scores
-10 to +10

IP Blacklists
& Whitelists
Additional Data

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

15

Web Security Appliance

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

16

Next Generation Secure Web Gateway

Before IronPort

After IronPort

Internet

Firewall

Internet

Firewall

Web Proxy & Caching

Anti-Spyware

IronPort S-Series

Anti-Virus
Anti-Phishing
URL Filtering
Policy Management

Users
Users
2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

17

Layer 4 (L4) Traffic Monitor

Integrated Network Monitoring

MANAGEMENT TOOLS

L4 Traffic
Monitor

URL
Filters

Web Reputation
Filters

Anti-Malware
System

IronPort AsyncOS Web Security Platform

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

18

Detecting Existing Client Infections

Monitoring Phone Home Traffic
Layer 4 Traffic Monitor
Scans all traffic, all ports, all protocols
Detects malware bypassing Port 80

Powerful anti-malware data

Automatically updated anti-malware rules
Real-time rule generation using Dynamic
Discovery

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

19

IronPort URL Filters

Acceptable Use Policy Enforcement

MANAGEMENT TOOLS

L4 Traffic
Monitor

URL
Filters

Web Reputation
Filters

Anti-Malware
System

IronPort AsyncOS Web Security Platform

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

20

IronPort URL Filters

Comprehensive Management & Visibility

Flexible policy management
Per user, per group policies
Multiple actions, including
monitor only
Custom notifications

Visibility
Easy to understand reports
Extensive logging
Comprehensive alerting

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

21

IronPort Web Reputation Filters

The Outer Layer of Defense

MANAGEMENT TOOLS

L4 Traffic
Monitor

URL
Filters

Web Reputation
Filters

Anti-Malware
System

IronPort AsyncOS Web Security Platform

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

22

Intelligent Scanning
Known good sites arent scanned
ANTI-MALWARE
ANTI-MALWARE
SYSTEM
SYSTEM
IRONPORT
IRONPORT
WEB
WEB REPUTATION
REPUTATION
FILTERS
FILTERS

Requested
URLs

Unknown sites are

scanned by one or
more engines

DECRYPTION
DECRYPTION
ENGINE
ENGINE

Known bad sites are blocked

Web Reputation determines need for scanning by

IronPort Anti-Malware System
Decryption Engine
2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

23

IronPort Anti-Malware System

IronPort Dynamic Vectoring and Streaming (DVS) Engine

MANAGEMENT TOOLS

L4 Traffic
Monitor

URL
Filters

Web Reputation
Filters

Anti-Malware
System

IronPort AsyncOS Web Security Platform

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

24

IronPort DVS Engine

Multi-Layered Malware Defense

Deep content inspection
High-performance scanning
Parallel scans
Stream scanning
Multiple verdict engines
Integrated, on-box
Supported engines: Webroot,
McAfee
Automated Updates

2010 Cisco and/or its affiliates. All rights reserved.

Webroot

IRONPORT
IRONPORT
DVS
DVS ENGINE
ENGINE

McAfee

VERDICT
ENGINE N

Policy
Policy Management
Management

Cisco Confidential

25

Industry-leading Accuracy
With Multiple Verdict Engines

Best-of-breed signatures - Webroot & McAfee

Broad coverage - Addresses full range of threats
Complete signature set - URLs, domains, CLSIDs, binaries, checksums,

user agents and more

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

26

Management Appliance

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

27

System Management Capabilities

End-User Controls
Spam Quarantine

Quarantine for admins

and end-users
Safe Listing and Block Listing
On-box or consolidated quarantine
(IronPort M-Series )
Authenticate users against LDAP,
Active Directory or IMAP/POP
Outlook Plug-in

One-click reporting of spam,

viruses and phishing attacks
Block and Allow lists supported
natively in Outlook

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

28

IronPort M-Series
Centralized Reporting and Message Tracking
Aggregated IronPort Email

Security Monitor reports

available on a central
IronPort M-Series interface

Helps administrators

answer help desk calls

quickly and easily
Joe sent me an email, but I
never received it.

Easier alternative to

searching log files

Gives one place to search for

messages across different
appliances

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

29

System Monitoring
Easy Integration with Existing Processes

Alert Center

Alert Subscriptions per Admin

Distinct Areas of Management

Log Subscriptions

SNMP
Exclusive IronPort MIB
Integrates with any
SNMP-compatible tools

20+ Log Types Supported

Transfer via FTP, SCP, Syslog
2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

30

Encryption Appliance

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

31

Encryption Market Evolution

The Technical View

Legacy Encryption Solutions

IronPort PXE

S/MIME, PGP, Secure Webmail

Secure Envelopes

Multi-Platform Deployment
Certificate Requirements
Sender/Receiver Plug-Ins

2010 Cisco and/or its affiliates. All rights reserved.

Single, Integrated Platform

No Certificate Complexity
No Plug-Ins Required

Cisco Confidential

32

IronPort PXE: Sending a Message

Instant Deployment, Zero Management Costs

CISCO REGISTERED
ENVELOPE SERVICE

Automated user enrollment and account creation

User authentication and key delivery
Message Tracking
Secure Reply
NEVER stores email message highest security
2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

33

IronPort PXE: Receiving a Message

Seamless End-User Experience
1. Open Attachment
2. Enter password

3. View message

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

34

Q&A

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential

35