The IronPort S Series product line from Cisco leverages the vendor's AsyncOS operating system and provides protection to the organization from malicious Web traffic through a combination of anti-malware, URL, and Web reputation based traffic filtering. The device is itself deployed at the network perimeter (the Internet access point) as an explicit forward proxy or transparently off of an L4 switch or WCCP router, and is currently offered in three flavors: The S160, targeted to SOHO/small businesses and protecting up to 1,000 users; the S360, with support for 1,000 to 10,000 users, and the S660, for the protection of 10,000 or more users.

At the core of the S Series' feature set is Web reputation checking, which enables the device to examine network connection attempts and block (if the administrator's defined policy so dictates) the connections based purely on the reputation of the site being contacted. The S Series technology leverages the vendor's SenderBase Network and uses over 50 traffic and network related parameters in the evaluation of a particular connection, with an overall SenderBase Reputation Score being given to the connection and policy being enforced based on that resulting score. Web reputation can be used in combination with both the HTTPS scanning engine, and anti-malware protection.

New to the Web Reputation-based features of the product is "Exploit Filtering," which the vendor explains focuses on the detection of otherwise trusted sites that have somehow themselves been compromised by malware (i.e., through cross-site scripting, SQL injection, etc.). If a site is determined to harbor compromised code, it is classified as either Compromised (the site is compromised, but the exploits are not active); Compromised and Actively Hosting Malware; or Vulnerable to Exploits (the site is susceptible to exploits or has been linked to malware in the past). Sites coming under either of the first two designations are immediately blocked.

The anti-malware capabilities of the product are facilitated by the inclusion of both Webroot (anti-spyware) and McAfee (anti-spyware and anti-virus) scanning technology, deployed alongside the vendor's own Dynamic Vectoring and Streaming (DVS) engine which enables the integrated and simultaneous application of the unit's own filtering and examination capabilities while content is simultaneously scanned by the anti-malware engines. The anti-malware scanning can be performed in concert with the Web reputation checking such that only those messages from suspect sources need be scanned; with those from known bad sources immediately blocked by the reputation filters, and those from known good sources bypassing the anti-malware checks entirely. Additionally, Layer 4 traffic is monitored by the appliance across all network ports for spyware "phone home" requests.

Finally, a URL filtering engine is also included, enabling the blocking of URL access via a categorization engine currently consisting of 52 categories (with support for unlimited custom categories) representing 20 million sites and 3 billion Web pages. Access policies can be defined by user groups, with support for LDAP/Active Directory integration.

Other features include Web-based management and reporting (including support for both real-time and historical analysis); Web traffic logging (support for Apache, Squid, Squid-detailed, or custom formats); SNMP-based management and alerting support; multi-realm authentication; and support for HTTPS proxying such that encrypted messages can be decrypted and analyzed before being re-encrypted for delivery to the end-recipient. Like the anti-malware scanning above, this latter capability in particular can be utilized in conjunction with Web reputation filtering; so that only certain suspect traffic is decrypted and analyzed with trusted traffic delivered straight through the box without decryption.

The IronPort S Series is available now, with pricing starting at $7,000. Contact Cisco for further information.

product submission by EITPlanet Staff

E-Mail this page to a colleague
send info about IronPort S-Series

Suggest a link
for the IronPort S-Series fact sheet