Cisco Announces Intent to Acquire ScanSafe

Cisco today announced its intent to acquire privately held ScanSafe, Inc. Based in London and San Francisco, ScanSafe is a market leader of software-as- a-service (SaaS) Web security solutions for organizations ranging from global enterprises to small businesses.

"With the acquisition of ScanSafe, Cisco is executing on our vision to build a borderless network security architecture that combines network and cloud-based services for advanced security enforcement," said Tom Gillis, vice president and general manager of Cisco's Security Technology Business Unit (STBU). "Cisco will provide customers the flexibility to choose the deployment model that best suits their organization and deliver anytime, anywhere protection against Web-based threats."

Web security is a large and expanding market expected to grow to $2.3 billion by 2012. By acquiring ScanSafe, Cisco is building on its successful acquisition of leading on-premise content security provider IronPort. The acquisition brings together the Cisco IronPortTM high-performance Web security appliance and ScanSafe's leading SaaS Web security service. This combination will expand Cisco's security portfolio to offer superior on-premise, hosted, and hybrid-hosted Web security solutions.

"ScanSafe pioneered the market for SaaS Web security and continues as a leader in this rapidly growing market," said ScanSafe CEO Eldar Tuvey. "At a time when enterprises are increasingly focused on a flexible and mobile workplace, the need for hybrid-hosted Web security solutions is greater than ever. By joining the Cisco team we will be able to offer even better and more flexible protection to our customers."

ScanSafe's service will be integrated with Cisco® AnyConnect VPN Client, the newest virtual private network (VPN) product from Cisco, to provide the industry's leading secure mobility solution. In addition, ScanSafe's global network of carrier-grade data centers and multi-tenant architecture will further enhance Cisco's ability to provide new cloud-security services for customers anywhere in the world.

Upon the close of the acquisition, the ScanSafe team will become part of Cisco's STBU, reporting to Gillis.

The ScanSafe acquisition demonstrates Cisco's commitment to security and its ability to use its financial strength to quickly capture key market transitions through its build, buy, and partner strategy. Under the terms of the agreement, Cisco will pay approximately $183 million in cash and retention-based incentives. The acquisition is subject to various standard closing conditions and is expected to close in the second quarter of Cisco's fiscal year 2010.

To purchase Ironport's products visit http://www.ironportstore.com.

Cisco Shines a Spotlight on the Dark Web

Cisco today launched Cisco® IronPort® Web Usage Controls, a next-generation acceptable-use product that offers real-time content categorization to accurately identify up to 90 percent of Dark Web sites in the most egregious content categories. Web 2.0 sites built on collaboration technologies with dynamic content and high churn are largely unknown to legacy URL-list-based solutions, creating a Dark Web that greatly increases the compliance, legal liability and productivity risks associated with Web traffic. Available as a software blade on the Cisco IronPort S-Series highly secure Web gateway, Cisco IronPort Web Usage Controls includes a dynamic content analysis engine that works in tandem with Cisco's comprehensive URL-filtering database to deliver industry-leading efficacy and coverage across all content types. This combination improves the ability of organizations to manage how and when users can access the Web, eliminating risks associated with misuse, compliance violations and reduced productivity.
The Dark Web:

* The Cisco Security Intelligence Operations (SIO) estimates that more than 80 percent of the Web is "dark," meaning uncategorized by legacy URL-filtering databases. Cisco refers to this as the Dark Web.
* The Dark Web has been formed largely as a result of the de-centralization of content creation ushered in by Web 2.0, including the proliferation of blogs and social networking sites, which has contributed to an explosion in the total number of Web pages in recent years. Sheer volume and churn of content has been further exacerbated by an increase in password-protected and dynamically generated content to overwhelm the legacy approaches to Web content categorization, which were developed to address a Web with a relatively small number of static, well-linked sites.
* With approximately 45 billion Web pages overall and 32 million new domains being added yearly, the percentage of Web that is dark is expected to grow exponentially over time. A new approach, based on effective real-time categorization, is required if acceptable use is to regain its efficacy in a Web 2.0 world.

Cisco IronPort Web Usage Controls:

* Combines a best-in-class URL-filtering database with a real-time Dynamic Content Analysis Engine. The URL-filtering database provides exceptional coverage for traditional Web content, while the Dynamic Content Analysis Engine accurately identifies 90 percent of dynamic Web 2.0 content that remains "dark" to list-based filtering.
* The Dynamic Content Analysis Engine is tuned to accurately identify content in commonly blocked categories. Cisco's analysis indicates that the Dynamic Content Analysis Engine identifies 50 percent more objectionable content than first-generation solutions or solutions relying entirely on a list, significantly reducing the compliance and legal liability risks presented by Web 2.0 traffic.
* Includes a comprehensive URL database with 65 URL categories and coverage for sites in more than 200 countries and over 50 languages. The URL database is updated every five minutes by Cisco Security Intelligence Operations.
* Provides rich policy controls and integrates with user directories for identity-based policy enforcement, with flexibility to enforce multiple actions including blocking, allowing, decrypting, warning and monitoring access.
* Web Usage Controls is integrated into the Cisco IronPort S-Series Web Security Appliance. The Cisco IronPort S-Series Web Security Appliance is the industry's fastest highly secure Web gateway integrating acceptable use enforcement (URL filtering), reputation filtering, malware filtering and data security on a single platform. By combining innovative security technologies, the Cisco IronPort S-Series helps organizations address the growing challenges of both securing and controlling Web traffic. Over time, Cisco expects to bring Web Usage Controls and dynamic categorization technology into other relevant Cisco network devices.

To purchase Ironport's products visit http://www.ironportstore.com.

Cisco Spam and Virus Blocker

Nathan Ouellette
3/1/2009


Cisco's Spam and Virus Blocker is a single hardware appliance that is marketed to small businesses and can support up to 250 users. The device acts as an email gateway and message transfer agent, typically deployed between the internet edge and the email server. The appliance secures email using anti-malware, anti-spam and content filtering.

Configuration of the product is done remotely via a web interface. The setup was fairly easy and straightforward. The quick-start guide provided with the appliance was useful and we were able to connect to the administrative interface and implement key features in a short amount of time.

Changing views and navigating content is not done from the left side as we often see in many web interfaces. When it came to viewing information on the system dashboard, we had to navigate back to the dropdowns provided at the top of the page and choose a different view since the dashboard views are not customizable. Given this small nuance on the dashboard, the device itself has all the features we would expect.

Reputation-based validation, anti-malware, LDAP integration, content filtering using dictionaries, as well as smart identifiers (Social Security, credit card numbers, etc.) were all part of the solution. It took us a few minutes to realize that the dictionary files need to be loaded one by one from a separate directory on the appliance. Once they are loaded, there are hundreds of industry and compliance related keywords that the device can use for content filtering. The administrative features on the device are impressive and contain features you would find on larger scale enterprise-class solutions.

The online help file seemed a bit light on the content. However, it should provide adequate direction for administrators.

No-cost 24/7 phone and email support is included. This includes a warranty on the hardware and updates to the software. The support website is top notch.

This is an impressive device as an entry point into the small business market. Smaller organizations with the budget and need for granular security options will appreciate the full featured enterprise-class nature of the product, as well as the support.

To purchase Ironport's products visit http://www.ironportstore.com.

Cisco Breaks New Ground in E-mail Security

Cisco IronPort Is First Security Vendor to Offer Flexible Portfolio of Appliance-Based Managed, Hosted and Hybrid E-mail Protection Services



SAN JOSE, Calif. - March 3, 2009 - – Cisco today announced new managed, hosted and hybrid hosted e-mail security services that provide the industry's most versatile set of e-mail protection offerings. As businesses demand greater agility and flexibility in how they collaborate, the Cisco® IronPort® Email Security services are aimed at providing them with complete choice and control over where their e-mail security is deployed and managed, whether it be on premise, off-site, in the cloud or a combination of the three.
Facts/Highlights:

* Spam is the weapon of choice for many criminal networks. Findings from the 2008 Cisco Annual Security Report revealed that spam accounts for nearly 200 billion messages a day, approximately 90 percent of the world's e-mail traffic. Today's announcement features security offerings to help businesses in light of these trends.
* Cisco IronPort Hosted Email Security, Hybrid Hosted Email Security and Managed Email Security services provide businesses with the ability to choose the e-mail security solution that meets their unique needs. These services enable high levels of e-mail protection, with exclusive preventive and reactive technologies, including spam protection, data-loss prevention, virus defense, e-mail authentication and powerful reporting tools for customized security services.

Cisco IronPort Hosted Email Security Solution

* The benefits of on-premise and cloud-based solutions are combined, as control of inbound traffic is enabled in the cloud, and outbound controls, such as data-loss prevention and encryption, can be handled on a customer's premise.
* Organizations can take advantage of the efficiencies of the cloud but maintain physical control of on-premise equipment for handling sensitive data.
* With a common management interface spanning both the hosted and on-premise equipment, the hybrid solution delivers unified centralized reporting, message tracking and quarantine.
* All future capacity requirements for hosted and on-premise infrastructure is included in each year's annual service fee.

Cisco IronPort Hybrid Hosted Email Security Solution

* Protection is delivered via a dedicated e-mail infrastructure hosted in a network of Cisco data centers.
* Unlike other hosted e-mail security solutions, the Cisco IronPort offering has no shared infrastructure. This provides organizations with the highest uptime while maximizing protection of sensitive data from contamination risks.
* The cloud-based model supports corporate green initiatives by reducing the corporate data center's energy and physical footprint, reducing power, cooling and operational expenses.
* Customers retain control of hosted devices with co-managed device access and can access real-time reports and modify configurations without service ticket response delays.
* Capacity assurance provides scalable protection enabling for future growth of spam volume.

Cisco IronPort Managed Email Security Service

* A state-of-the-art service is staffed by Cisco e-mail security experts who remotely manage and monitor customers' e-mail infrastructure.
* The service provides the high level of data security inherent in on-site e-mail security appliances while taking advantage of the flexibility to delegate some or all management and maintenance responsibilities, allowing information technology staff members to focus on other strategic initiatives.
* Companies can eliminate ongoing training and avoid additional spending on dedicated hardware for managing rising spam volumes.
* Capital expenses on hardware are reduced with a simplified per-user, per-year pricing model that can be included in the operational expense budget.
* Customer support is available 24x7 through security operations centers staffed by Cisco e-mail security experts.

Pricing and Service Availability

* Cisco IronPort Email Security services will be available in April through resellers authorized to sell Cisco IronPort e-mail security services. Pricing is variable on the type of service implemented.

Supporting Quotes:

* Tom Gillis, vice president and general manager, Security Technology business unit, Cisco
"Customers want choice, and because every IT department is unique, offering an e-mail security solution that is hosted, managed or on-premise gives businesses the flexibility and world-class security needed in today's threat environment. No matter what offering our customers choose, the hallmarks of Cisco IronPort technology remain: ease of use, performance and innovative technology. We're offering these benefits in any form factor and in any service to fit customers' unique needs."
* Richard Rothschild, senior IT director, TiVo (Cisco IronPort Customer)
"Monitoring e-mail is just one task in an ever-growing a list of IT issues we confront on a daily basis. The Cisco IronPort Managed Email Security service combines the best of the traditional outsourced hosted model while keeping the appliances on my network. This provides us maximum control while freeing us to focus on higher-order network concerns. Indeed, Cisco's security experts are now a part of our team, helping us maintain control over our business-critical data and e-mail infrastructure. We are very pleased with the service."
* Brett Rushton, vice president, Insight Networking (Cisco IronPort Channel Partner)
"We are very excited about the new email security services from Cisco IronPort. Cisco IronPort is already one of our leading partners in the email appliance space and this expansion represents an opportunity to bring a broader set of solutions to our clients. Given the current economic environment, our client's are proactively looking for ways to deploy enhanced capabilities in the most cost effective manner. Cisco IronPort's portfolio of email services gives them the flexibility they need to meet their specific business requirements."

To purchase Ironport's products visit http://www.ironportstore.com.

IronPort Turbocharges Web Security Appliances

Offering Fast Multilayered Protection Against Malware, IronPort S-Series Line Expands to Include SMB Market

Next Generation Hardware for Web Security (Podcast)

SAN BRUNO, Calif. - Oct. 21, 2008 - IronPort® Systems Inc., a leading provider of solutions that protect businesses against spam, viruses and malware, and now part of Cisco, today introduced one of the industry's fastest Web security appliances, capable of supporting up to 30,000 end users with a single device. Delivering up to 100 percent more speed than previous models, the new IronPort S-Series™ hardware platforms feature multiple processors running IronPort AsyncOS™, which offers IronPort Web Reputation Filters™ and multiple anti-malware scanning engines running in parallel to help eliminate performance degradation and end user latency.

Hardware upgrades to the IronPort S-Series product line include the IronPort S660™, which is designed for large enterprise data centers and is able to support up to 30,000 users from a single box, and the IronPort S360™, a powerful option for medium-sized enterprises of up to 10,000 end users. Additionally, the company has introduced the IronPort S160™, which expands IronPort's comprehensive and user-friendly Web security solutions to the small and medium-sized business market.

Web traffic is expected to grow by 51 percent in 2008, according to the Cisco Visual Networking Index - Forecast and Methodology, 2007-2012. This rapid growth alone will stretch network infrastructures, but compounding the problem will be the expected increase in rich Web content, which requires greater processing power and scalability to enable inspections for acceptable use policies (AUP) and security violations.

Because of this growth in Web traffic, enterprises must find a way to ensure network security while not affecting the end user's experience accessing the Web. IronPort's new, faster Web security appliances utilize multicore scanning combined with IronPort Dynamic Vectoring and Streaming™ (DVS) technology to examine potential threats with minimal or no performance degradation or end user latency. Multicore scanning distributes security tasks across all available processor cores, allowing more processing to be done in parallel to reduce latency and improve scalability.

Web security gateway appliances that are this advanced and fast improve efficiency, require the deployment of fewer boxes, and consume less power to support greener data center initiatives, all of which result in an increased return on investment. A single highly secure IronPort S-Series Web gateway can typically replace three comparable appliances from competing vendors.
Powerful Security for SMBs

In the past, solutions this powerful were reserved for the largest enterprises. But the new IronPort S160 appliance gives small businesses and remote offices the same protection as Fortune 500 companies enjoy. The IronPort S160 is a small appliance, taking up only a single rack unit, but it incorporates the same powerful Web security capabilities as other IronPort S-Series devices.

"According to a recent industry report, less than 30 percent of enterprise networks employ dedicated secure Web gateways. As a result, we believe there will be a tremendous demand for Web security appliances as Internet traffic grows and malware threats increase," said Tom Gillis, vice president of marketing at Cisco. "The expansion of the IronPort S-Series product family gives us a breadth of products that are sized and priced right to meet the needs of organizations of any size. With the ability to serve more end users with a single device, these products also help enterprises reduce power and space requirements."

"IronPort's powerful Web security appliance has enabled us to eliminate a number of devices we have to maintain in the data center, which helps us save space and reduces costs for electricity and IT management," said Russell Graham, network services manager at Wesley College in Australia.

To purchase Ironport's products visit http://www.ironportstore.com.

IronPort Extends Leadership with New E-mail Security Appliances

Improved Gateways Enable Enterprises and ISPs to Adeptly Manage Growing Influx of Spam and E-mail-Borne Threats

SAN BRUNO, Calif. - October 8, 2008 - IronPort Systems Inc., a leading provider of solutions that protect businesses against spam, viruses and malware, and now part of Cisco, today announced hardware platforms for its enterprise- and carrier-grade e-mail security appliances that dramatically extend IronPort's performance advantage over its competition. The new IronPort C-Series™ and IronPort X-Series™ e-mail security gateways, as well as the new IronPort M-Series™ security management appliances, more effectively handle the increasing amount of spam worldwide. The appliances offer up to a 150 percent performance improvement over previous versions and provide customers with up to five times the throughput of competitive solutions. These continued performance improvements, along with industry accolades and market share gains, highlight the strength of IronPort's e-mail security offerings.

"IronPort has long been a leader in e-mail security," said Tom Gillis, vice president of marketing for Cisco. "Now that IronPort is part of Cisco, we have been able to break further away from the pack. Our solutions and our pace of innovation help our customers remain protected against rapidly changing Internet threats. Our latest hardware releases are a great example of our ability to significantly raise the bar for e-mail performance while extending our leadership position for anti-spam accuracy."

Spam continues to be one of the biggest threats to e-mail performance and network security. Currently, spam accounts for 78 percent of the e-mails sent each day. That percentage is expected to rise to 83 percent within four years, according to an August 2008 report from the Radicati Group entitled "E-mail Security Market: 2008-2012."

IronPort's performance in the e-mail security appliance market has been recognized by both Gartner and the Radicati Group. IronPort is also ranked as the world's largest vendor of e-mail security appliances by IDC. IronPort's products now protect more than 200 million mailboxes, including those at 42 of the world's 100 largest companies.

IronPort's SenderBase® Network and Threat Operations Center monitor messaging traffic and virus outbreaks around the globe and together comprise the world's first and largest traffic monitoring network. With IronPort appliances deployed at eight of the 10 largest ISPs and more than 40 percent of Global 100 companies, SenderBase measures more than 30 percent of the world's messaging traffic - receiving over 30 billion queries per day. More than 100,000 organizations now participate, ensuring that IronPort's SenderBase offers the industry's most accurate traffic monitoring. Additionally, IronPort's Threat Operations Center is staffed by experienced industry analysts who monitor virus outbreaks in real time and can quickly issue outbreak rules to protect IronPort customers.

Commenting on IronPort's products, James Piper, assistant vice president, systems administration manager of the fourth largest Los Angeles-based financial institution said, "As we faced an ever-increasing volume of spam and virus-ridden e-mail, it became readily apparent that unless we found a way to somehow filter out these messages, our e-mail system would quickly become a liability rather than a productive tool. At the time, IronPort was the only vendor that offered to send someone to our location; install and configure the appliance; and allow us to spend 30 days evaluating the product, no strings attached. We receive over 160,000 e-mails a day and the performance, accuracy and simplicity of the product went well beyond our expectations. Our 30-day evaluation turned into what is now our fourth year with IronPort. Much to our continued amazement, our two appliances filter out over 95 percent of spam and virus ridden e-mails through its reputation and spam filtering software while maintaining a nearly flawless false-positive ratio. Choosing IronPort was a great decision in 2005 and continues to be a great decision today."
Pricing and Availability

To purchase Ironport's products visit http://www.ironportstore.com.

IronPort Plugs Crucial Web-Security Gap with Exploit Filtering

Enhanced Reputation Filtering Identifies Compromised and Exploited Web Sites More Quickly and Accurately Than Traditional URL Filtering

VOD - Good Sites go Bad. IronPort Exploit Filtering fights the Invisible Threat

SAN BRUNO, Calif. - September 22, 2008 - IronPort Systems Inc., a leading provider of solutions that protect businesses against spam, viruses, malware and spyware, and now part of Cisco, today announced that it has enhanced the protection offered by its Web-security appliances with the addition of Exploit Filtering. Exploit Filtering utilizes IronPort’s distinctive Web-reputation technology to protect users from malware delivered through compromised Web sites even when these sites are not identified through URL filtering or signature scanning. Exploit Filtering is available on the IronPort S-Series™ family of Web-security appliances.

In March 2008, IronPort launched its URL Outbreak Detection and Botsite Defense to protect users against malware distribution through Web sites controlled by botnets. Exploit Filtering zeroes in on the latest security threat: trusted Web sites that have been compromised to deliver Trojans or phishing attacks. Such attacks are carried out via techniques such as cross-site scripting exploits (a flaw within web applications that sends malicious code to the browsers of unsuspecting users), buffer overflows (sending too much data to an application’s temporary storage, which can enable security breaches), SQL injections (a technique that exploits a security vulnerability occurring in the database layer of an application), and invisible iFrame redirects (sending users to malware-generating sites).

According to IronPort’s Threat Operations Center, which monitors and analyzes Web traffic in real time, exploited Web sites are responsible for more than 87 percent of all Web-based threats today, and an increasing number of malware writers are targeting well-known, trusted Web sites. For example, in early July, a major Japanese video game company’s Web site fell victim to an SQL injection attack, in which a piece of malicious JavaScript was embedded in parts of the site so that a pop-up message warned users that their computers were infected with malware. The pop-up then led users to a site where they could purchase so-called anti-virus software that was actually a malicious Trojan.

Traditional URL filters are not effective in identifying these threats because they rely on manual classification techniques. Infected sites can hide behind generic classifications such as shopping, finance, entertainment or news. However, IronPort’s Web-reputation technology uses real-time scanning in order to find and block access to the compromised Web sites before their malware can become operational.

IronPort’s Web-reputation filtering system is the only solution in the industry to examine every request made by the browser, from the initial HTML request to all subsequent data requests, which may be fed from different domains. If the presence of vulnerabilities and exploits is confirmed, a Web site is assigned one of three threat levels:

* Compromised by Exploits and Actively Hosting Malware. These sites have active exploits and are serving malware or have malicious scripts injected into them. They are immediately blocked.
* Compromised by Exploits. These sites have been compromised with one or more exploits and have malicious scripts present, but the malware has not yet been activated by command-and-control servers. These sites, too, are blocked by default.
* Vulnerable to Exploits. These popular, high-traffic Web sites are put on a "high-risk watch" and actively monitored by IronPort’s Threat Operations Center because they are susceptible to common exploits or have been linked to malware distributions in the past.



As the first line of malware defense, IronPort’s Web-reputation filtering system analyzes more than 5 billion Web transactions daily, blocking up to 70 percent of malware at the connection level, prior to signature scanning. Using its global URL traffic data, IronPort’s Web-reputation system is able to offer an industry-leading malware-catch rate: 60 percent higher than the rate of traditional signature scanners.

"With the addition of Exploit Filtering, we are offering uncompromised protection against one of the biggest invisible threats on the Web: the transparent passing of malware through legitimate Web sites," said Tom Gillis, vice president of marketing at IronPort Systems. "By automatically filtering against exploited Web sites, IronPort continues to set itself apart from the competition in the Web-security-appliance market. With this innovative approach to filtering, we can reassure our customers that their network security will not be jeopardized when browsing trusted sites, which are often targets of malicious Trojan and phishing attacks."

Exploit Filtering is currently available on the IronPort S-Series, the industry’s fastest Web security appliance. IronPort S-Series appliances combine a high-performance security platform with IronPort’s exclusive Web-reputation technology and Dynamic Vectoring and Streaming™ (DVS) engine, a scanning technology that enables accelerated signature-based malware and spyware filtering.

To purchase Ironport's products visit http://www.ironportstore.com.