ScanSafe is a best of breed software as a service "cloud" web security player. Given that most threats are now propagated via port 80/443 this technology is in high demand. ScanSafe offers several innovative features like SearchAhead. SearchAhead modifies search engine results that users receive (like google searches) and adds an ScanSafe securty level icon next to each search entry. This gives users a visual indication of approved, denied, malicious, etc. search hits. If the user then clicks on the icon they are presented with a detailed description of the security risk. here is an example:
ScanSafe's solution scales from small businesses to fortune 100 behemoths. The ScanSsfe technology will be integrated into the Cisco Anyconnect SSLVPN client. This means that current and future Cisco SSLVPN customers will be offered a full blown port web security solution for every client with Anyconnect (ScanSafe is also available as its own agent). The Anyconnect client model will take advantage of the inherent benefits and ease of deployment that comes with SSLVPN.
So what is ScanSafe's solution anyway? Well, It is a cloud based client web security offering. It allows you to completely move web security into the cloud but maintain your own management and monitoring portal so you can set your policies. The security features offered include URL filtering, virus and spyware scanning, message security, IM control, some DLP features, and a few others. Here is a look at their management portal dashboard:
Here is a look at their summary reports page:
ScanSafe has four main service offerings: Web security, Web filtering, Anywhere+ and Message security
-Scansafe web security analyzes every web request made by the client to determine if it malicious, inappropriate or corp policy compliant. This offering provides malware protection. It uses outbreak intelligence technology consisting of multiple "scanlets" to protect against zero day outbreaks. The outbreak intelligence service from ScanSafe uses all sorts of techniques to analyze traffic. Some of these are sandboxing, java run-time analysis, behavior based analysis, reputation and a few others. Bottom line is they are using their technology to try and find attacks that bypass signature based protection mechanisms.
-Web filtering is URL filtering. It works with SSL encrypted web traffic as well. They provide a real-time content classification technology, DLP functionality to control content leakage, traditional url lists/categories, plus a very cool reputation solution similar to ironports.
-Anywhere+ provides ScanSafe protection to clients no matter where they are connected to the Internet. It intelligently redirects client web traffic to the closest ScanSafe datacenter for best performance. In a nutshell, this technology provides a "VPN Tunnel" for your web traffic back to ScanSafe for analysis.
-Message Security is email security. Anti-spam, anti-virus, anti-malware scanning for your email using a service instead of on-premise solutions. Given that this service is currently provided by Google (a competitor to Cisco Ironport) I don't think Cisco will continue this service as is. My guess is it will be relaunched using Cisco Ironport protection instead but who knows.
Putting things in the cloud is only as good as the reliability performance, and availability of the service. To that end ScanSafe offers four geographically dispersed datacenters and boasts a 100% uptime over the last 6 years! ScanSafe supports parallel processing of web content to increase performance. This means a web request is broken down into its components (java, images, text, links, etc.) and each component is then scanned at the same time.
As I learn more about this new offering from Cisco I'll write more on it. Given that Cisco chose to acquire the marketshare leader in the web security protection space shows that Cisco is serious about entering this market and fast. I don't know about you but the businesses I talk to are all implementing, refreshing or reviewing the new web security offerings out there. I have to guess that Cisco sees this as well and realizes it needs to be a major player here in order to survive in the broader security market.
So, do you think the ScanSafe acquisition was a good thing for Cisco or not?
The opinions and information presented here are my PERSONAL views and not those of my employer. I am in no way an official spokesperson for my employer.
More from Jamey Heary:
* Credit Card Skimming: How thieves can steal your card info without you knowing it
* Why you should always shred your boarding pass
* Video rental records are afforded more privacy protections than your online data
* The truth about new SSL attacks
* 2009 Top Urban Legends in IT Security/a>
Go to Jamey’s Blog for more articles on security.
Jamey Heary, CCIE #7680, sits on the PCI Security Standards Council- Board of Advisors where he provides strategic and technical guidance for future PCI standards. Jamey is the author of Cisco NAC Appliance: Enforcing Host Security with Clean Access. (Check out all of Jamey Heary's books from Cisco Press.) He also has a patent pending on a new DDoS mitigation technique.
Jamey sits on several security advisory boards for Cisco Systems and is a founding member of the Colorado Healthcare InfoSec Users Group. He is an experienced speaker who is recognized as an expert in network security architecture, regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP, and he is a Certified HIPAA Security Professional. He has been working in the IT field for 15 years and in IT security for 10 years. Jamey is currently a Distinguished Systems Engineer at Cisco Systems.