A deep dive into Cisco's ScanSafe SaaS security offering

Cisco ScanSafe offers Cloud Based Web Security

Cisco now has two web security offerings, one that is on premise (Ironport Web Security Appliance) and one that is in the cloud (ScanSafe Web Security). Cisco says you can also combine the two services for a hybrid approach to web security. Most are new to Cisco's ScanSafe SaaS offering so that is what the focus of today will be on. First lets start with what is ScanSafe web security? ScanSafe encompasses the following: -Multi-tenant shared infrastructure SaaS subscription -Protect port 80 and 443 traffic from malware -Acceptable use controls like URL filtering -Data Loss prevention (DLP) -Integration with LDAP for user/group policies -Flexible Reporting with over 75 attributes -Overview, trending, and forensic data mining -Zero day outbreak intelligence service -Real-time content analysis of all web content -Web 2.0 content controls Pretty comprehensive list of features and functions but still what is the secret sauce that makes ScanSafe so dominant in the Web Security SaaS space and a Gartner darling? According to Cisco, three things set their service apart. 1. Reliability and Scalability. The ScanSafe service boasts 100% continuous availability since its inception over 6 years ago. They have 15 datacenters (with 5 more coming soon) scattered around the world so traffic never has to go far to be processed. Average latency for processing and scanning of web traffic is less than 50ms. The ScanSafe cloud processes billions of web requests/day and has customers small and large (over 100,000 endpoints). 2. Protection. ScanSafe's secret sauce here is its use of scanlets to scrub the different pieces of a webpage in parallel. First ScanSafe breaks out each webpage into its parts (java, images, text, scripts, etc.) Then it sends each type to a specific scanlet for processing. Because the processing is done in parallel the scanning latency is kept to a minimum. There are currently 13 different scanlets offered. See the graphic below for a depiction of how the Outbreak intelligence process works:

3. Reporting. ScanSafe touts their reporting, called WIRe (Web Intelligence Reporting) as their strongest differentiator. They back that claim up with all sorts of easy to use reports and reporting engines. In fact, over 24,000 report combinations covering more than 80 attributes in 11 reporting categories. ScanSafe's Web Intelligence Reports gather 75 attributes for every web request that is then made available through their reporting portal in a matter of minutes. Generating reports takes just seconds and each report can be scheduled, saved, or downloaded for off-line use. Of course custom reports are supported as well as super deep dive investigation reports based on users, groups, media type, category, host, etc.

For more info on Cisco's ScanSafe Web Security go to www.scansafe.com For an online demo of the ScanSafe product or for a free eval go to www.scansafe.com and check it out.

The opinions and information presented here are my PERSONAL views and not those of my employer. I am in no way an official spokesperson for my employer.

More from Jamey Heary: Credit Card Skimming: How thieves can steal your card info without you knowing it Google Nexus One vs. Top 10 Phone Security RequirementsWhy you should always shred your boarding pass Video rental records are afforded more privacy protections than your online dataThe truth about new SSL attacks 2009 Top Urban Legends in IT Security/a>Go to Jamey’s Blog for more articles on security.

*

*

*

*

*

*

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2010 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)