Talos Security Intelligence
Talos provides 24/7 rule updates to protect against new threats. Continually generates new rules to combat Zero Hour threats, and send these down to the WSA every 3 to 5 minutes.
Cisco Web Usage Controls
Web URL database of blocked sites for dynamic content filtering. Categorizes websites based on scans of text, scoring of the text for relevancy, calculation of model document proximity. Generates a score that can be used for trust decisions.
Advanced Malware Protection
AMP requires an additional license. Enables malware detection and blocking, continuous analysis, and retrospective alerting. Augments the malware detection and blocking capabilities already offered in the Cisco WSA with enhanced file reputation capabilities, detailed file-behavior reporting, continuous file analysis, and retrospective verdict alerting. The Cisco
AMP Threat Grid delivers malware protection through an on-premises appliance for organizations that have compliance or policy restrictions on submitting malware samples to the cloud. The Layer 4 Traffic Monitor continuously scans activity, detecting and blocking spyware “phone-home” communications. By tracking all network applications, the Layer 4 Traffic Monitor effectively stops malware that attempts to bypass classic web security solutions. It dynamically adds IP addresses of known malware domains to its list of malicious entities to block.
Cognitive Threat Analytics
A cloud-based tool that identifies the symptoms of a malware infection or data breach using behavioral analysis and anomaly detection. Requires an add-on license.
Application Visibility and Control (AVC)
Allows blocking/allowing applications (database is constantly updated). Also allows customized bandwidth and time quotas per user, per group, and per policy.
Data Loss Prevention (DLP)
Creates context-based rules for basic DLP. The Cisco WSA also uses Internet Content Adaptation Protocol (ICAP) to integrate with third-party DLP solutions for deep content inspection and enforcement of DLP policies. The Cisco WSA also supports Secure ICAP to encrypt the traffic exchanged between WSA and third-party DLP solutions.
Roaming-User Protection
Integrates with AnyConnect and Cisco ISE for VPN usage.
Centralized Management and Reporting
A centralized management tool to control operations, manage policies, and view reports.
Cisco® Web Security Reporting Application is a reporting solution that rapidly indexes and analyzes logs produced by Cisco Web Security Appliances (WSA) and Cisco Cloud Web Security (CWS).
Flexible Deployment
Physical boxes and virtual device install option. Both versions can interact with one another.
Deployment:
Two deployment options available
- Explicit mode (proxy automatic configuration [PAC] files, Web Proxy Auto-Discovery [WPAD], browser settings)
- Transparent mode (Web Cache Communication Protocol [WCCP], Policy-Based Routing [PBR], load balancers)
Licenses:
- Cisco Web Security Essentials
- Threat Intelligence via Cisco Talos
- Layer 4 traffic monitoring
- Application Visibility and Control (AVC)
- Policy management
- Actionable reporting
- URL filtering
- Third-party DLP integration via ICAP
- Cisco Anti-Malware
- Real-time malware scanning
- Cisco Web-Security Premium
- Web Security Essentials
- Real-time Malware Scanning
- Advanced Malware Protection
- AMP augments anti-malware detection and blocking capabilities with file reputation scoring and blocking, static and dynamic file analysis (sandboxing), and file retrospection for continuous analysis of threats.
- Cognitive Threat Analysis
- CTA relies on advanced statistical modeling and machine learning to independently identify new threats, learn from what it sees, and adapt over time
- McAfee Anti-Malware
- McAfee real-time malware scanning is available as a single, a-la-carte license.
