IronPort S-Series Security Management Appliance
Overview
Control Web Traffic and Protect the Network Perimeter from the Widest Range of Web-based Threats
Malware has quickly evolved to become a very significant corporate security issue. According to industry estimates, approximately 80 percent of corporate PCs are infected with spyware, yet less than 10 percent of corporations have deployed perimeter malware defenses. The speed, variety and maliciousness of Web-based malware attacks highlight the importance of a robust, secure platform to protect the enterprise network perimeter from such threats.
IronPort S-Series™ Web security appliances provide the industry's most comprehensive perimeter defense against a broad range of Web-based malware. The IronPort S-Series combines a high-performance security platform with IronPort's exclusive Web Reputation technology and breakthrough Dynamic Vectoring and Streaming™ (DVS) engine. Customers enjoy low Total Cost of Ownership (TCO), as these powerful applications are integrated and managed on a single appliance. Robust management and reporting tools deliver ease of administration and complete visibility into threat-related activity.
A powerful multi-layered, multi-vendor anti-spyware defense for enterprises.
Features
Innovative Security Platform Delivers Performance and Efficacy
IronPort S-Series appliances combine secure application proxies for Web traffic, a Layer 4 (L4) Traffic Monitor, and the IronPort Dynamic Vectoring and Streaming (DVS) engine - a sophisticated scanning and vectoring engine that has been designed from the ground up to address the unique challenges posed by scanning Web transactions and objects. This provides a powerful Web security platform, optimized for performance and efficacy.
A fast Web Proxy provides control over all Web traffic and allows for deep content analysis, which is critical to accurately detect devious and rapidly mutating Web-based malware. The industry's first implementation of reputation-based caching enables rapid delivery of safe objects and content to the end-user. Powered by AsyncOS™, IronPort's proprietary operating system, the Web proxy easily scales up to 100,000 simultaneous inbound and outbound TCP connections, ensuring high performance and throughput for the largest enterprise networks.
An integrated Layer 4 (L4) Traffic Monitor scans all ports at wire speed, detecting and blocking spyware "phone-home" activity. By tracking all 65,535 network ports, the L4 Traffic Monitor effectively stops malware that attempts to bypass Port 80 and also prevents rogue P2P and IRC related activity.
IronPort's DVS Engine employs sophisticated object parsing and vectoring techniques, along with stream scanning and verdict caching, resulting in up to a 10x scanning throughput increase over first-generation solutions.
A fast, full application proxy allows deep content analysis, which is critical for accurately detecting devious and rapidly mutating Web-based malware. Powered by AsyncOS™, IronPort's proprietary operating system, the proxy easily scales up to 100,000 simultaneous inbound and outbound TCP connections, ensuring high performance and throughput for the largest enterprise networks.
Multi-Layer, Multi-Vendor Defense In Depth
The industry's first Web Reputation Filters provide a powerful outer layer of defense. Leveraging SenderBase®, IronPort Web Reputation Filters™ analyze over 40 different Web traffic and network-related parameters to accurately evaluate a URL's trustworthiness. Sophisticated security modeling techniques are used to individually weigh each parameter and generate a single score on a scale of -10 to +10. Administrator configured policies are dynamically applied, based on reputation scores.
Industry-leading IronPort Malware System™ leverages the DVS engine and multiple verdict engines, the first from Webroot, to provide best of breed protection against the widest variety of Web-based threats. These threats can range from adware, browser hijackers, phishing and pharming attacks to more malicious threats such as Trojans, system monitors and keyloggers.
IronPort built the DVS engine to provide an integrated single-appliance solution matching against multiple signature types from different vendors. The first set comes from Webroot, an industry-leading anti-malware company. Webroot's Threat Research team is backed by Phileas, the industry's first automated spyware detection system, which identifies existing and new threats by intelligently scanning millions of sites daily. IronPort S-Series appliances are the first to include Webroot's award-winning technology at the gateway perimeter to keep these threats from entering the network.
The industry's first Web Reputation Filters provide a powerful outer layer of defense. Leveraging SenderBase®, IronPort Web Reputation Filters™ analyze over 45 different Web traffic and network-related parameters to accurately evaluate the trustworthiness of a given URL. Sophisticated security modeling techniques are used to individually weigh each parameter and generate a single score on a scale of -10 to +10. Administrator configured policies are dynamically applied based on reputation scores when filtering user requests. Web reputation data is also a key input for the DVS engine, driving object vectoring and verdict caching decisions.
Integrated multi-vendor verdict engines, powered by DVS deliver the most complete and accurate anti-malware defense. Customers have the option of selecting one or more signature vendors to meet their efficacy requirements. The high throughput and low latency of the DVS engine makes multi-vendor scanning feasible for the first time on HTTP gateways.
Comprehensive Management and Reporting Capabilities
Robust real-time and historical reports give valuable insight into Web traffic, as well as threat activity and prevention, within corporate networks. These on-box and off-box reports are designed to provide actionable information (such as a list of top clients infected, to allow for targeted clean-up), as well as historical trends.
IronPort policy filters provide unprecedented visibility and control to configure and manage the appliance. IronPort Web Security Manager™ lets administrators manage all Web security configurations — including access control, preventive and signature-based anti-malware filtering policies. Flexible policies allow administrators to perform source or destination-based filtering and add URLs, Domains, IPs or CIDRs to specific allow or block lists. Policies provide the ability to enable or disable malware coverage by threat type and define granular actions to be taken based on threat type. Automated, timely and secure updates ensure that the IronPort S-Series appliances provide protection from the latest attacks.
Multiple deployment modes enable flexibility within a corporate network. Deployment modes include deployment as an explicit forward proxy for the network or transparent deployment off an L4 switch or a WCCP router within the network. The IronPort S-Series appliance can be configured as a standalone proxy or to co-exist with other proxies.
An SNMP Enterprise MIB facilitates hands-off monitoring and alerting for key system metrics including hardware, performance and availability. A comprehensive enterprise class alert engine ensures oversight for all system parameters - including hardware, security, performance and availability.
Integrated Authentication via standard directories such as LDAP or Active Directory and the ability to implement multiple authentication schemes such as NTLM or Basic allows enterprises to deploy the IronPort S-Series seamlessly and take advantage of pre-existing authentication and access control policies within their network.
Extensive Logging enables enterprises to keep track of all Web traffic, benign and malware-related. Standard log formats include Apache, Squid or Squid-detailed—along with the ability to specify custom log formats, consistent with enterprise logging policies. Administrators can enable or disable log subscriptions or set log rollover and size limits based on log types.
- "The IronPort S-Series™ Web security appliances provide the industry's most comprehensive perimeter defense against a broad range of spyware and Web-based malware"
Benefits
Mitigate the Risks and Costs of Spyware With spyware infecting up to 80 percent of corporate desktops, there is considerable overhead around managing infected desktops, ensuring minimal downtime to the end-user and minimizing the risk of information leakage.
By stopping these threats at the network perimeter with the IronPort S-Series, enterprises can significantly reduce the administrative costs, prevent attacker "phone-home" activity on networks, reduce support calls, enhance worker productivity and also eliminate the business exposure that comes with these threats.
Low Total Cost of Ownership Legacy ICAP-based solutions typically require multiple appliances or servers to address Web-based malware. Unlike other solutions, the IronPort S-Series provides a single platform that contains a complete, in-depth defense — along with all the necessary management tools — significantly reducing initial and ongoing TCO.
Enterprise Scale Performance Real-time scanning of Web traffic to detect malware has been traditionally plagued by poor performance and high latency. Consequently, enterprises have shied away from deploying signature-based protection at the HTTP layer. IronPort S-Series appliances scale to meet the unique scanning needs of Web traffic, thereby ensuring that the end-user experience is maintained. IronPort's performance focus (with technical innovations in AsyncOS, which includes TCP connection management, reputation-based caching and adaptive object storage) ensures a platform that can address the capacity requirements of the largest of enterprises. At the same time, the DVS engine implements several optimization techniques to ensure end-user experiences are maintained.
Accurate Protection Against the Broadest Range of Threats IronPort® designed the IronPort S-Series appliances from the ground up to address the broadest range of Web-based malware threats, including spyware, phishing, pharming, Trojans, system monitors and keyloggers. A multi-layered defense that includes IronPort Web Reputation Filters, and multiple types of malware signatures within IronPort's DVS engine, ensures industry-leading accuracy.
The IronPort S-Series' multi-layered protection is based on a deep content application-layer inspection, as well as network-layer pattern detection, checking both inbound and outbound activities. These innovations result in the IronPort S-Series appliances protecting with the industry's most accurate anti-malware solution.
Comprehensive Visibility The IronPort S-Series appliances deliver real-time and historical security information, enabling administrators to quickly understand malware activity. Real-time reports let administrators identify and track issues as they occur. Historical reports allow administrators to identify trends and report on efficacy and ROI.
Low Administrative Overhead Designed to minimize administrative overhead, the IronPort S-Series appliances offer easy setup and management with an intuitive graphical user interface, support for automated updates, and comprehensive monitoring and alerting. The solution is also easy to deploy and configure to match corporate-specific policies.
Protection against the broadest range of threats The IronPort S-Series appliances are designed from the ground up to address the broadest range of Web-based malware threats, including spyware, viruses, phishing, pharming, trojans, and worms. A multi-layer defense that includes IronPort Web Reputation Filters , and multiple malware signatures within IronPort's D VS engine, ensures industry-leading accuracy.
Enterprise Scale Performance Real-time scanning of Web traffic to detect malware has been traditionally plagued by poor performance and high latency. Consequently, enterprises have shied away from deploying signature-based protection at the HTTP layer. The IronPort S-Series appliances provide industry-leading performance to minimize latency. This is critical to enterprises large and small, since the end-user Web browsing experience needs to be safe and smooth.
Comprehensive Visibility and Low Administrative Overhead The IronPort S-Series appliances deliver real-time and historical security information, enabling administrators to quickly understand malware activity. Real-time reports let administrators identify and track issues as they occur. Historical reports allow administrators to identify trends and report on efficacy and ROI.
Designed to minimize administrative over-head, the IronPort S-Series appliances offer easy setup and ongoing management by providing an intuitive graphical user interface, support for automated updates, as well as comprehensive monitoring and alerting.
Product Line
Sizing Up Your Web Security Solution
IronPort Systems provides industry leading Web security appliances for organizations of all sizes.
| IronPort S650 | Designed to meet the needs of the most demanding networks in the world. Suggested for organizations above 5000 users. |
| IronPort S350 | Suggested for organizations up to 5000 users. |
Specs (Model dependent)
| Chassis / Processor | |
|---|---|
| Form Factor | Form Factor 19" Rack-Mountable, 2U rack height |
| Dimensions | 3.5" (h) x 19" (w) x 29" (d) |
| CPU | 2x Dual Core Intel Xeon 5140, 4 MB Cache |
| Memory | 4 GB 533 MHz, Dual Ranked DIMMs |
| Backplane | PERC 5/i, x6 Backplane, Integrated Controller Card |
| Power Supplies | Hot-plug redundant, 700 watts, 100/240 volts |
| Storage | |
| RAID | RAID 10 configuration; Dual channel hardware with battery-backed cache |
| Drives | Six hot-swappable, 146 GB SAS Drives, 876 GB Total |
| Connectivity | |
| Ethernet | 4 Port, Dual Embedded Broadcom Gigabit NIC 2x Intel® PRO 1000PT Gigabit NIC |
| Serial | One RS-232 (DB-9) Serial Port |
| Interfaces / Configuration | |
| Web Interface | Accessible by HTTP or HTTPS |
| Command Line Interface | Accessible via SSH or Telnet; Configuration Wizard or command-based |
| File Transfer | SCP, FTP or SYSLOG |
| Programmatic Monitoring | XML over HTTP(S) |
| Configuration Files | XML-based configuration files |
Summary
The Ultimate Web Security System
Web-based malware is a rapidly growing threat — responsible for significant corporate downtime, productivity losses and major strains on IT resources. Additionally, an enterprise runs the risk of violating compliance and data privacy regulations if their networks become compromised by malware. The legal exposure as a result of these violations usually comes at a significant cost. An enterprise infected by malware also risks exposing its intellectual property assets.
The best place to stop these threats from entering the network is right at the gateway. Combining deep application content inspection, through a Web proxy and Layer 4 Traffic Monitor, allows enterprises to ensure breadth of coverage within their networks. IronPort Web Reputation Filters and multiple malware signatures from Webroot, integrated within IronPort's DVS engine, provide industry-leading efficacy against these threats.
With threats becoming more complex and sophisticated, IronPort S-Series Web security appliances offer the industry's most comprehensive protection against malware — while also ensuring enterprise-class performance.
Contact Us
How To Get Started With IronPort
IronPort sales representatives, channel partners and sales engineers are ready to help evaluate how IronPort products can make your corporate network infrastructure secure, reliable and easier to manage. If you believe that your organization could benefit from IronPort's industry-leading products, please call 650-989-6530 or visit us on the Web at www.ironport.com/leader.
