Académique Documents
Professionnel Documents
Culture Documents
Solution Overview
Cisco Reputation Filtering:
Providing New Levels of Network Security
Table of Contents
Executive Summary.....................................................................................................................................3
© 2010 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. 2
Cisco Reputation Filtering:
Providing New Levels of Network Security
Executive Summary
Today’s sophisticated, blended threats can exploit three or four different communications vehicles before
they launch full-scale attacks on unprepared enterprise networks.
This white paper, written for IT managers and executives, examines the new security risks for today’s
borderless enterprise networks, and describes how cloud-based Cisco® Security Intelligence Operations
and powerful, comprehensive reputation filtering capabilities built into Cisco security appliances and
services can help you protect your network from known and unknown threats.
© 2010 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. 3
Cisco Reputation Filtering:
Providing New Levels of Network Security
At one time, exploits could often be traced to a small number of software weaknesses that were being
widely exploited. In the last few years, however, Cisco SIO has observed a greater and broader number
of vulnerabilities and attacks that require a more patches, mitigations, and wider monitoring activity.
© 2010 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. 4
Cisco Reputation Filtering:
Providing New Levels of Network Security
Think of Cisco SIO as the world’s largest cooperative global security ecosystem, using more than
700,000 live feeds from linked Cisco email, web, firewall, and intrusion prevention systems (IPSs).
1) Cisco SensorBase collects raw event data from more than 700,000
globally linked sensors in Cisco IPS devices, firewalls, and web
security and e-mail security devices, as well as data from more than
600 third-party feeds. SensorBase examines more than 30 percent of
the world’s e-mail, thanks to strategically located “honey-pot” accounts
equipped with e-mail addresses publicized on lists that spammers
might use.
2) The Cisco SIO Threat Operations Center weights and processes
the data. When necessary, Cisco security experts reverse-engineer
malware and other Internet threats. Engineers also collect, research,
and supply information about security events that have the potential
for widespread impact on networks, applications, and devices.
3) When the data is ready for deployment, Cisco SIO mechanisms dynamically deliver updates to
Cisco firewall, web, IPS, and email devices, and Cisco IntelliShield vulnerability aggregation and alert
services. Cisco SIO also sends security best practice recommendations and community outreach
services to Cisco customers.
SensorBase
© 2010 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. 5
Cisco Reputation Filtering:
Providing New Levels of Network Security
An IP address controlled by a
spam house or a known open An IP on one or more A known enterprise, or
proxy generating massive reliable blacklists or sender who has
volume of complaints and belonging to a suspicious undergone third-party
hitting many spamtraps. new sender with some Some spending history, certification, with no
Almost guaranteed to complaints and spamtrap low, or moderate complaints and a long
be spam. hits. complaints. sending history.
-10 -5 0 +5 +10
Spam houses generating May be dynamic IP (e.g., dial-up) Long sending history,
complaints and hitting spam sending direct to Internet or few complains.
traps. IP listed on one or more email marketer with poor
open proxy lists. Almost practices, or legitimate
always spam. enterprise with an open server.
© 2010 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. 6
Cisco Reputation Filtering:
Providing New Levels of Network Security
© 2010 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. 7
Cisco Reputation Filtering:
Providing New Levels of Network Security
© 2010 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. 8
Cisco Reputation Filtering:
Providing New Levels of Network Security
Summary
Today’s network threats can appear from literally anywhere. Malicious events arise from known suspicious
websites and spam, from zero-day exploits, and from new or legitimate websites that have been invisibly
compromised.
Cisco is on the vanguard of intelligent, proactive threat defense with its blended reputation and threat
analysis approach and its global, cloud-based Cisco Security Intelligence Operations using SensorBase,
the world’s largest threat database. Near-real-time cooperative data sharing and dynamic updates deliver
the latest protection to Cisco devices and security best practices to keep Cisco customers informed
and protected.
To learn more about Cisco Security Intelligence Operations, visit www.cisco.com/go/security or contact
your local reseller. To find a reseller in your area, visit www.cisco.com/web/partners.
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.
© 2010 Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks
mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R) C11-614626-00 08/10
© 2010 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. 9