Академический Документы
Профессиональный Документы
Культура Документы
Agenda
ScanSafe overview Solution highlights Deployment options
Customers
Solution Overview
Positioning
Required Information:Overview of Prospect i.e. Seats/Locations/Gateways Customer Project or Problem Business Drivers Compelling Mechanism Timescales Budget Why ScanSafe:1.We do it cheaper, by saving time on cleaning infected PCs & by managing the software on a day to day basis 2.We are more secure, 200 million malware blocks a month spyware/malware/viruses 3.We are a complete solution Internal users & External users are controlled via the same service FREE EVAL FOR 30 DAYS NO OBLIGATION TO PURCHASE 1.
Competitive Outlook
Very significant market/vendor consolidation in past 2 years Key Competitors:
Websense incumbent in large % of deals. Focus on renewal unless pushed. Increase in development in SaaS platform. Continued move to try and position as a security vendor Blue Coat incumbent in large % of deals. Not that security focused. Rarely lose new business deals MessageLabs focus on email security with web security offered for completeness. Low cost, low functionality Zscaler small and relatively new, v. aggressive, may be acquired. Partnership with Microsoft. Less success in larger Enterprise customers.
1. Websense
12 months
Proven reliability
Web is now business critical communication 100% uptime for 7 years
Superior reporting
Complete flexibility into reporting criteria Allows end users to define exactly what data is important
Agenda
ScanSafe overview Solution highlights Deployment options
Hong Kong
calability Singapore Billions of Web requests/day Highly Parallel processing Multi-tenant architecture: average <50 ms latency 10Gb connectivity Redundant network providers Additional Data Centers planned
Sydney (2)
ScanCenter - Management
Multiple rules and schedules for User/Group granularity Bi-directional content based policy enforcement Dynamic content classification Control over HTTP & HTTPS communications
Agenda
ScanSafe overview Solution highlights Deployment options Deployment options
18
Agenda
No User Granularity Required User / Group Granularity Required Connector-less Solutions Roaming & Remote Users
Firewall directs port 80 traffic to web security service via Transparent Proxy / Port Forward (no browser changes required) Available with certain perimeter devices that have the ability to forward traffic based on port or protocol (BlueCoat, ISA, CheckPoint, Watchguard, SonicWall, Netgate etc) Provides Site/External IP granularity
Proxy Settings are pushed to browsers via Active Directory GPO Browsers connect through Firewall on port 8080 to Web Security Service Firewall blocks all other GET requests Provides Site/External IP granularity
1.Through GPO, Desktop Users are configured to reference a PAC file with each browser session 2.A global PAC file can point to different ScanSafe towers dependant on internal IP 3.Web requests are sent directly to the ScanSafe towers
Standalone Connector
Proxy Settings are pushed to browsers via AD,GPO or PAC file Forwards web traffic to ScanSafe on port 8080/443 to the Cloud based Tower Connector receives Client info and queries Active Directory Server for Group Information, then proxies to ScanSafe upstream Set Firewall to block all other GET requests Provides IP/End User/Group granularity
Web Security Service is configured as upstream proxy on currently installed proxy device Current proxy device communicates with Connector via ICAP to provide IP/User/Group information Requires no further Client configuration Set firewall to block all other GET requests Provides IP/End User/Group granularity
Connector-less Solutions
Provides AD user and group granularity. BCAAA must be installed and configured within the Active Directory environment. To also send internal IP address to the ScanSafe Scanning towers, Blue Coat must be configured to include x-forwarded-for headers. BC can run in transparent or explicit proxy mode Set firewall to block all other GET requests Provides End User/Group (possible IP granularity)
Proxy Settings are pushed to browsers via Active Directory GPO or PAC file OR PIM can be run in transparent mode with ISA / Bluecoat Login Script (or GPO etc) runs the PIM.EXE with required switches Requires no client installation Firewall blocks all other GET requests Provides End User/Group granularity
Why PIM?
There are many customers that do not want to deploy proxy servers yet still want granular policy control. This can be because of the shear number of sites they have to manage or for other technical reasons Deploying a small number of proxy servers to where many different locations tunnel, negates a lot of the advantages of modern MPLS networks and increases latency and bandwidth costs
PIM adds -XS headers to the browsers user agent string Included in this string is a unique hash that identifies the user in our Scanning tower This detail is encrypted Upon logon, PIM sends an out-of-bound request to the scanning tower and uploads the group information for that user These groups are automatically created in ScanCenter Following registration, each time a request to the Web is made, only the hash is sent to us along with the request and we can indentify the user and apply the correct policy according to the relevant group/s
Corporate Firewall
Installs a Network Driver which binds to all connections (LAN, Wireless , 3G) Automatic Peering Identifies nearest ScanSafe Datacenter and whether a connection is possible. AD information can be remembered from when the user was last on the corporate network using the Gpresult API (group policy)
Authenticates and directs your external client Web traffic to our scanning infrastructure Numerous datacenters are located all over the world ensuring that users are never too far from our in-thecloud scanning services SSL encryption of all Web traffic sent improves security over public networks
37
Access ScanSafe services from outside of corporate LAN Suitable for home workers Works with a VPN Works through another proxy Transparent to end user Works at a network which requires payment (e.g. Hotspot) Encrypts all web traffic to prevent eavesdropping Tamper resistant Location Aware (reduces latency)