Cisco Secure Web Appliance (formerly Cisco WSA)

Cisco Secure Web Appliance, which is previously called Cisco Web Security Appliance (Cisco WSA), is an all-in-one web gateway that combines advanced malware protection, application visibility and control, insightful reporting, secure mobility, and acceptable use policy controls that keeps the organization safe from Internet-based threats.

Threats are not only found on suspicious websites, they can also be hidden on legitimate websites where users might click them unknowingly. Cisco Secure Web Appliance is equipped with a comprehensive range of security that can immediately block suspicious websites, detect hidden malware on websites, and test unknown websites before users can click on them.

The Secure Web Appliance uses real-time threat security intelligence from Cisco Advanced Malware Protection (AMP) Threat Grid and Cisco Talos to stay one step ahead of the latest Internet threats and prevent the most current exploits from infiltrating the network. It also provides many layers of malware protection and key data loss prevention (DLP) technologies throughout the whole attack spectrum.

Cisco Secure Web Appliance is available as physical and virtual appliances. It can also be deployed in the public cloud using Amazon Web Services (AWS). Secure Web Appliance can be integrated with Cisco Umbrella for cloud-delivered gateway protection, and with Cisco SecureX for enhanced visibility, faster incident response, and automation across Cisco Secure product suite.


Cisco WSA or Secure Web Appliance Capabilities

Prior to an attack, Cisco WSA or Secure Web Appliance actively identifies and prevents possible threats by using web reputation filters, URL filtering, and controlling web traffic using Cisco AVC.


Web Reputation Filtering

Web reputation filtering protects client devices from visiting potentially harmful websites that contain malware or phishing links. The unknown URLs are analyzed and categorized, then blocking those that fall below a predetermined security threshold. Web reputation filters also examine more than 200 distinct web traffic and network-related data when a web request is made to assess the amount of risk associated with a website.

The site is awarded a reputation score that goes from 10 to +10 after evaluating the domain owner, the server where the site is housed, the time the site was launched, and the kind of site. The site is blocked, allowed, or delivered with a warning based on its reputation score and set security policies.


URL Filtering

Traditional URL filtering is integrated with dynamic content analysis in real-time, and this is used to prevent access to known websites with malware. URLs are checked against a list of known websites in the Cisco URL filtering database of more than 50 million blacklisted sites.

Using the Dynamic Content Analysis (DCA) engine, inappropriate content is properly recognized in real-time for 90% of unknown URLs. The DCA engine reads text, rates it for relevance, calculates model document proximity, and delivers the most relevant category match. Cisco Talos refreshes the URL filtering database every three to five minutes with data from several sources.


Cisco Application Visibility and Control (AVC)

Cisco AVC analyzes and categorizes the most relevant and extensively used online and mobile applications, as well as over 150,000 micro-applications to provide administrators with the most detailed control over application and usage behavior. AVC can also be designed to let users browse Facebook for example, but prohibit them from doing actions, such as typing a comment.

During an attack, Secure Web Appliance uses security intelligence from Cisco Talos, and Cisco AMP for networks to identify and block zero-day threats that managed to infiltrate the network.


Cloud Access Security

Cisco Secure Web Appliance can guard against hidden dangers in cloud applications by collaborating with major CASB providers to monitor cloud application use in real-time and battle developing threats with intelligent security driven by data science.


Parallel Antivirus (AV) Scanning

Numerous anti-malware scanning engines are operating in parallel on a single appliance, thus malware protection coverage is improved while maintaining fast processing speeds and avoiding traffic bottlenecks.


Layer 4 Traffic Monitoring

With an integrated Layer 4 traffic monitor, Secure Web Appliance monitors all traffic, ports, and protocols to identify and stop spyware “phone-home” connections. It also detects compromised clients and assists in malware prevention.


File Reputation and Analysis with Cisco AMP

Files are evaluated using the most recent threat intelligence from Cisco Talos. As each file passes through the gateway, a fingerprint is obtained and is transmitted to the Cisco AMP Cloud to be verified against zero-day exploits.


Data Loss Prevention (DLP)

Internet Control Adaptation Protocol (ICAP) is used to integrate with DLP solutions from leading third-party DLP vendors. Contents are permitted or restricted depending on third-party rules and policies by routing all outgoing traffic to the third-party DLP appliance.

For regulatory compliance, data security, and intellectual property protection, a deep content inspection can be enabled. The outbound traffic is inspected and analyzed for content indicators such as sensitive files, credit card information, customer personal data, etc., which are prevented from being transferred to cloud file-sharing services like Dropbox.

Following an attack, Cisco Secure Web Appliance continually inspects the network for instances of undiscovered malware and breaches. The files are also scanned continuously over time using Cisco Talos and Cisco AMP Thread Grid.

To offer awareness and insight into malware that evades early defenses, alerts are delivered when a file disposition changes, such as an unknown file is discovered to be malware. Global Threat Analytics (GTA), previously known as Cognitive Threat Analytics (CTA), analyzes web traffic, endpoint data from Cisco AMP for Endpoints, and network data from Cisco Stealthwatch Enterprise, and it detects suspicious activities using machine learning before exfiltrating sensitive data.

Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: