Cisco Secure Web Appliance

Cisco Secure Web Appliance is being used to monitor and prohibit any malicious activity from external websites. In addition, it is used to limit bandwidth usage to maintain end-user productivity. Currently, we are using it across the whole organization.

The Cisco WSA is used to block risky or non-approved sites from being accessed at work. It is used across the entire organization and is installed on all company hardware devices with internet browsing capability. The goal is to increase productivity by limiting non-business related websites as well as help prevent viruses, malware, phishing, etc attempts by preventing access to risky sites.

Cisco Web Security Appliance (WSA) or Ironport is our primary email security tool. All emails that are sent to our users pass through a server running Cisco Web Security Appliance (WSA) or Ironport. The security team uses this tool in accordance with the email management team. However, we serve all the departments of our organization. The main objective of this software is to drop emails with malicious attachments, low reputation IP, banned senders, globally blacklisted emails based on their signatures, etc. Although it doesn't ensure flawless detection, it does a great job at the initial phase of narrowing down our hunt for malicious emails. It led to almost a 60% reduction of attachments containing malware, thereby helping us in securing our assets.

Our corporation has relied on Cisco IronPort Web Security appliances for the last 9 years. We use it across the whole organization, in the headquarters and also in the remote offices. It helped us to solve one of the most challenging problems since the invention of the commercial Internet: be productive and navigate safely. Once we started to provide Internet access to the whole corporation, we were faced with some critical problems, like how to protect the company from unsafe websites that could harm our own network, like trojans, etc., how to be productive avoiding all the distractions the Internet provides, how to segment who could navigate and see what content on the Internet, how to save bandwidth due to the cache mechanism WSA uses and much more.

We used Cisco IronPort Web Security Appliance to provide filtered Internet access for the public and had several levels of filtering "strictness" available depending on the age of the patron involved. The choice of filter level was handled by the ILS and we did this by using different proxy server ports for different filtering levels. The primary purpose was to block offensive web sites from various age groups. We had to tweak the rules a little at the beginning, but we've found at this point that it is very rare to need to whitelist or blacklist sites. The web site categories worked very well for us and were accurate.

Cisco IronPort Web Security Appliance is a solid device. Deploying it came with a significant amount of white water because we chose to block uncategorized sites. We had to manually set or request categories for local websites. Blocking uncategorized sites has saved us from countless threats including several close calls with ransomware.

Currently we use Cisco IronPort Web Security to secure 60K users from web based malware threats and to filter suspicious and non business related categories. This deployment has decreased the attack surface from our users downloading malicious files and has an agency we have reduced the amount of business confidential information from being leaked by combining the IronPort proxies with data loss prevention software.

We were using Cisco IronPort Web Security Appliance for years in our company. The product was used as a web filter across the whole organization (main and 4 branch offices). The Internet for all branches was routed to the main office over the MPLS tunnel. There was just one Cisco IronPort WSA covering all our web traffic.