Anyone have document of different B/W Symantec web getaway V/S Cisco IronPort.
Innovative Security Platform That Delivers Protection, Performance, and Accuracy
Cisco IronPort Web Security Appliances help enterprises secure and control web traffic by offering multiple layers of malware defense on a single, integrated appliance. These layers of defense include Cisco IronPort Web Reputation Filters, multiple antimalware scanning engines, and the Layer 4 Traffic Monitor, which detects non-port 80 malware activity. The Cisco IronPort S-Series is also capable of intelligent HTTPS decryption, so that all associated security and access policies can be applied to encrypted traffic.
A fast web proxy is the foundation for security and AUP enforcement. It allows for comprehensive content analysis, which is critical to accurately detect devious and rapidly mutating web-based malware. Powered by the proprietary Cisco IronPort AsyncOS operating system, the web proxy includes an enterprise-grade cache file system. This system efficiently returns cached web content through intelligent memory, disk, and kernel management—easily ensuring high performance and throughput for even the largest of networks.
Major Features of SWG:
1. Improved Web Security utilizing the Symantec AV Engine. A secondary AV
scan is performed by the Sophos engine on systems with Sophos licenses.
2. Utilizing Symantec Global Intelligence Network for Malware URLs, IP
addresses, and Botnet Command and Control.
3. New Symantec licensing file.
4. Software image supports a choice between Web Gateway or Central
Intelligence Unit - selected during initial startup Wizard configuration.
5. URL Filter policy enhancement for handling ambiguity: On multi category
URLs, policies can be set to take action based on the most restrictive (Blocking)
or the most permissive (Allow) category.
6. End user communications supported on additional locales.
If this Info helps to resolve the issue please Mark as Solution
One correction here, the Web Gateway does not have a secondary AV feature available and only scans file downloads with the Symantec Antivirus Engine.
The Web Gateway is also an Inline device which offers extremely fast throughput and scanning as there is no proxy(although customers will have the option to use the device as a proxy if desired when SWG V5 is released at the end of the year).
The ability to identify Infected Client machines and Botnets on the protected networks is a big differentiator.
For environments that have no current web protection and aren't interested in deploying a proxy, the Web Gateway in most cases would be very easy to deploy.
As all network traffic passes through the Web Gateway inline, it is seeing all traffic over all ports and protocols(not just the proxied traffic) and analyses this traffic in both directions.
The Application Control module allows customers to allow, block, or monitor over 100 different applications and protocols. The Web Gateway identifies traffic based on packets, and is therefore not reliant on certain traffic to be on a standard port for it to be identified.
Thx for reply.