Data SheetCisco Web Security ApplianceFor security, your network needs malware protection, application visibility and control,acceptable use policy controls, insightful reporting and secure mobility. Cisco offersthis protection, all on a single platform: the Cisco Web Security Appliance (WSA).In our highly connected and increasingly mobile world, more complex and sophisticated threats require the rightmix of security solutions. Cisco delivers security for all layers of network infrastructure with the strong protection,complete control, and investment value businesses need. We also offer a broad set of web security deploymentoptions, along with market-leading global threat intelligence. The Cisco WSA simplifies security with ahigh-performance, dedicated appliance, and the Cisco Web Security Virtual Appliance (WSAV) lets businessesdeploy web security quickly and easily, wherever and whenever it’s needed.The Cisco WSA was one of the first secure web gateways to combine leading protections to help organizationsaddress the growing challenges of securing and controlling web traffic. It enables simpler, faster deployment withfewer maintenance requirements, reduced latency, and lower operating costs. “Set and forget” technology freesstaff after initial automated policy settings go live, and automatic security updates are pushed to network devicesevery 3 to 5 minutes. Flexible deployment options and integration with your existing security infrastructure help youmeet quickly evolving security requirements.Virtual ApplianceWith the growth of video and other rich media, traffic has become less predictable, resulting in overages anddegraded performance. Addressing these and other issues, administrators face long lead times when buying andinstalling hardware, remote installation challenges, customs duties, and other logistical issues, especially inmultinational organizations. 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 1 of 7

The Cisco WSAV significantly lowers the cost of deploying web security, especially in highly distributed networks,by letting administrators create security instances where and when they are needed. The Cisco WSAV is asoftware version of the Cisco WSA that runs on top of a VMware ESXi or KVM hypervisor and Cisco UnifiedComputing System (Cisco UCS ) servers. You will receive an unlimited license for the Cisco SMAV with thepurchase of any of the Cisco Email or Web Security software bundles, along with the corresponding SMA softwarelicense.With the Cisco WSAV, administrators can respond instantly to traffic spikes and eliminate capacity planning. Thereis no need to buy and ship appliances; new business opportunities can be supported without adding complexity toa data center or requiring additional staff.Features and BenefitsTalos SecurityIntelligenceReceive fast and comprehensive web protection backed by the largest threat detection network in the world, with thebroadest visibility and largest footprint, including: 100 TB of security intelligence daily 1.6 million deployed security devices, including firewall, IPS, web, and email appliances 150 million endpoints 13 billion web requests per day 35% of the world’s enterprise email trafficProviding a 24x7 view into global traffic activity to analyze anomalies, uncover new threats, and monitor traffictrends. Talos prevents zero-hour attacks by continually generating new rules that feed updates to the WSA everythree to five minutes, enabling industry-leading threat defense hours and even days ahead of competitors.Cisco Web UsageControlsCombine traditional URL filtering with dynamic content analysis to mitigate compliance, liability, and productivityrisks. Cisco’s continuously updated URL filtering database of over 50 million blocked sites provides exceptionalcoverage for known websites, and the Dynamic Content Analysis (DCA) engine accurately identifies 90 percent ofunknown URLs in real time; it scans text, scores the text for relevancy, calculates model document proximity, andreturns the closest category match. Administrators can also select specific categories for intelligent HTTPSinspection.Advanced MalwareProtectionAdvanced Malware Protection (AMP) is an additionally licensed feature available to all Cisco WSA customers. AMPis a comprehensive malware-defeating solution that enables malware detection and blocking, continuous analysis,and retrospective alerting. It takes advantage of the vast cloud security intelligence networks of both Cisco andSourcefire technology. AMP augments the malware detection and blocking capabilities already offered in the CiscoWSA with enhanced file reputation capabilities, detailed file-behavior reporting, continuous file analysis, andretrospective verdict alerting. The Cisco AMP Threat Grid delivers malware protection through an on-premisesappliance for organizations that have compliance or policy restrictions on submitting malware samples to the cloud.The Layer 4 Traffic Monitor continuously scans activity, detecting and blocking spyware “phone-home”communications. By tracking all network applications, the Layer 4 Traffic Monitor effectively stops malware thatattempts to bypass classic web security solutions. It dynamically adds IP addresses of known malware domains toits list of malicious entities to block.Cognitive ThreatAnalyticsCisco Cognitive Threat Analytics is a cloud-based solution that reduces time to discovery of threats operating insidethe network. It addresses gaps in perimeter-based defenses by identifying the symptoms of a malware infection ordata breach using behavioral analysis and anomaly detection. Take advantage of Cisco Cognitive Threat Analyticswith a simple add-on license to your Web Security solution. Reduce complexity while gaining superior protection thatevolves with your changing threat landscape.Cloud Access SecurityCisco can protect you from the hidden threats lurking in cloud apps. We have partnered with leading CASB providersto deliver new visibility by monitoring your cloud app usage in real time, extending your control in a cloud-first,mobile-first world, and combating evolving threats through intelligent protection powered by data science. Ecosystempartners such as Elastica integrate smoothly with your customer's existing security architecture to extend onpremises protection into the cloud. Cloud Access Security solutions provide full visibility of your cloud appenvironment; classify all cloud traffic passing through the gateway to detect intrusions and data leakage; andautomatically enforce any new global security policies across all sanctioned and unsanctioned apps.Application Visibility andControl (AVC)Easily control the use of hundreds of Web 2.0 applications and 150,000 micro-applications. Granular policy controlallows administrators to permit the use of applications such as Dropbox or Facebook while blocking users fromactivities such as uploading documents or clicking the “Like” button. The WSA supports visibility of activity across anentire network. New: Customers can deploy customized bandwidth and time quotas per user, per group, and perpolicy.Data Loss Prevention(DLP)Prevent confidential data from leaving the network by creating context-based rules for basic DLP. The Cisco WSAalso uses Internet Content Adaptation Protocol (ICAP) to integrate with third-party DLP solutions for deep contentinspection and enforcement of DLP policies. The Cisco WSA also supports Secure ICAP to encrypt the trafficexchanged between WSA and third-party DLP solutions. 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 2 of 7

Roaming-User Protection The Cisco WSA protects roaming users by integrating with the Cisco AnyConnect Secure Mobility Client, whichprovides web security to remote clients by initiating a VPN tunnel that redirects traffic back to the on-premisessolution. Cisco AnyConnect technology analyzes traffic in real time prior to permitting access.The Cisco WSA is also integrated with Cisco Identity Services Engine (ISE). With this exciting enhancement,customers can now take advantage of the power of Cisco ISE for Cisco WSA upon request. Cisco ISE integrationallows admins to create policy on the Cisco WSA based on profile or membership information gathered by Cisco ISEthrough its single sign-on process.Centralized Managementand ReportingReceive actionable insights across threats, data, and applications. The Cisco WSA provides an easy-to-use,centralized management tool to control operations, manage policies, and view reports.The Cisco M-Series Content Security Management Appliance provides central management and reporting acrossmultiple appliances and multiple locations, including virtual instances.Cisco Web Security Reporting Application is a reporting solution that rapidly indexes and analyzes logs producedby Cisco Web Security Appliances (WSA) and Cisco Cloud Web Security (CWS). This tool provides scalablereporting for customers with high traffic and storage needs. It allows reporting administrators to gather detailedinsight into web usage and malware threats.Flexible DeploymentThe Cisco WSAV offers all the same features as the Cisco WSA, with the added convenience and cost savings of avirtual deployment model, including instant self-service provisioning. With a Cisco WSAV license, businesses candeploy web security virtual gateways without being connected to the Internet, by applying the license to a new CiscoWSAV virtual image file stored locally. Pristine virtual image files can be cloned, if needed, to deploy several websecurity gateways immediately.Run hardware and virtual machines in the same deployment. Small branch offices or remote locations can have thesame protection the Cisco WSA provides without having to install and support hardware at that location. Customdeployment is easily managed with the Cisco M-Series Content Security Management Appliance.Product SpecificationsTables 1 and 2 give Cisco WSA performance and hardware specifications, respectively.Table 1.Cisco WSA Performance SpecificationsLarge EnterpriseModelDisk SpaceRAID MirroringMemoryCPUsS6904.8 TBYes (RAID 10)64 GB, DDR42 x 2.5 Ghz, 24CYes (RAID 10)64 GB, DDR42 x 2.5 Ghz, 24CYes (RAID 10)32 GB, DDR32 x 2.7 Ghz, 16CYes (RAID 10)32 GB, DDR41 x 2.4 Ghz, 8CYes (RAID 10)16 GB, DDR31 x 2.0 Ghz, 6CYes (RAID 1)8 GB, DDR41 x 1.9 Ghz, 6CYes (RAID 1)4 GB, DDR31 x 2.8 Ghz, 2C(8x600 GB SAS)Large EnterpriseS690X9.6TB(16x600 GB SAS)Large EnterpriseS6802.4 TB(8x300 GB SAS)Midsize OfficeS3902.4 TB(4x600 GB SAS)Midsize OfficeS3802.4 TB(4x600 GB SAS)SMB and BranchS1901.2TB(2x600 GB SAS)SMB and BranchS170500 GB(2x500 GB SATA)* Please confirm sizing guidance with a Cisco content security specialist to help ensure your solution will meet your current andprojected needs. 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 3 of 7

Table 2.Cisco WSA Hardware SpecificationsCisco S690Cisco S690XCisco S680Cisco S390Cisco S380Cisco S190Cisco S1702RU2RU2RU1RU2RU1RU1RUDimensions 3.4" x 19" x 29"3.4" x 19" x 29”3.5” x 19” x 29”1.7" x 19" x 31"3.5” x 19” x 29”1.7" x 19" x 31"1.64” x 19” x15.25”RedundantP/SYesYesYesYesYesYes, NoDC YesYesYesYesYesEthernetinterfaces6 port 1G BaseT coppernetworkinterface (NICs),RJ - 456 port 1G BaseT coppernetworkinterface (NICs),RJ - 456 port 1G BaseT coppernetworkinterface (NICs),RJ - 456 port 1G BaseT coppernetworkinterface (NICs),RJ - 456 port 1G BaseT coppernetworkinterface (NICs),RJ - 452 port 1G BaseT coppernetworkinterface (NICs),RJ - 452 port 1G BaseT coppernetworkinterface (NICs),RJ - es, separateSKUsYes, separateSKUsYes, separateSKUsNoNoNoNo6 port 1G BaseSX Fiber:6 port 1G BaseSX Fiber:6 port 1G BaseSX Fiber:WSA- S690-1GWSA- S690-1GWSA- S680-1G6 port 10GBase-SR Fiber6 port 10GBase-SR Fiber6 port 10GBase-SR FiberHardwarePlatformFormFactorWSA- S690-10G WSA- S690-10G WSA- S680-10GTable 3 lists specificationsof the Cisco WSAV, and Table 4 lists those for the Cisco M-Series Content SecurityManagement Appliance.Table 3.Cisco WSAVWeb UsersWeb UsersModelDiskMemoryCores 1000S000v250 GB4 GB11000-2999S100v250 GB6 GB23000-6000S300v1024 GB8 GB4ServersHypervisorCisco UCSESXi 5.0, 5.1, and 5.5Red Hat Enterprise Linux 7.0KVM: QEMU 1.5.3Ubuntu 14.04.1 LTSKVM: QEMU 2.0.0Table 4.Cisco M-Series Content Security Management ApplianceModelCisco M680Cisco M380Cisco M170Users (approximately)10,000 Up to 10,000Up to 1,000 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 4 of 7

DeploymentThe Cisco WSA is a forward proxy that can be deployed in either Explicit mode (proxy automatic configuration[PAC] files, Web Proxy Auto-Discovery [WPAD], browser settings) or Transparent mode (Web CacheCommunication Protocol [WCCP], Policy-Based Routing [PBR], load balancers). WCCP-compatible devices, suchas Cisco Catalyst 6000 Series Switches, Cisco ASR 1000 Series Aggregation Services Routers, Cisco IntegratedServices Routers, and Cisco ASA 5500-X Series Next-Generation Firewalls, reroute web traffic to the Cisco WSA.The Cisco WSA can proxy HTTP, HTTPS, SOCKS, native FTP, and FTP over HTTP traffic to deliver additionalcapabilities such as data-loss prevention, mobile user security, and advanced visibility and control.LicensingA Cisco WSAV license is included in all Cisco Web Security software bundles (Cisco Web Security Essentials,Cisco Web Security Antimalware, and Cisco Web Security Premium). This license has the same term as the othersoftware services in the bundle and can be used for as many virtual machines as needed.Term-Based Subscription LicensesLicenses are term-based subscriptions of one, three, or five years.Quantity-Based Subscription LicensesThe Cisco Web Security portfolio uses tiered pricing based on a range of users, not devices. Sales and partnerrepresentatives can help to determine the correct sizing for each customer deployment.Web Security Software LicensesFour web security software licenses are available: Cisco Web Security Essentials, Cisco Anti-Malware, Cisco WebSecurity Premium, and McAfee Anti-Malware. The major components of each software offering follow:Cisco Web Security Essentials Threat Intelligence via Cisco Talos Layer 4 traffic monitoring Application Visibility and Control (AVC) Policy management Actionable reporting URL filtering Third-party DLP integration via ICAPCisco Anti-Malware Real-time malware scanningCisco Web Security Premium Web Security Essentials Real-time malware scanningAdvanced Malware Protection AMP augments anti-malware detection and blocking capabilities with file reputation scoring and blocking,static and dynamic file analysis (sandboxing), and file retrospection for continuous analysis of threats. 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 5 of 7

Cognitive Threat AnalyticsCTA relies on advanced statistical modeling and machine learning to independently identify new threats,learn from what it sees, and adapt over time.Cloud Access SecurityCisco with Elastica enables organizations to embrace the benefits of cloud apps while maintaining securitypolicies through SaaS Visibility, Extended Granular Control, and Intelligent Protection.McAfee Anti-Malware McAfee real-time malware scanning is available as a single, a-la-carte license.Software License AgreementsThe Cisco End-User License Agreement (EULA) and the Cisco Web Security Supplemental End-User LicenseAgreement (SEULA) are provided with each software license purchase.Software Subscription SupportAll Cisco Web Security licenses include software subscription support essential to keeping business-criticalapplications available, secure, and operating at peak performance. This support entitles customers to the followingservices for the full term of the purchased software subscription: Software updates and major upgrades to keep applications performing optimally at the most currentfeature set Access to Cisco Technical Assistance Center (TAC) for fast, specialized support Online tools to build and expand in-house expertise and boost business agility Collaborative learning for additional knowledge and training opportunitiesServicesTable 5 lists Cisco Web Security services.Table 5.Cisco Web Security ServicesCisco Branded ServicesCisco Security Planning and Design: Enables deployment of a robust security solution quickly and cost-effectively.Cisco Web Security Configuration and Installation: Mitigates web security risks by installing, configuring, andtesting appliances to implement: Acceptable-use-policy controls Reputation and malware filtering Data security Application visibility and controlCisco Security Optimization Service: Supports an evolving security system to address security threats, designupdates, performance tuning, and system changes.Collaborative/PartnerServicesNetwork Device Security Assessment: Helps maintain a hardened network environment by identifying gaps innetwork infrastructure security.Smart Care: Provides actionable intelligence gained from secure visibility into the performance of a networkAdditional services: Cisco partners provide a wide range of valuable services across the planning, design,implementation, and optimization lifecycle.Cisco FinancingCisco Capital can tailor financing solutions to business needs. Access Cisco technology sooner and see thebusiness benefits sooner. 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.Page 6 of 7

SMARTnet Support ServicesCustomers have the option to purchase Cisco SMARTnet support for use with Cisco WSAs. Cisco SMARTnetsupport helps customers resolve network problems quickly with direct, anytime access to Cisco experts, self-helpsupport tools, and rapid hardware replacement. For more information, visit Cisco WSAVDo the following to order Cisco WSAV:1.Go to At right, under “Support”, click “Software Downloads, Release, andGeneral Information”. Click “Download Software”, then click on any model to see the downloadable virtualmachine images available. You will also see a downloadable XML evaluation license. You need to downloadone of the images and the XML evaluation license.2.3.Download the following documentation from Security Virtual Appliance Installation Guideb.Documentation for AsyncOS 9.0Follow the instructions in the Cisco Security Virtual Appliance Installation Guide to get started. Please notethat content security virtual appliance evaluations are not covered under SMARTnet support and are thereforeunsupported.Warranty InformationFind warranty information on at the Product Warranties page.For More InformationFind out more at Evaluate how the Cisco WSA will work for you with a Cisco salesrepresentative, channel partner, or systems engineer.Printed in USA 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.C78-729630-0812/15Page 7 of 7

Cisco Web Security Reporting Application is a reporting solution that rapidly indexes and analyzes logs produced by Cisco Web Security Appliances (WSA) and Cisco Cloud Web Security (CWS). This tool provides scalable reporting for customers with high traffic and storage nee