What is a WSA?
A web traffic firewall. Acts as a web proxy, antimalware engine, policy
management, and reporting for HTTP/HTTPS/FTP traffic.
WSAs can be physical or virtual.
What are the functions of a WSA?
Web proxy
Content Caching
URL FIltering (Lists/Reputation)
Anti-malware (DVS/AMP)
DCA (Dynamic Content Analysis)
AVC
User identity-based policies
HTTPS decryption
DLP
Differentiated Policies
Optional SMA management
Talos threat intelligence
WSA feature summary 1
Web security manager (Easy management)
Web security monitor (Easy monitoring)
Logging
Integrated authentication (LDAP/AD integration, ISE integration via pxGrid)
Multiple deployment modes (Explicit vs Transparent)
AUP Enforcement
Web Proxy (caching also allows for deep inspection)
, URL Filters
AUP Policy
Malware Defense
Layer 4 traffic monitor (IP/Port intelligence, stops malware that tries to bypass
port 80)
SIO (Cisco Security Intelligence Operations, threat protection, correlation, and
mitigation)
Web reputation filters (Talos/WebRoot updated filters. Protects from XSS,
XSRF, SQL injections, or invisible iFrames)
Anti-malware system (DVS engine is used, with verdicts from
WebRoot/Sophos/McAfee)
Scanning engine (Scanning engines from WebRoot/Sophos/McAfee integrated)
DVS engine (Solution to use multiple anti-malware scanning engines)
HTTPS decryption (Enforces acceptable use of encrypted traffic. Web
reputation can be used to make decryption decisions)
Data Security
DLP (Block cloud file storage, prevent posts of content to blogs or social media,
stop webmail access, etc)
Native FTP protection (WA proxies FTP traffic to restrict connections and files
sent)
WSA feature summary 2
Web Reputation Engine (web reputation score of -10 to 10)
Web filtering (dynamic content analysis)
AVC engine (gives granular control of web applications)
Cloud access security (CASB/CloudLock integration)
Antivirus (McAfee, Sophos, and Webroot antivirus engines)
File reputation (Talos updated)
DLP (If DLP is suspected, all traffic can be redirected to a 3rd party DLP
system for deep inspection. Can also block cloud file storage providers)
A web traffic firewall. Acts as a web proxy, antimalware engine, policy
management, and reporting for HTTP/HTTPS/FTP traffic.
WSAs can be physical or virtual.
What are the functions of a WSA?
Web proxy
Content Caching
URL FIltering (Lists/Reputation)
Anti-malware (DVS/AMP)
DCA (Dynamic Content Analysis)
AVC
User identity-based policies
HTTPS decryption
DLP
Differentiated Policies
Optional SMA management
Talos threat intelligence
WSA feature summary 1
Web security manager (Easy management)
Web security monitor (Easy monitoring)
Logging
Integrated authentication (LDAP/AD integration, ISE integration via pxGrid)
Multiple deployment modes (Explicit vs Transparent)
AUP Enforcement
Web Proxy (caching also allows for deep inspection)
, URL Filters
AUP Policy
Malware Defense
Layer 4 traffic monitor (IP/Port intelligence, stops malware that tries to bypass
port 80)
SIO (Cisco Security Intelligence Operations, threat protection, correlation, and
mitigation)
Web reputation filters (Talos/WebRoot updated filters. Protects from XSS,
XSRF, SQL injections, or invisible iFrames)
Anti-malware system (DVS engine is used, with verdicts from
WebRoot/Sophos/McAfee)
Scanning engine (Scanning engines from WebRoot/Sophos/McAfee integrated)
DVS engine (Solution to use multiple anti-malware scanning engines)
HTTPS decryption (Enforces acceptable use of encrypted traffic. Web
reputation can be used to make decryption decisions)
Data Security
DLP (Block cloud file storage, prevent posts of content to blogs or social media,
stop webmail access, etc)
Native FTP protection (WA proxies FTP traffic to restrict connections and files
sent)
WSA feature summary 2
Web Reputation Engine (web reputation score of -10 to 10)
Web filtering (dynamic content analysis)
AVC engine (gives granular control of web applications)
Cloud access security (CASB/CloudLock integration)
Antivirus (McAfee, Sophos, and Webroot antivirus engines)
File reputation (Talos updated)
DLP (If DLP is suspected, all traffic can be redirected to a 3rd party DLP
system for deep inspection. Can also block cloud file storage providers)
