WEBVTT 0:00:02.000000 --> 0:00:03.680000 Hello and welcome to this video. 0:00:03.680000 --> 0:00:08.240000 In this video, I'd like to introduce you to the concept of Cisco's Cloud 0:00:08.240000 --> 0:00:11.020000 Web Security Platform. 0:00:11.020000 --> 0:00:14.520000 So I'm going to introduce you to what Cloud Web Security is. 0:00:14.520000 --> 0:00:18.260000 We're going to look real briefly at the CWS portal. 0:00:18.260000 --> 0:00:23.580000 How exactly do we redirect our web traffic to Cloud Web Security and what 0:00:23.580000 --> 0:00:28.040000 are these things called Cloud Web Security Towers? 0:00:28.040000 --> 0:00:31.760000 All right, so what is Cloud Web Security and why might you want to use 0:00:31.760000 --> 0:00:37.520000 it? So if you're familiar with the Cisco Web Security appliance, you have 0:00:37.520000 --> 0:00:41.580000 this idea of an appliance which could be a physical box that you purchased 0:00:41.580000 --> 0:00:46.600000 and then rack mounted into a rack or it could be a virtual appliance which 0:00:46.600000 --> 0:00:50.100000 means you purchase it as software and then you install it on some real 0:00:50.100000 --> 0:00:51.560000 high powered server. 0:00:51.560000 --> 0:00:56.340000 Either way, when you purchase a Cisco WSA, the idea is, hey, I've got 0:00:56.340000 --> 0:01:00.860000 one of those web traffic from my users in my company but before that web 0:01:00.860000 --> 0:01:05.360000 traffic actually leaves my company, I want to redirect it to the WSA where 0:01:05.360000 --> 0:01:09.560000 it can be inspected, make sure it meets acceptable use policies, make 0:01:09.560000 --> 0:01:14.160000 sure that people aren't uploading things that would cause data loss, we 0:01:14.160000 --> 0:01:17.660000 don't want to prevent that kind of thing, make sure that people aren't 0:01:17.660000 --> 0:01:21.980000 downloading stuff from the internet that contains malicious files or viruses 0:01:21.980000 --> 0:01:25.600000 or profanity or other types of things that we don't want to see. 0:01:25.600000 --> 0:01:30.320000 So you can handle all of that locally within your company if you purchase 0:01:30.320000 --> 0:01:36.500000 and implement and configure a WSA or alternatively, we could use the WSA 0:01:36.500000 --> 0:01:43.940000 to take that traffic and then redirect it to a cloud service called Cisco's 0:01:43.940000 --> 0:01:45.960000 Cloud Web Security. 0:01:45.960000 --> 0:01:49.260000 So Cloud Web Security provides very similar benefits to implementing your 0:01:49.260000 --> 0:01:51.640000 own Cisco WSA device. 0:01:51.640000 --> 0:01:55.200000 However, there are some benefits and drawbacks to this. 0:01:55.200000 --> 0:01:59.320000 So first of all, the web traffic instead of being redirected to something 0:01:59.320000 --> 0:02:04.100000 in your own office is redirected to servers that are hosted by Cisco located 0:02:04.100000 --> 0:02:08.660000 in the cloud, that's why they call it cloud web security. 0:02:08.660000 --> 0:02:12.480000 So your on-site devices such as your routers, your firewalls or even a 0:02:12.480000 --> 0:02:20.560000 WSA itself must be configured to redirect the traffic to the CWS servers. 0:02:20.560000 --> 0:02:25.260000 And the software components that are on the routers or the firewalls or 0:02:25.260000 --> 0:02:28.480000 the WSA are called connectors. 0:02:28.480000 --> 0:02:32.200000 These are the things that are used to actually redirect the traffic to 0:02:32.200000 --> 0:02:39.000000 Cisco's towers. And of course, if you purchase the service, then what 0:02:39.000000 --> 0:02:43.300000 comes with it is an administrative portal through which you can get into 0:02:43.300000 --> 0:02:48.040000 the CWS service and tweak it and configure it. 0:02:48.040000 --> 0:02:51.220000 So this is sort of what it would look like at that front end of the portal 0:02:51.220000 --> 0:02:53.200000 that you see right here. 0:02:53.200000 --> 0:02:56.320000 You would type in your username and password that you got when you purchased 0:02:56.320000 --> 0:03:00.200000 the service. Once you get into the portal, you see a variety of screens 0:03:00.200000 --> 0:03:03.980000 such as this one right here, it's just a quick screenshot showing you 0:03:03.980000 --> 0:03:08.440000 on the CWS portal where you could set up web filtering and a whole bunch 0:03:08.440000 --> 0:03:12.400000 of other stuff as well. 0:03:12.400000 --> 0:03:21.760000 So using CWS, HTTP and secure HTTP traffic is redirected to Cisco's cloud 0:03:21.760000 --> 0:03:24.300000 web security service. 0:03:24.300000 --> 0:03:27.360000 Now, how exactly is that done? 0:03:27.360000 --> 0:03:32.540000 Well, so as your web traffic is coming into, let's just say a router that's 0:03:32.540000 --> 0:03:36.680000 on premises on-site, that router will be configured to redirect it using 0:03:36.680000 --> 0:03:39.400000 a connector to CWS. 0:03:39.400000 --> 0:03:44.940000 That router will actually add an additional HTTP header in front of the 0:03:44.940000 --> 0:03:50.320000 traffic. That additional HTTP header provides things like an encryption 0:03:50.320000 --> 0:03:53.980000 key. It also provides things like you can see here. 0:03:53.980000 --> 0:04:02.240000 It gives CWS information about the user that originated this traffic. 0:04:02.240000 --> 0:04:06.680000 Some other information about where this traffic came from. 0:04:06.680000 --> 0:04:09.760000 And for security purposes, as you can see here, all the information is 0:04:09.760000 --> 0:04:12.740000 encrypted and then hexadecimal encoded. 0:04:12.740000 --> 0:04:16.820000 So if somebody in the actual internet, if somebody between your router 0:04:16.820000 --> 0:04:22.220000 and Cisco's cloud web server intercepted the traffic, well, they wouldn't 0:04:22.220000 --> 0:04:28.280000 really be able to make much use of it because it is encrypted. 0:04:28.280000 --> 0:04:33.800000 Now, within the cloud, the cloud web security servers are called towers. 0:04:33.800000 --> 0:04:37.260000 So this is what you're going to have to configure in your router or your 0:04:37.260000 --> 0:04:41.220000 firewall. You're going to have to point it to one of these towers, as 0:04:41.220000 --> 0:04:42.280000 you can see right here. 0:04:42.280000 --> 0:04:44.940000 So as it says, part of your initial implementation when you're purchasing 0:04:44.940000 --> 0:04:50.520000 this is to select the appropriate license size and tower location. 0:04:50.520000 --> 0:04:53.960000 So what do we mean by license size? 0:04:53.960000 --> 0:04:59.760000 Well, what Cisco wants to know is how many web sessions at any particular 0:04:59.760000 --> 0:05:04.100000 point in time are you going to be redirecting to this tower? 0:05:04.100000 --> 0:05:06.900000 I mean, clearly if a company says, oh, we're really small, we've got like 0:05:06.900000 --> 0:05:12.820000 10 employees, maybe at any one point in time, six or seven of those will 0:05:12.820000 --> 0:05:16.920000 be doing web browsing that will be redirecting to the cloud web server. 0:05:16.920000 --> 0:05:19.760000 Well, clearly in a small environment like that, Cisco's going to charge 0:05:19.760000 --> 0:05:23.700000 you less than an enterprise company that says, oh, well, we might have 0:05:23.700000 --> 0:05:28.660000 thousands of concurrent servers or concurrent users that need to be directed 0:05:28.660000 --> 0:05:34.160000 to your tower. So what Cisco recommends is that you take your total employee 0:05:34.160000 --> 0:05:41.020000 count and whatever 15% of that is, that's what you get your license for. 0:05:41.020000 --> 0:05:44.760000 So if you have a company of a thousand employees, we'd be talking about 0:05:44.760000 --> 0:05:50.940000 150. So we get a license for 150 employees, 15% of whatever your total 0:05:50.940000 --> 0:05:52.020000 employee account is. 0:05:52.020000 --> 0:05:56.360000 So these towers are all over the world, and you can see here a variety 0:05:56.360000 --> 0:05:58.120000 of some of their locations. 0:05:58.120000 --> 0:06:04.100000 So part of what you would configure like we can see here, we can see here 0:06:04.100000 --> 0:06:07.040000 where you're configuring the fully qualified domain name of the tower. 0:06:07.040000 --> 0:06:12.580000 You're configuring what location you want to go to, your authorization 0:06:12.580000 --> 0:06:15.300000 key and a wide variety of other things. 0:06:15.300000 --> 0:06:20.060000 So this is an alternative of instead of having a WSA locally on premises 0:06:20.060000 --> 0:06:26.120000 using Cisco's CWS service in the cloud to redirect your web traffic. 0:06:26.120000 --> 0:06:31.200000 So that concludes this video, this introduction to cloud web security, 0:06:31.200000 --> 0:06:32.880000 and I hope you found it informative.