Call a Specialist Today! 888-785-4402

IronPort Anti-Malware System

Cisco has acquired Ironport. Please visit our Cisco site for the latest re-branded Ironport products.


The threat of malware is a very real and costly problem most companies face today. IDC estimates that 75 percent of corporate desktops are currently, and unknowingly, infected with spyware. Spyware and other types of malware can result in loss of confidential information, system and network downtime, reduced employee productivity and escalating customer support costs.

The Cisco IronPort Anti-Malware System™ uniquely combines the Cisco IronPort Dynamic Vectoring and Streaming (DVS) engine™, a high performance scanning engine, with best-of-breed signature-based verdict engines to provide a powerful, fully integrated anti-malware defense. As the second layer of defense on the Cisco IronPort S-Series™, the Cisco IronPort Anti-Malware System rapidly scans Web content as it is downloaded against malware signatures - eliminating the broadest range of known and emerging Web-based threats. Web security technology is a critical element in securing and controlling the network. By preventing Web-based malware from entering the corporate network, the Cisco IronPort Anti-Malware System reduces infections and desktop clean up costs.


Industry-Leading Accuracy and Performance:

The Cisco IronPort Anti-Malware System is optimized for exceptional performance integrated into a single appliance solution. Cisco IronPort built the system to be fast and accurate, relying on a less computationally-intensive single scan to evaluate for multiple threats including a broad range of malware, phishing, pharming, malicious rootkits and more. With the industry's largest malware signature database located at the gateway, the Cisco IronPort Anti-Malware System provides enterprises with industry-leading protection against these threats.

Cisco IronPort's powerful DVS engine employs rapid object parsing and vectoring techniques, along with stream scanning, early exit algorithms and reputation-based caching. This results in an unparalleled increase in scanning throughput over existing first- generation ICAP-based solutions.

The Cisco IronPort Anti-Malware System is architected to support verdict engines from multiple vendors, which maximizes efficacy.

Broad threat categorization identifies new and more sophisticated security threats, both on the request side and response side. The Cisco IronPort Anti-Malware System conducts deep archive scanning to detect viruses and malware obfuscated within archive packages. It also detects rootkits - hidden malicious software that provides root-level access to, and control over, a computer without its owner's knowledge.

Block threats at the corporate gateway to prevent infection and reduce clean-up costs. By stopping threats before they enter the network, the Cisco IronPort Anti-Malware System prevents initial and ongoing damage.

The Broadest Range of Signatures:

Scanning engines from Webroot and McAfee are fully integrated into the Cisco IronPort Anti-Malware System. These two industry-leading solutions allow you to scan for Web-based threats in parallel, providing superior protection and performance.

The Webroot scanning engine, backed by a threat research team at Webroot, performs both request- and response-side scans. Efficacy and coverage are strengthened by Phileas (the first automated spyware detection system), which identifies existing and new threats by intelligently scanning millions of sites daily.

The McAfee scanning engine is backed by Avert Labs, the world's top threat research center. The McAfee database includes both virus and malware signatures and can be configured to perform both signature-based and heuristics-based scanning.

Scanning engines from Webroot and McAfee are fully integrated into the Cisco IronPort Anti-Malware System.

Scanning engines from Webroot and McAfee are fully integrated
into the Cisco IronPort Anti-Malware System.

The largest variety of threat categories for a Web gateway provide the Cisco IronPort Anti-Malware System with granular visibility into threat activity and specialized policy creation. Sixteen threat categories provide the enterprise with significant control to manage and balance risk management versus users needs.

Powerful Management Capabilities:

Web-based GUI provides unprecedented control for initial configuration and ongoing management. The comprehensive, easy-to-use Cisco IronPort Anti-Malware System deploys in multiple modes, including "monitor only" or "monitor and block".

Malware categories and actions by verdict type are managed within Cisco IronPort Web Security Manager™. Administrators create and easily manage custom anti-malware policies. Administrators enable or disable malware filtering on a per-user/per-group basis. The Cisco IronPort Anti-Malware System is the only solution to offer customers distinct settings for "known" and "suspect" malware and allow enterprises to set their own custom thresholds for malware-positive verdicts.

Point-and-click functionality is also provided by Cisco IronPort Web Security Manager to enable/disable the service, select deployment modes, set thresholds, configure automated updates and more. Automated, timely and secure updates, which can be scheduled for as frequently as every five minutes, ensure coverage against the latest emerging virus and malware threats.

Real-time Monitoring AND Comprehensive Reporting:

Real-time visibility into trouble spots in a network's Web traffic requests are provided by the Cisco IronPort Anti-Malware System. Reports include top malware sites detected, malware threats and categories identified/blocked and others. In addition, the reports provide actionable information, such as a list of top clients infected, as well as historical trends. Through Cisco IronPort Web Security Manager, administrators have comprehensive visibility and the ability to correlate malware activity with clients.

A sophisticated alert engine, which is included with every Cisco IronPort S-Series appliance, also benefits the Cisco IronPort Anti-Malware System. Administrators can set up individual alert subscriptions for the system, based on severity levels. Alerts are calibrated in three categories: informational, warning and critical. This provides administrators with clear visibility into the application and enables them to take appropriate and timely action, if required.


Highest Accuracy and Lowest Latency Optimized for accuracy and performance, the Cisco IronPort Anti-Malware System ensures industry-leading efficacy, without any perceptible change to the end-user experience. The system combines the rapid parsing and vectoring capabilities of the Cisco IronPort DVS engine with the extensive and accurate signature-based verdict engines, Webroot and McAfee. Both engines rely on next generation, automated research technologies to proactively identify new threats, enabling their in-house threat research teams to rapidly develop and test signatures for new threats - before they infect corporate networks. The Cisco IronPort Anti-Malware System is updated in real time to ensure the most current protection available.

Protection Against the Broadest Range of Web-based Malware The Cisco IronPort Anti-Malware System quickly and accurately detects and blocks a full range of known and emerging threats, including viruses, adware, Trojans, system monitors, keyloggers, rootkits, malicious/tracking cookies, browser hijackers, browser helper objects, phishing and more.

Near-Zero Administrative Overhead The Cisco IronPort S-Series' easy-to-use, Web-based GUI makes initial configuration and set up simple. The Cisco IronPort Anti-Malware System's scanning accuracy drives customer support calls and expensive desktop clean up operations to zero. Automated, timely and secure updates eliminate the need for ongoing manual tuning and maintenance to catch new and emerging threats.

Comprehensive Visibility While the Cisco IronPort Anti-Malware System controls the malware threat to a corporate environment, administrators and executive management may require information to better understand ever-evolving corporate threats. The Cisco IronPortCisco IronPort Anti-Malware System's comprehensive reporting gives administrators powerful insight into threats monitored or blocked, as well as the presence of infected clients. This reporting functionality also allows for a better view of user actions, providing data to help drive additional policies to further protect the network and corporate desktops.

Low Total Cost of Ownership First-generation, ICAP-based anti-malware solutions require ownership and administration of multiple servers. Unlike these products, the Cisco IronPort Anti-Malware System is delivered as a high-performance, single appliance solution.

Powerful, security-focused reports provide detailed information on malware including client correlation and trend data.

Powerful, security-focused reports provide detailed information
on malware including client correlation and trend data.


The strong perimeter defense provided by the IronPort Anti-Malware System prevents client infections and greatly reduces client cleanup costs. As part of the IronPort S-Series appliance, this defense-in-depth solution combines unmatched accuracy and exceptional performance to deliver a powerful defense with no perceptible change to the end-user experience.


Download the IronPort Anti-Malware System Data Sheet (PDF).