Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Enhanced web filter identifies exploited sites

IronPort Systems : 26 September, 2008  (New Product)
Exploit filtering in IronPort S-Series appliances manages to identify compromised web sites that fall outside the reputation filter for additional protection
IronPort Systems has enhanced the protection offered by its Web-security appliances with the addition of Exploit Filtering. Exploit Filtering utilizes IronPort's distinctive Web-reputation technology to protect users from malware delivered through compromised Web sites even when these sites are not identified through URL filtering or signature scanning. Exploit Filtering is available on the IronPort S-Series family of Web-security appliances.

In March 2008, IronPort launched its URL Outbreak Detection and Botsite Defense to protect users against malware distribution through Web sites controlled by botnets. Exploit Filtering zeroes in on the latest security threat: trusted Web sites that have been compromised to deliver Trojans or phishing attacks. Such attacks are carried out via techniques such as cross-site scripting exploits (a flaw within web applications that sends malicious code to the browsers of unsuspecting users), buffer overflows (sending too much data to an application's temporary storage, which can enable security breaches), SQL injections (a technique that exploits a security vulnerability occurring in the database layer of an application), and invisible iFrame redirects (sending users to malware-generating sites).

According to IronPort's Threat Operations Center, which monitors and analyzes Web traffic in real time, exploited Web sites are responsible for more than 87 percent of all Web-based threats today, and an increasing number of malware writers are targeting well-known, trusted Web sites. For example, in early July, a major Japanese video game company's Web site fell victim to an SQL injection attack, in which a piece of malicious JavaScript was embedded in parts of the site so that a pop-up message warned users that their computers were infected with malware. The pop-up then led users to a site where they could purchase so-called anti-virus software that was actually a malicious Trojan.

Traditional URL filters are not effective in identifying these threats because they rely on manual classification techniques. Infected sites can hide behind generic classifications such as shopping, finance, entertainment or news. However, IronPort's Web-reputation technology uses real-time scanning in order to find and block access to the compromised Web sites before their malware can become operational.

IronPort's Web-reputation filtering system is the only solution in the industry to examine every request made by the browser, from the initial HTML request to all subsequent data requests, which may be fed from different domains. If the presence of vulnerabilities and exploits is confirmed, a Web site is assigned one of three threat levels:

Compromised by Exploits and Actively Hosting Malware. These sites have active exploits and are serving malware or have malicious scripts injected into them. They are immediately blocked.
Compromised by Exploits. These sites have been compromised with one or more exploits and have malicious scripts present, but the malware has not yet been activated by command-and-control servers. These sites, too, are blocked by default.

Vulnerable to Exploits. These popular, high-traffic Web sites are put on a "high-risk watch" and actively monitored by IronPort's Threat Operations Center because they are susceptible to common exploits or have been linked to malware distributions in the past.

As the first line of malware defence, IronPort's Web-reputation filtering system analyzes more than 5 billion Web transactions daily, blocking up to 70 percent of malware at the connection level, prior to signature scanning. Using its global URL traffic data, IronPort's Web-reputation system is able to offer an industry-leading malware-catch rate: 60 percent higher than the rate of traditional signature scanners.

"With the addition of Exploit Filtering, we are offering uncompromised protection against one of the biggest invisible threats on the Web: the transparent passing of malware through legitimate Web sites," said Tom Gillis, vice president of marketing at IronPort Systems. "By automatically filtering against exploited Web sites, IronPort continues to set itself apart from the competition in the Web-security-appliance market. With this innovative approach to filtering, we can reassure our customers that their network security will not be jeopardized when browsing trusted sites, which are often targets of malicious Trojan and phishing attacks."

Exploit Filtering is currently available on the IronPort S-Series, the industry's fastest Web security appliance. IronPort S-Series appliances combine a high-performance security platform with IronPort's exclusive Web-reputation technology and Dynamic Vectoring and Streaming (DVS) engine, a scanning technology that enables accelerated signature-based malware and spyware filtering.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo