Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Reputation based web filtering from IronPort Systems.

IronPort Systems : 07 November, 2007  (New Product)
IronPort Systems offers a new wave of enhancements to its internet security product for content and URL filtering and site certification.
IronPort Systems has announced significant enhancements to the IronPort S-Series Web security appliance. This IronPort appliance is a high-performance device, designed to bring security policy enforcement to enterprise Web access - a portion of the network that (for many corporations) has been left unprotected. The IronPort S-Series has advanced capabilities to assist users in: identifying and blocking malware from entering a corporate network, creating and enforcing acceptable use policies, and ensuring sensitive data is not inadvertently being sent outside of the company. The IronPort S-Series is an important part of Cisco's Self-Defending Network, providing content level security for Web traffic that helps to enhance overall network-level security.

IronPort introduced the concept of reputation analysis at the beginning of 2003. Since then, reputation filtering has proven to be very powerful. In most circumstances, IronPort email appliances can block more than 90 percent of incoming spam emails, based entirely on the reputation of the sending mail server. In January of 2006 IronPort introduced Web reputation filtering, applying the same techniques used so effectively in email, to Web traffic.

IronPort S-Series Web security appliances perform a real-time analysis of the reputation of every web server being contacted by a corporation. This analysis is the first line of defense against Web-based threats. Users of IronPort Web security appliances may choose to implement any number of policies to reject known bad sites, purely based on a site's Web reputation score. Malware has become very sophisticated, with thousands of variants being introduced at any one time. IronPort Web Reputation Filters provide an excellent way to counter polymorphic malware attacks that defy signature description. The use of reputation is not limited to connection blocking. Reputation analysis is integrated throughout the IronPort appliance, and is used to vector or steer content to the appropriate scanning engine - including the new HTTPS inspection engine, as well as the integrated anti-malware system with signatures from McAfee and Webroot. This method results in more efficient and intelligent examination of Web content.

To accomplish the dual goals of increased productivity and limiting potential liability, many corporations have developed acceptable use policies (AUPs) that govern use of the Internet while at work. Many of these policies are implemented via a URL filtering system. The IronPort S-Series contains a world-class URL filtering solution, including detailed reports on end-user Web surfing patterns and more than 50 different categories of websites to control. Using the Web-based policy management tool on the IronPort appliance, it is easy to create and implement LDAP-based acceptable use policies. URL filtering is an effective supplement to IronPort Web Reputation Filters.

The IronPort Dynamic Vectoring and Streaming (DVS) engine uses reputation data to guide content through a multi-vendor signature based scan as required. Known bad traffic is blocked, known good traffic is passed through without additional scanning and suspicious traffic is subject to scanning with signatures from multiple security vendors. The IronPort S-Series Web security appliance now supports anti-spyware signatures from Webroot as well as anti-spyware and anti-virus signatures from McAfee.

Threat analysts at IronPort and Cisco have observed an increasing trend towards the Web (and away from email) as the preferred method of malware distribution. As a result, corporations face even more sophisticated Botnet infections coming from a variety of different entry points. The IronPort S-Series includes a unique Layer 4 (L4) Traffic Monitor, which analyses traffic across all ports (not just Web traffic) to identify connections associated with Botnet activity on an organization's network. Increasingly, customers are turning to comprehensive systems like Cisco's Self Defending Network to help detect and block activity associated with botnets within their networks, and launch the appropriate remediation such as Network Access Control (NAC).

IronPort views HTTPS certificate authority kiting as a "blind spot" in the solutions offered by many Web security devices. Since HTTPS is an encrypted connection between the client and the origin server, security devices in the network typically have no visibility into (or control over) HTTPS traffic. The use of HTTPS on the Internet has been growing steadily, at more than 60 percent per year, driven by legitimate uses such as online banking and commerce. It is very easy to create a new website that may have the appearance of a local bank or commerce site, initiate matching HTTPS connections and then deliver malware to end-users in a format that cannot be analyzed by conventional security systems.

IronPort's Web security appliances are designed to help address this future threat by combining reputation-based vectoring and acceptable use categories to selectively examine HTTPS traffic. The IronPort DVS engine can steer suspicious HTTPS traffic to the on-board encryption/decryption engine. This engine can decrypt the connection, scan for malware and acceptable use characteristics and then (if appropriate) re-encrypt for delivery to the end-user. The use of reputation analysis at this stage is critical. Trusted sites with a positive reputation that are also in the banking, health care or commerce categories are best left encrypted.

This helps free the corporation from any potential privacy or liability issues regarding end-user traffic that may contain private financial, health care or credit card information. On the other hand, the use of reputation-based vectoring means that suspicious, unknown sites, self-signed certificates or sites backed by suspicious certificate issuers that may be classified as finance, healthcare or commerce will still be decrypted and scanned to help secure the network. This intelligent use of reputation and acceptable use categorization helps yield optimal security, efficiency and end-user privacy.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo