|
IronPort Systems, a Cisco business unit and a leading provider of
enterprise email and Web security gateways, announced significant
enhancements to IronPort Web Reputation Filters. Even though
these filters have already had one of the industry's highest capture
rates of Web-based malware, the company is adding URL Outbreak
Detection and Botsite Defense – effectively making IronPort
Web Reputation Filters one of the most comprehensive Web security
offerings available. These powerful new layers of malware defense
are available on the IronPort S-Series™ family of Web security
appliances and through IronPort's SenderBase® Network.
WWW: Wild Wild Web?
Threat analysts at IronPort and Cisco have
observed that the Web is increasingly becoming the preferred method
of malware distribution. As a result, corporations face even
more sophisticated malware threats from a variety of entry points
and coordinated cross-protocol attacks.
Threat writers are constantly looking for new
ways to increase their success rate, and distributing malware
through legitimate websites is an effective way to do so. A recent
example of these dynamic attacks occurred in early March, when
hundreds of legitimate sites were being used as a redirection hub to
malware-producing bots. IronPort's Web Reputation Filters recognize
where the redirection is going and can stop the request before any
malware enters the network. Simple URL filtering alone does not
detect threats targeted at legitimate sites, but IronPort Web
Reputation Filters with Botsite Defense and URL Outbreak Detection
can identify compromised sites and prevent customers from connecting
to them.
There are over 10 billion active webpages.
According to industry estimates between 2 percent and 10 percent of
websites are malicious; a staggering amount of exposure for today's
businesses. The malware and spyware delivered by these sites can
result in a loss of confidential information, system and network
downtime, reduced employee productivity and higher customer support
costs.
Reputation filtering systems, like IronPort Web
Reputation Filters with URL Outbreak Detection and Botsite Defense,
can help protect against infected sites as well as rapidly-mutating
malware.
Driving the deception: Botsites
One of the fastest vectors of Web-based threats
are compromised hosts (known as botsites) that follow instructions
from a command-and-control network (known as botnets).
Spreading via recruiting email and spam,
malicious botsites self-propagate through their own established
peer-to-peer networks. The botnets coordinate with each other to
create spam with infected landing pages; the botnet/botsite system
represents an intelligent malware distribution platform that is
reusable and self-defending. Industry estimates point to at least 7
percent of the computers connected to the Internet (75 to 100
million machines) being part of some botnet/botsite system.
"The intelligence of these botnets is
astounding," said Tom Gillis, vice president of marketing for
IronPort Systems. "A single botnet can produce thousands of
malware-laden botsites, that are active for anywhere from a few
minutes to a few hours. The only effective defense is a Web
reputation service that can detect the underlying deception and
filter the sites out proactively."
URL outbreaks
Along with an increase in malicious botsites,
IronPort's Threat Operations Center has observed a significant
increase in URLs hosting new malware for which no signatures are
available. These URL outbreaks have surged 300 percent over the past
12 months, and enterprises have had no effective solutions.
Today's URL-based threats come primarily from
botsites that serve as malware distribution hubs, spam URLs,
insecure Web 2.0 sites and malicious ad-distribution networks. As
threats become multi-protocol in nature, IronPort helps secure the
enterprise network to enable businesses to operate at high
efficiency while mitigating the worry of lost productivity and
resources.
"Growing volumes of botsites and the
corresponding delivery of new uncategorized malware is a huge
problem," said Tim Sommers, senior enterprise security engineer
at Aurora Healthcare. "With the latest release of IronPort Web
Reputation Filters, we now have a solution that helps to protect
against such threats, before signatures are available."
Botsite defense and URL outbreak detection
Existing solutions that rely on traditional URL
filtering have not been effective because most rely on manual
classification techniques. The infected sites hide behind a
variety of benign categories (including finance, entertainment and
news), thereby rendering traditional classification-based URL
filtering ineffective as a defense.
IronPort's URL Outbreak Detection is designed to
identify and defend against URLs that have no reputation or
signature – typically hosted on a botsite and controlled by a
botnet.
The IronPort SenderBase Network has the one of
the largest email and Web-traffic footprints in the industry,
allowing IronPort to detect and block these new URL outbreaks
rapidly. Real-time analysis of global Web traffic allows analysts in
the IronPort Threat Operations Center to proactively publish
reputation scores for such URLs prior to signatures being available
from anti-malware vendors.
These latest enhancements include security
modeling techniques that provide dynamic protection against threats
that target legitimate websites as well as "always on"
detection, which tracks the infrastructure behind malware attacks,
then adjusts to rapidly block them.
-- Tech Times Online
|
