Quantcast

IronPort Plugs Crucial Web-Security Gap With Exploit Filtering

September 22, 2008

IronPort(R) Systems Inc., a leading provider of solutions that protect businesses against spam, viruses, malware and spyware, and now part of Cisco (NASDAQ: CSCO), today announced that it has enhanced the protection offered by its Web-security appliances with the addition of Exploit Filtering. Exploit Filtering utilizes IronPort’s distinctive Web-reputation technology to protect users from malware delivered through compromised Web sites even when these sites are not identified through URL filtering or signature scanning. Exploit Filtering is available on the IronPort S-Series(TM) family of Web-security appliances.

In March 2008, IronPort launched its URL Outbreak Detection and Botsite Defense to protect users against malware distribution through Web sites controlled by botnets. Exploit Filtering zeroes in on the latest security threat: trusted Web sites that have been compromised to deliver Trojans or phishing attacks. Such attacks are carried out via techniques such as cross-site scripting exploits (a flaw within web applications that sends malicious code to the browsers of unsuspecting users), buffer overflows (sending too much data to an application’s temporary storage, which can enable security breaches), SQL injections (a technique that exploits a security vulnerability occurring in the database layer of an application), and invisible iFrame redirects (sending users to malware-generating sites).

According to IronPort’s Threat Operations Center, which monitors and analyzes Web traffic in real time, exploited Web sites are responsible for more than 87 percent of all Web-based threats today, and an increasing number of malware writers are targeting well-known, trusted Web sites. For example, in early July, a major Japanese video game company’s Web site fell victim to an SQL injection attack, in which a piece of malicious JavaScript was embedded in parts of the site so that a pop-up message warned users that their computers were infected with malware. The pop-up then led users to a site where they could purchase so-called anti-virus software that was actually a malicious Trojan.

Traditional URL filters are not effective in identifying these threats because they rely on manual classification techniques. Infected sites can hide behind generic classifications such as shopping, finance, entertainment or news. However, IronPort’s Web-reputation technology uses real-time scanning in order to find and block access to the compromised Web sites before their malware can become operational.

IronPort’s Web-reputation filtering system is the only solution in the industry to examine every request made by the browser, from the initial HTML request to all subsequent data requests, which may be fed from different domains. If the presence of vulnerabilities and exploits is confirmed, a Web site is assigned one of three threat levels:

 --  Compromised by Exploits and Actively Hosting Malware. These sites have     active exploits and are serving malware or have malicious scripts injected     into them. They are immediately blocked.      --  Compromised by Exploits. These sites have been compromised with one or     more exploits and have malicious scripts present, but the malware has not     yet been activated by command-and-control servers. These sites, too, are     blocked by default.      --  Vulnerable to Exploits. These popular, high-traffic Web sites are put     on a "high-risk watch" and actively monitored by IronPort's Threat     Operations Center because they are susceptible to common exploits or have     been linked to malware distributions in the past.      

As the first line of malware defense, IronPort’s Web-reputation filtering system analyzes more than 5 billion Web transactions daily, blocking up to 70 percent of malware at the connection level, prior to signature scanning. Using its global URL traffic data, IronPort’s Web-reputation system is able to offer an industry-leading malware-catch rate: 60 percent higher than the rate of traditional signature scanners.

“With the addition of Exploit Filtering, we are offering uncompromised protection against one of the biggest invisible threats on the Web: the transparent passing of malware through legitimate Web sites,” said Tom Gillis, vice president of marketing at IronPort Systems. “By automatically filtering against exploited Web sites, IronPort continues to set itself apart from the competition in the Web-security-appliance market. With this innovative approach to filtering, we can reassure our customers that their network security will not be jeopardized when browsing trusted sites, which are often targets of malicious Trojan and phishing attacks.”

Exploit Filtering is currently available on the IronPort S-Series, the industry’s fastest Web security appliance. IronPort S-Series appliances combine a high-performance security platform with IronPort’s exclusive Web-reputation technology and Dynamic Vectoring and Streaming(TM) (DVS) engine, a scanning technology that enables accelerated signature-based malware and spyware filtering.

Availability and Pricing

Exploit Filtering is available to all users of IronPort Web Reputation Filters(TM). For more information, please visit http://www.ironport.com/products/web_security_appliances.html.

About IronPort Systems

IronPort Systems, now part of Cisco, is the leading provider of anti-spam, anti-virus and anti-spyware appliances for organizations ranging from small businesses to the Global 2000. IronPort appliances utilize SenderBase(R), the world’s largest e-mail and Web threat detection network and database. IronPort products are innovative and easy-to-use, providing breakthrough performance and playing a mission-critical role in a company’s network infrastructure. To learn more about IronPort products and services, please visit: http://www.ironport.com/.

Copyright Copyright 2008 Cisco IronPort Systems, LLC. All rights reserved. IronPort, the IronPort logo and SenderBase are registered trademarks of Cisco IronPort Systems, LLC. All other trademarks are the property of Cisco IronPort Systems, LLC or their respective owners. While every effort is made to ensure the information given is accurate, IronPort does not accept liability for any errors or mistakes which may arise. Specifications and other information in this document may be subject to change without notice.

For direct RSS Feeds of all Cisco news, please visit “News@Cisco” at the following link:

http://newsroom.cisco.com/dlls/rss.html

 Press / Analyst Contact: David Oro IronPort Systems 707.558.8585 oro@ironport.com

SOURCE: Cisco




comments powered by Disqus