|
|
|
|
|
|
| ISP Resources |
| ISP-Lists ISP Glossary ISP News The List ISPCON Events Free Newsletters |
|
|
|
||
| internet.commerce | ||
|
Partner With Us |
The Appliance That Fights Phishing
This week, at DEMO, a new box was unveiled, backed by a system that's keeping tabs on all the web's bad actors.
ISP-Planet Managing Editor [February 10, 2006] |
 |
Late last year (see The Future of Messaging), we told you about IronPort's open source SenderBase project that rates e-mail senders, making it easier to block bad behavior. This week, the San Bruno, Calif.-based equipment maker introduced the IronPort S-Series Web Security Appliance at DEMO 06 in Phoenix, Ariz.
The new box takes IronPort's reputation-based approach and applies it to URLs and other web addresses, protecting HTTP, HTTPS, and FTP traffic. Tom Gillis, IronPort senior director for product management, says that just one kind of web-based attack, phishing, is becoming ever more sophisticated. You may be suspicious of an e-mail claiming to be from Commerce Bank, especially if don't bank there, but you might trust a site claiming to be the website of your child's second grade class, even if your child is in third grade (but not if you don't have any children).
Web reputation
So IronPort's goal is to review every website before your subscribers
do. To this end, it is working with registrars (though not all of them,
yet), to learn about new domains. The web reputation service works in
conjunction with SenderBase, which gives the system some leads. For example,
if the system determines that a new wave of spam consisting of millions
of messages points to five URLs, all of which point to the same website,
then that website is likely to receive a low trust rating.
A suspicious website merits a closer look. IronPort's Threat Operations Center (TOC) works like a virus lab, with dozens of specialists tracking bad actors in many of the world's languages (32 languages at last count). Other signs also tell if a site is bad. "When we see a bad site," says Gillis, "we look for particular files, such as executables."
Of course, the web reputation system keeps track of more than can be described here. Gillis tells us that the system keeps track of 45 parameters, but that number could easily increase over time as threats evolve or as IronPort's understanding of new threats improves.
IronPort constantly tests its anti-spam and web reputation systems against good mail ("ham") and bad mail ("spam"). The goal is to provide a product that doesn't need to be tweaked, and to do so, IronPorts needs a constant supply of both ham and spam.
Of course there are false positives in both systems, and the TOC is particularly interested in false positives. The company has created a false positive reporting tool that integrates into users' Microsoft Outlook clients, for example.
Gillis explains that the motive for building this system was simple: customers demanded it. "When the first URL-based virus appeared, customers told us it was unacceptable. We could not explain to customers that the delivery mechanism was the web, not e-mail."
So, instead of doing that, IronPort built this system.
Pricing and availability
The IronPort S-Series Web Security Appliances will be available in the
summer of 2006. Some ISPs and other IronPort customers will get beta or
development systems before then.
Pricing will start at $24,995.
—End
| Related articles: | ||
| [April 11, 2005] | An Extreme Phight Against Phishing | |
| [Dec. 9, 2004] | Anti-Phishing Initiative Gives ISPs a Role in Fighting Crime | |
| [May 13, 2004] | Building Trust in an Age of Phishy E-Mails | |
|
|
| Best of ISP-Planet | ||
|---|---|---|
|
ISP-Planet
Guide
ISP-Planet's Principal Studies Directories:
Q2 2008 Top U.S. ISPs by Subscriber (Updated 08/29/2008)
ISP-Planet's Blogroll | ||
ISP-Planet's
RSS feed
Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia
Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers