AppRiver Filters Malicious Websites via SecureSurf
AppRiver's new SecureSurf Web-filtering application combines Domain Name System lookups with proxy routing to filter potentially malicious content from Internet traffic.
Businesses can use SecureSurf to block Websites containing malicious content as well as to enforce corporate browsing policies, Joel Smith, CTO of AppRiver, told eWEEK. When a user attempts to visit a Website, SecureSurf first checks the site against a continuously updated list to learn if it was a known malicious address. The list included sites that distribute malware and contain adult content or other objectionable content. Administrators can also create "whitelists" of known good sites that users are allowed to access.
SecureSurf directs all sites not on either list through a hosted proxy server, which conducts a rapid and detailed content analysis, Smith said. While the DNS (Domain Name System) lookup instantly rejects known bad sites, the proxy server can be used to evaluate sites that may not be known yet or are legitimate sites that somehow violate company policy, he said. If the company policy restricts users accessing video-sharing sites, administrators can configure SecureSurf using the customer portal to block those sites.
SecureSurf made the tasks of maintaining whitelists and blacklists "less intensive," Chris Brush, Web and IT administrator for AppRiver customer Kee Safety, told eWEEK. Kee Safety beta-tested SecureSurf even before the application had a graphical interface and the benefits were instantaneous, Brush said. Instead of having to regularly download a 400MB file containing the latest blacklisted sites and ensuring the filters were active, the SecureSurf application performed this task in the background. "Having it taken care of outside the building was great," he said.
AppRiver had over 200 companies participating in the beta, including about 12 midsized companies, Smith said. Kee Safety sells safety products such as railings, Brush said.
AppRiver has tried Web filtering in the past, and "it didn't work well," Smith said. The company decided a hybrid product that incorporated DNS lookups and proxy-based content analysis offered the most comprehensive protection without compromising the user experience, he said. Since all the traffic was not forced through the proxy, the user's Web-surfing performance was not affected.
Kee Safety used AppRiver's spam-filtering service originally and "wanted more," Brush said. The company tried the original Web-filtering product, which was "okay," but really liked SecureSurf's ability to get usage statistics along with blacklist and whitelist capabilities, he said.
The portal provides detailed information about what Websites individual users are accessing, as well as what Websites are being visited the most, Smith said. Each machine has an individual agent installed, even if the machine is not on the corporate network. The agent provides machine-by-machine reporting.
The company is currently beta-testing an antivirus and botnet detection tool that would be a part of SecureSurf. Expected sometime mid-March, this capability will automatically scan processes on the user's machine to look for key-loggers and botnets that may already be installed, Smith said.
As a hosted product, SecureSurf is easy to deploy in "less than 20 minutes," Smith said. Administrators do a DNS change to route all traffic to the SecureSurf servers before reaching user computers.
SecureSurf uses security information obtained from various third-party partners as well as the information collected by other AppRiver services, such as the spam filter, Smith said. The inclusion of third-party feeds was critical because the data "removes blinders" and provides AppRiver with a more extensive overview of the threats landscape, Smith said.
AppRiver hasn't "nailed down" pricing yet, but the company expects it to be less than $5 per user per month, Smith said. A free version will also be available to home users.