Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Don’t Filter Out Reputation-Based URL Filters Yet

    By
    Brian Prince
    -
    January 25, 2008
    Share
    Facebook
    Twitter
    Linkedin

      While the number of legitimate Web sites hosting malware continues to rise, reputation-based URL filters still can serve an important role in network security, analysts and vendors claim.

      Such filters have become a familiar part of a layered defense against security threats. But as a study released Jan. 22 by Websense shows, hackers are increasingly using legitimate sites to infect unwitting users.

      According to Websense, some 51 percent of the Web sites the company classified as malicious were compromised-meaning they were legitimate sites infected by hackers. Because compromised sites have a good reputation, such methods can pose a serious threat to enterprises relying too heavily on reputation filters, the study notes.

      Websense, a prominent player in the URL filtering market, is by no means down on reputation-based filtering, and as Gartner analyst John Pescatore noted, if 51 percent of the malicious Web sites found by Websense were legitimate, that still means 49 percent were rogue sites.

      “Plus, even legitimate sites can get on the bad reputation list if they are found to be hosting malware,” Pescatore told eWEEK. “This means that if the Miami Dolphins’ site is hacked and the Web Security Gateway folks … detect it, the Dolphins Web site will be on the blocked list-so reputation services are still effective.”

      What’s ineffective, he said, is a lot of the anti-phishing mechanisms in place.

      Phishing drills teach employees to dodge the hook. Read more here.

      “What this all means is that Web site security is still weak. … The servers are becoming the weakest link in the chain again,” he said. “Enterprises need to focus again on making sure their sites aren’t vulnerable. When worms were hitting IIS left and right, Web server security went way up, but there haven’t been those high-visibility attacks, and the discipline has been going down and lots of new technology-such as Web 2.0, blogs and the like-are being used on business Web sites that open up many new vulnerabilities.”

      Moving Away from First-Gen Blacklists

      At IronPort, a business unit of Cisco, officials said reputation-based systems will become more and more important as enterprises move away from first-generation blacklists.

      “Threat writers are constantly looking for new ways to increase their success rate, and distributing more sophisticated threats through legitimate Web pages is a very effective way to increase their hit rate,” said IronPort Product Manager Samantha Madrid. “A common vector for such attacks is through an HTML iFrame. … Since this content comes from an outside Web server, controlling it becomes very difficult. When the user visits a Web site with an iFrame exploit, their browser redirects the request to the site hosting malware. The malware is then downloaded in the background onto the user’s computer. Meanwhile, the user has no idea they’ve been compromised.”

      But using Web reputation filters that leverage IronPort’s Senderbase network, the reputation system sees the redirection and can stop the request before any malware enters the network, she said.

      As shown by the recent discovery of phishing kits made available for free online by a group of Moroccan identity thieves calling themselves Mr-Brain, there are still plenty of hackers looking to craft realistic-looking rogue Web sites in an effort to steal personal data. More than 18 percent of all Web sites hosting malicious content were created or compromised using professional tool kits available online, the Websense study reported.

      Still, a reputation-based Web filter has its limits, said Forrester analyst Chenxi Wang, and should be considered only one part of a broader strategy.

      “Its effectiveness depends on how fast a reputation, or update of a reputation, can be derived,” she said. “And there is certainly an arms race between how fast the malicious sites are changing and how fast the filtering mechanism can realize that the site’s nature has changed. I think reputation-based filters are useful but not a panacea; users need real-time content analysis to augment URL filtering-both list-based and reputation-based. So, if you consider reputation-based filtering as one piece of the puzzle, then it’s still effective in providing one piece of functionality, but that functionality is by no means sufficient.”

      Brian Prince

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×