Fishing for Phishing Sites

Blue Coat Systems' Web filter uses an opt-in, not opt-out, approach to its list of safe sites.

Security firm Blue Coat Systems dropped a different sort of net in the e-mail water, hoping to snag phishing attacks with a Web filter that relies on an opt-in, not opt-out database strategy.

Unlike other anti-phishing tools that check a users Web URL requests against a database of known phishing sites, Blue Coats Real-Time Anti-Phishing protection, embedded in the Blue Coat ProxySG appliances, checks requests against known safe sites. If the URL isnt found in the Blue Coat database, a query is sent to a data center in Blue Coat Labs, where the Web page is analyzed, categorized and then either blocked or initiates a warning for the user. The entire process is completed in as little as 250 milliseconds, and can be performed on sites using SSL-encryption, company officials said.

It essentially applies to e-mails and phishing the same technology Blue Coats Dynamic Real-Time Rating service already uses to examine URL requests in browsers.


To read about Blue Coat bringing WAN optimization to road warriors, click here.

The day of static databases of phishing sites being sufficient to protect users are gone," said Chris King, director of strategic marketing at Blue Coat. "A phishing site doesnt have a long life span," he said. "They get a couple people and theyre out."

The former strategy of checking against known "bad" sites, benefits the bad guys, who know to avoid detection, said Scott Crawford, an analyst with Enterprise Management Associates in Boulder, Colo. Calling phishing one of the most serious threats for IT organizations, Crawford added that businesses can not simply rely on their employees to discern friend from foe online.

Gartner analysts estimated last year that phishers picked billions of dollars from the pockets of U.S. consumers and the trend is not shrinking. Spurred by more aggressive phishing techniques and the spread of phishing kits, one in every 87.2 e-mails sent is a phishing attack, according to MessageLabs.

The new strategy actually speeds the process of identifying known "bad" sites, King said, "because were getting what people are actually clicking on."

In addition, Blue Coat ProxySG appliances can automatically check for credential discrepancies of secure Web sites that could indicate a rouge site, company officials said.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.