Sophos Launches Web Content Safety Appliance

The anti-virus software specialist has turned its attention toward protecting customers against malware-infested Web sites, adding SurfControl's content filtering technology as an optional feature.

Sophos introduced the first version of its new Web content filtering and applications control appliance on Jan. 9, and said that it will offer additional protection against suspicious online content via a partnership with SurfControl.

Known as the WS1000, the security appliance marks Sophos initial entry into the Web content filtering space. In addition to protecting users and their employers against potentially dangerous URLs, the appliance offers the ability for companies to block certain types of content and applications, such as electronic multimedia files, from being accessed or downloaded without permission.

While Sophos, which maintains its U.S. headquarters in Burlington, Mass., has spent much if its energy helping customers identify and intercept viruses arriving via e-mail and other corporate messaging systems, the shift among malware code writers toward the use of poisoned URLs or Web applications to distribute viruses pushed the company to jump into content filtering.

In early 2006, Sophos estimates that one of every 91 e-mails arrived at corporate gateways with virus content onboard, but now the ratio of attacks has dropped to only one infected e-mail out of every 300 messages, according to Marc Borbas, product manager for Web Security at the firm.

This rapid drop in e-mail attacks is less a sign of lowered malware activity than it is an indicator of the move by hackers to threats carried out via the Web, he said.

"Weve seen the needle move over from e-mail to Web-based threats very rapidly over the last 12 months, and most companies do not have technologies in place that provide sufficient protection for the cutting-edge attacks," Borbas said.

"The crux of this transition to Web-based threats is that the format also offers more social engineering possibilities for tricking end users into accessing the malware; were seeing significantly more advanced techniques already as the malware community combines phishing with drive-by downloads, for instance."

By scanning over one billion Web sites per day, Sophos officials claim they are able to arm the security device with the latest real-time information on URLs that are carrying suspicious content. However, the appliance separates itself from other technologies that use lists of known malware sites to block unwanted content by scanning every packet of information being transmitted to a users browser, Borbas said.

As malware writers and cyber-criminals launch and take down their sites at an increasingly fast pace to avoid detection from security researchers, such comprehensive protection is necessary, the company claims.

/zimages/4/28571.gifClick here to read about five hackers who left a mark in 2006.

Another emerging trend that demands such dynamic Web content scanning is the move by hackers to load malicious programs onto legitimate URLs, such as the recent spate of attacks carried out over social networking site

In addition to blocking access to questionable Web sites, the appliance also offers the ability to block content such as MP3s and other multimedia files. By limiting access to such materials, companies can protect against potential attacks as well as limit workers ability to use content that might sap productivity or hog network bandwidth.

Sophos executives said that enterprise customers are also shifting their gateway security tools from software systems to appliances, as the devices are easier to manage and offer a performance boost over traditional defenses. As part of the launch, Sophos also introduced an additional management package for the WS1000, through which it takes on all oversight of the appliance.

The WS1000, which has a starting price of $16,000 for up to 500 users over a three year timeframe, also offers the ability for customers to buy additional integrated content filtering tools developed by software maker SurfControl, based in Scotts Valley, Calif.

In addition to gaining access to the vendors URL classification engine, which claims to have categorized over 21 million Web pages, the companies said the SurfControl tools bring additional management functions into the WS1000 platform.

Sophos did not indicate what the additional charge for the SurfControl technology will be.

Among the products Sophos officials expect the WS1000 to compete against are similar appliances from Trend Micro, and the Web-scanning technologies offered by firms such as WebSense.

"You cant look at every Web site and make a black or white security judgment anymore, and we feel the specificity of what we can offer with this hardware-based solution is pretty unique," Borbas said.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.