View
3.200
Download
0
Category
Preview:
DESCRIPTION
Web Security Gatewat analyse - Gennemført af Tolly Group - Baseret på Gartner Buyers Guide for Secure Gateways - December 2008 - Download the full report from Tolly Group for full details and pros/cons...
Citation preview
web security | data security | email security © 2009 Websense, Inc. All rights reserved.
Web Security Gateway Analyse
Tolly Group analysebaseret på Gartner Buyers Guide for Secure Web Gateways
December 2008
Today’s Webscape
2
Top 100 sites Next 1 million sites Next 100 million sites
THE DYNAMIC WEB• Constantly changing content• Millions of varied pages per site• Legitimate sites compromised• Legacy security systems obsolete • Requires real-time content analysis
THE KNOWN WEB• Current events, regional, genre sites • Less user-generated content• Reputation, URL databases fairlyeffective
THE UNKNOWN WEB• Junk, personal, scam, adult, etc. • Million of new sites appear daily• Reputation and URL databases can’t keep up
• Requires real-time categorization and real-time security scanning
Web
Tra
ffic
77 percent of Web sites with malicious code are legitimate sites that have been
compromised
Testing The Webscape: Test 1
3
THE KNOWN WEB
TEST 1: URL
Coverage• Testing general coverage
of URL classification
• Test bed is based on the
Alexa top 100K most
visited Web sites, minus
the top 100.
Test 1: Overall URL Database
Coverage
CONCLUSION: A URL database is adequate for the top sites on the Web for
classification of acceptable content if you ALLOW unclassified
4
RESULTS:
95.15
Testing The Webscape: Test 2
5
Top 100 Sites Next 1 Million Sites Next 100 Million Sites
THE DYNAMIC WEB THE KNOWN WEB
TEST 2: Web-Borne Malware Coverage
Testing general coverage of malware executables on the web
Test bed is last 250 collected samples from ThreatSeeker
Spans entire Webscape
Test 2: Web-Borne Malware
Coverage
CONCLUSION: Vendors who rely on signature AV with static URL DB are not
providing adequate coverage for Web threats
6
RESULTS:
79.71
Testing The Webscape: Test 3
7
TEST 3: Phishing
and Proxy
Avoidance Testing general coverage
of sites hosting phishing
and proxy avoidance
Test bed is from
ThreatSeeker (1,000
random sample sites)
Test 3: Phishing and Proxy
Avoidance
CONCLUSION: Without dynamic Web identification fast moving phishing
sites are not properly classified
8
RESULTS:97.52
Testing The Webscape: Test 4
9
THE KNOWN WEB
TEST 4: Web
Exploits and
Compromises Testing general coverage
of sites with exploit
code/drive by installs that
have been compromised
Test bed is from
ThreatSeeker (1,000
random sample sites)
Test 4: Web Exploits and
Compromises
CONCLUSION: Reputation systems are not effective in classifying compromised
sites
AV signature approaches score lower due to adaptive evasion
tactics and volume of variants
10
RESULTS:
THE DYNAMIC WEB
Testing The Webscape: Test 5
11
TEST 5: Accuracy
in Web 2.0 Testing accuracy of
classification of pages in
popular Web 2.0 sites
Test includes 10K pages
hosted on popular Web 2.0
networks in Adult, Gambling,
Rogue Anti-Virus, Malicious
Code, and Phishing/Fraud
Test 5: Classification Accuracy in Web 2.0
CONCLUSION: Without dynamic classification of Web 2.0 this leaves business
organizations open to business risk or requires blocking of Web 2.0
sites
12
RESULTS:
2.1
Testing The Webscape: Test 6
13
TEST 6: Coverage
in Long Tail Testing accuracy of
classification of pages in long
tail
Testing includes 10K pages
hosted on infrequently visited
pages not in the URL DB
Test 6: Coverage in Long Tail
CONCLUSION: Dynamic classification against unknown Web effective in content and security classificationReputation systems only take security into consideration in the long tail. They do not cover other business risk categories such as gambling, hacking, and porn.
14
RESULTS:
46.54
Spørgsmål ?
© 2009 Websense, Inc. All rights reserved. 15
© 2009 Websense, Inc. All rights reserved. 16
Kontakt
For yderligere information kontakt :
Kim Rene Jensen
Territory Manager
Denmark, Faroe Island, Greenland
+45 31668595
krjensen@websense.com
Recommended