Dark Reading
IronPort Filters Bots, Bad URLs
March 20, 2008
IronPort bolsters Web reputation filters with Botsite Defense and URL Outbreak Detection
MARCH 20, 2008 | SAN BRUNO, Calif. -- IronPort® Systems, a Cisco® business unit and a leading provider of enterprise email and Web security gateways, today announced significant enhancements to IronPort Web Reputation Filters. Even though these filters have already had one of the industry's highest capture rates of Web-based malware, the company is adding URL Outbreak Detection and Botsite Defense - effectively making IronPort Web Reputation Filters one of the most comprehensive Web security offerings available. These powerful new layers of malware defense are available on the IronPort S-Series™ family of Web security appliances and through IronPort's SenderBase® Network.
WWW: Wild Wild Web?
Threat analysts at IronPort and Cisco have observed that the Web is increasingly becoming the preferred method of malware distribution. As a result, corporations face even more sophisticated malware threats from a variety of entry points and coordinated cross-protocol attacks.
Threat writers are constantly looking for new ways to increase their success rate, and distributing malware through legitimate websites is an effective way to do so. A recent example of these dynamic attacks occurred in early March, when hundreds of legitimate sites were being used as a redirection hub to malware-producing bots. IronPort's Web Reputation Filters recognize where the redirection is going and can stop the request before any malware enters the network. Simple URL filtering alone does not detect threats targeted at legitimate sites, but IronPort Web Reputation Filters with Botsite Defense and URL Outbreak Detection can identify compromised sites and prevent customers from connecting to them.
There are over 10 billion active webpages. According to industry estimates between 2 percent and 10 percent of websites are malicious; a staggering amount of exposure for today's businesses. The malware and spyware delivered by these sites can result in a loss of confidential information, system and network downtime, reduced employee productivity and higher customer support costs. Reputation filtering systems, like IronPort Web Reputation Filters with URL Outbreak Detection and Botsite Defense, can help protect against infected sites as well as rapidly-mutating malware.
Driving the Deception: Botsites
One of the fastest vectors of Web-based threats are compromised hosts (known as botsites) that follow instructions from a command-and-control network (known as botnets).
Spreading via recruiting email and spam, malicious botsites self-propagate through their own established peer-to-peer networks. vThe botnets coordinate with each other to create spam with infected landing pages; the botnet/botsite system represents an intelligent malware distribution platform that is reusable and self-defending. Industry estimates point to at least 7 percent of the computers connected to the Internet (75 to 100 million machines) being part of some botnet/botsite system.
"The intelligence of these botnets is astounding," said Tom Gillis, vice president of marketing for IronPort Systems. "A single botnet can produce thousands of malware-laden botsites, that are active for anywhere from a few minutes to a few hours. The only effective defense is a Web reputation service that can detect the underlying deception and filter the sites out proactively."
