HOME | ABOUT US | CONTACT | SITE MAP | EMPLOYMENT

Tel: 01707 255060

Email: info@clearview.co.uk

antivirus software
Home
Email Archiving
Email Security
Encryption
Endpoint Security
Firewall Security
Instant Messaging
Internet Monitoring
NAC
Remote Access
Vulnerability Testing
Web Security

Security Reseller
Of The Year

 

 

internet security, network security, url filtering, web antivirus

Web Security

The Web has now taken over from email as the delivery medium of choice for cyber criminals who make financial gain from getting their spyware and trojans onto your network. Whilst most companies have implemented fairly robust email security systems, web security defences are often limited to simple web filtering, which is inadequate to protect against current web threats.

There are two primary types of web threats:

Phishing
Phishing emails that appear to be from banks and shopping sites with embedded links to malicious web sites are not just a problem for the user who inadvertently gives away his personal information. They also present a risk to your company’s security. Phishing web sites are often also malicious, and will try to run exploits onto your users’ PC’s using Java and ActiveX in an attempt to load spyware. Since the life of these web sites is only days, they will generally not be blocked by standard category based filtering.

Secure Computing Secure Web
Secure Computing Webwasher
 Web Security Appliance

 
Trend Micro Interscan Web Security Suite
Trend Micro
Interscan Web Security Suite

 


Blue Coat
Blue Coat
Web Security Appliances


Compromised Web Sites
There have been a number of incidents where bona fide web sites have been compromised and code has been uploaded to divert the visitor to a malicious web server. The end result is much the same as Phishing, namely the threat of identity theft and uploading of malicious code. One such attack compromised 6,000 Italian Web sites with three Trojans over 6 days, using a malware toolkit that can be purchased for around £500. The cost in terms of identity theft fraud and loss of reputation to the companies whose sites were compromised however could have been millions of pounds.

New Threats Need New Solutions
In additional to traditional web filtering, two additional layers of security are required to provide adequate protection against web threats:

Scanning of Java and ActiveX Code
With over 450,000 new instances of malware being detected each year, pattern based scanning of executable code cannot be relied on to provide reliable web security in isolation. By analysing the behaviour of Java and Active X code downloaded from the Internet however, and blocking the execution of code that is trying to perform potentially malicious activity, it is possible to stop a malicious web site from running its exploit against your workstation to upload the spyware or Trojan horse code.

Secure Computing (now owned by McAfee) and Trend Micro have implemented Java and Active X scanning as part of their Secure Web and Interscan Web Security Suite products, and are therefore able to protect you against the threats posed by web sites that host malicious code.

Reputation Filtering
Reputation filtering enables a web proxy to take a decision on the trustworthiness or reputation of a website that a user is trying to connect to based on intelligence collected in an intelligence database run by the major security vendors. This data is acquired from multiple sources including honeypot email accounts, ISP’s, email content analysis and feedback from units installed in the field and services to identify the IP addresses of  Phishing and malicious URL links currently in circulation in spammed out emails as well as those of web sites found to be the source of malicious code. By checking the destination of a web request against the supplier’s reputation database, it is possible to block web visits to known malicious or compromised web sites even though they may not fit into any URL list category, and may even belong to reputable organisations. Secure Computing Secure Web uses Secure Computing's Trusted Source service to provide reputation based filtering of web browsing, whilst Trend Micro use their implementation of web reputation filtering for Interscan Web Security Suite..

Real Time Categorisation
Whilst most vendors have URL databases of tens of millions of URL's, these represent only a fraction of all URL's on the internet. Both Blue Coat and Secure Computing Secure Web have implemented an "in the cloud" service to classify unknown URL's "on-the-fly" by examining content in the web  page. By assessing the content of new web sites in this way, it is possible to minimise access to those types of sites most often associated with malware (gambling, pornography etc). 

These new techniques provide far better security for web connections than products that were previously available. By combining a web security system with robust email security to screen out spammed out links in emails, organisations can minimise their exposure to today's web threats. As IT Security specialists, Clearview Systems will advise you on which products will best meet your needs and arrange evaluation hardware or software for you to test in house prior to making a purchase. Please click here to contact us.

 
 
     TOP | HOME  | CONTACT

                          © Copyright 2009 Clearview Systems. All rights reserved.

 

McAfee Email Security I McAfee Spam Filter I McAfee Web Security I Webwasher SCM Appliance I Smartfilter Web Filter I Secure Application Proxy Firewall I Sidewinder I Cryoserver I Ironport Email Security I SafeGuard Enterprise Hard Disk Encryption I SafeGuard Easy I SafeGuard PDA I SafeGuard Private Disk I Safeguard Private Crypto I Mcafee Total Protection For Endpoint I Sophos Antivirus Software I Sophos Endpoint Security and Control I Sophos Network Access Control ( NAC) I Trend Micro Worry Free Business Security I Juniper Networks I Blue Coat Proxy SG I Blue Coat Proxy AV I Cyfin Reporter I Cyfin Proxy I Cyblock Proxy I Cyblock ISA I Aventail I EX 750 I EX 1600 I SafeWord Strong Authentication    

 

 

Email Archiving I Email SecurityEndpoint Security I Hard Disk Encryption I Email Encryption / Secure Email I Web Security