Cisco's IronPort Hunts for Encrypted Security Threats
November 08, 2007 3:30 PM ET
Cisco Systems' IronPort Systems business unit this week said it is revamping its Web security appliance to protect users from malicious traffic that previously has been protected.
The update to the IronPort S-Series Web Security Appliance adds several new features, including selective HTTPS scanning, which opens suspicious encrypted traffic to scanning while keeping legitimate traffic private.
Typically, network security devices do not have visibility into encrypted HTTPS traffic, making a blind spot in many businesses' security strategies. That creates a means for malware writers to cloak their security threats, said Tom Gillis, senior vice president of worldwide sales and marketing at IronPort, San Bruno, Calif.
"If you're a malware writer, it's easy to create a site that looks like a regional bank. For most network providers, even if they can decrypt HTTPS traffic, they won't decrypt that session because it's supposed to be private," Gillis said. "We add reputation awareness, looking at how long the server has been up, how much content it serves, the country of origin, the DNS setup. The classification doesn't matter. We can make an assessment based on trustworthiness."
Another new feature is multi-vendor signature scanning. IronPort's Dynamic Vectoring and Streaming engine uses reputation data to push content through a multi-vendor signature-based scan when needed. Now the vendor has added support for anti-spyware signatures from Webroot as well as anti-spyware and anti-virus signatures from McAfee.
"With the S-series being built on both signatures as well as reputation filtering, spyware is caught at a much higher rate than standard signature-based engines," said David Tompkins, managing partner at Dallas-based solution provider GalaxyTech, via e-mail.
IronPort's Gillis said customers can choose between Webroot and McAfee or use both of their signatures, estimating that 90 percent of the market uses more than one scanning vendor.
The new features will be available in December as part of a new software release, Gillis said.
Cisco, San Jose, Calif., completed its acquisition of IronPort in June.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Cisco's Chambers Sees 'Lumpy' U.S. Enterprise Market
- Cisco Expands SMB Channel With New Partners, Products
- Microsoft Shows Its Love In Valentine's Day Patch Release
- Worker Abuse Protest Targets Apple, Supplier Foxconn
- Cisco Restructuring Pays Off: Q2 Profit Jumps, More M&A Expected
- VARs Say VCE To Target SMBs With Entry-Level Vblocks
- ISP McColo Shut Down After Connection Found To Spammers
- IronPort Upgrades E-mail Security Management
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
