Malicious attacks come in a variety of forms, whether it's e-mail spam, phishing sites, active denial-of-service or hacking attempts, or viruses. Security vendors offer a number of solutions intended to identify and remove these attacks before they cause any damage.
Web gateway products vendor Finjan recently unveiled version 9 of its Vital Security Web appliance. Finjan's secure Web gateway protects from Web attacks such as crimeware, Web 2.0 attacks, spyware, phishing, Trojans, and obfuscated malicious code. The Vital Security Web appliance features an active real-time inspection technology that checks both inbound and outbound Web and SSL traffic. Enterprises receive security and risk levels information in real-time. Test Center received and tested a beta of the new version.
Many security appliances use signatures or heuristic technology to determine if something is malicious. Finjan approaches the problem differently, relying on a real-time code inspection technology that scans each piece of content's code. Each piece of incoming and outgoing Web content on HTTP, HTTPS, and FTP is analyzed regardless of the originating URL and without signature matching. If any kind of malicious code is discovered while scanning each line of code, the content piece blocked automatically. In version 9, Finjan is using both static and dynamic code analysis while scanning. If a HTML page contains malicious code, Vital Security can remove that specific part and display the rest to the end-user, or block the entire page altogether.
Vital Security v9.0 offer optional URL filtering engines from IBM and Websense that classify domains in specific categories, such as gambling, news, entertainment. Through the management interface, rules can be created to prevent users from accessing certain categories, or to restrict access to certain types till after hours. There is also an external reporting and logging system, which can be used for data analysis or for compliance audits.
In addition to URL filtering and inspecting regular HTTP traffic, this version inspects SSL traffic for harmful code. The content remains encrypted when entering and exiting the Finjan appliance, both to ensure data security and user privacy.
When Finjan deconstructs the code, it creates an internal data model, looks at all the calls made, and the executables that need to run, to understand what it is trying to do. The appliance assesses the impact of running the code to determine its danger.
By the time reviewers got around to unpacking the appliance for testing, the beta version had a new build. After Finjan provided the new build on a USB drive, reviewers booted up the appliance with the USB drive plugged in. The new version was installed and copied easily. Updating the software this easily is a benefit because it simplifies necessary maintenance.
The most visible component of version 9 (beta) can be found in the appliance's management capabilities. The integrated dashboard displays graphs to show security risk level and attacks coming in, system performance, and security. Through the dashboard, system administrators can manage security policies and refine rules to tighten or loosen restrictions. Most of the rules can be refined with a single click through the policy decision-making engine. This is particularly useful for solution providers looking for a product that can handle both security and compliance activities. The Vital Security appliance can meet several compliance regulations, including Sarbanes-Oxley, PCI, HIPAA and FISMA.
The appliance uses any combination of antivirus engines that are part of the system, such as McAfee, Sophos and Kaspersky. Customers don't need to worry about paying for, or maintaining the antivirus and other applications individually. The anti-virus software and other aspects of the Finjan technology are all automatically available to customers. It's easier to keep track and maintain in one place.
The appliance offers users wizards to simplify decision-making for security policies and for configuring the appliance.
Finjan has designed three types of policies -- basic, medium, and strict security. Finjan's rule-based system, allows administrators to define flexible sets of rules to describe expected cases and any set conditions. Each organization can create highly granular policies for the user access lists. Finjan has designed and included several security and HTTPS policies to simplify rule creation for some customers.
After deploying the Vital Security product on to a test network, Core Impact, a penetration tool from Core Security, was installed on a notebook within the network. Using Core Impact's automated tests, reviewers simulated accessing sites and files with a variety of exploits, including websites with embedded SQL injection attacks and Active-X exploits. With version 9 of its software, Finjan's Vital Security appliance was able to identify the malicious code and prevent Core Impact for installing agents and compromising the network.
Considering the number of malicious code out on the Web that can damange hardware, steal sensitive data, compromise privacy, and clog up network bandwidth, an appliance like Finjan's Vital Security can make a difference in organizations concerned about security and compliance.