SlideShare uma empresa Scribd logo

Web Security Gateway Test

Kim Jensen
Kim Jensen

Web Security Gatewat analyse - Gennemført af Tolly Group - Baseret på Gartner Buyers Guide for Secure Gateways - December 2008 - Download the full report from Tolly Group for full details and pros/cons...

TecnologiaNegócios
1 de 16
Baixar para ler offline
Web Security Gateway Analyse Tolly Group analyse baseret på Gartner Buyers Guide for Secure Web Gateways December 2008 web security | data security | email security © 2009 Websense, Inc. All rights reserved.
Today’s Webscape 77 percent of Web sites with malicious code are legitimate sites that have been THE DYNAMIC WEB compromised • Constantly changing content • Millions of varied pages per site • Legitimate sites compromised • Legacy security systems obsolete THE UNKNOWN WEB • Requires real-time content analysis • Junk, personal, scam, adult, etc. • Million of new sites appear daily • Reputation and URL databases can’t keep up THE KNOWN WEB • Requires real-time categorization • Current events, regional, genre sites and real-time security scanning • Less user-generated content Web Traffic • Reputation, URL databases fairly effective Top 100 sites Next 1 million sites Next 100 million sites 2
Testing The Webscape: Test 1 THE KNOWN WEB TEST 1: URL Coverage • Testing general coverage of URL classification • Test bed is based on the Alexa top 100K most visited Web sites, minus the top 100. 3
Test 1: Overall URL Database Coverage RESULTS: 95.15 CONCLUSION: A URL database is adequate for the top sites on the Web for classification of acceptable content if you ALLOW unclassified 4
Testing The Webscape: Test 2 THE DYNAMIC WEB THE KNOWN WEB TEST 2: Web-Borne Malware Coverage  Testing general coverage of malware executables on the web  Test bed is last 250 collected samples from ThreatSeeker  Spans entire Webscape Top 100 Sites Next 1 Million Sites Next 100 Million Sites 5
Test 2: Web-Borne Malware Coverage RESULTS: 79.71 CONCLUSION: Vendors who rely on signature AV with static URL DB are not providing adequate coverage for Web threats 6
Testing The Webscape: Test 3 TEST 3: Phishing and Proxy Avoidance  Testing general coverage of sites hosting phishing and proxy avoidance  Test bed is from ThreatSeeker (1,000 random sample sites) 7
Test 3: Phishing and Proxy Avoidance RESULTS: 97.52 CONCLUSION: Without dynamic Web identification fast moving phishing sites are not properly classified 8
Testing The Webscape: Test 4 THE KNOWN WEB TEST 4: Web Exploits and Compromises  Testing general coverage of sites with exploit code/drive by installs that have been compromised  Test bed is from ThreatSeeker (1,000 random sample sites) 9
Test 4: Web Exploits and Compromises RESULTS: CONCLUSION: Reputation systems are not effective in classifying compromised sites AV signature approaches score lower due to adaptive evasion tactics and volume of variants 10
Testing The Webscape: Test 5 THE DYNAMIC WEB TEST 5: Accuracy in Web 2.0  Testing accuracy of classification of pages in popular Web 2.0 sites  Test includes 10K pages hosted on popular Web 2.0 networks in Adult, Gambling, Rogue Anti-Virus, Malicious Code, and Phishing/Fraud 11
Test 5: Classification Accuracy in Web 2.0 RESULTS: 2.1 CONCLUSION: Without dynamic classification of Web 2.0 this leaves business organizations open to business risk or requires blocking of Web 2.0 sites 12
Testing The Webscape: Test 6 TEST 6: Coverage in Long Tail  Testing accuracy of classification of pages in long tail  Testing includes 10K pages hosted on infrequently visited pages not in the URL DB 13
Test 6: Coverage in Long Tail RESULTS: 46.54 CONCLUSION: Dynamic classification against unknown Web effective in content and security classification Reputation systems only take security into consideration in the long tail. They do not cover other business risk categories such as gambling, hacking, and porn. 14
Spørgsmål ? © 2009 Websense, Inc. All rights reserved. 15
Kontakt For yderligere information kontakt : Kim Rene Jensen Territory Manager Denmark, Faroe Island, Greenland +45 31668595 krjensen@websense.com © 2009 Websense, Inc. All rights reserved. 16

Recomendados

Naxsi, an open source WAF for Nginx
Naxsi, an open source WAF for NginxNaxsi, an open source WAF for Nginx
Naxsi, an open source WAF for NginxPositive Hack Days
 
Cross-Build Injection attacks: how safe is your Java build?
Cross-Build Injection attacks: how safe is your Java build?Cross-Build Injection attacks: how safe is your Java build?
Cross-Build Injection attacks: how safe is your Java build?Sander Mak (@Sander_Mak)
 
Gartner Magic Quadrant for Secure Email Gateways 2014
Gartner Magic Quadrant for Secure Email Gateways 2014Gartner Magic Quadrant for Secure Email Gateways 2014
Gartner Magic Quadrant for Secure Email Gateways 2014Michael Bunn
 
Fy09 Sask Tel Learn It Ie7 And Ie8 Joel Semeniuk
Fy09 Sask Tel Learn It Ie7 And Ie8 Joel SemeniukFy09 Sask Tel Learn It Ie7 And Ie8 Joel Semeniuk
Fy09 Sask Tel Learn It Ie7 And Ie8 Joel Semeniuksim100
 
Top Ten Web Attacks
Top Ten Web Attacks Top Ten Web Attacks
Top Ten Web Attacks Ajay Ohri
 
Net canine
Net canineNet canine
Net canineKaushal Bhavsar
 
My Web Performance Dirty Secrets
My Web Performance Dirty SecretsMy Web Performance Dirty Secrets
My Web Performance Dirty SecretsFred Beringer
 
Webscale webinar about Web Application Firewall
Webscale webinar about Web Application Firewall Webscale webinar about Web Application Firewall
Webscale webinar about Web Application Firewall Webscale Networks
 

Recomendados

Naxsi, an open source WAF for Nginx
Naxsi, an open source WAF for NginxNaxsi, an open source WAF for Nginx
Naxsi, an open source WAF for NginxPositive Hack Days
 
Cross-Build Injection attacks: how safe is your Java build?
Cross-Build Injection attacks: how safe is your Java build?Cross-Build Injection attacks: how safe is your Java build?
Cross-Build Injection attacks: how safe is your Java build?Sander Mak (@Sander_Mak)
 
Gartner Magic Quadrant for Secure Email Gateways 2014
Gartner Magic Quadrant for Secure Email Gateways 2014Gartner Magic Quadrant for Secure Email Gateways 2014
Gartner Magic Quadrant for Secure Email Gateways 2014Michael Bunn
 
Fy09 Sask Tel Learn It Ie7 And Ie8 Joel Semeniuk
Fy09 Sask Tel Learn It Ie7 And Ie8 Joel SemeniukFy09 Sask Tel Learn It Ie7 And Ie8 Joel Semeniuk
Fy09 Sask Tel Learn It Ie7 And Ie8 Joel Semeniuksim100
 
Top Ten Web Attacks
Top Ten Web Attacks Top Ten Web Attacks
Top Ten Web Attacks Ajay Ohri
 
Net canine
Net canineNet canine
Net canineKaushal Bhavsar
 
My Web Performance Dirty Secrets
My Web Performance Dirty SecretsMy Web Performance Dirty Secrets
My Web Performance Dirty SecretsFred Beringer
 
Webscale webinar about Web Application Firewall
Webscale webinar about Web Application Firewall Webscale webinar about Web Application Firewall
Webscale webinar about Web Application Firewall Webscale Networks
 
A look at the prevalence of client-side JavaScript vulnerabilities in web app...
A look at the prevalence of client-side JavaScript vulnerabilities in web app...A look at the prevalence of client-side JavaScript vulnerabilities in web app...
A look at the prevalence of client-side JavaScript vulnerabilities in web app...IBM Rational software
 
TS-5358
TS-5358TS-5358
TS-5358tutorialsruby
 
TS-5358
TS-5358TS-5358
TS-5358tutorialsruby
 
BIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionBIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionF5 Networks
 
Xfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknockXfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknockownerkhan
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application VulnerabilitiesPreetish Panda
 
Protecting the Mac Environment: Technical Insight
Protecting the Mac Environment: Technical InsightProtecting the Mac Environment: Technical Insight
Protecting the Mac Environment: Technical Insightimagazinepl
 
Web Performance Acceleration with Strangeloop AS1000
Web Performance Acceleration with Strangeloop AS1000Web Performance Acceleration with Strangeloop AS1000
Web Performance Acceleration with Strangeloop AS1000Thomas Stensitzki
 
2008_IRLbot
2008_IRLbot2008_IRLbot
2008_IRLbotHiroshi Ono
 
The Cloud: A game changer to test, at scale and in production, SOA based web...
The Cloud: A game changer to test, at scale and in production, SOA based web...The Cloud: A game changer to test, at scale and in production, SOA based web...
The Cloud: A game changer to test, at scale and in production, SOA based web...Fred Beringer
 
Vfm bluecoat proxy sg solution with web filter and reporter
Vfm bluecoat proxy sg solution with web filter and reporterVfm bluecoat proxy sg solution with web filter and reporter
Vfm bluecoat proxy sg solution with web filter and reportervfmindia
 
Chasing web-based malware
Chasing web-based malwareChasing web-based malware
Chasing web-based malwareFACE
 
Internet World Web2
Internet World Web2Internet World Web2
Internet World Web2BobsNJ
 
Testing Framework on AWS Cloud - Solution Set
Testing Framework on AWS Cloud - Solution SetTesting Framework on AWS Cloud - Solution Set
Testing Framework on AWS Cloud - Solution SetBlazeclan Technologies Private Limited
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introductionJimmy Saigon
 
Refactoring Ruby on Rails Applications
Refactoring Ruby on Rails ApplicationsRefactoring Ruby on Rails Applications
Refactoring Ruby on Rails ApplicationsJonathan Weiss
 
Scott Isaacs Presentationajaxexperience (Final)
Scott Isaacs Presentationajaxexperience (Final)Scott Isaacs Presentationajaxexperience (Final)
Scott Isaacs Presentationajaxexperience (Final)Ajax Experience 2009
 
Il Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webIl Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webSymantec Italia
 
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise EditionQualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise EditionRisk Analysis Consultants, s.r.o.
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksCyren, Inc
 
Forcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsForcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsKim Jensen
 
OpenDNS presenter pack
OpenDNS presenter packOpenDNS presenter pack
OpenDNS presenter packKim Jensen
 

Mais conteúdo relacionado

Semelhante a Web Security Gateway Test

A look at the prevalence of client-side JavaScript vulnerabilities in web app...
A look at the prevalence of client-side JavaScript vulnerabilities in web app...A look at the prevalence of client-side JavaScript vulnerabilities in web app...
A look at the prevalence of client-side JavaScript vulnerabilities in web app...IBM Rational software
 
BIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionBIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionF5 Networks
 
Xfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknockXfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknockownerkhan
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application VulnerabilitiesPreetish Panda
 
Protecting the Mac Environment: Technical Insight
Protecting the Mac Environment: Technical InsightProtecting the Mac Environment: Technical Insight
Protecting the Mac Environment: Technical Insightimagazinepl
 
Web Performance Acceleration with Strangeloop AS1000
Web Performance Acceleration with Strangeloop AS1000Web Performance Acceleration with Strangeloop AS1000
Web Performance Acceleration with Strangeloop AS1000Thomas Stensitzki
 
The Cloud: A game changer to test, at scale and in production, SOA based web...
The Cloud: A game changer to test, at scale and in production, SOA based web...The Cloud: A game changer to test, at scale and in production, SOA based web...
The Cloud: A game changer to test, at scale and in production, SOA based web...Fred Beringer
 
Vfm bluecoat proxy sg solution with web filter and reporter
Vfm bluecoat proxy sg solution with web filter and reporterVfm bluecoat proxy sg solution with web filter and reporter
Vfm bluecoat proxy sg solution with web filter and reportervfmindia
 
Chasing web-based malware
Chasing web-based malwareChasing web-based malware
Chasing web-based malwareFACE
 
Internet World Web2
Internet World Web2Internet World Web2
Internet World Web2BobsNJ
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introductionJimmy Saigon
 
Refactoring Ruby on Rails Applications
Refactoring Ruby on Rails ApplicationsRefactoring Ruby on Rails Applications
Refactoring Ruby on Rails ApplicationsJonathan Weiss
 
Scott Isaacs Presentationajaxexperience (Final)
Scott Isaacs Presentationajaxexperience (Final)Scott Isaacs Presentationajaxexperience (Final)
Scott Isaacs Presentationajaxexperience (Final)Ajax Experience 2009
 
Il Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webIl Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webSymantec Italia
 
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise EditionQualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise EditionRisk Analysis Consultants, s.r.o.
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksCyren, Inc
 

Semelhante a Web Security Gateway Test (20)

A look at the prevalence of client-side JavaScript vulnerabilities in web app...
A look at the prevalence of client-side JavaScript vulnerabilities in web app...A look at the prevalence of client-side JavaScript vulnerabilities in web app...
A look at the prevalence of client-side JavaScript vulnerabilities in web app...
 
TS-5358
TS-5358TS-5358
TS-5358
 
TS-5358
TS-5358TS-5358
TS-5358
 
BIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall SolutionBIG-IP Data Center Firewall Solution
BIG-IP Data Center Firewall Solution
 
Xfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknockXfocus xcon 2008_aks_oknock
Xfocus xcon 2008_aks_oknock
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application Vulnerabilities
 
Protecting the Mac Environment: Technical Insight
Protecting the Mac Environment: Technical InsightProtecting the Mac Environment: Technical Insight
Protecting the Mac Environment: Technical Insight
 
Web Performance Acceleration with Strangeloop AS1000
Web Performance Acceleration with Strangeloop AS1000Web Performance Acceleration with Strangeloop AS1000
Web Performance Acceleration with Strangeloop AS1000
 
2008_IRLbot
2008_IRLbot2008_IRLbot
2008_IRLbot
 
The Cloud: A game changer to test, at scale and in production, SOA based web...
The Cloud: A game changer to test, at scale and in production, SOA based web...The Cloud: A game changer to test, at scale and in production, SOA based web...
The Cloud: A game changer to test, at scale and in production, SOA based web...
 
Vfm bluecoat proxy sg solution with web filter and reporter
Vfm bluecoat proxy sg solution with web filter and reporterVfm bluecoat proxy sg solution with web filter and reporter
Vfm bluecoat proxy sg solution with web filter and reporter
 
Chasing web-based malware
Chasing web-based malwareChasing web-based malware
Chasing web-based malware
 
Internet World Web2
Internet World Web2Internet World Web2
Internet World Web2
 
Testing Framework on AWS Cloud - Solution Set
Testing Framework on AWS Cloud - Solution SetTesting Framework on AWS Cloud - Solution Set
Testing Framework on AWS Cloud - Solution Set
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introduction
 
Refactoring Ruby on Rails Applications
Refactoring Ruby on Rails ApplicationsRefactoring Ruby on Rails Applications
Refactoring Ruby on Rails Applications
 
Scott Isaacs Presentationajaxexperience (Final)
Scott Isaacs Presentationajaxexperience (Final)Scott Isaacs Presentationajaxexperience (Final)
Scott Isaacs Presentationajaxexperience (Final)
 
Il Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webIl Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del web
 
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise EditionQualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
QualysGuard InfoDay 2012 - Malware Detection Service – Enterprise Edition
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array works
 

Mais de Kim Jensen

Forcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsForcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsKim Jensen
 
OpenDNS presenter pack
OpenDNS presenter packOpenDNS presenter pack
OpenDNS presenter packKim Jensen
 
Infoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedInfoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedKim Jensen
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Kim Jensen
 
5 things needed to know migrating Windows Server 2003
5 things needed to know migrating Windows Server 20035 things needed to know migrating Windows Server 2003
5 things needed to know migrating Windows Server 2003Kim Jensen
 
Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014Kim Jensen
 
Cisco 2013 Annual Security Report
Cisco 2013 Annual Security ReportCisco 2013 Annual Security Report
Cisco 2013 Annual Security ReportKim Jensen
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat ReportKim Jensen
 
Security Survey 2013 UK
Security Survey 2013 UKSecurity Survey 2013 UK
Security Survey 2013 UKKim Jensen
 
Miercom Security Effectiveness Test Report
Miercom Security Effectiveness Test Report Miercom Security Effectiveness Test Report
Miercom Security Effectiveness Test Report Kim Jensen
 
DK Cert Trend Rapport 2012
DK Cert Trend Rapport 2012DK Cert Trend Rapport 2012
DK Cert Trend Rapport 2012Kim Jensen
 
Bliv klar til cloud med Citrix Netscaler (pdf)
Bliv klar til cloud med Citrix Netscaler (pdf)Bliv klar til cloud med Citrix Netscaler (pdf)
Bliv klar til cloud med Citrix Netscaler (pdf)Kim Jensen
 
Data Breach Investigations Report 2012
Data Breach Investigations Report 2012Data Breach Investigations Report 2012
Data Breach Investigations Report 2012Kim Jensen
 
State of Web Q3 2011
State of Web Q3 2011State of Web Q3 2011
State of Web Q3 2011Kim Jensen
 
Wave mobile collaboration Q3 2011
Wave mobile collaboration Q3 2011Wave mobile collaboration Q3 2011
Wave mobile collaboration Q3 2011Kim Jensen
 
Corporate Web Security
Corporate Web SecurityCorporate Web Security
Corporate Web SecurityKim Jensen
 
Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Kim Jensen
 
Cloud rambøll mgmt - briefing d. 28. januar 2011
Cloud rambøll mgmt - briefing d. 28. januar 2011Cloud rambøll mgmt - briefing d. 28. januar 2011
Cloud rambøll mgmt - briefing d. 28. januar 2011Kim Jensen
 
Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Kim Jensen
 
Cloud services deep dive infoworld july 2010
Cloud services deep dive infoworld july 2010Cloud services deep dive infoworld july 2010
Cloud services deep dive infoworld july 2010Kim Jensen
 

Mais de Kim Jensen (20)

Forcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsForcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security Predictions
 
OpenDNS presenter pack
OpenDNS presenter packOpenDNS presenter pack
OpenDNS presenter pack
 
Infoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedInfoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updated
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015
 
5 things needed to know migrating Windows Server 2003
5 things needed to know migrating Windows Server 20035 things needed to know migrating Windows Server 2003
5 things needed to know migrating Windows Server 2003
 
Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014
 
Cisco 2013 Annual Security Report
Cisco 2013 Annual Security ReportCisco 2013 Annual Security Report
Cisco 2013 Annual Security Report
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat Report
 
Security Survey 2013 UK
Security Survey 2013 UKSecurity Survey 2013 UK
Security Survey 2013 UK
 
Miercom Security Effectiveness Test Report
Miercom Security Effectiveness Test Report Miercom Security Effectiveness Test Report
Miercom Security Effectiveness Test Report
 
DK Cert Trend Rapport 2012
DK Cert Trend Rapport 2012DK Cert Trend Rapport 2012
DK Cert Trend Rapport 2012
 
Bliv klar til cloud med Citrix Netscaler (pdf)
Bliv klar til cloud med Citrix Netscaler (pdf)Bliv klar til cloud med Citrix Netscaler (pdf)
Bliv klar til cloud med Citrix Netscaler (pdf)
 
Data Breach Investigations Report 2012
Data Breach Investigations Report 2012Data Breach Investigations Report 2012
Data Breach Investigations Report 2012
 
State of Web Q3 2011
State of Web Q3 2011State of Web Q3 2011
State of Web Q3 2011
 
Wave mobile collaboration Q3 2011
Wave mobile collaboration Q3 2011Wave mobile collaboration Q3 2011
Wave mobile collaboration Q3 2011
 
Corporate Web Security
Corporate Web SecurityCorporate Web Security
Corporate Web Security
 
Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Cloud security Deep Dive 2011
Cloud security Deep Dive 2011
 
Cloud rambøll mgmt - briefing d. 28. januar 2011
Cloud rambøll mgmt - briefing d. 28. januar 2011Cloud rambøll mgmt - briefing d. 28. januar 2011
Cloud rambøll mgmt - briefing d. 28. januar 2011
 
Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011
 
Cloud services deep dive infoworld july 2010
Cloud services deep dive infoworld july 2010Cloud services deep dive infoworld july 2010
Cloud services deep dive infoworld july 2010
 

Último

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 

Último (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

Web Security Gateway Test

  • 1. Web Security Gateway Analyse Tolly Group analyse baseret på Gartner Buyers Guide for Secure Web Gateways December 2008 web security | data security | email security © 2009 Websense, Inc. All rights reserved.
  • 2. Today’s Webscape 77 percent of Web sites with malicious code are legitimate sites that have been THE DYNAMIC WEB compromised • Constantly changing content • Millions of varied pages per site • Legitimate sites compromised • Legacy security systems obsolete THE UNKNOWN WEB • Requires real-time content analysis • Junk, personal, scam, adult, etc. • Million of new sites appear daily • Reputation and URL databases can’t keep up THE KNOWN WEB • Requires real-time categorization • Current events, regional, genre sites and real-time security scanning • Less user-generated content Web Traffic • Reputation, URL databases fairly effective Top 100 sites Next 1 million sites Next 100 million sites 2
  • 3. Testing The Webscape: Test 1 THE KNOWN WEB TEST 1: URL Coverage • Testing general coverage of URL classification • Test bed is based on the Alexa top 100K most visited Web sites, minus the top 100. 3
  • 4. Test 1: Overall URL Database Coverage RESULTS: 95.15 CONCLUSION: A URL database is adequate for the top sites on the Web for classification of acceptable content if you ALLOW unclassified 4
  • 5. Testing The Webscape: Test 2 THE DYNAMIC WEB THE KNOWN WEB TEST 2: Web-Borne Malware Coverage  Testing general coverage of malware executables on the web  Test bed is last 250 collected samples from ThreatSeeker  Spans entire Webscape Top 100 Sites Next 1 Million Sites Next 100 Million Sites 5
  • 6. Test 2: Web-Borne Malware Coverage RESULTS: 79.71 CONCLUSION: Vendors who rely on signature AV with static URL DB are not providing adequate coverage for Web threats 6
  • 7. Testing The Webscape: Test 3 TEST 3: Phishing and Proxy Avoidance  Testing general coverage of sites hosting phishing and proxy avoidance  Test bed is from ThreatSeeker (1,000 random sample sites) 7
  • 8. Test 3: Phishing and Proxy Avoidance RESULTS: 97.52 CONCLUSION: Without dynamic Web identification fast moving phishing sites are not properly classified 8
  • 9. Testing The Webscape: Test 4 THE KNOWN WEB TEST 4: Web Exploits and Compromises  Testing general coverage of sites with exploit code/drive by installs that have been compromised  Test bed is from ThreatSeeker (1,000 random sample sites) 9
  • 10. Test 4: Web Exploits and Compromises RESULTS: CONCLUSION: Reputation systems are not effective in classifying compromised sites AV signature approaches score lower due to adaptive evasion tactics and volume of variants 10
  • 11. Testing The Webscape: Test 5 THE DYNAMIC WEB TEST 5: Accuracy in Web 2.0  Testing accuracy of classification of pages in popular Web 2.0 sites  Test includes 10K pages hosted on popular Web 2.0 networks in Adult, Gambling, Rogue Anti-Virus, Malicious Code, and Phishing/Fraud 11
  • 12. Test 5: Classification Accuracy in Web 2.0 RESULTS: 2.1 CONCLUSION: Without dynamic classification of Web 2.0 this leaves business organizations open to business risk or requires blocking of Web 2.0 sites 12
  • 13. Testing The Webscape: Test 6 TEST 6: Coverage in Long Tail  Testing accuracy of classification of pages in long tail  Testing includes 10K pages hosted on infrequently visited pages not in the URL DB 13
  • 14. Test 6: Coverage in Long Tail RESULTS: 46.54 CONCLUSION: Dynamic classification against unknown Web effective in content and security classification Reputation systems only take security into consideration in the long tail. They do not cover other business risk categories such as gambling, hacking, and porn. 14
  • 15. Spørgsmål ? © 2009 Websense, Inc. All rights reserved. 15
  • 16. Kontakt For yderligere information kontakt : Kim Rene Jensen Territory Manager Denmark, Faroe Island, Greenland +45 31668595 krjensen@websense.com © 2009 Websense, Inc. All rights reserved. 16