Web Security Gatewat analyse - Gennemført af Tolly Group - Baseret på Gartner Buyers Guide for Secure Gateways - December 2008 - Download the full report from Tolly Group for full details and pros/cons...
2. Today’s Webscape
77 percent of Web sites with malicious code
are legitimate sites that have been
THE DYNAMIC WEB compromised
• Constantly changing content
• Millions of varied pages per site
• Legitimate sites compromised
• Legacy security systems obsolete THE UNKNOWN WEB
• Requires real-time content analysis • Junk, personal, scam, adult, etc.
• Million of new sites appear daily
• Reputation and URL databases
can’t keep up
THE KNOWN WEB • Requires real-time categorization
• Current events, regional, genre sites and real-time security scanning
• Less user-generated content
Web Traffic
• Reputation, URL databases fairly
effective
Top 100 sites Next 1 million sites Next 100 million sites
2
3. Testing The Webscape: Test 1
THE KNOWN WEB
TEST 1: URL
Coverage
• Testing general coverage
of URL classification
• Test bed is based on the
Alexa top 100K most
visited Web sites, minus
the top 100.
3
4. Test 1: Overall URL Database
Coverage
RESULTS:
95.15
CONCLUSION: A URL database is adequate for the top sites on the Web for
classification of acceptable content if you ALLOW unclassified
4
5. Testing The Webscape: Test 2
THE DYNAMIC WEB THE KNOWN WEB
TEST 2: Web-Borne Malware Coverage
Testing general coverage of malware executables on the web
Test bed is last 250 collected samples from ThreatSeeker
Spans entire Webscape
Top 100 Sites Next 1 Million Sites Next 100 Million Sites
5
6. Test 2: Web-Borne Malware
Coverage
RESULTS:
79.71
CONCLUSION: Vendors who rely on signature AV with static URL DB are not
providing adequate coverage for Web threats
6
7. Testing The Webscape: Test 3
TEST 3: Phishing
and Proxy
Avoidance
Testing general coverage
of sites hosting phishing
and proxy avoidance
Test bed is from
ThreatSeeker (1,000
random sample sites)
7
8. Test 3: Phishing and Proxy
Avoidance
RESULTS:
97.52
CONCLUSION: Without dynamic Web identification fast moving phishing
sites are not properly classified
8
9. Testing The Webscape: Test 4
THE KNOWN WEB
TEST 4: Web
Exploits and
Compromises
Testing general coverage
of sites with exploit
code/drive by installs that
have been compromised
Test bed is from
ThreatSeeker (1,000
random sample sites)
9
10. Test 4: Web Exploits and
Compromises
RESULTS:
CONCLUSION: Reputation systems are not effective in classifying compromised
sites
AV signature approaches score lower due to adaptive evasion
tactics and volume of variants
10
11. Testing The Webscape: Test 5
THE DYNAMIC WEB
TEST 5: Accuracy
in Web 2.0
Testing accuracy of
classification of pages in
popular Web 2.0 sites
Test includes 10K pages
hosted on popular Web 2.0
networks in Adult, Gambling,
Rogue Anti-Virus, Malicious
Code, and Phishing/Fraud
11
12. Test 5: Classification Accuracy in Web 2.0
RESULTS:
2.1
CONCLUSION: Without dynamic classification of Web 2.0 this leaves business
organizations open to business risk or requires blocking of Web 2.0
sites
12
13. Testing The Webscape: Test 6
TEST 6: Coverage
in Long Tail
Testing accuracy of
classification of pages in long
tail
Testing includes 10K pages
hosted on infrequently visited
pages not in the URL DB
13
14. Test 6: Coverage in Long Tail
RESULTS:
46.54
CONCLUSION: Dynamic classification against unknown Web effective in content
and security classification
Reputation systems only take security into consideration in the
long tail. They do not cover other business risk categories such as
gambling, hacking, and porn.
14