web security | data security | email security © 2009 Websense, Inc. All rights reserved.

Web Security Gateway Analyse

Tolly Group analysebaseret på Gartner Buyers Guide for Secure Web Gateways

December 2008

Today’s Webscape

2

Top 100 sites Next 1 million sites Next 100 million sites

THE DYNAMIC WEB• Constantly changing content• Millions of varied pages per site• Legitimate sites compromised• Legacy security systems obsolete • Requires real-time content analysis

THE KNOWN WEB• Current events, regional, genre sites • Less user-generated content• Reputation, URL databases fairlyeffective

THE UNKNOWN WEB• Junk, personal, scam, adult, etc. • Million of new sites appear daily• Reputation and URL databases can’t keep up

• Requires real-time categorization and real-time security scanning

Web

Tra

ffic

77 percent of Web sites with malicious code are legitimate sites that have been

compromised

Testing The Webscape: Test 1

3

THE KNOWN WEB

TEST 1: URL

Coverage• Testing general coverage

of URL classification

• Test bed is based on the

Alexa top 100K most

visited Web sites, minus

the top 100.

Test 1: Overall URL Database

Coverage

CONCLUSION: A URL database is adequate for the top sites on the Web for

classification of acceptable content if you ALLOW unclassified

4

RESULTS:

95.15

Testing The Webscape: Test 2

5

Top 100 Sites Next 1 Million Sites Next 100 Million Sites

THE DYNAMIC WEB THE KNOWN WEB

TEST 2: Web-Borne Malware Coverage

Testing general coverage of malware executables on the web

Test bed is last 250 collected samples from ThreatSeeker

Spans entire Webscape

Test 2: Web-Borne Malware

Coverage

CONCLUSION: Vendors who rely on signature AV with static URL DB are not

providing adequate coverage for Web threats

6

RESULTS:

79.71

Testing The Webscape: Test 3

7

TEST 3: Phishing

and Proxy

Avoidance Testing general coverage

of sites hosting phishing

and proxy avoidance

Test bed is from

ThreatSeeker (1,000

random sample sites)

Test 3: Phishing and Proxy

Avoidance

CONCLUSION: Without dynamic Web identification fast moving phishing

sites are not properly classified

8

RESULTS:97.52

Testing The Webscape: Test 4

9

THE KNOWN WEB

TEST 4: Web

Exploits and

Compromises Testing general coverage

of sites with exploit

code/drive by installs that

have been compromised

Test bed is from

ThreatSeeker (1,000

random sample sites)

Test 4: Web Exploits and

Compromises

CONCLUSION: Reputation systems are not effective in classifying compromised

sites

AV signature approaches score lower due to adaptive evasion

tactics and volume of variants

10

RESULTS:

THE DYNAMIC WEB

Testing The Webscape: Test 5

11

TEST 5: Accuracy

in Web 2.0 Testing accuracy of

classification of pages in

popular Web 2.0 sites

Test includes 10K pages

hosted on popular Web 2.0

networks in Adult, Gambling,

Rogue Anti-Virus, Malicious

Code, and Phishing/Fraud

Test 5: Classification Accuracy in Web 2.0

CONCLUSION: Without dynamic classification of Web 2.0 this leaves business

organizations open to business risk or requires blocking of Web 2.0

sites

12

RESULTS:

2.1

Testing The Webscape: Test 6

13

TEST 6: Coverage

in Long Tail Testing accuracy of

classification of pages in long

tail

Testing includes 10K pages

hosted on infrequently visited

pages not in the URL DB

Test 6: Coverage in Long Tail

CONCLUSION: Dynamic classification against unknown Web effective in content and security classificationReputation systems only take security into consideration in the long tail. They do not cover other business risk categories such as gambling, hacking, and porn.

14

RESULTS:

46.54

Spørgsmål ?

© 2009 Websense, Inc. All rights reserved. 15

© 2009 Websense, Inc. All rights reserved. 16

Kontakt

For yderligere information kontakt :

Kim Rene Jensen

Territory Manager

Denmark, Faroe Island, Greenland

+45 31668595

krjensen@websense.com