“The bad guys test their viruses against anti-virus technologies”, eSoft’s Walsh told Infosecurity editor Eleanor Dallaway. “What we do is block the malicious sites that don’t get detected by anti-virus technology. We block the distribution point”.
“Secure web filtering that goes beyond basic policy is essential”, eSoft’s Walsh argued. So sure of this, he declared that “[information security] technologies that don’t include web filtering won’t survive”.
eSoft’s SiteFilter offers zero hour threat detection stopping the virus at the distribution point. The technology detects security risks, phishing sites, compromised sites and malware distribution points. “Despite belt tightening [due to the recession], it’s not an option for people to cut security. The growth in viruses means that people need to buy new stuff. While we [eSoft] have noticed the recession, there has not been a decrease in subscription renewals”.
SiteFilter works by categorising websites and blocking users from accessing dangerous or specific site categories (depending on the organisation’s policy). The eSoft technology can thus be used as a behaviour monitoring, compliance and productivity tool, in addition to a security technology.
“We create the categories, and our clients can choose which ones to block, and how to best utilise our technology”. eSoft have recently released version 3 of their categories list, which now includes 144 categories. “We need to be able to offer the same level of detail as our competitors”.
The categories
The 144 categories available include the predictable; pornography, gambling, botnet, instant messenger, and social networking sites, for example, and the unpredictable; pets and animals, food and restaurants, and coupons, among many more.
“Not all categories are blockable”, said Walsh. “Many companies choose to use the technology to monitor behaviour and productivity. Our categories are driven by customer need – the recent upgrade to 144 categories (from a previous 53) is a reflection of what our clients need. The level of reporting that the customer wants to see can be determined by them”.
eSoft’s Walsh explains that organisations have very different needs, hence the wide choice of categories. “In the Middle East, for example, clients will be more sensitive to skin, so may wish to block sites selling swimwear or lingerie for example. Stock trading at work is a big problem in China apparently, so their policy would be sensitive to that”.
The eSoft technology categorises a website in near real-time, with no delay, when a customer tries to access a site. Each URL can be placed in up to five categories. In a matter of seconds, a website can be identified as dangerous, or out of policy, and will be instantly blocked. “Once a URL is identified as malicious, it will be blocked in real-time to all of our users. We only categorise the sites our users visit – everything else we don’t care about”.
Popular URLs are re-visited daily to check for vulnerabilities, and malicious URLs are “visited constantly by eSoft. Once a URL has been categorised by our technology, we will re-visit it at least once a year”. eSoft currently has more than 150 million URLs categorised.
“As web 2.0 proliferates, and we see an explosion of un-moderated content on social networking sites and blogs, the need for more effective security intensifies”, said eSoft’s Walsh. The solution? “Web filtering is the way forward” he concluded.