E-Commerce News: Network Intrusion: IronPort Offers New Layer of Armor Against Invisible Web Menaces

IronPort Offers New Layer of Armor Against Invisible Web Menaces

By Jack M. Germain
TechNewsWorld
Part of the ECT News Network
09/22/08 6:00 AM PT

IronPort Systems' new Exploit Filtering technology is designed to protect against trusted Web sites that have been unwittingly tainted by cross-site scripting exploits, SQL injections, invisible iFrame redirects, and other nasty infections. When trusted Web destinations like banking sites are victimized by malware, both the proprietor of the site as well as the visitor are often unaware of the intrusion.

eMarketer Whitepaper: Optimizing the E-Commerce Experience
From the Web to the Contact Center, are you prepared to proactively engage and keep your savvy customers? Read how e-commerce leaders are optimizing their sites with ratings, reviews, live help, Web analytics, mobile and more.

Internet security firm IronPort Systems announced on Monday an enhanced layer of protection for its Web Security appliance S-Series with the addition of Exploit Filtering technology.

The company made its announcement on the heels of the March launch of its URL Outbreak Detection and Botsite Defense. That security layer protects users against malware distribution through Web sites controlled by botnets.

The Exploit Filtering layer targets the latest security threat posed by trusted Web sites compromised to deliver Trojans or phishing attacks with cross-site scripting (XSS) exploits, buffer overflow attacks, SQL injections and invisible iFrame redirects.

"Many bot attacks have multiple infected sites. Constantly filtering Web sites by scanning their code for exploits provides our customers with an additional layer of protection. These invisible threats are very visible to our scanners," Samantha Madrid, product manager for Web security at Ironport/Cisco Systems, told TechNewsWorld.

Hacking Highlights

Botnets orchestrate and inject malware into compromised Web sites through SQL injections by leveraging vulnerabilities in Web applications. Hackers use SQL injections to insert JavaScript iFrames that redirect browsers to Web servers hosting malware, Madrid explained.

These newest threats are invisible to even the Web site operators. Malware writers exploit trusted Web sites, including auction, payment system and banking sites. The code lies in wait, showing no overt signs of being malicious. Hackers can then trigger the code at will on unsuspecting host servers to spread malicious content without warning.

"Nine out of 10 Web sites are infected because Web content is no longer static. The ability for visitors to enter input makes it more vulnerable," she said.

How It Works

Exploit Filtering is powered by IronPort's SenderBase Reputation Engine. This process provides real-time cloud scanning that checks for code strings in Web page content from known bad sources.

Exploit Filtering is designed to provide an added layer of protection that secures Web gateways from exploited sites that URL filtering allows to pass through.

The filtering technology analyzes some 5 billion Web transactions daily and blocks up to 70 percent of malware at the connection level prior to signature scanning, according to the company.

Risk Levels

IronPort groups filtering results into three risk levels. The first level, dangerous sites, are known sites actively serving malware.

Level two risks are Web sites that are compromised. They have malicious scripts that have not yet been activated by the bot networks.

The third risk level are those top 500 Web sites that are prime targets of attackers. These sites, because of their steady streams of repeat customers, are very susceptible to reinfection, according to Madrid.

The highly targeted level-three risk sites include top banking and financial Web sites, as well as news sites.

IronPort, which is now a part of Cisco Systems (Nasdaq: CSCO), includes the Exploit Filtering system for its customers using the S-Series Web security appliances for no additional cost.

Exploit Filtering is also available to all users of IronPort Web Reputation Filters.

Next Article in Network Intrusion

Keeping the Web Barbarians at Bay
September 11, 2008

Facing a growing multitude of online security threats, IT departments at many organizations have turned to unified threat management solutions to provide a consolidated approach to keeping corporate data safe. Aberdeen's Derek Brink expects that upcoming research in the UTM market will yield interesting and useful insights for firms hoping to achieve Best-in-Class performance.

More by Jack M. Germain

Yahoo Lets FOSS Community Drive Its Traffic Server
November 04, 2009

Yahoo Traffic Server is an app server for builders of cloud services. The software package enables session management, authentication, configuration management, load balancing and routing for an entire cloud computing stack. Yahoo has now open sourced a version of the application through Apache.

Is AES Encryption Crackable?
November 03, 2009

A team of researchers has discovered what they think could be a flaw that leaves AES encryption open to attack. The technique has only been shown in a theoretical setting; in practice, such a hack would be very difficult to pull off. Still, such a finding could bring into question the faith that's been placed in AES -- and spur new innovation to make encryption even better.

Windows 7 Is a Snooze
October 29, 2009

It's accurate to say that Windows 7 straightens out some of the problems with Vista. Aside from that, though, there aren't a whole lot of standout reasons to upgrade to the new OS, especially if you're currently on XP or you honestly don't mind Vista. The new features that are present aren't quite worth the trouble to learn how to use, and if you happen to have even slightly old equipment, forget about it.

[Search More...]