IronPort Offers New Layer of Armor Against Invisible Web Menaces

Internet security firm IronPort Systems announced on Monday an enhanced layer of protection for its Web Security appliance S-Series with the addition of Exploit Filtering technology.

The company made its announcement on the heels of the March launch of its URL Outbreak Detection and Botsite Defense. That security layer protects users against malware distribution through Web sites controlled by botnets.

The Exploit Filtering layer targets the latest security threat posed by trusted Web sites compromised to deliver Trojans or phishing attacks with cross-site scripting (XSS) exploits, buffer overflow attacks, SQL injections and invisible iFrame redirects.

"Many bot attacks have multiple infected sites. Constantly filtering Web sites by scanning their code for exploits provides our customers with an additional layer of protection. These invisible threats are very visible to our scanners," Samantha Madrid, product manager for Web security at Ironport/Cisco Systems, told TechNewsWorld.

Hacking Highlights

Botnets orchestrate and inject malware into compromised Web sites through SQL injections by leveraging vulnerabilities in Web applications. Hackers use SQL injections to insert JavaScript iFrames that redirect browsers to Web servers hosting malware, Madrid explained.

These newest threats are invisible to even the Web site operators. Malware writers exploit trusted Web sites, including auction, payment system and banking sites. The code lies in wait, showing no overt signs of being malicious. Hackers can then trigger the code at will on unsuspecting host servers to spread malicious content without warning.

"Nine out of 10 Web sites are infected because Web content is no longer static. The ability for visitors to enter input makes it more vulnerable," she said.

How It Works

Exploit Filtering is powered by IronPort's SenderBase Reputation Engine. This process provides real-time cloud scanning that checks for code strings in Web page content from known bad sources.

Exploit Filtering is designed to provide an added layer of protection that secures Web gateways from exploited sites that URL filtering allows to pass through.

The filtering technology analyzes some 5 billion Web transactions daily and blocks up to 70 percent of malware at the connection level prior to signature scanning, according to the company.

Risk Levels

IronPort groups filtering results into three risk levels. The first level, dangerous sites, are known sites actively serving malware.

Level two risks are Web sites that are compromised. They have malicious scripts that have not yet been activated by the bot networks.

The third risk level are those top 500 Web sites that are prime targets of attackers. These sites, because of their steady streams of repeat customers, are very susceptible to reinfection, according to Madrid.

The highly targeted level-three risk sites include top banking and financial Web sites, as well as news sites.

IronPort, which is now a part of Cisco Systems (Nasdaq: CSCO), includes the Exploit Filtering system for its customers using the S-Series Web security appliances for no additional cost.

Exploit Filtering is also available to all users of IronPort Web Reputation Filters.