An Extra Layer of Phishing Protection

Blue Coat adds real-time analysis of potential phishing sites

Blue Coat Systems today will announce that it has added an anti-phishing feature to its Web filtering appliances for catching phishing sites on the fly before users visit them.

The new anti-phishing feature for Blue Coat's Web-filtering ProxySG analyzes unknown URLs that users try to access -- Blue Coat's WebFilter software running on the proxy appliance already prevents users from visiting known "bad" sites such as porn or gambling sites.

Phishing sites are increasingly becoming more and more fluid as the bad guys set them up and tear them down as often and as quickly as necessary to evade detection, so blacklisting alone can't always detect them.

"We don't have to rely [only] on a database of known phishing sites," says Bethany Mayer, senior vice president for worldwide marketing at Blue Coat.

The new anti-phishing feature looks for things like spoofed IP addresses as well as the types of information it requests. If the URL isn't in Blue Coat's WebFilter database, the appliance sends a query to Blue Coat Labs, where it's automatically analyzed. If it's determined to be a phishing site, the service labels it as such and then alerts the SG appliances, which warn or block the user from accessing the site. This process takes about 250-750 milliseconds and can analyze sites that use SSL encryption as well.

Blue Coat says its Web appliances can also catch some malicious content that gets planted on legitimate sites for phishing purposes. So it could detect if a file labeled as a JPEG actually has an executable within it, for example, before the user runs or downloads it from a legit site.

Paul Roberts, a senior analyst for enterprise security at The 451 Group, who had not been briefed on Blue Coat's announcement, says the key is maintaining performance as well as preventing false positives. "The question is, how do you develop a heuristic that can spot the zebra attacks and subtle hijackings of legitimate sites without introducing unacceptable latency for Web surfing, or result in a high number of false positives that infuriate your employees -- or your boss," Roberts says.

The feature is free for Blue Coat appliances with WebFilter software, Mayer says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Read more about:


About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights