Blue Coat adds real-time analysis of potential phishing sites
October 8, 2007
Blue Coat Systems today will announce that it has added an anti-phishing feature to its Web filtering appliances for catching phishing sites on the fly before users visit them.
The new anti-phishing feature for Blue Coat's Web-filtering ProxySG analyzes unknown URLs that users try to access -- Blue Coat's WebFilter software running on the proxy appliance already prevents users from visiting known "bad" sites such as porn or gambling sites.
Phishing sites are increasingly becoming more and more fluid as the bad guys set them up and tear them down as often and as quickly as necessary to evade detection, so blacklisting alone can't always detect them.
"We don't have to rely [only] on a database of known phishing sites," says Bethany Mayer, senior vice president for worldwide marketing at Blue Coat.
The new anti-phishing feature looks for things like spoofed IP addresses as well as the types of information it requests. If the URL isn't in Blue Coat's WebFilter database, the appliance sends a query to Blue Coat Labs, where it's automatically analyzed. If it's determined to be a phishing site, the service labels it as such and then alerts the SG appliances, which warn or block the user from accessing the site. This process takes about 250-750 milliseconds and can analyze sites that use SSL encryption as well.
Blue Coat says its Web appliances can also catch some malicious content that gets planted on legitimate sites for phishing purposes. So it could detect if a file labeled as a JPEG actually has an executable within it, for example, before the user runs or downloads it from a legit site.
Paul Roberts, a senior analyst for enterprise security at The 451 Group, who had not been briefed on Blue Coat's announcement, says the key is maintaining performance as well as preventing false positives. "The question is, how do you develop a heuristic that can spot the zebra attacks and subtle hijackings of legitimate sites without introducing unacceptable latency for Web surfing, or result in a high number of false positives that infuriate your employees -- or your boss," Roberts says.
The feature is free for Blue Coat appliances with WebFilter software, Mayer says.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Blue Coat Systems Inc. (Nasdaq: BCSI)
Read more about:
2007About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024