Web Security Gateway Analyse
Tolly Group analyse
baseret på Gartner Buyers Guide for Secure Web Gateways
December 2008
web security | data security | email security © 2009 Websense, Inc. All rights reserved.

Today’s Webscape
77 percent of Web sites with malicious code
are legitimate sites that have been
THE DYNAMIC WEB compromised
• Constantly changing content
• Millions of varied pages per site
• Legitimate sites compromised
• Legacy security systems obsolete THE UNKNOWN WEB
• Requires real-time content analysis • Junk, personal, scam, adult, etc.
• Million of new sites appear daily
• Reputation and URL databases
can’t keep up
THE KNOWN WEB • Requires real-time categorization
• Current events, regional, genre sites and real-time security scanning
• Less user-generated content
Web Traffic
• Reputation, URL databases fairly
effective
Top 100 sites Next 1 million sites Next 100 million sites
2

Testing The Webscape: Test 1
THE KNOWN WEB
TEST 1: URL
Coverage
• Testing general coverage
of URL classification
• Test bed is based on the
Alexa top 100K most
visited Web sites, minus
the top 100.
3

Test 1: Overall URL Database
Coverage
RESULTS:
95.15
CONCLUSION: A URL database is adequate for the top sites on the Web for
classification of acceptable content if you ALLOW unclassified
4

Testing The Webscape: Test 2
THE DYNAMIC WEB THE KNOWN WEB
TEST 2: Web-Borne Malware Coverage
 Testing general coverage of malware executables on the web
 Test bed is last 250 collected samples from ThreatSeeker
 Spans entire Webscape
Top 100 Sites Next 1 Million Sites Next 100 Million Sites
5

Test 2: Web-Borne Malware
Coverage
RESULTS:
79.71
CONCLUSION: Vendors who rely on signature AV with static URL DB are not
providing adequate coverage for Web threats
6

Testing The Webscape: Test 3
TEST 3: Phishing
and Proxy
Avoidance
 Testing general coverage
of sites hosting phishing
and proxy avoidance
 Test bed is from
ThreatSeeker (1,000
random sample sites)
7

Test 3: Phishing and Proxy
Avoidance
RESULTS:
97.52
CONCLUSION: Without dynamic Web identification fast moving phishing
sites are not properly classified
8

Testing The Webscape: Test 4
THE KNOWN WEB
TEST 4: Web
Exploits and
Compromises
 Testing general coverage
of sites with exploit
code/drive by installs that
have been compromised
 Test bed is from
ThreatSeeker (1,000
random sample sites)
9

Test 4: Web Exploits and
Compromises
RESULTS:
CONCLUSION: Reputation systems are not effective in classifying compromised
sites
AV signature approaches score lower due to adaptive evasion
tactics and volume of variants
10

Testing The Webscape: Test 5
THE DYNAMIC WEB
TEST 5: Accuracy
in Web 2.0
 Testing accuracy of
classification of pages in
popular Web 2.0 sites
 Test includes 10K pages
hosted on popular Web 2.0
networks in Adult, Gambling,
Rogue Anti-Virus, Malicious
Code, and Phishing/Fraud
11

Test 5: Classification Accuracy in Web 2.0
RESULTS:
2.1
CONCLUSION: Without dynamic classification of Web 2.0 this leaves business
organizations open to business risk or requires blocking of Web 2.0
sites
12

Testing The Webscape: Test 6
TEST 6: Coverage
in Long Tail
 Testing accuracy of
classification of pages in long
tail
 Testing includes 10K pages
hosted on infrequently visited
pages not in the URL DB
13

Test 6: Coverage in Long Tail
RESULTS:
46.54
CONCLUSION: Dynamic classification against unknown Web effective in content
and security classification
Reputation systems only take security into consideration in the
long tail. They do not cover other business risk categories such as
gambling, hacking, and porn.
14

Spørgsmål ?
© 2009 Websense, Inc. All rights reserved. 15

Kontakt
For yderligere information kontakt :
Kim Rene Jensen
Territory Manager
Denmark, Faroe Island, Greenland
+45 31668595
krjensen@websense.com
© 2009 Websense, Inc. All rights reserved. 16