Successfully reported this slideshow.
Web Security Gateway Analyse
   Tolly Group analyse
   baseret på Gartner Buyers Guide for Secure Web Gateways
   December...
Today’s Webscape
                                                                       77 percent of Web sites with malic...
Testing The Webscape: Test 1
                    THE KNOWN WEB



              TEST 1: URL
                Coverage
     ...
Test 1: Overall URL Database
Coverage

RESULTS:

                                                                    95.15...
Testing The Webscape: Test 2
  THE DYNAMIC WEB                    THE KNOWN WEB




               TEST 2: Web-Borne Malwa...
Test 2: Web-Borne Malware
Coverage

RESULTS:



                                                                   79.71

...
Testing The Webscape: Test 3


                               TEST 3: Phishing
                               and Proxy
  ...
Test 3: Phishing and Proxy
Avoidance

RESULTS:
                                                     97.52




CONCLUSION: ...
Testing The Webscape: Test 4
                    THE KNOWN WEB




              TEST 4: Web
              Exploits and
  ...
Test 4: Web Exploits and
Compromises

RESULTS:




CONCLUSION:   Reputation systems are not effective in classifying compr...
Testing The Webscape: Test 5
     THE DYNAMIC WEB


 TEST 5: Accuracy
 in Web 2.0
    Testing accuracy of
     classifica...
Test 5: Classification Accuracy in Web 2.0

RESULTS:




                                                                 ...
Testing The Webscape: Test 6


                               TEST 6: Coverage
                               in Long Tail...
Test 6: Coverage in Long Tail
RESULTS:




                                                                     46.54




...
Spørgsmål ?




              © 2009 Websense, Inc. All rights reserved.   15
Kontakt


  For yderligere information kontakt :

    Kim Rene Jensen
    Territory Manager
    Denmark, Faroe Island, Gre...
Upcoming SlideShare
Loading in …5
×

Web Security Gateway Test

2,352 views

Published on

Web Security Gatewat analyse - Gennemført af Tolly Group - Baseret på Gartner Buyers Guide for Secure Gateways - December 2008 - Download the full report from Tolly Group for full details and pros/cons...

Published in: Technology, Business
  • Be the first to comment

Web Security Gateway Test

  1. 1. Web Security Gateway Analyse Tolly Group analyse baseret på Gartner Buyers Guide for Secure Web Gateways December 2008 web security | data security | email security © 2009 Websense, Inc. All rights reserved.
  2. 2. Today’s Webscape 77 percent of Web sites with malicious code are legitimate sites that have been THE DYNAMIC WEB compromised • Constantly changing content • Millions of varied pages per site • Legitimate sites compromised • Legacy security systems obsolete THE UNKNOWN WEB • Requires real-time content analysis • Junk, personal, scam, adult, etc. • Million of new sites appear daily • Reputation and URL databases can’t keep up THE KNOWN WEB • Requires real-time categorization • Current events, regional, genre sites and real-time security scanning • Less user-generated content Web Traffic • Reputation, URL databases fairly effective Top 100 sites Next 1 million sites Next 100 million sites 2
  3. 3. Testing The Webscape: Test 1 THE KNOWN WEB TEST 1: URL Coverage • Testing general coverage of URL classification • Test bed is based on the Alexa top 100K most visited Web sites, minus the top 100. 3
  4. 4. Test 1: Overall URL Database Coverage RESULTS: 95.15 CONCLUSION: A URL database is adequate for the top sites on the Web for classification of acceptable content if you ALLOW unclassified 4
  5. 5. Testing The Webscape: Test 2 THE DYNAMIC WEB THE KNOWN WEB TEST 2: Web-Borne Malware Coverage  Testing general coverage of malware executables on the web  Test bed is last 250 collected samples from ThreatSeeker  Spans entire Webscape Top 100 Sites Next 1 Million Sites Next 100 Million Sites 5
  6. 6. Test 2: Web-Borne Malware Coverage RESULTS: 79.71 CONCLUSION: Vendors who rely on signature AV with static URL DB are not providing adequate coverage for Web threats 6
  7. 7. Testing The Webscape: Test 3 TEST 3: Phishing and Proxy Avoidance  Testing general coverage of sites hosting phishing and proxy avoidance  Test bed is from ThreatSeeker (1,000 random sample sites) 7
  8. 8. Test 3: Phishing and Proxy Avoidance RESULTS: 97.52 CONCLUSION: Without dynamic Web identification fast moving phishing sites are not properly classified 8
  9. 9. Testing The Webscape: Test 4 THE KNOWN WEB TEST 4: Web Exploits and Compromises  Testing general coverage of sites with exploit code/drive by installs that have been compromised  Test bed is from ThreatSeeker (1,000 random sample sites) 9
  10. 10. Test 4: Web Exploits and Compromises RESULTS: CONCLUSION: Reputation systems are not effective in classifying compromised sites AV signature approaches score lower due to adaptive evasion tactics and volume of variants 10
  11. 11. Testing The Webscape: Test 5 THE DYNAMIC WEB TEST 5: Accuracy in Web 2.0  Testing accuracy of classification of pages in popular Web 2.0 sites  Test includes 10K pages hosted on popular Web 2.0 networks in Adult, Gambling, Rogue Anti-Virus, Malicious Code, and Phishing/Fraud 11
  12. 12. Test 5: Classification Accuracy in Web 2.0 RESULTS: 2.1 CONCLUSION: Without dynamic classification of Web 2.0 this leaves business organizations open to business risk or requires blocking of Web 2.0 sites 12
  13. 13. Testing The Webscape: Test 6 TEST 6: Coverage in Long Tail  Testing accuracy of classification of pages in long tail  Testing includes 10K pages hosted on infrequently visited pages not in the URL DB 13
  14. 14. Test 6: Coverage in Long Tail RESULTS: 46.54 CONCLUSION: Dynamic classification against unknown Web effective in content and security classification Reputation systems only take security into consideration in the long tail. They do not cover other business risk categories such as gambling, hacking, and porn. 14
  15. 15. Spørgsmål ? © 2009 Websense, Inc. All rights reserved. 15
  16. 16. Kontakt For yderligere information kontakt : Kim Rene Jensen Territory Manager Denmark, Faroe Island, Greenland +45 31668595 krjensen@websense.com © 2009 Websense, Inc. All rights reserved. 16

×