Web-Filtering Appliances Add Services

Two Web-filtering appliances--Blue Coat Systems' Blue Coat ProxySG and St. Bernard Software's iPrism--recently added features in the form of Internet services. Blue Coat ProxySG's service adds a check for suspicious behavior to the URL-database check performed on the appliance; St. Bernard iPrism's service consolidates reporting for multiple appliances.

According to Chris King, Blue Coat director of strategic marketing, keeping a database of malicious URLs up to date is increasingly hard to do. To outsmart Web filters' databases of known-bad URLs, criminals are leaving their phishing Web sites up for only 24 hours, then taking them down and setting up new ones at new addresses. Criminals are also using SSL encryption on their Web pages to make them look more legitimate when they ask for personal information and to foil Web filters.

Blue Coat ProxySG with the new service counters the Web-site churn by providing two checks when a user clicks a link in an email message. If the Web page isn't found in the WebFilter database on the ProxySG appliance, the page is sent to Blue Coat's data center, where proprietary algorithms analyze it for suspicious behavior, such as asking for identity information or downloading software. ProxySG can also analyze Web pages that use SSL encryption, because as a proxy, it terminates an SSL session and examines the traffic before re-establishing an SSL tunnel and sending the traffic on its way. After assessing a Web page, ProxySG categorizes it. If the Web page is categorized as a phishing site, ProxySG blocks the requested Web page or warns the user.

St. Bernard added the Managed Enterprise Reporting Service (MERS) to its iPrism Web-filtering appliances. St. Bernard customers that run multiple iPrism appliances in various locations will be able to use the Internet-hosted reporting service to aggregate all their usage reports and archive them securely at St. Bernard's data center.

Andrew Lochart, St. Bernard VP of marketing and product management, described the reporting service as a "first step" in a new strategy to combine features of its LivePrism Web-filtering managed service with its iPrism appliance. Lochart pointed out that both deployment models have strengths and weaknesses. Appliances let customers control where the hardware is installed on the network, but they don't actually filter out the bad stuff before it hits your network, as services do. Appliances also have finite performance and bandwidth. St. Bernard's "hybrid" strategy going forward will take these strengths and limitations into account when identifying the best place to perform a function (on the appliance or on the Internet) and will then implement the function accordingly.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.