IronPort Systems Inc., the leader in gateway security, today announced at the DEMO 06 conference the company´s latest innovation, the IronPort S-Series Web Security Appliance. This high performance gateway appliance is designed to stop spyware and web-based malware from entering the network, with near zero latency to preserve the end-user Internet browsing experience. Spyware is an increasingly worrisome threat. It is considered to be the second-greatest threat to enterprise network security, according to IDC´s 2005 Enterprise Security Survey, up from fourth in 2004. This same study concluded that 75% of corporate desktops are infected by spyware.
Internet malware (which includes spam, viruses, phishing and spyware) is a burgeoning business. The large profits have attracted organized criminals with deep pockets and professional engineering resources. As a result, in the past 12 months, the level of sophistication and proliferation of these threats has grown dramatically. Spyware ranges from unwanted pop-up ads that slow down a PC to harmful key-loggers and malicious system monitors that track and steal information. The problem persists because the vast majority of corporate networks have no anti-malware defenses in place for their web gateways. This is primarily due to the very low throughput and very high latency of the first generation web anti-virus products. These products also did not scale effectively, and added significant latency — inhibiting the end-user Internet browsing experience. As a result, most corporations have chosen not to deploy any web security system — allowing the current crop of spyware threats to propagate with impunity at the gateway, contributing to the rampant spread of spyware threats without impediment.
“Most corporations have not deployed signature based scanning for their web perimeter because of performance and other issues,” said Brian Burke, program manager at IDC. “IronPort´s new S-Series Web Security Appliance can help relieve customers´ performance concerns.”
“Some enterprises have deployed desktop solutions to deal with the spyware menace but the fact remains that dealing with this at the desktop layer is extremely resource and CPU intensive for the client,” said Tom Gillis, Senior Vice President of Worldwide Marketing at IronPort Systems. “If spyware has reached your corporate desktop, it has already breached your network. Enterprises must look towards gateway spyware protection that stop these threats from entering your network at the first place.”
IronPort AsyncOS – A Technical Breakthrough – Again
Five years ago, IronPort developed the world´s most powerful and fastest operating system — AsyncOS — to tackle the scalability problems associated with email security. Today, IronPort AsyncOS is at work protecting 8 of the 10 largest ISPs in the world and more then 20% of the world´s largest corporations. This same platform is now being harnessed to protect the web and address the scalability issues presented by web security. IronPort´s S-Series Web Security Appliances are powered by AsyncOS, which uses a stackless threading model and unique persistent memory allocation to allow a single appliance to support up to 100,000 simultaneous connections. This proprietary technology makes the IronPort S-Series the world´s first in-line web security appliance that can scale to meet the needs of the largest enterprises.
Protection At The Network Layer and The Application Layer
The IronPort S-Series is unique because it provides protection at both the network layer and the application layer. The integrated layer 4 Traffic Monitor scans all network traffic across every port to detect and block malicious “phone-home” activity. Typically, spyware applications will “phone-home” to communicate confidential information or to download additional malicious applications. In many cases, spyware will try to disguise this “phone-home” connection by using some network port other than port 80, which is reserved for web traffic. In addition to network layer protection, the IronPort S-Series includes a high-performance full application proxy for HTTP, HTTPS and FTP traffic. Given the devious and rapidly mutating nature of web-based malware, the secure proxy platform enables the S-Series appliance to fully examine the context and the content of any traffic passing over these protocols. This is critical since most spyware and web-based malware routinely mimics end user traffic behavior and it is impossible to tell it apart from normal traffic without deep content inspection.
“Our customers have come to expect the very best from IronPort,” continued Gillis. “When they asked us to tackle the spyware problem, we knew we had to make the significant investment to develop both a layer 4 traffic monitor and a full application layer proxy integrated into a single product. Systems that use only one approach are missing half the picture and will struggle to provide complete protection from insidious web-based threats.”
Web Reputation Filters – The Outer Layer
The first line of defense in the IronPort S-Series appliances is IronPort´s unique web reputation filters. IronPort first introduced the concept of reputation filtering for email 3 years ago. Using a similar approach, IronPort´s web reputation system analyzes the traffic patterns and behavior of a web server and makes a determination about its trustworthiness. IronPort´s web reputation system is powered by SenderBase, the world´s largest Internet traffic monitoring network; capturing data from more than 100,000 sources and measuring more than 45 parameters about each web server. The approach is powerfully simple — spyware does not usually come from reputable web servers, it typically comes from un-trusted web servers that have unusual traffic patterns and network behavior.
“IronPort Systems is a DEMO success story,” said Chris Shipley, executive producer of DEMO 2006. “At DEMO 2003 the company previewed SenderBase, their groundbreaking email sender reputation service. Reputation services have subsequently become the de facto standard for dealing with spam. Now, IronPort is leveraging the same reputation methodology to address the vulnerabilities associated with the web. Today, I welcome them back to DEMO 2006 as a visionary force in the future of gateway security.”
IronPort´s DVS Technology – Saving the End User Experience
Spyware and web-based malware are characterized by their dynamic nature. Multiple detection methodologies are required to detect these threats effectively and quickly at the gateway. Along with multiple detection methods, an approach that blends together multiple verdict engines and signatures from best-of-breed vendors is critical in ensuring maximum efficacy. Until now, the performance of current technology makes multi-vendor spyware scanning unrealistic. IronPort has shattered this performance limitation with its advanced scanning engine, the IronPort Dynamic Vectoring and Streaming™ (DVS) engine. This allows IronPort S-Series appliances to be the first in the industry to offer multiple spyware and malware verdict engines which can be used either in isolation or in combination to provide for greater threat coverage.
World-Class Reporting and Management
Stopping spyware requires very advanced technology, but spyware defense is ultimately a business decision for every corporation. To facilitate the ongoing management of this business decision, the IronPort S-Series includes a powerful reporting system with pre-designed reports that highlight the amount of spyware detected in the network, and the actions taken to stop it. Reports include detailed data as well as easy-to-read graphs and charts. Reporting data is also stored in a SQL database for the ad-hoc reporting queries.
In addition to powerful reports, the IronPort S-Series includes a robust Web Security Manager. This simple and highly customizable graphical tool provides administrators with a comprehensive view of the various policies being applied to all corporate web traffic. The web security manager shares a common policy framework with IronPort´s email security manager. This simplifies the job of the corporate security team — one set of security policies can be developed for email and web and easily rolled out across both traffic types.
The IronPort S-Series Web Security Appliances are available in the summer of 2006. Customers and partners may be eligible to participate in IronPort´s development partner program and get early access to the IronPort technology.