The Web Security Report - December 2006 Edition - What Have We Done? The Internet As Global Critical Infrastructure

IronPort Systems, a Cisco business unit, is a leader in Internet Gateway Security. The company
has developed the IronPort S-Series Web Security Appliance. This enterprise class solution delivers the
industry’s most comprehensive malware protection by integrating processing at both the network layer
and at the application proxy layer. Furthermore, the IronPort S-Series is now the industry’s first and
only Web security appliance to combine URL filtering, reputation filtering and anti-malware filtering
on a single, integrated platform. By combining these innovative technologies, the IronPort S-Series
allows organizations to address the growing challenges posed by securing and controlling Web traffic.

Network-Layer Protection

The IronPort S-Series™ has an integrated Layer (L4) Traffic Monitor. This wire-speed device can sit inline or on a network tap. It monitors all network activity, looking for
malicious traffic that is trying to “phone home” or connect
to a rogue server. The L4 traffic monitor shares data with
IronPort’s Web reputation system, to identify and stop
malware before it does harm. The L4 traffic monitor also
does an excellent job of identifying the most infected PCs
on a corporate network—allowing IT administrators to
proactively and efficiently launch desktop clean up efforts.

Application-Layer Processing

The IronPort S-Series also includes an extremely highperformance Web proxy, along with integrated caching and content acceleration capabilities. Built on IronPort’s proprietary operating system, AsyncOS™, the IronPort S-Series proxy can support up to 100,000 simultaneous connections— as much as 10x more than traditional UNIX-based proxy servers. Being a Web proxy allows for comprehensive content inspection at the application layer — a critical requirement for ensuring accuracy against Web-based malware.

Accelerated Signature Scanning

IronPort® developed its proprietary Dynamic Vectoring
and Streaming (DVS) engine™ to accelerate the signature scanning of Web content and minimize latency. The DVS engine performs intelligent scanning and reputation-based caching to minimize the amount of scanning that actually needs to take place. When an object does need to be

scanned, the DVS engine has a unique streaming capability. It can scan an object while simultaneously receiving the remainder of it and buffering it though to the end-user. This combination of intelligent scanning and streaming of data yields a decrease in latency that approaches 1/10th that of traditional ICAP-based signature scanning systems — making the IronPort S-Series imperceptible to end-users.

By combining the DVS engine with best of breed signatures, the IronPort S-Series protects organizations against the broadest range of Web-based malware. The IronPort Anti-Malware System™ quickly and accurately detects and blocks a full range of known and emerging threats, including
adware, Trojans, system monitors, keyloggers, rootkits,
malicious/tracking cookies, browser hijackers, browser
helper objects, phishing and more.

The World’s First Web Reputation System

IronPort invented the concept of reputation filtering more than three years ago. This capability is at the heart of the IronPort S-Series. For each Web request, IronPort makes an assessment of the reputation (or trustworthiness) of the URL requested. This reputation score is based on over 45 different parameters, including such factors as:

• How long has the domain been registered?
• What is the country of origin?
• What is the IP range of the hosting server?
• How does the name server infrastructure behave?
• How much traffic is the URL getting?

By analyzing these objective parameters, the IronPort Web reputation system can make a very accurate determination

continued on page 11