IronPort targets botnets with new filter

IronPort Systems has improved its S-Series family of web security appliances, by adding filters to help prevent corporate web surfers being victimised by botnets.

Share

IronPort Systems has improved its S-Series family of web security appliances, by adding filters to help prevent corporate web surfers being victimised by botnets.

The gateway appliances make use of what IronPort calls URL Outbreak Detection and Botsite Defence to recognise a botnet "object" or an attempt by a web page to redirect a browser to a malicious site.

"We would either block the web page or the object itself," said Samantha Madrid, IronPort product manager. Managers can set up customisable notifications for users as alerts to let them know why a web page was blocked, she added.

The page could be associated with either a known malware distribution site or a legitimate site that has been compromised and forced to dispense malware until it's fixed.

IronPort, a Cisco business unit, has tracked millions of bots but because of their dynamic quality, the technique used to identify them relies more on recognising behaviour evidenced by the web page and the browser rather than a code signature.

"This web reputation analysis isn't signature-based," Madrid said, but relies more on analysing global web traffic.

The S-Series Web security appliances start at $7,000 (£3,500).

Now read:

New behaviour detection software on way