I am seeing the same things, which leads to bad traffic being allowed instead of being blocked and people getting owned.
The other aspect I am seeing in these solutions, is they may or may not have a Cloud Based Service for ranking of sites ( note what could be fine one day could be owned and totally malicious the next), but don’t have easier ways to export in other lists ( Malwaredomain, ThreatExpert etc etc) which would be highly helpful in getting things into your web filtering as sites pop up and then are taken down. The other big one that I have seen and had personal experience with researching is malware delivered via seemingly good ad content networks that definitely was malicious, along with malvertisments ( malicious advertisements that send you to places you didn’t want to go, which is usually the landing pads for exploit kits) This coupled with the seeming endless number of browser flaws that are being reported and some that are definitely not reported because they work so well and own systems so quick, means that even with the compensating controls in place, we still might be losing the arms race against these evolving malware delivery trends. Just food for thought, Z Edward Ziots CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected] -----Original Message----- From: Kennedy, Jim [mailto:[email protected]] Sent: Tuesday, June 19, 2012 3:25 PM To: NT System Admin Issues Subject: RE: Web Filtering hits and misses, your ideas? There are too many websites that are uncategorized. They are not categorized as 'malware' or 'educational' or 'news' or anything. If you don't block uncategorized you are wide open to unknown sites. If you do block unknown you knock down a lot of good sites. That is the part that annoys me the most about web filtering. -----Original Message----- From: Ziots, Edward [mailto:[email protected]] Sent: Tuesday, June 19, 2012 2:06 PM To: NT System Admin Issues Subject: Web Filtering hits and misses, your ideas? For those out there using various web filtering products ( Websense, Palo Alto, Iprism, etc etc) where do you feel that the current products are lacking (detection, coverage? Features) as it pertains to keeping malicious software from being downloaded to our corporate assets? Open for discussion in public or I would definitely like to hear your ideas in private also. Z Edward Ziots CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
