As Ben said, there's too much stuff to track. If the technology is based on categorization, then it will inevitably prove less than useful. The technology has to focus on blocking bad traffic, in addition to known bad locations. It can't just focus on locations.
* * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Tue, Jun 19, 2012 at 4:04 PM, Ziots, Edward <[email protected]> wrote: > I am seeing the same things, which leads to bad traffic being allowed > instead of being blocked and people getting owned. > > The other aspect I am seeing in these solutions, is they may or may not > have a Cloud Based Service for ranking of sites ( note what could be fine > one day could be owned and totally malicious the next), but don’t have > easier ways to export in other lists ( Malwaredomain, ThreatExpert etc etc) > which would be highly helpful in getting things into your web filtering as > sites pop up and then are taken down. > > The other big one that I have seen and had personal experience with > researching is malware delivered via seemingly good ad content networks > that definitely was malicious, along with malvertisments ( malicious > advertisements that send you to places you didn’t want to go, which is > usually the landing pads for exploit kits) > > This coupled with the seeming endless number of browser flaws that are > being reported and some that are definitely not reported because they work > so well and own systems so quick, means that even with the compensating > controls in place, we still might be losing the arms race against these > evolving malware delivery trends. > > Just food for thought, > Z > > > > Edward Ziots > CISSP, Security +, Network + > Security Engineer > Lifespan Organization > [email protected] > > > -----Original Message----- > From: Kennedy, Jim [mailto:[email protected]] > Sent: Tuesday, June 19, 2012 3:25 PM > To: NT System Admin Issues > Subject: RE: Web Filtering hits and misses, your ideas? > > There are too many websites that are uncategorized. They are not > categorized as 'malware' or 'educational' or 'news' or anything. If you > don't block uncategorized you are wide open to unknown sites. If you do > block unknown you knock down a lot of good sites. That is the part that > annoys me the most about web filtering. > > -----Original Message----- > From: Ziots, Edward [mailto:[email protected]] > Sent: Tuesday, June 19, 2012 2:06 PM > To: NT System Admin Issues > Subject: Web Filtering hits and misses, your ideas? > > For those out there using various web filtering products ( Websense, Palo > Alto, Iprism, etc etc) where do you feel that the current products are > lacking (detection, coverage? Features) as it pertains to keeping malicious > software from being downloaded to our corporate assets? > > Open for discussion in public or I would definitely like to hear your > ideas in private also. > > Z > > Edward Ziots > CISSP, Security +, Network + > Security Engineer > Lifespan Organization > [email protected] > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
