Sophos
has launched its first web security hardware appliance, designed to
enable administrators to block staff access to malicious web
content and prevent unauthorised browsing at the gateway
level.
The benefits of using the appliance over software-based systems,
said Sophos, include faster browsing due to the appliance's
dedicated memory cache, and easier administration via a web
browser.
The WS1000 Web Security Appliance uses URL filtering to block
access to more than eight billion malicious or suspect websites. In
particular, it can block social networking and other leisure sites
which can pose a security risk as well as hog bandwidth and lower
productivity, said Sophos.
Andy Kellett, senior research analyst at Butler Group, said,
"Appliances continue to be perceived as the easy plug-and-go
approach, though in many cases they are not that." The Sophos
appliance is not unique.
He added that Clearswift also sells a web security appliance.
But other security houses such as Symantec had decided against the
appliance route, said Kellett.
The WS1000 is a 1U rack mountable device that runs on an Intel
Pentium D dual-core 3.4GHz processor, and has a 4Gbyte memory and
two 160Gbyte hard drives.
By locally storing the most frequently-accessed websites, it can
speed up browsing and reduce bandwidth consumption, said
Sophos.
The appliance uses two new techniques to block spyware, viruses,
malware and unwanted applications at the gateway. The first
technique is bi-dimensional URL classification, which inspects the
conduct of a website regardless of its category.
For example, it looks at a site's history of malicious behavior,
such as spyware distribution or the use of dangerous scripts and
executables.
The second technique uses risk-sensitive scanning, which adapts
the scope of the scan based on the assessed risk of the website's
contents.
This eases the browsing performance of the WS1000, and gives
faster access to safe web pages and more rigorous scanning of less
safe pages, said Sophos.
"A low-risk site, such as the sports site espn.com, would not
have its HTML and images scanned by the WS1000. However, a
medium-risk site, such as download.com, would have all files types
and sub-directories scanned," said Sophos.
The device follows in the footsteps of Sophos' ES4000 Email
Security Appliance, a slimline device that features advanced threat
detection and built-in redundancy.
Read more about security products:
www.computerweekly.com/securityproducts
Comment on this article:
computer.weekly@rbi.co.uk