Sophos appliance takes a hard line on web security

News

Sophos appliance takes a hard line on web security

Arif Mohamed

Sophos has launched its first web security hardware appliance, designed to enable administrators to block staff access to malicious web content and prevent unauthorised browsing at the gateway level.

The benefits of using the appliance over software-based systems, said Sophos, include faster browsing due to the appliance's dedicated memory cache, and easier administration via a web browser.

The WS1000 Web Security Appliance uses URL filtering to block access to more than eight billion malicious or suspect websites. In particular, it can block social networking and other leisure sites which can pose a security risk as well as hog bandwidth and lower productivity, said Sophos.

Andy Kellett, senior research analyst at Butler Group, said, "Appliances continue to be perceived as the easy plug-and-go approach, though in many cases they are not that." The Sophos appliance is not unique.

He added that Clearswift also sells a web security appliance. But other security houses such as Symantec had decided against the appliance route, said Kellett.

The WS1000 is a 1U rack mountable device that runs on an Intel Pentium D dual-core 3.4GHz processor, and has a 4Gbyte memory and two 160Gbyte hard drives.

By locally storing the most frequently-accessed websites, it can speed up browsing and reduce bandwidth consumption, said Sophos.

The appliance uses two new techniques to block spyware, viruses, malware and unwanted applications at the gateway. The first technique is bi-dimensional URL classification, which inspects the conduct of a website regardless of its category.

For example, it looks at a site's history of malicious behavior, such as spyware distribution or the use of dangerous scripts and executables.

The second technique uses risk-sensitive scanning, which adapts the scope of the scan based on the assessed risk of the website's contents.

This eases the browsing performance of the WS1000, and gives faster access to safe web pages and more rigorous scanning of less safe pages, said Sophos.

"A low-risk site, such as the sports site espn.com, would not have its HTML and images scanned by the WS1000. However, a medium-risk site, such as download.com, would have all files types and sub-directories scanned," said Sophos.

The device follows in the footsteps of Sophos' ES4000 Email Security Appliance, a slimline device that features advanced threat detection and built-in redundancy.

Read more about security products: www.computerweekly.com/securityproducts

Comment on this article: computer.weekly@rbi.co.uk


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy