M86 builds in real-time webpage code analysis for zero-day protection

M86 Security claims its Secure Web Gateway 10.0 is capable of detecting and stripping malicious code from Web pages in real time, but how does it impact performance? Ron Condon reports.

Building on its takeover of Finjan Inc. last November, M86 Security Inc. has introduced new features into its Secure Web Gateway to handle zero-day threats more effectively, and to give companies better control over the use of Web 2.0 applications.

M86 Secure Web Gateway 10.0, which debuts next week, features real-time webpage code analysis and behavioural security technologies, and also introduces new reporting capabilities designed to increase productivity, meet compliance guidelines and control network bandwidth.

According to William Kilmer, chief marketing officer for the vendor, the real-time code analysis -- inherited from the Finjan acquisition and now integrated into the M86 products -- not only adds zero-day protection for emerging threats, but also aims to boost user productivity.

"We estimate that between 80% and 85% of Web-based threats are coming from legitimate websites. Our intent is to allow the good code to run while stripping out the bad code," he said.

This is done through its Dynamic Web Repair feature, which analyses webpages in real time and, where possible, removes any malicious code so the user can view the page safely. "Dynamic Web repair allows us to separate the code we think is malicious from the benign and productive code," Kilmer said. "The feature doesn't disrupt the normal business of surfing the Web, and it cuts down on help desk calls."

Kilmer said the product can deconstruct incoming code, run it in emulation mode and rank it for malicious content all within 20 milliseconds or less, thereby causing an imperceptible reduction in performance.

The new version of the gateway also provides more fine-grained control and monitoring over the use of social networking applications. It allows organisations to block posts, comments or uploads to any website, such as Facebook or LinkedIn, while allowing employees to use other site functions.

The new gateway also features Web Service Hybrid, released in April 2010, which allows a consistent set of Web policies to be pushed out to remote and mobile workers, via M86's cloud-based traffic scanners.

Network reporting and monitoring is improved with the introduction of an appliance-based Security Reporter; it is designed to provide administrators with a single view of Web traffic, showing what kinds of threats are being blocked as well as users' Web activity.

Kilmer said Security Reporter will allow companies to move from having several reporting monitors to just one, and will offer a lower cost of ownership because it runs on Linux. "Other Web gateway vendors often run a Linux-based gateway, but have a Windows-based console for their reporting engine. We've gone for a distinct strategy of what we think is a lower cost of ownership overall. Ours is a Linux-based appliance with a Web interface, which allows enterprises to get up to speed quickly and get their reports running, without having to purchase a separate operating system."

Fran Howarth, an analyst with Bloor Research Ltd., said she was impressed by how quickly M86 had managed to integrate Finjan's real-time analysis technology. "The guys at M86 were really behind the curve and I was ready to write them off at one point," she said. "But then they bought Finjan, and that is where the new stuff is coming from. It puts them in a completely different ballpark, and I believe their pricing model will make them competitive against some of the bigger vendors."

She said that by offering both in-the-cloud services and an on-premise appliance, M86 would be more attractive to larger enterprises that need to protect remote and mobile workers as well as those working in offices. "Big companies are making big investments in Web security, so M86 has a chance to make a name for itself in the enterprise market," she said. "I detect a backlash against some of the bigger companies, and not everybody wants Symantec or Cisco. M86's biggest challenge is to get brand recognition."

M86 Secure Web Gateway 10.0 will be available through authorised channel partners and distributors from October 25, 2010.

Read more on Hackers and cybercrime prevention