Skip Links

Cisco Ironport takes on the Dark Web

Finally real-time Content Analysis comes to URL Filtering

By jheary on Thu, 10/08/09 - 8:10pm.

Today Cisco externally announced it's newest Ironport Web Security Appliance (WSA) code version. The big splash feature is a brand new, built from scratch, URL filtering engine. Cisco is calling it Web usage Controls. It consists of a list based traditional URL filtering database plus a new dynamic URL categorization engine for un-categorized URLs.

Dynamic URL filtering works by performing real-time website content analysis to determine what kind of category the URL should be placed into. In some ways this is very similar to how Ironport C-series spam engine has done content analysis on email to detect new spam. Here is the process (from the Cisco Datasheet) used in dynamic URL filtering:

Here is the official Cisco Press announcement for the new release:

"Cisco Shines a Spotlight on the Dark Web
Real-Time Categorization Significantly Increases Visibility Into Web 2.0 Traffic, Provides More Effective Enforcement of Acceptable Use Policies

SAN FRANCISCO, CA – October 8, 2009 – Cisco today launched Cisco® IronPort® Web Usage Controls, a next-generation acceptable-use product that offers real-time content categorization to accurately identify up to 90 percent of Dark Web sites in the most egregious content categories. Web 2.0 sites built on collaboration technologies with dynamic content and high churn are largely unknown to legacy URL-list-based solutions, creating a Dark Web that greatly increases the compliance, legal liability and productivity risks associated with Web traffic. Available as a software blade on the Cisco IronPort S-Series highly secure Web gateway, Cisco IronPort Web Usage Controls includes a dynamic content analysis engine that works in tandem with Cisco's comprehensive URL-filtering database to deliver industry-leading efficacy and coverage across all content types. This combination improves the ability of organizations to manage how and when users can access the Web, eliminating risks associated with misuse, compliance violations and reduced productivity.
The Dark Web:

* The Cisco Security Intelligence Operations (SIO) estimates that more than 80 percent of the Web is "dark," meaning uncategorized by legacy URL-filtering databases. Cisco refers to this as the Dark Web.
* The Dark Web has been formed largely as a result of the de-centralization of content creation ushered in by Web 2.0, including the proliferation of blogs and social networking sites, which has contributed to an explosion in the total number of Web pages in recent years. Sheer volume and churn of content has been further exacerbated by an increase in password-protected and dynamically generated content to overwhelm the legacy approaches to Web content categorization, which were developed to address a Web with a relatively small number of static, well-linked sites.
* With approximately 45 billion Web pages overall and 32 million new domains being added yearly, the percentage of Web that is dark is expected to grow exponentially over time. A new approach, based on effective real-time categorization, is required if acceptable use is to regain its efficacy in a Web 2.0 world.

Cisco IronPort Web Usage Controls:

* Combines a best-in-class URL-filtering database with a real-time Dynamic Content Analysis Engine. The URL-filtering database provides exceptional coverage for traditional Web content, while the Dynamic Content Analysis Engine accurately identifies 90 percent of dynamic Web 2.0 content that remains "dark" to list-based filtering.
* The Dynamic Content Analysis Engine is tuned to accurately identify content in commonly blocked categories. Cisco's analysis indicates that the Dynamic Content Analysis Engine identifies 50 percent more objectionable content than first-generation solutions or solutions relying entirely on a list, significantly reducing the compliance and legal liability risks presented by Web 2.0 traffic.
* Includes a comprehensive URL database with 65 URL categories and coverage for sites in more than 200 countries and over 50 languages. The URL database is updated every five minutes by Cisco Security Intelligence Operations.
* Provides rich policy controls and integrates with user directories for identity-based policy enforcement, with flexibility to enforce multiple actions including blocking, allowing, decrypting, warning and monitoring access.
* Web Usage Controls is integrated into the Cisco IronPort S-Series Web Security Appliance. The Cisco IronPort S-Series Web Security Appliance is the industry's fastest highly secure Web gateway integrating acceptable use enforcement (URL filtering), reputation filtering, malware filtering and data security on a single platform. By combining innovative security technologies, the Cisco IronPort S-Series helps organizations address the growing challenges of both securing and controlling Web traffic. Over time, Cisco expects to bring Web Usage Controls and dynamic categorization technology into other relevant Cisco network devices.

Supporting Quotes:

* Ambika Gadre, director of product management, Cisco IronPort

"Legacy URL-filtering databases are unable to keep up with the accelerated growth and churn that Web 2.0 has created. This leaves organizations exposed to the same compliance, liability and productivity risks that their URL-filtering solutions are meant to address. We saw a critical market need and have introduced Cisco IronPort Web Usage Controls to enable customers to regain control of their Web 2.0 traffic."

* Michael Curtis, head of technology integration, Proximity London

"In the age of compliance it is vital have rich acceptable use controls at the gateway. The Cisco IronPort Web Security Appliance has made this very easy to achieve by putting advanced Web Usage Controls on the Web proxy to ensure our network access policies."

Pricing and Availability:

* Cisco IronPort Web Usage Controls is available now. Price varies based on the number of users and duration of service. For more information visit:


* The Dark Web As Explained by Cisco Product Manager Vivek Bhandari

* Video on Demand: Dangers of the Dark Web

* Podcast Dangers of the Dark Web

The opinions and information presented here are my PERSONAL views and not those of my employer. I am in no way an official spokesperson for my employer.

More from Jamey Heary:
* Credit Card Skimming: How thieves can steal your card info without you knowing it
* Why you should always shred your boarding pass
* Video rental records are afforded more privacy protections than your online data
* The truth about new SSL attacks
* 2009 Top Urban Legends in IT Security/a>

Go to Jamey’s Blog for more articles on security.