Cisco business unit targets bots

IronPort Systems Wednesday said it has improved its S-Series family of Web security appliances by adding filters for preventing corporate Web surfers from being victimized by botnets.

The gateway appliances make use of what IronPort calls URL Outbreak Detection and Botsite Defense to recognize a botnet "object" or an attempt by a Web page to redirect a browser to a malicious site.

"We would either block the Web page or the object itself," says Samantha Madrid, IronPort product manager. Managers can set up customizable notifications for users as alerts to let them know why a Web page was blocked, she adds. The page could be associated with either a known malware distribution site or a legitimate site that has been compromised and forced to dispense malware until it’s fixed.

IronPort, a Cisco business unit, has tracked millions of bots but because of their dynamic quality, the technique used to identify them relies more on recognizing behavior evidenced by the Web page and the browser rather than a code signature.
"This Web Reputation analysis isn’t signature-based," Madrid says, but relies more on analyzing global Web traffic. (Compare Secure Web gateway products.)

The S-Series Web security appliances start at $7,000.