http://www.builderau.com.au/news/soa/IT-security-The-trends-to-watch-in-2009-/0,339028227,339293963,00.htm
that mentions several trends in IT Security for 2009. One item that caught my eye was "Reputation" as in Web Reputation or IP Reputation. As a grad student in Information Security we study many of the common vulnerabilities that organizations succumb to: malware, phishing and spam attacks. I really have not heard of this term "Web Reputation" before today but it makes perfect sense. If I go to my email account and see an email that claims to originate from my bank I am conditioned to immediately assume that it is spam or an attempt to steal my user id and password. I delete it.
However, if my bank really needed to send me an email for some important data they are out of luck. What if I could immediately tell from some kind of visual indicator that this email was in fact from my bank? Some kind of image next to it that gives its "reputation"? Wow, that would really be useful. And to standardize that look and feel across all of my many email accounts: Outlook at work, Outlook Web Access at work from home, Google Mail. Yahoo Mail, and my university mail? Even cooler.
Of course, it would have to be hack-proof. If you were a company that offers Web reputation solutions and a media report surfaces that mentions how your software was hacked, your company would be out of business pretty soon.
Web reputation seems to involve analyzing items about a sender and calculating a reputation score for that sender. The score can take into account sending habits and information about the URL that the sender is using. The idea is to close the gap that traditional security measures like keyword lists, signature databases and antivirus engines. Web reputation software can flag incoming data even if it doesn't end up on McAfee's latest update for example.
I Googled "Web Reputation" and found many hits on this idea. I also found that there are a lot of organizations out there who are doing this thing. Here is a small listing:
- IronPort - http://www.ironport.com/technology/ironport_web_reputation.html
- Secure Computing - http://www.securecomputing.com/gateway/web_reputation.cfm
- Symantec - http://www.pdfzone.com/c/a/Content-Management/Symantec-Betas-WebReputation-Protection-Software/
1 comment:
Here is a comment on me, by me: It seems that reputations can still leave a security gap: malicious code can still be injected into web sites of legitimate companies. All a user has to do is "drive by" the section of the page that contains the malware and Bam! you are infected.
Since the web site and therefore the URL are legitimate and have a good reputation, therefore the hole exists.
Post a Comment