IronPort adds Web reputation service to SenderBase
January 23, 2006
IronPort this week is expected to release a new component to its SenderBase reputation service for e-mail that rates the threat level of Web sites and blocks incoming messages with embedded URLs that are deemed dangerous. The moves are an attempt to protect users from phishing sites and others containing malware.
The upgraded SenderBase service runs on IronPort's portfolio of e-mail security appliances. SenderBase was released three years ago as a way for IronPort appliances to determine whether sending IP addresses are valid or sources of spam, and block messages accordingly. With this upgrade, IronPort has added a way to keep links to malicious sites from entering an organization through e-mail.
The idea isn't completely new; a few companies provide blacklists of URLs to known malicious sites by attempting to classify every site on the Internet as good or bad, assuming they know about the site. However, that method "is pretty much hit-or-miss; we all know in any kind of security attack it's a zero-hour thing; you need to dynamically classify a site as good or bad," says Peter Firstbrook, research director with Gartner.
Instead of waiting for reports that a Web site has been deemed dangerous, SenderBase assesses each Web site it encounters based on a number of factors to produce a detailed score for each site, ranging from negative 10 to positive 10, says Pat Peterson, CTO of IronPort. These factors include how long the site has been in existence, whether it contains downloadable code, changes in the volume of visitors to the site, and if the URL includes a typo of a popular domain and therefore may be masquerading as it.
IronPort's Web reputation service is based on the same SenderBase information used to rate sending IP addresses. SenderBase collects data by tracking mail sent to the in-boxes of its appliance users. Currently SenderBase is fed data from more than 100,000 organizations, including a handful of very large ISPs, such as AOL and Charter Communications. IronPort also uses its own Web crawlers to scour the Internet for new URLs, and relies somewhat on third-party classifications of URLs, Peterson says.
The Web reputation service doesn't take action without user involvement. SenderBase customers are given scores for URLs embedded in incoming e-mails and then make their own determination of whether a message should be accepted or blocked.
IronPort competes with e-mail security appliance makers Barracuda, CipherTrust, Mirapoint and Proofpoint, although Gartner's Firstbrook says IronPort is the first company to extend e-mail reputation services to Web sites.
IronPort's Web reputation service is part of the company's Anti-Spam offering, which costs $3,000 for organizations with 1,000 or fewer users. For larger companies the Anti-Spam option costs roughly $4 per user, per year. IronPort's appliances are sold separately. There is no charge for existing SenderBase users.
