IronPort Systems has announced a new Web security appliance it says monitors both the application and network layers to screen spyware and other Web-based malware.
The company’s S-Series Web Security Appliance provides network-layer protection by scanning outgoing traffic to detect and block spyware or other malware from “phoning home” with system data, user keystrokes, other sensitive information or requests to install more malware on an infected system.
According to IronPort, it examines all outbound traffic instead of relying solely on inspection of packets moving over port 80, which is most commonly open in corporate firewalls. The device also includes an application proxy for HTTP, HTTPS and FTP traffic which assesses the “context and content” of outbound packets.
In addition to outbound packet inspection, the appliance relies on reputation filtering to assess the source of inbound traffic. IronPort says the device uses SenderBase, an Internet traffic monitoring network that assesses the traffic patterns and network behavior of Web servers and assigns them a trust score.
Besides performing filtering and monitoring, the appliance includes a reporting system with a collection of pre-designed reports on the amount of spyware operating on a given network and what actions have been taken to stop it. The report data is stored in an SQL database to allow for customized reports.
The device also includes the Web Security Manager, a GUI tool that provides an overview of security policies being applied to Web traffic. IronPort says the manager shares a common policy framework with its e-mail security manager, allowing a single set of policies to be developed for both mail and Web traffic and deployed across both traffic types.
The appliance runs on IronPort’s AsyncOS, which the company says can support up to 100,000 simultaneous connections per device.
Though the device is set for availability this summer, IronPort said customers and partners may be able to get early access as part of its development partner program.
