URL effectiveness of WSA vurses others

Unanswered Question
Dec 7th, 2009
User Badges:

I'm currently a customer of another product and am researching WSA as an alternative. However, I'm finding that some of the Malicious urls that my current system is blocking, comes up as not categorized in WSA.

Does anyone have any experience between the effectiveness with WSA vs others?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JennieMorton Tue, 12/08/2009 - 20:05
User Badges:

Hi,

I'm an employee, not a customer, so I can't comment on my experience as a customer. But I wanted to suggest that you mention which version of AsyncOS for Web you're using. And if you're using version 6.3 or later, then you should also mention which URL filtering engine you're using.

In version 6.3, Cisco IronPort introduced the new Cisco IronPort Web Usage Controls that has a new URL filtering engine. It also includes the Dynamic Content Analysis engine which can categorize pages on the fly, based on the response content. The DCA categorizes some categories better than others, so how much that would help your uncategorized URLs will depend on what type they tend to be. If you want more information on Web Usage Controls, contact your sales rep or VAR.

vivbhand_ironport Thu, 12/10/2009 - 19:22
User Badges:

URL filtering is for acceptable use enforcement. Hence you won't see malicious URLs categorized in URL filtering categories. For security, the WSA provides multiple layers of defense. The malicious URLs and content are identified and blocked using Web Reputation Filters, AV Signatures scanning with multiple signature sets in parallel and using L4TM, the layer 4 traffic monitor across all ports to block internal traffic reaching out to malicious destinations.

In a nutshell, URL filtering works great for enforcing acceptable use policies, but for security web reputation works much better due to its wider coverage and proactive nature.

Actions

This Discussion