An Extra Layer of Phishing Protection

Blue Coat Systems today will announce that it has added an anti-phishing feature to its Web filtering appliances for catching phishing sites on the fly before users visit them.

The new anti-phishing feature for Blue Coat's Web-filtering ProxySG analyzes unknown URLs that users try to access -- Blue Coat's WebFilter software running on the proxy appliance already prevents users from visiting known "bad" sites such as porn or gambling sites.

Phishing sites are increasingly becoming more and more fluid as the bad guys set them up and tear them down as often and as quickly as necessary to evade detection, so blacklisting alone can't always detect them.

"We don't have to rely [only] on a database of known phishing sites," says Bethany Mayer, senior vice president for worldwide marketing at Blue Coat.

The new anti-phishing feature looks for things like spoofed IP addresses as well as the types of information it requests. If the URL isn't in Blue Coat's WebFilter database, the appliance sends a query to Blue Coat Labs, where it's automatically analyzed. If it's determined to be a phishing site, the service labels it as such and then alerts the SG appliances, which warn or block the user from accessing the site. This process takes about 250-750 milliseconds and can analyze sites that use SSL encryption as well.

Blue Coat says its Web appliances can also catch some malicious content that gets planted on legitimate sites for phishing purposes. So it could detect if a file labeled as a JPEG actually has an executable within it, for example, before the user runs or downloads it from a legit site.

Paul Roberts, a senior analyst for enterprise security at The 451 Group, who had not been briefed on Blue Coat's announcement, says the key is maintaining performance as well as preventing false positives. "The question is, how do you develop a heuristic that can spot the zebra attacks and subtle hijackings of legitimate sites without introducing unacceptable latency for Web surfing, or result in a high number of false positives that infuriate your employees -- or your boss," Roberts says.

The feature is free for Blue Coat appliances with WebFilter software, Mayer says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.