Educause Security Discussion mailing list archives
Re: Secure Web Gateway
From: Ben Parker <BParker () CHICORPORATION COM>
Date: Mon, 30 Sep 2013 11:51:27 -0400
As an addendum to Ron's analysis. It can do SSL or SSH decryption, they are not additional expenses themselves but you basically have to buy URL filtering to take full advantage of them so you can not decrypt ms-updates, shopping and bank sites. Wildfire is starting to be their go to enhancement for IPS/IDS. The way it works is by sending a hash of any Portable Executable (PE) file to the cloud and check it against virus total to see if it has been identified. If so return value if not, upload the file and execute it in an XP sandbox looking for malware characteristics. If it sees them it submits the new file to virus total and adds the changes to the wildfire signature feed, and any PAN-DB url filtering malware categories as needed. The basic form of wildfire is free. It gives you 24 hour signatures, and automatic file uploads to the sandbox as well as access to wildfire.paloaltonetworks.com URL to look at your submissions for viruses/malware. The paid version gives 15-30 minute wildfire signature updates and feeds the results back into a log file in the PA so you can create automated reports and notifications if malware is seen as soon as a user downloads it. I believe Checkpoint now also has a feature similar to wildfire for their UTM device. The other solution that I had heard many schools were using last year from the educause security conference was DNS blackhole sites like OpenDNS. Thanks, Ben Parker System Engineer - Palo Alto Networks CNSE Chi Corporation (former Network Engineer - Mount Union) From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of King, Ronald A. Sent: Monday, September 30, 2013 11:17 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Secure Web Gateway Palo Alto Networks' firewalls have three layers that can be used for http. SSL decryption capabilities can be added. I believe all are at an additional cost: * Threat protection: Antivirus, anti-spyware and vulnerability protection * URL filtering to include malware and phishing categories. * Wildfire: Similar to Fireeye used for uploading exe files into a virtual environment to evaluate for malicious activity. PDFs are coming soon. If the firewall permits it, then the IPS usually takes action. While we do not have specific statistics, we see that we have better visibility and thus, better responses to threats. Now if we can get users to stop using Dropbox to share their malware, we would be in good shape. Got a Phish (email)? Forward it to abuse () nsu edu<mailto:abuse () nsu edu>! Ronald King Security Engineer Norfolk State University Marie V. McDemmond Center for Applied Research Suite 401 555 Park Ave. Norfolk, Virginia 23504 Phone: 757-823-3918 Fax: 757-823-2128 Email: raking () nsu edu<mailto:raking () nsu edu> http://security.nsu.edu From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bohlk, Christopher J. Sent: Monday, September 30, 2013 10:18 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Secure Web Gateway Hi All, I was wondering what secure web gateway solutions universities are using to help mitigate/block web sites that contain malware? What solution do you use and what has been your experience? Has this substantially reduced the amount of computers infected with malware associated with web browsing? Thanks, Chris Chris Bohlk, CISSP, C|EH Pace University Information Security Officer Information Technology Services (ITS) 235 Elm Road, West Hall 212A Briarcliff Manor, NY 10510 (914)923-2649 Office
Current thread:
- Secure Web Gateway Bohlk, Christopher J. (Sep 30)
- Re: Secure Web Gateway Thorpe, Glenn (Sep 30)
- Re: Secure Web Gateway King, Ronald A. (Sep 30)
- Re: Secure Web Gateway Ben Parker (Sep 30)
- Re: Secure Web Gateway Barros, Jacob (Sep 30)
- Re: Secure Web Gateway Shandon Bates (Sep 30)