SlideShare ist ein Scribd-Unternehmen logo

Web Security Gateway Dec2008

Kim Jensen
Kim Jensen

Tolly Group tekniske analyse af forskellige Web Security Gateways. Analysen er baseret på Gartner Buyers Guide for Secure Gateways.

Technologie
1 von 34
Downloaden Sie, um offline zu lesen
© 2008 The Tolly Group Document # 208326 The Web Security Challenge: A Competitive Guide to Selecting Secure Web Gateways A white paper commissioned by Websense, Inc. White Paper December 2008
WHITE PAPER: The Web Security Challenge: A Competitive Guide to Selecting Web Security Gateways Table of Contents _ÉÑçêÉ=ìëáåÖ=íÜáë=ÇçÅìãÉåí=óçì=ãìëí=~ÖêÉÉ=íç=íÜÉ=íÉêãë=çÑ=ìë~ÖÉK qÜÉëÉ=íÉêãë=~êÉ=äáëíÉÇ=çå=íÜÉ=Ñáå~ä=é~ÖÉK Executive Summary 4 Web 2.0 Effectiveness 7 Manageability and Scalability 9 Policy Interface 11 Reporting Capabilities 13 URL Filtering 15 Malware Filtering 16 Application Control 18 Data Loss Protection 20 Network Implementation 22 Integration with Other Solutions 24 Service and support 26 Test Methodology 28 Alexa 100,000 URL Filtering/Classification Test 28 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========O
WHITE PAPER: The Web Security Challenge: A Competitive Guide to Selecting Web Security Gateways Table of Contents _ÉÑçêÉ=ìëáåÖ=íÜáë=ÇçÅìãÉåí=óçì=ãìëí=~ÖêÉÉ=íç=íÜÉ=íÉêãë=çÑ=ìë~ÖÉK qÜÉëÉ=íÉêãë=~êÉ=äáëíÉÇ=çå=íÜÉ=Ñáå~ä=é~ÖÉK “Long Tail” or Extended URL Classification Test 28 Phishing and/or Proxy Avoidance URL Detection Accuracy Test29 Binary Exploits and Compromises Detection Accuracy Test 29 Malware-infected URL Detection Accuracy Test 30 Web 2.0-Based Malicious URL Detection Accuracy Test 30 Criteria Evaluation by UI Inspection 31 Interaction with Competing Vendors 32 Appendix: Product List 33 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========P
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Executive Summary The World Wide Web has changed dramatically in the past decade. The use of the Web as an application platform, a communication medium, and a business tool, combined with the migration of attackers onto the Web, demands new solutions to help manage business and mitigate security threats. Enterprise IT managers should carefully evaluate both the ease of management, as well as the effective- ness, of gateway-based Web security solutions against a constantly evolving threat landscape. tÉÄëÉåëÉI=fåÅK=ÅçããáëëáçåÉÇ=qÜÉ=qçääó=dêçìé=íç=Éî~äì~íÉ=áíë=tÉÄ=pÉÅìJ êáíó=d~íÉï~ó=~Ö~áåëí=çíÜÉê=~î~áä~ÄäÉ=Ö~íÉï~ó=ëÉÅìêáíó=éêçÇìÅíëK=qÜÉ=ÅçãJ éÉíáåÖ=éêçÇìÅíë=íÉëíÉÇ=ïÉêÉW=_äìÉ=`ç~í=póëíÉãëÛ=mêçñópd=ONM=~åÇ= mêçñó^s=RNM=~ééäá~åÅÉëI=`áëÅç=póëíÉãë=fåÅKÛë=fêçåmçêí=pSRM=tÉÄ=pÉÅìêáíó= ^ééäá~åÅÉI=qêÉåÇ=jáÅêçI=fåÅKÛë=fåíÉêpÅ~å=tÉÄ=pÉÅìêáíó=pìáíÉ=EftppFI=~åÇ= pÉÅìêÉ=`çãéìíáåÖ=`çêéçê~íáçåÛë=pÉÅìêÉ=tÉÄ=EtÉÄï~ëÜÉêF=~ééäá~åÅÉK= Note: All products under test shall be referenced by their manufacturer s name hereafter in the document. Websense Web Security Gateway combines powerful and easy-to-manage software with the ability to mitigate dynamic Web-based threats, exceeding other vendors tested in meeting Gartner’s criteria* for buying Secure Web Gateways. GaáëÅä~áãÉêW qÜÉ=d~êíåÉê=êÉéçêí= ^=_ìóÉêÛë=dìáÇÉ=íç=pÉÅìêÉ=tÉÄ=d~íÉï~óëÒ=Äó=mÉíÉê=cáêëíÄêççâ=~åÇ= i~ïêÉåÅÉ=lê~åë=Ed~êíåÉê=o^p=`çêÉ=oÉëÉ~êÅÜ=kçíÉ=dMMNRVSSVX=NR=^ìÖìëí=OMMUF=ï~ë= ìëÉÇ=çåäó=~ë=~=êÉèìáêÉãÉåíë=ÖìáÇÉ=áå=íÜáë=Éî~äì~íáçåK=eçïÉîÉêI=~åó=~åÇ=~ää=îÉåÇçê=~åÇ= éêçÇìÅí=Åçãé~êáëçåë=~åÇ=Éî~äì~íáçåë=ïÉêÉ=ÇçåÉ=Äó=íÜÉ=qçääó=dêçìé=~åÇ=áå=åç=ï~ó=Çç=íÜÉó= ÉñéêÉëë=íÜÉ=çéáåáçå=çÑ=d~êíåÉêK ^ää=ëí~íÉãÉåíë=áå=íÜáë=êÉéçêí=~ííêáÄìí~ÄäÉ=íç=d~êíåÉê=êÉéêÉëÉåí=tÉÄëÉåëÉI=fåÅKÛë=áåíÉêéêÉí~J íáçå=çÑ=Ç~í~I=êÉëÉ~êÅÜ=çéáåáçå=çê=îáÉïéçáåíë=éìÄäáëÜÉÇ=~ë=é~êí=çÑ=~=ëóåÇáÅ~íÉÇ=ëìÄëÅêáéíáçå= ëÉêîáÅÉ=Äó=d~êíåÉêI=fåÅKI=~åÇ=Ü~îÉ=åçí=ÄÉÉå=êÉîáÉïÉÇ=Äó=d~êíåÉêK=b~ÅÜ=d~êíåÉê=éìÄäáÅ~íáçå= ëéÉ~âë=~ë=çÑ=áíë=çêáÖáå~ä=éìÄäáÅ~íáçå=Ç~íÉ=E~åÇ=åçí=~ë=çÑ=íÜÉ=Ç~íÉ=çÑ=íÜáë=êÉéçêíFK=qÜÉ=çéáåJ áçåë=ÉñéêÉëëÉÇ=áå=d~êíåÉê=éìÄäáÅ~íáçåë=~êÉ=åçí=êÉéêÉëÉåí~íáçåë=çÑ=Ñ~ÅíI=~åÇ=~êÉ=ëìÄàÉÅí=íç= ÅÜ~åÖÉ=ïáíÜçìí=åçíáÅÉK fÑ=ÅäáÉåíë=ÇÉëáêÉ=d~êíåÉê=íç=îÉêáÑó=íÜ~í=èìçíÉë=~êÉ=~ÅÅìê~íÉ=~åÇ=Åçãéäó=ïáíÜ=d~êíåÉêÛë=`çéóJ êáÖÜí=~åÇ=nìçíÉ=mçäáÅóI=d~êíåÉê=éêçîáÇÉë=~=ëÉêîáÅÉ=íÜ~í=îÉêáÑáÉë=èìçíÉ=~ÅÅìê~Åó=~åÇ=~ééêçJ éêá~íÉåÉëëK=`äáÉåíë=ïáëÜáåÖ=íç=í~âÉ=~Çî~åí~ÖÉ=çÑ=íÜáë=ëÉêîáÅÉ=ëÜçìäÇ=Åçåí~Åí=d~êíåÉê=sÉåJ Ççê=oÉä~íáçåë=~í=îÉåÇçêKêÉä~íáçåë]Ö~êíåÉêKÅçãK «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========Q
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P qçääó=dêçìé=ÉåÖáåÉÉêë=Éî~äì~íÉÇ=íÜÉ=éêçÇìÅíë=ìåÇÉê=íÉëí=Ä~ëÉÇ= tÉÄëÉåëÉI= çå=~=ëÉí=çÑ=ÅêáíÉêá~=d~êíåÉê=áÇÉåíáÑáÉÇ=~ë=íÜÉ=ãçëíJ~Çî~åÅÉÇ=ÑÉ~J fåÅK íìêÉë=íÜ~í=ÅçìäÇ=ÜÉäé=ïáíÜ=Åçãé~ê~íáîÉ=Éî~äì~íáçå=~åÇ=ëÉäÉÅíáçå= çÑ=~=ëÉÅìêÉ=tÉÄ=Ö~íÉï~óK=qÉëíë=ïÉêÉ=ÅçåÇìÅíÉÇ=áå=lÅíçÄÉê= pÉÅìêÉ=tÉÄ= OMMUK d~íÉï~ó cêçã=~=ÜáÖÜJäÉîÉä=éÉêëéÉÅíáîÉI=íÜÉ=d~êíåÉê=ptd=ÄìóÉêÛë=ÖìáÇÉ= `çãéÉíáíáîÉ= ë~óë=íÜ~í=îÉåÇçêë=çÑ=roi=ÑáäíÉêáåÖI=éêçñó=ëÉêîÉêëI=~åÇ=~åíáJîáêìëL bî~äì~íáçå=çÑ=tÉÄ=pÉÅìêáíó= ~åíáJëé~ã=ëçäìíáçåëI=~ää=~êÉ=~ééêç~ÅÜáåÖ=íÜÉ=ëÉÅìêÉ=tÉÄ=Ö~íÉJ cÉ~íìêÉë ï~ó=ã~êâÉí=Ñêçã=ÇáÑÑÉêÉåí=ÇáêÉÅíáçåëK=qÜÉ=qçääó=dêçìéÛë=Ü~åÇëJçå= ~å~äóëáë=çÑ=íÜÉëÉ=éêçÇìÅíë=îÉêáÑáÉë=íÜ~í=ïÜáäÉ=íÜÉ=ã~àçêáíó=çÑ= éêçÇìÅíë=íÉëíÉÇ=ÉñÅÉä=áå=~=ÑÉï=~êÉ~ëI=çåäó=tÉÄëÉåëÉÛë=tÉÄ=pÉÅìJ êáíó=d~íÉï~ó=ëÅçêÉÇ=ìåáÑçêãäó=ÜáÖÜ=~åÇ=ÇÉäáîÉêÉÇ=ÑÉ~íìêÉJêáÅÜ=Å~é~ÄáäáíáÉë= ~Åêçëë=~ää=åáåÉ=ÑìåÅíáçå~ä=~êÉ~ë=íÜ~í=ÉåÖáåÉÉêë=Éñ~ãáåÉÇK= qçääó=dêçìé=ÉåÖáåÉÉêë=~ëëáÖåÉÇ=~=ëìÄàÉÅíáîÉ=ëÅçêÉ=íç=É~ÅÜ=çÑ=íÜÉ=åáåÉ= éêçÇìÅí=ÅêáíÉêá~=Éî~äì~íÉÇ=~åÇ=í~ääáÉÇ=~=ÅçãéçëáíÉ=ëÅçêÉ=Ñçê=É~ÅÜ=éêçÇìÅíK= táíÜ=~=ëÅçêÉ=çÑ=OMNI=tÉÄëÉåëÉ=pÉÅìêáíó=d~íÉï~ó=~äãçëí=ÇçìÄäÉÇ=íÜÉ=éçáåí= íçí~ä=çÑ=áíë=åÉñí=åÉ~êÉëí=ÅçãéÉíáíçêK=EpÉÉ=cáÖìêÉ=NI=é~ÖÉ=RKF jçêÉçîÉêI=áå=~ÇÇáíáçå=íç=ëí~åÇ~êÇ=roi=ÑáäíÉêáåÖ=~åÇ=íê~Çáíáçå~ä=ã~äï~êÉ=éêçJ íÉÅíáçå=íÜ~í=áë=~î~áä~ÄäÉ=çå=~åó=ëÉÅìêÉ=tÉÄ=Ö~íÉï~óI=tÉÄëÉåëÉ=áë=íÜÉ=Ñáêëí= îÉåÇçê=Éñ~ãáåÉÇ=Äó=qÜÉ=qçääó=dêçìé=ÉåÖáåÉÉêë=íç=çÑÑÉê=~=Ñìääó=áåíÉÖê~íÉÇ= aim=çéíáçåI=~ääçïáåÖ=íÜÉ=Åçãé~åó=íç=çÑÑÉê=~=äÉîÉä=çÑ=Ç~í~=äçëë=éêçíÉÅíáçå= ìåã~íÅÜÉÇ=å~íáîÉäó=Äó=êáî~ä=éêçÇìÅíë=íÉëíÉÇK=qÜÉ=pÉÅìêÉ=tÉÄ=d~íÉï~ó=ÇÉJ äáîÉêë=~=ãçêÉ=ÑìåÅíáçå~ä=ã~å~ÖÉãÉåí=áåíÉêÑ~ÅÉI=ëÅ~ä~Äáäáíó=Å~é~ÄáäáíáÉëI=~åÇ= êáÅÜÉê=êÉéçêíáåÖ=ÑìåÅíáçåë=íÜ~å=êáî~ä=éêçÇìÅíë=íÉëíÉÇK q~âÉå=~ë=~=ïÜçäÉI=íÜÉ=ÅçãéçëáíÉ=ëÅçêÉë=Ñêçã=É~ÅÜ=çÑ=íÜÉ=Éî~äì~íÉÇ=ëÉäÉÅJ íáçå=ÅêáíÉêá~=ëÜçï=íÜ~í=tÉÄëÉåëÉÛë=tÉÄ=pÉÅìêáíó=d~íÉï~ó=áë=íÜÉ=ãçëí= ÑÉ~íìêÉJêáÅÜ=çÑ=íÜÉ=éêçÇìÅíë=íÉëíÉÇI=~äçåÖ=ïáíÜW çÑÑÉêáåÖ=íÜÉ=ïáÇÉëí=ÅçîÉê~ÖÉ=~åÇ=íÜÉ=ÖêÉ~íÉëí=~ÅÅìê~Åó=áå= Å~íÉÖçêáòáåÖ=Çóå~ãáÅ=ÅçåíÉåí=çå=tÉÄ=OKM=ëáíÉë ÄäçÅâáåÖ=ãçêÉ=fåíÉêåÉíJÄ~ëÉÇ=íÜêÉ~íë=íÜ~å=~ää=çíÜÉê=éêçÇìÅíë=íÉëíÉÇ éêçîáÇáåÖ=íÜÉ=É~ëáÉëí=íç=ìëÉ=áåíÉêÑ~ÅÉ=çÑ=íÜÉ=éêçÇìÅíë=íÉëíÉÇ ÇÉäáîÉêáåÖ=ÖêÉ~íÉê=ÑäÉñáÄáäáíó=íÜ~å=~åó=çíÜÉê=ëçäìíáçåë=íÉëíÉÇ «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========R
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Composite Scores of Products Tested Across Evaluation Areas All criteria listed were rated subjectively either by examining publicly available documentation from the vendors; or by launching the management interface, configuring the desired behavior and observing the results. The subjective usability, layout and overall effectiveness of each function by vendor has been assigned a value ranging from 1 (least effective) to 4 (most effective) to indicate the Tolly engineers' im- pression of each of the units tested. Detailed breakdown of scores in each area of evaluation can be seen in Figures 4. through 12. Source: The Tolly Group, November 2008 Figure 1 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========S
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P qÜáë=ïÜáíÉ=é~éÉê=ïáää=ÉñéäçêÉ=ÑáåÇáåÖë=Ñçê=É~ÅÜ=çÑ=íÜÉ=Éî~äì~íáçå=ÅêáíÉêá~=áå= íÜÉ=é~ÖÉë=~åÇ=ÅÜ~êíë=íÜ~í=ÑçääçïK= få=ÅçåÅäìëáçåI=tÉÄëÉåëÉ=tÉÄ=pÉÅìêáíó=d~íÉï~ó=ÅçãÄáåÉÇ=íÜÉ=ÄÉëí=çÑ= ÄêÉÉÇ=íÉÅÜåçäçÖáÉë=íç=çÑÑÉê=~=éêçÇìÅí=íÜ~í=áë=É~ëáÉê=íç=ã~å~ÖÉI=ëÅ~äÉë= ÄÉííÉêI=éêçîáÇÉë=ãçêÉ=Öê~åìä~ê=çéíáçåë=íç=Åçåíêçä=åÉíïçêâ=~ééäáÅ~íáçå=íê~ÑÑáÅ= ~åÇ=Öì~êÇë=~Ö~áåëí=íÜÉ=Çóå~ãáÅ~ääó=ÅÜ~åÖáåÖ=íÜêÉ~í=ä~åÇëÅ~éÉ=çÑ=tÉÄJ Ä~ëÉÇ=~íí~ÅâëK Web 2.0 Effectiveness tÉÄ=OKM=ëáíÉë=~êÉ=ê~éáÇäó=ÖêçïáåÖ=íç=ÄÉ=ëçãÉ=çÑ=íÜÉ=ãçëí=îáëáíÉÇ=tÉÄ=ëáíÉë= çå=íÜÉ=fåíÉêåÉíK=qÜÉ=~Äáäáíó=çÑ=ìëÉêë=íç=ÑêÉÉäó=ÅêÉ~íÉ=~åÇ=ìéäç~Ç= ÅçåíÉåí=çåíç=tÉÄ=OKM=ëáíÉë=áë=áåÅêÉ~ëáåÖäó=~ííê~ÅíáîÉ=íç=~íí~ÅâÉêë=ïÜç ìéäç~Ç=ã~äáÅáçìë=~åÇ=çÄàÉÅíáçå~ÄäÉ=ÅçåíÉåí=çåíç=êÉéìí~ÄäÉ=tÉÄ=OKM=ëáíÉë= äáâÉ=_äçÖëéçí=EÜííéWLLÄäçÖëéçíKÅçãFI=tçêÇmêÉëë=EÜííéWLLïçêÇéêÉëëKçêÖFI=çê= çåíç=äÉÖáíáã~íÉ=ëáíÉë=íÜ~í=Ü~îÉ=ÄÉÉå=ÅçãéêçãáëÉÇK=qÜÉ=~Äáäáíó=çÑ=~=tÉÄ=ëÉJ Åìêáíó=Ö~íÉï~ó=íç=ÇÉíÉÅí=ã~äáÅáçìë=ÅçåíÉåí=~ÅÅìê~íÉäó=çå=Çóå~ãáÅ=tÉÄ=ëáíÉë= äáâÉ=tÉÄ=OKM=êÉäáÉë=ÖêÉ~íäó=çå=êÉ~äJíáãÉ=~å~äóëáë=çÑ=ÅçåíÉåíI=~åÇ=åçí=àìëí=çå= íÜÉ=êÉéìí~íáçå=çÑ=íÜÉ=tÉÄ=ëáíÉëK qÉëíë=ìëáåÖ=VSR=äáîÉ=roië=Ñêçã=éçéìä~ê=tÉÄ=OKM=ëáíÉë=äáâÉ=ÄäçÖëéçíKÅçã= ~åÇ=ïçêÇéêÉëëKÅçã=íÜ~í=ïÉêÉ=ÜçëíáåÖ=ã~äáÅáçìë=çê=çÄàÉÅíáçå~ÄäÉ=ÅçåíÉåí= êÉîÉ~äÉÇ=tÉÄëÉåëÉÛë=éçïÉêÑìä=êÉ~äJíáãÉ=ÅçåíÉåí=~å~äóëáë=Å~é~ÄáäáíóK=tÉÄJ ëÉåëÉ=ÄäçÅâÉÇ=~äãçëí=VVB=çÑ=íÜÉ=ã~äáÅáçìë=roië=ïÜáäÉ=ÅçãéÉíáåÖ=éêçÇìÅíë= ÄäçÅâÉÇ=ÄÉíïÉÉå=äÉëë=íÜ~å=OB=íç=~Äçìí=QMBK=EpÉÉ=cáÖìêÉ=OKF= qÜáë=ÜìÖÉ=ëéêÉ~Ç=çÑ=êÉëìäíë=Ñêçã=éêçÇìÅíë=ìëáåÖ=tÉÄ=oÉéìí~íáçå=ëÉêîáÅÉë= ~åÇ=íê~Çáíáçå~ä=roi=Ç~í~Ä~ëÉë=ëÜçïë=íÜ~í=äÉÖ~Åó=ãÉíÜçÇë=çÑ=roi=ÑáäíÉêáåÖ= ~êÉ=åçí=éçïÉêÑìä=ÉåçìÖÜ=çå=íÜÉáê=çïåI=ìåäÉëë=áíÛë=~ìÖãÉåíÉÇ=Äó=ÉÑÑÉÅíáîÉ= ìëÉ=çÑ=çíÜÉê=íÉÅÜåçäçÖáÉë=äáâÉ=çåJéêÉãáëÉëI=êÉ~äJíáãÉ=ÅçåíÉåí=~å~äóëáëI=ÜÉìJ êáëíáÅëI=ÉíÅK qÉëíë=~äëç=ëÜçïÉÇ=íÜ~í=tÉÄëÉåëÉ=Ü~Ç=íÜÉ=ïáÇÉëí=roi=ÅçîÉê~ÖÉ=çÑ=íÜÉ= Úâåçïå=tÉÄÛ=çìí=çÑ=íÜÉ=éêçÇìÅíë=íÉëíÉÇI=~ë=ÉîáÇÉåÅÉÇ=Äó=íÜÉ=êÉëìäíë=Ñêçã= íÜÉ=^äÉñ~=NMMIMMM=roi=Åä~ëëáÑáÅ~íáçå=íÉëíK=qÜáë=íÉëí=ëÜçïÉÇ=íÜ~í=íÜÉ=tÉÄJ ëÉåëÉ=Åä~ëëáÑáÉÇ=VTKNB=çÑ=íÜÉ=íçé=NMMIMMM=ãçëí=îáëáíÉÇ=tÉÄ=ëáíÉë=çå=íÜÉ= fåíÉêåÉí=E~ë=äáëíÉÇ=Äó=íÜÉ=^äÉñ~=NMMIMMM=roi=äáëíFI=ïÜáäÉ=ÅçãéÉíáåÖ=îÉåÇçêë= Åä~ëëáÑáÉÇ=ÄÉíïÉÉå=VOB=íç=VQBK=EpÉÉ=cáÖìêÉ=PKF= «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========T
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Web 2.0 Detection Accuracy Effectiveness 98.9 Percent of detection accuracy (%) NMM TR RM 40.2 OR 11.1 11 1.8 M Websense BlueCoat Cisco Secure Trend Computing Micro Note: All URLs tested were sourced from the Websense ThreatSeeker network, within six to 24 hours of the testing window. Source: The Tolly Group, November 2008 Figure 2 qÉëíë=~äëç=ëÜçïÉÇ=tÉÄëÉåëÉÛë=ëìéÉêáçê=~Äáäáíó=íç=Åä~ëëáÑó=íÜÉ=Úìåâåçïå= tÉÄÛ=EêÉÑÉêêÉÇ=íç=~ë=íÜÉ=ÚiçåÖ=q~áäÛ=çÑ=íÜÉ=fåíÉêåÉíF=íóéáÅ~ääó=ÅçåëáëíáåÖ=çÑ= àìåâI=éÉêëçå~ä=çê=ëÅ~ã=tÉÄ=ëáíÉëI=çê=íÜÉ=ãáääáçåë=çÑ=åÉï=tÉÄ=ëáíÉë=ÅêÉ~íÉÇ= ÉîÉêó=Ç~óK=mêçÇìÅíë=ëçäÉäó=êÉäóáåÖ=çå=tÉÄ=êÉéìí~íáçåJÄ~ëÉÇ=Åä~ëëáÑáÅ~íáçå=çê= íê~Çáíáçå~ä=roi=Ç~í~Ä~ëÉë=Å~ååçí=~ÇÉèì~íÉäó=âÉÉé=ìé=ïáíÜ=íÜÉ=ÇÉã~åÇ=íç= Åä~ëëáÑó=tÉÄ=ëáíÉë=áå=íÜÉ=içåÖ=q~áä=çÑ=íÜÉ=fåíÉêåÉíK=tÉÄëÉåëÉ=ÇÉãçåëíê~íÉÇ= áíë=ëíêÉåÖíÜ=áå=êÉ~äJíáãÉ=Åä~ëëáÑáÅ~íáçå=çÑ=tÉÄ=ÅçåíÉåí=Äó=Å~íÉÖçêáòáåÖ=VVKVB= çÑ=íÜÉ=NUIRUM=äáîÉ=roië=ëçìêÅÉÇ=Ñêçã=íÜÉ=içåÖ=q~áäK=få=Åçåíê~ëíI=íÜÉ=ÅçãJ éÉíáåÖ=îÉåÇçêë=Åä~ëëáÑáÉÇ=ÄÉíïÉÉå=PSB=~åÇ=TMBK få=íÉëíë=ÑçÅìëáåÖ=çå=ÇÉíÉÅíáåÖ=~åÇ=ÄäçÅâáåÖ=roië=äÉ~ÇáåÖ=íç=mÜáëÜáåÖ=~åÇLçê= mêçñó=~îçáÇ~åÅÉ=tÉÄ=ëáíÉëI=tÉÄëÉåëÉ=çåÅÉ=~Ö~áå=ÇÉíÉÅíÉÇ=VUKPB=çÑ=íÜÉ= OIPMO=äáîÉ=roiëI=ïÜáäÉ=íÜÉ=ÅçãéÉíáåÖ=îÉåÇçêë=ÇÉíÉÅíÉÇ=ÄÉíïÉÉå=TMB=~åÇ= UUBK=páãáä~êäóI=áå=íÉëíë=ïáíÜ=PTV=roië=Åçåí~áåáåÖ=Äáå~êó=Éñéäçáíë=çê=ÅçãJ éêçãáëÉ=ÅçÇÉI=tÉÄëÉåëÉ=ÄäçÅâÉÇ=VVB=çÑ=roiëI=îÉêëìë=çíÜÉê=îÉåÇçêë=ïÜç= ÄäçÅâÉÇ=ÄÉíïÉÉå=RPB=íç=VNBK=^äëçI=çå=íÉëíë=ïáíÜ=USR=roië=ÜçëíáåÖ=j~äJ «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========U
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P ï~êÉI=tÉÄëÉåëÉ=ÄäçÅâÉÇ=VUKQB=ïÜáäÉ=çíÜÉê=îÉåÇçêë=ÄäçÅâÉÇ=ÄÉíïÉÉå=SRB= ~åÇ=~êçìåÇ=VSBK=EpÉÉ=cáÖìêÉ=PKF Web 2.0 Accuracy and Coverage Test Results Source: The Tolly Group, November 2008 Figure 3 Manageability and Scalability oÉÇìÅÉÇ=~Çãáåáëíê~íáçå=çîÉêÜÉ~Ç=áë=çåÉ=çÑ=íÜÉ=íçé=ÅçåÅÉêåë=çÑ=ëÉÅìêáíó= ~Çãáåáëíê~íçêëK=qÜÉ=êÉéçêí=ÉãéÜ~ëáòÉë=íÜÉ=áãéçêí~åÅÉ=çÑ=~å=ÉÑÑÉÅíáîÉ=í~ëâJ çêáÉåíÉÇ=Öê~éÜáÅ~ä=ìëÉê=áåíÉêÑ~ÅÉ=EdrfF=~åÇ=ÅçãéêÉÜÉåëáîÉ=ã~å~ÖÉãÉåí= áåíÉêÑ~ÅÉ=íç=äçïÉê=íçí~ä=Åçëí=çÑ=çïåÉêëÜáéK qçääó=dêçìé=Ü~åÇëJçå=íÉëíáåÖ=ëÜçïë=íÜ~í=tÉÄëÉåëÉ=êÉÅÉáîÉ=~=ã~ñáãìã= ëÅçêÉ=çÑ= QÒ=Ñçê=ÑáîÉ=çÑ=íÜÉ=ÉáÖÜí=ã~å~ÖÉãÉåí=áåíÉêÑ~ÅÉ=ÅêáíÉêá~=êÉîáÉïÉÇ=Äó= ÉåÖáåÉÉêëK=låäó=çåÉ=çíÜÉê=éêçÇìÅí=Ü~Ç=íïç= QëÒ=Ñçê=áíë=ã~å~ÖÉãÉåí=áåíÉêJ Ñ~ÅÉK=lÑ=é~êíáÅìä~ê=åçíÉ=ï~ë=tÉÄëÉåëÉÛë=êÉ~äJíáãÉ=ÉîÉåí=Ç~ëÜÄç~êÇ=ïáíÜ= ~Åíáçå~ÄäÉ=~äÉêíë=ïÜáÅÜ=Éå~ÄäÉë=ê~éáÇ=ÉîÉåí=áÇÉåíáÑáÅ~íáçå=~åÇ=éêç~ÅíáîÉ=áåJ «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========V
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P ÅáÇÉåí=êÉëéçåëÉK=tÉÄëÉåëÉ=~äëç=ï~ë=Öê~ÇÉÇ=~= QÒ=Ñçê=áíë=Åìëíçãáò~ÄäÉ= Ç~ëÜÄç~êÇ=îáÉïëK=tÉÄëÉåëÉ=~äëç=É~êåÉÇ= QëÒ=Ñçê=Öê~åìä~ê=êçäÉJÄ~ëÉÇ= Management and Scalability Scoring Source: The Tolly Group, November 2008 Figure 4 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========NM
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P ~Çãáåáëíê~íáçåI=~ìíçã~íÉÇ=~äÉêíáåÖI=~Çî~åÅÉÇ=ÜÉäéI=ÅÉåíê~äáòÉÇ=ã~å~ÖÉJ ãÉåí=çÑ=ãìäíáéäÉ=~ééäá~åÅÉë=~åÇ=å~íáîÉ=äç~Ç=Ä~ä~åÅáåÖL~ÅíáîÉ=ÅäìëíÉêáåÖK=få= íçí~äI=áí=É~êåÉÇ=QM=éçáåíëI=îÉêëìë=PN=Ñçê=íÜÉ=åÉ~êÉëí=ÅçãéÉíáíçêK=EpÉÉ=cáÖìêÉ= QKF= Policy Interface ^åó=éçäáÅó=áåíÉêÑ~ÅÉë=ëÜçìäÇ=ÄÉ=É~ëó=íç=ìëÉI=áåíìáíáîÉ=Ñçê=åçåJíÉÅÜåáÅ~ä=éÉêJ ëçååÉä=~åÇ=ìëÉêJÑêáÉåÇäóK=eÉêÉI=íççI=tÉÄëÉåëÉ=êÉÅÉáîÉ= QëÒ=Ñçê=Ñçìê=çÑ=íÜÉ= ëÉîÉå=ÅêáíÉêá~=êÉîáÉïÉÇ=~åÇ=ï~ë=íÜÉ=çåäó=ëÉÅìêÉ=Ö~íÉï~ó=îÉåÇçê=íç=êÉÅÉáîÉ= íÜÉ=ÜáÖÜÉëí=ã~êâ=éçëëáÄäÉ=Ñçê=éçäáÅó=áåíÉêÑ~ÅÉëK tÉÄëÉåëÉ=êÉÅÉáîÉÇ=íÜÉ=ÜáÖÜ=Öê~ÇÉë=Ñçê=íÜÉ=~Äáäáíó=íç=çÑÑÉê=~=ëáåÖäÉ=é~ÖÉ= îáÉï=çÑ=éçäáÅó=ëí~íÉãÉåíëI=êÉìë~ÄäÉ=éçäáÅó=çÄàÉÅíëI=íÜÉ=~Äáäáíó=íç=ãçÇáÑó=áåJ ÜÉêáíÉÇ=éçäáÅáÉë=~åÇ=Ñçê=êÉéçêíáåÖ=Äó=éçäáÅó=íóéÉI=ïÜáÅÜ=áë=ÉëëÉåíá~ä=áå=ÇÉíÉêJ ãáåáåÖ=Åçãéäá~åÅÉ=íç=~=éçäáÅóK=lîÉê~ääI=tÉÄëÉåëÉ=É~êåÉÇ=~=ëÅçêÉ=çÑ=OOI= îÉêëìë=áíë=åÉñí=åÉ~êÉëí=êáî~ä=ïáíÜ=~=ëÅçêÉ=çÑ=NQK=EpÉÉ=cáÖìêÉ=RKF «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========NN
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Policy Interface Scoring Source: The Tolly Group, November 2008 Figure 5 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========NO
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Reporting Capabilities oÉéçêíáåÖ=Å~é~ÄáäáíáÉë=Ü~îÉ=ÉãÉêÖÉÇ=~ë=~å=ÉëëÉåíá~ä=ÅçãéçåÉåí=çÑ=pÉÅìêÉ= tÉÄ=Ö~íÉï~óë=ÄÉÅ~ìëÉ=íÜÉó=ÄêáÇÖÉ=íÜÉ=íÉÅÜåáÅ~ä=ïçêäÇ=ïáíÜ=íÜÉ=ÄìëáåÉëë= ëáÇÉ=çÑ=íÜÉ=Åçãé~åóK=_ìëáåÉëë=ìëÉêë=ÇçåÛí=Ü~îÉ=íáãÉ=íç=ï~ÇÉ=íÜêçìÖÜ=ÖçÄë= çÑ=íÉÅÜåáÅ~ä=Ç~í~I=Äìí=áåëíÉ~Ç=ï~åí=ëìãã~êó=áåÑç=Ü~êîÉëíÉÇ=~åÇ=éêÉëÉåíÉÇ= áå=~å=É~ëó=íç=Ñçääçï=Ñçêã~íK= tÉÄëÉåëÉ=êÉÅÉáîÉ=íÜÉ=ã~ñáãìã=ëÅçêÉ=çÑ= QÒ=áå=ÉáÖÜí=çÑ=åáåÉ=~î~áä~ÄäÉ= Å~íÉÖçêáÉëI=ïÜáäÉ=êáî~ä=éêçÇìÅíë=ëÅçêÉÇ=~=N=çê=O=áå=ãçëí=Å~íÉÖçêáÉëK tÉÄëÉåëÉ=É~êåÉÇ=~=ëÅçêÉ=çÑ=PRI=ïÜáäÉ=íÜÉ=åÉñí=ÅçãéÉíáåÖ=éêçÇìÅí= êÉÅÉáîÉÇ=~=OOK=tÉÄëÉåëÉ=êÉÅÉáîÉÇ=ÜáÖÜ=Öê~ÇÉë=Ñçê=íÜÉ=äÉîÉä=çÑ=ÄìëáåÉëë= çêáÉåíÉÇ=êÉéçêíë=çÑÑÉêÉÇI=íÜÉ=èìáÅâ=~ÅÅÉëë=íççäë=~î~áä~ÄäÉ=íç=ÖÉí=~í=Ç~í~K=^ÇJ Çáíáçå~ääóI=êÉ~äJíáãÉ=êÉéçêíë=~åÇ=ÑçêÉåëáÅ=êÉéçêíë=~êÉ=~î~áä~ÄäÉ=EpÉÉ=cáÖìêÉ= SKF «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========NP
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Reporting Scores Source: The Tolly Group, November 2008 Figure 6 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========NQ
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P URL Filtering qÜÉ=~Äáäáíó=íç=Åçåíêçä=~åÇ=ãçåáíçê=tÉÄ=ìë~ÖÉ=Äó=ÉãéäçóÉÉë=áë=ÄÉÅçãáåÖ=~= åÉÅÉëëáíó=Ñçê=Åçãé~åáÉëK=qÜÉ=~Äáäáíó=íç=ÉåÑçêÅÉ=Åçêéçê~íÉ=éçäáÅó=åçí=àìëí= ïÜáäÉ=íÜÉ=ÉãéäçóÉÉë=~êÉ=çå=éêÉãáëÉëI=Äìí=~äëç=ïÜáäÉ=çÑÑJéêÉãáëÉë=ÄÉÅçãÉë= î~äì~ÄäÉ=~ë=ÉãéäçóÉÉë=~êÉ=ÄÉÅçãáåÖ=áåÅêÉ~ëáåÖäó=ãçÄáäÉK tÉÄëÉåëÉ=çåÅÉ=~Ö~áå=çÑÑÉêÉÇ=éçïÉêÑìä=~åÇ=ÑäÉñáÄäÉ=íççäë=íç=Öê~åìä~êäó=ÅçåJ íêçä=íÜÉ=tÉÄ=~ÅÅÉëë=çÑ=ìëÉêë=ÄçíÜ=çå=~åÇ=çÑÑ=íÜÉ=éêÉãáëÉëX=~åÇ=ëÅçêÉÇ=~= ã~ñáãìã=éçëëáÄäÉ=NO=éçáåíë=~Åêçëë=íÜêÉÉ=~êÉ~ë=Éî~äì~íÉÇK=EpÉÉ=cáÖìêÉ=TKF= qÜÉ=åÉñí=ÅäçëÉëí=ÅçãéÉíáíçê=éêçÇìÅí=ëÅçêÉÇ=~=V=ïáíÜ=íÜÉ=êÉëí=ëÅçêáåÖ=Q=É~ÅÜK URL Filtering Feature Scoring Source: The Tolly Group, November 2008 Figure 7 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========NR
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Malware Filtering tÜáäÉ=roi=ÑáäíÉêáåÖ=áë=~=ëí~éäÉ=çÑ=~åó=ëÉÅìêÉ=tÉÄ=Ö~íÉï~óI=ã~äï~êÉ=ÑáäíÉêáåÖ= áë=Ñ~ëí=Å~íÅÜáåÖ=çå=~ë=~=ÅêáíáÅ~ä=ÑìåÅíáçåK=sáêìë=ÇÉíÉÅíáçå=~åÇ= êÉãçî~ä=áå=Ö~íÉï~óë=áë=ÅêáíáÅ~ä=~ë=ãçêÉ=ã~äï~êÉ=ãçîÉë=íç=~=tÉÄ=ÇáëíêáÄìJ íáçå=ãÉíÜçÇ=~åÇ=ÉåÇéçáåí=éêçíÉÅíáçå=ëíêìÖÖäÉë=íç=âÉÉé=é~ÅÉ=ïáíÜ=íÜÉ=îçäìãÉ= çÑ=íÜêÉ~íëK= eÉêÉI=qÜÉ=qçääó=dêçìé=ÉåÖáåÉÉêë=ÅçåÇìÅíÉÇ=~=Ü~åÇëJçå=íÉëí=çÑ=ÅÉêí~áå=ÑÉ~J íìêÉëI=ïÜáäÉ=~ëëáÖåáåÖ=ëìÄàÉÅíáîÉ=ëÅçêÉë=íç=íÜÉ=éêçÇìÅíëÛ=~êÅÜáíÉÅíìêÉ=~åÇ= ÉîÉåí=~äÉêíë=Å~é~ÄáäáíáÉëK tÉÄëÉåëÉ=~ÅÜáÉîÉÇ=~=VUKQB=ëÅçêÉ=Ñçê=ÇÉíÉÅíáçå=~ÅÅìê~Åó=çÑ=ã~äï~êÉ=Ñçê= USR=ëáíÉë=ÜçëíáåÖ=ã~äáÅáçìë=ÑáäÉëK=líÜÉê=îÉåÇçêë=ê~åÖÉÇ=Ñêçã=SRB=íç=VSB= ã~äï~êÉ=ÇÉíÉÅíáçå=~ÅÅìê~ÅóK=EpÉÉ=cáÖìêÉ=UKF tÉÄëÉåëÉ=~äëç=ï~ë=ëìÅÅÉëëÑìä=~í=ÇÉíÉÅíáåÖ=~åÇ=~îçáÇáåÖ=éÜáëÜáåÖ=~åÇ= éêçñó=ëáíÉë=VUKPB=çÑ=íÜÉ=íáãÉI=îÉêëìë=TMB=íç=UUB=Ñçê=çíÜÉê=éêçÇìÅíë=íÉëíÉÇK= ^åÇ=tÉÄëÉåëÉ=ï~ë=ëìÅÅÉëëÑìä=VVB=çÑ=íÜÉ=íáãÉ=~í=ÇÉíÉÅíáåÖ=~åÇ=~îçáÇáåÖ= ëáíÉë=ïáíÜ=ã~äáÅáçìë=Éñéäçáíë=çê=ÇêáîÉJÄó=ÑáäÉ=áåëí~ääëK=líÜÉê=éêçÇìÅíë=ïÉêÉ= ëìÅÅÉëëÑìä=çåäó=RQB=íç=VNB=çÑ=íÜÉ=íáãÉK tÉÄëÉåëÉ=ï~ë=~äëç=íÜÉ=çåäó=îÉåÇçê=íç=êÉÅÉáîÉ=íÜÉ=ã~ñáãìã=ëÅçêÉ=çÑ= QÒ= Ñçê=áíë=ëçäìíáçå=~êÅÜáíÉÅíìêÉ=ÇìÉ=íç=áíë=ÜóÄêáÇ=~êÅÜáíÉÅíìêÉK=qÜáë=áë=Ä~ëÉÇ=çå= d~êíåÉêÛë=ÇáëÅìëëáçå=çÑ=íÜÉ=ÄÉåÉÑáíë=çÑ=~= ÜóÄêáÇÒ=~êÅÜáíÉÅíìêÉ=íÜ~í=ìíáäáòÉë= éêçñó=íÉÅÜåçäçÖó=Ñçê=Öê~åìä~êáíó=~åÇ=ÇÉí~áäÉÇ=Åçåíêçä=ÅçìéäÉÇ=ïáíÜ=åÉíïçêâ= ãçåáíçêáåÖ=Å~é~ÄáäáíáÉë=Ñçê=ëÅ~ä~Äáäáíó=~åÇ=Äêç~Ç=ÅçîÉê~ÖÉK «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========NS
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Malware Detection Scores Source: The Tolly Group, November 2008 Figure 8 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========NT
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Application Control bãÄÉÇÇÉÇ=~ééäáÅ~íáçåJäÉîÉä=Åçåíêçäë=Éå~ÄäÉ=ëÉÅìêáíó=~Çãáåáëíê~íçêë=íç=ÖçîJ Éêå=íÜÉ=~Ççéíáçå=~åÇ=ìë~ÖÉ=çÑ=tÉÄJÄ~ëÉÇ=~ééäáÅ~íáçåë=ëìÅÜ=~ë=fjI=pâóéÉI= mOmI=~åÇ=ãçêÉK=qçääó=dêçìé=ÉåÖáåÉÉêë=~ï~êÇÉÇ=íÜÉ=ã~ñáãìã=ëÅçêÉ=çÑ= QÒ= íç=íÜÉ=tÉÄëÉåëÉ=éêçÇìÅí=áå=Ñçìê=çÑ=íÜÉ=ÑáîÉ=^ééäáÅ~íáçå=`çåíêçä=Å~íÉÖçêáÉë= Éñ~ãáåÉÇK=EpÉÉ=cáÖìêÉ=VKF= tÉÄëÉåëÉ=É~êåÉÇ=NV=çìí=çÑ=~=éçëëáÄäÉ=OM=éçáåíëI=ïáíÜ=íÜÉ=åÉñíJåÉ~êÉëí= ÅçãéÉíáíçê=ÅçãáåÖ=áå=ïáíÜ=~=ëÅçêÉ=çÑ=NNK=tÉÄëÉåëÉ=É~êåÉÇ=ÜáÖÜ=Öê~ÇÉë=Ñçê= áíë=~Äáäáíó=íç=Å~íÉÖçêáòÉ=~ééäáÅ~íáçåëI=ïÜáÅÜ=É~ëÉë=íÜÉ=ÅêÉ~íáçå=~åÇ=~ÇãáåáJ ëíê~íáçå=çÑ=éçäáÅáÉëK=fí=~äëç=É~êåÉÇ=~=ã~ñáãìã=ëÅçêÉ=Ñçê=éçäáÅó=ÉåÑçêÅÉãÉåí= Äó=Å~íÉÖçêóI=ïÜáÅÜ=êÉÇìÅÉë=íÜÉ=ïçêâäç~Ç=~åÇ=íÜÉ=åìãÄÉê=çÑ=ÉêêçêëK=^åÇ= tÉÄëÉåëÉ=É~êåÉÇ=~=ã~ñáãìã=ëÅçêÉ=Ñçê=Åä~ëëáÑóáåÖ=mOm=~ë=~=ÇáëíáåÅíäó=ÇáÑJ ÑÉêÉåí=~ééäáÅ~íáçå=íÜ~å=çíÜÉêëI=ëáåÅÉ=áí=éçëÉë==ÖêÉ~íÉê=êáëâë=ÇìÉ=íç=ÑáäÉ=íê~åëJ ÑÉêëK= «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========NU
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Application Control Scores Source: The Tolly Group, November 2008 Figure 9 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========NV
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Data Loss Protection tÉÄëÉåëÉ=ëçäìíáçå=ï~ë=íÜÉ=çåäó=éêçÇìÅí=íÉëíÉÇ=íç=É~êå=~=ã~ñáãìã=ëÅçêÉ=áå= ÉîÉêó=Å~íÉÖçêó=Ñçê=Ç~í~=äçëë=éêçíÉÅíáçåI=Ñçê=~=íçí~ä=çÑ=PO=éçáåíëK=qÜÉ=åÉñí= åÉ~êÉëí=îÉåÇçê=É~êåÉÇ=NQ=éçáåíëK=EpÉÉ=cáÖìêÉ=NMKF ^ë=íÜÉ=tÉÄ=ÄÉÅçãÉë=ãçêÉ=áåíÉê~ÅíáîÉ=Äó=å~íìêÉI=çêÖ~åáò~íáçåë=~êÉ=ÅçåJ ÅÉêåÉÇ=~Äçìí=íÜÉ=êáëâ=Ñçê=íÜÉ=äçëë=çÑ=ëÉåëáíáîÉ=Ç~í~K=pÉÅìêÉ=tÉÄ=Ö~íÉï~óë= ÅçãÄ~í=íÜáë=Äó=çÑÑÉêáåÖ=íÜÉ=~Äáäáíó=íç=ÇÉíÉÅí=åçåJÅçãéäá~åÅÉ=íç=Åçêéçê~íÉ= ~åÇ=êÉÖìä~íçêó=éçäáÅáÉëK=táíÜ=Ñìää=áåíÉÖê~íáçå=ïáíÜ=íÜÉ=tÉÄëÉåëÉ=a~í~=pÉÅìJ êáíó=pçäìíáçå=çÑÑÉêÉÇI=tÉÄëÉåëÉ=ï~ë=íÜÉ=çåäó=îÉåÇçê=íç=çÑÑÉê=~=éêÉÇÉíÉêJ ãáåÉÇ=åìãÄÉê=çÑ=íÉãéä~íÉë=íç=Öì~êÇ=~Ö~áåëí=åçåJÅçãéäá~åÅÉI=Ñçê=íÜáåÖë= ëìÅÜ=~ë=ÅêÉÇáí=Å~êÇë=çê=ëçÅá~ä=ëÉÅìêáíó=åìãÄÉêëK==tÉÄëÉåëÉ=~äëç=ï~ë=ÅáíÉÇ= Ñçê=áíë=ëíêÉåÖíÜ=~í=ÇÉÉé=ÅçåíÉåí=áåëéÉÅíáçåI=ïÜÉêÉ=çíÜÉê=éêçÇìÅíë=Çç=åçí= Ü~îÉ=íÜÉ=Å~é~Äáäáíó=çê=~êÉ=ïÉ~â=~í=áíK e~åÇëJçå=Éñ~ãáå~íáçå=çÑ=íÜÉ=éêçÇìÅíë=ëÜçï=íÜ~í=ëçãÉ=çÑÑÉêáåÖëI=ëìÅÜ=~ë= _äìÉ`ç~í=mêçñó=pdONM=~åÇ=qêÉåÇ=jáÅêç=fåíÉêëÅ~å=tÉÄ=pÉÅìêáíó=pìáíÉ=Çç= åçí=çÑÑÉê=~åó=Ç~í~=äçëë=éêÉîÉåíáçå=Ñ~ÅáäáíáÉë=çê=áåíÉÖê~íáçå=çéíáçåëK «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========OM
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Data Loss Prevention Scores Source: The Tolly Group, November 2008 Figure 10 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========ON
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Network Implementation tÉÄëÉåëÉ=ëÅçêÉÇ=NN=çìí=çÑ=~=éçëëáÄäÉ=OM=éçáåíëI=ÑçääçïáåÖ=pÉÅìêÉ=tÉÄ= Ñêçã=pÉÅìêÉ=`çãéìíáåÖ=ïÜáÅÜ=ëÅçêÉÇ=NQI=~åÇ=fåíÉêpÅ~å=tÉÄ=pÉÅìêáíó= pìáíÉ=Ñêçã=qêÉåÇ=jáÅêç=ïÜáÅÜ=ëÅçêÉÇ=NOK=EpÉÉ=cáÖìêÉ=NNKF qçÇ~óÛë=çêÖ~åáò~íáçåë=êÉèìáêÉ=~=ÑäÉñáÄäÉ=ëçäìíáçå=íÜ~í=Å~å=áåíÉÖê~íÉ=ïáíÜ=íÜÉ= ïáÇÉ=ê~åÖÉ=çÑ=åÉíïçêâ=íçéçäçÖáÉë=ÅìêêÉåíäó=áå=ìëÉK=tÉÄëÉåëÉ=çÑÑÉêë=ÄçíÜ= çåJéêÉãáëÉë=~åÇ=Ñìääó=ÜçëíÉÇ=tÉÄ=ëÉÅìêáíó=çéíáçåë=éêçîáÇáåÖ=ÅìëíçãÉê=ïáíÜ= ãçêÉ=ÅÜçáÅÉë=ïÜÉå=ÇÉëáÖåáåÖ=~=ÇáëíêáÄìíÉÇ=ëçäìíáçåK=pìééçêí=Ñçê=~=Äêç~Ç= ê~åÖÉ=çÑ=Ü~êÇï~êÉ=~åÇ=ëçÑíï~êÉ=éä~íÑçêãë=Éå~ÄäÉë=É~ëó=áåíÉÖê~íáçå=áåíç= ãçëí=ÅìëíçãÉê=åÉíïçêâëK=e~êÇï~êÉ=~ééäá~åÅÉë=~êÉ=çÑíÉå=ìëÉÇ=Ñçê=ëã~ääÉê= áåëí~ää~íáçåë=íÜ~í=ä~Åâ=ÉñéÉêáÉåÅÉÇ=áãéäÉãÉåí~íáçå=ëí~ÑÑI=Äìí=~êÉ=äÉëë=çÑíÉå= ìëÉÇ=áå=ÉåíÉêéêáëÉ=åÉíïçêâë=Ä~ëÉÇ=çå=íÜÉ=ÜáÖÜÉê=ÅçëíëK «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========OO
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Delivery and Network Implementation Feature Scores Source: The Tolly Group, November 2008 Figure 11 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========OP
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Integration with Other Solutions fåíÉÖê~íáçå=ïáíÜ=çíÜÉê=éêçÇìÅíëI=ëìÅÜ=~ë=äç~Ç=Ä~ä~åÅÉêëI=éêçñáÉëI=bJã~áä=~åÇ= çíÜÉê=ëçäìíáçå=ã~ó=åçí=ÄÉ=ÅêáíáÅ~äI=Äìí=ã~ó=óáÉäÇ=ëìÑÑáÅáÉåí=ÄÉåÉÑáíë=íç=ï~êê~åí= íÜÉ=áåíÉÖê~íáçåK=tÜáäÉ=ãçëí=éêçÇìÅíë=íÉëíÉÇ=É~êåÉÇ=éççê=ëÅçêÉë=Ñçê=áåíÉÖê~J íáçåI=tÉÄëÉåëÉ=ÉñÅÉääÉÇ=áå=íÜÉ=~êÉ~=çÑ=ÑáêÉï~ääëI=~êÅÜáîáåÖ=~åÇ=aim=ëóëJ íÉãëK=EpÉÉ=cáÖìêÉ=NOKF «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========OQ
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Integration Scores Source: The Tolly Group, November 2008 Figure 12 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========OR
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Service and support pÉêîáÅÉ=~åÇ=ëìééçêí=çéíáçåë=~êÉ=~å=áãéçêí~åí=Ñ~Åíçê=íç=ÅçåëáÇÉê=ïÜÉå=ëÉJ äÉÅíáåÖ=~=ëçäìíáçåK=qÜÉ=èì~äáíó=çÑ=ëÉêîáÅÉ=çÑÑÉêáåÖë=Å~å=î~êó=ïáÇÉäó=~ãçåÖ= îÉåÇçêëK=_~ëÉÇ=çå=íÜÉ=ëÅçéÉ=çÑ=íÜáë=êÉéçêíI=íÉëíáåÖ=çÑ=íÜÉ=ëÉêîáÅÉ=çéíáçåë= çÑÑÉêÉÇ=Äó=íÜÉ=îÉåÇçêë=ï~ë=åçí=éÉêÑçêãÉÇI=ëç=~=èì~äáí~íáîÉ=ê~íáåÖ=çÑ=íÜÉ= îÉåÇçê=ëÉêîáÅÉë=Ü~ë=åçí=ÄÉÉå=éêçîáÇÉÇK=qÜÉ=çÑÑÉêáåÖë=Ñêçã=É~ÅÜ=îÉåÇçê= Ü~îÉ=ÄÉÉå=ÉåìãÉê~íÉÇ=íç=áåÇáÅ~íÉ=áÑ=íÜÉó=éêçîáÇÉ=íÜÉ=íóéÉë=çÑ=ëìééçêí=çéJ íáçåë=áåÇáÅ~íÉÇI=ëç=~=ÜáÖÜÉê=ëÅçêÉ=áåÇáÅ~íÉë=~=Äêç~ÇÉê=ê~åÖÉ=çÑ=çÑÑÉêáåÖëI=Äìí= åçí=åÉÅÉëë~êáäó=~=ëìéÉêáçê=çÑÑÉêáåÖK=EpÉÉ=cáÖìêÉ=NPKF «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========OS
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Service and Support Scores Source: The Tolly Group, November 2008 Figure 13 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========OT
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Test Methodology Alexa 100,000 URL Filtering/ Classification Test qÜÉ=Ä~ëáÅ=roi=ÑáäíÉêáåÖ=Å~é~ÄáäáíáÉë=çÑ=É~ÅÜ=ëóëíÉã=ï~ë=íÉëíÉÇ=Äó=ëÅêáéíáåÖ= ëí~åÇ~êÇ=ïçêâëí~íáçåë=íç=~ÅÅÉëë=~=ë~ãéäÉ=ëÉí=çÑ=NMMIMMM=roië=Ñêçã=íÜÉ= ^äÉñ~=qçé=NMMIMMM=ãçëí=îáëáíÉÇ=tÉÄ=ëáíÉë=íÜêçìÖÜ=íÜÉ=éêçÇìÅí=ìåÇÉê=íÉëíK= ^ää=~î~áä~ÄäÉ=roi=Å~íÉÖçêáÉë=çÑ=Åä~ëëáÑáÅ~íáçå=çå=~=éêçÇìÅí=ïÉêÉ=Éå~ÄäÉÇ= ~åÇ=ÅçåÑáÖìêÉÇ=íç=ÄäçÅâ=~ÅÅÉëë=íç=~åó=roi=ã~íÅÜáåÖ=çåÉ=çÑ=íÜÉ=ÇÉÑáåÉÇ=ÑáäJ íÉêáåÖ=Å~íÉÖçêáÉëK=fÑ=~=roi=ï~ë=Åä~ëëáÑáÉÇ=ìåÇÉê=~åó=Å~íÉÖçêó=~î~áä~ÄäÉ=çå= íÜÉ=éêçÇìÅíI=íÜÉ=roi=ï~ë=ÄäçÅâÉÇK=fÑ=íÜÉ=roi=ÅçìäÇ=åçí=ÄÉ=Åä~ëëáÑáÉÇ=ìåÇÉê= ~åó=~î~áä~ÄäÉ=Å~íÉÖçêóI=íÜÉ=éêçÇìÅí=ìåÇÉê=íÉëí=ï~ë=ÅçåÑáÖìêÉÇ=íç=ÖÉåÉê~íÉ= ~å=~äÉêíK=qÜÉ=äçÖë=çÑ=É~ÅÜ=ÇÉîáÅÉ=ïÉêÉ=íÜÉå=ÅçêêÉä~íÉÇ=ïáíÜ=íÜÉ=ë~ãéäÉ=ëÉí= íç=~êêáîÉ=~í=íÜÉ=ÇÉîáÅÉÛë=ëÅçêÉK=^ë=äçåÖ=~ë=~=roi=ï~ë=Åä~ëëáÑáÉÇ=ìåÇÉê=~å= ÉñáëíáåÖ=Å~íÉÖçêó=çÑ=Åä~ëëáÑáÅ~íáçå=çå=íÜÉ=éêçÇìÅíI=íÜÉ=êÉëìäí=ï~ë=ÅçåëáÇÉêÉÇ= î~äáÇK=qÜÉ=êÉëìäíáåÖ=ëÅçêÉ=Ü~ë=ÄÉÉå=êÉÅçêÇÉÇ=~ë=íÜÉ=éÉêÅÉåí~ÖÉ=çÑ=roië= ëìÅÅÉëëÑìääó=Å~íÉÖçêáòÉÇ=çê=ÑáäíÉêÉÇ=~Ö~áåëí=íÜÉ=ë~ãéäÉ=ëÉíK=qÉëíë=ïÉêÉ=êÉJ éÉ~íÉÇ=íïáÅÉ=íç=ÉåëìêÉ=êÉéÉ~í~Äáäáíó=~åÇ=íÜÉ=êÉëìäíë=~îÉê~ÖÉÇK= “Long Tail” or Extended URL Classification Test cçê=íÜáë=íÉëíI=ÉåÖáåÉÉêë=ìëÉÇ=~=ëÉí=çÑ=NUIRUM=roië=çÄí~áåÉÇ=Ñêçã=íÜÉ=tÉÄJ ëÉåëÉ=qÜêÉ~ípÉÉâÉê=åÉíïçêâK=qÜÉ=roië=ïÉêÉ=ÅÜçëÉå=Ñêçã=~=éççä=çÑ=roië= ëìÄãáííÉÇ=íç=íÜÉ=qÜêÉ~ípÉÉâÉê=åÉíïçêâ=Ñçê=Åä~ëëáÑáÅ~íáçå=Äó=ÉåÇJìëÉêë= ~êçìåÇ=íÜÉ=ïçêäÇK=qÜÉ=roië=ïÉêÉ=ÅçääÉÅíÉÇ=Ñêçã=íÜÉ=éççä=ïáíÜáå=ëáñ=íç=OQ= Üçìêë=çÑ=íÜÉ=íÉëíáåÖ=ïáåÇçïI=íç=ÉåëìêÉ=íÜ~í=íÜÉ=roië=íÉëíÉÇ=ïçìäÇ=ÄÉ=äáîÉ= çå=íÜÉ=fåíÉêåÉíK=låÅÉ=~Ö~áåI=ÉåÖáåÉÉêë=Éå~ÄäÉÇ=~ää=~î~áä~ÄäÉ=roi=Åä~ëëáÑáÅ~J íáçå=Å~íÉÖçêáÉë=~î~áä~ÄäÉ=çå=éêçÇìÅíë=ìåÇÉê=íÉëíI=~åÇ=îÉêáÑáÉÇ=íÜÉ=äçÖë=çÑ= É~ÅÜ=ÇÉîáÅÉ=íç=çÄí~áå=íÜÉ=åìãÄÉê=çÑ=Åä~ëëáÑáÉÇ=~åÇ=åìãÄÉê=çÑ=ãáëëÉÇ=roiëK= = fÑ=~=roi=ï~ë=Åä~ëëáÑáÉÇ=ìåÇÉê=çåÉ=çÑ=íÜÉ=Éå~ÄäÉÇ=Å~íÉÖçêáÉë=çå=íÜÉ=éêçÇìÅíI= íÜÉ=roi=ï~ë=ÄäçÅâÉÇK=fÑ=íÜÉ=roi=ÅçìäÇ=åçí=ÄÉ=Åä~ëëáÑáÉÇ=ìåÇÉê=~åó=Éå~ÄäÉÇ= Å~íÉÖçêóI=íÜÉ=éêçÇìÅí=ìåÇÉê=íÉëí=ï~ë=ÅçåÑáÖìêÉÇ=íç=ÖÉåÉê~íÉ=~å=~äÉêíK=båÖáJ åÉÉêë=íÜÉå=Å~äÅìä~íÉÇ=íÜÉ=ÇÉíÉÅíáçå=~ÅÅìê~Åó=çÑ=íÜÉ=éêçÇìÅí=~ë=íÜÉ=ê~íáç=çÑ= ~ää=roië=ëìÅÅÉëëÑìääó=Åä~ëëáÑáÉÇ=çìí=çÑ=íÜÉ=íçí~ä=roië=íêáÉÇK=qÜÉ=êÉëìäíáåÖ= «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========OU
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P ëÅçêÉ=Ü~ë=ÄÉÉå=êÉÅçêÇÉÇ=~ë=íÜÉ=éÉêÅÉåí~ÖÉ=ëìÅÅÉëëÑìääó=Å~íÉÖçêáòÉÇ=çê=ÑáäJ íÉêÉÇ=~Ö~áåëí=íÜÉ=ë~ãéäÉ=ëÉíK=qÉëíë=ïÉêÉ=êÉéÉ~íÉÇ=íïáÅÉ=íç=ÉåëìêÉ=êÉéÉ~íJ ~Äáäáíó=~åÇ=íÜÉ=êÉëìäíë=~îÉê~ÖÉÇK Phishing and/or Proxy Avoidance URL Detection Accuracy Test cçê=íÜáë=íÉëíI=ÉåÖáåÉÉêë=ìëÉÇ=~=ëÉí=çÑ=OIPMO=roië=çÄí~áåÉÇ=Ñêçã=íÜÉ=tÉÄJ ëÉåëÉ=qÜêÉ~ípÉÉâÉê=åÉíïçêâK=qÜÉ=roië=ïÉêÉ=ÅÜçëÉå=Ñêçã=~=éççä=çÑ=roië= ÇÉíÉÅíÉÇ=Äó=íÜÉ=qÜêÉ~ípÉÉâÉê=åÉíïçêâ=~êçìåÇ=íÜÉ=ïçêäÇ=~ë=roië=çÑ=tÉÄ= ëáíÉë=Åçåí~áåáåÖ=mÜáëÜáåÖ=Éñéäçáíë=çê=Ñ~Åáäáí~íÉÇ=mêçñó=^îçáÇ~åÅÉK= qÜÉ=roië=ïÉêÉ=ÅçääÉÅíÉÇ=Ñêçã=íÜÉ=éççä=ïáíÜáå=ëáñ=Üçìêë=çÑ=íÜÉ=íÉëíáåÖ=ïáåJ ÇçïI=íç=ÉåëìêÉ=íÜ~í=íÜÉ=roië=íÉëíÉÇ=ïçìäÇ=ÄÉ=äáîÉ=çå=íÜÉ=fåíÉêåÉíK=låÅÉ= ~Ö~áåI=ÉåÖáåÉÉêë=Éå~ÄäÉÇ=~ää=roi=Åä~ëëáÑáÅ~íáçå=Å~íÉÖçêáÉë=êÉä~íÉÇ=íç=mÜáëÜJ áåÖ=~åÇ=mêçñó=^îçáÇ~åÅÉ=Å~íÉÖçêáÉë=~î~áä~ÄäÉ=çå=éêçÇìÅíë=ìåÇÉê=íÉëíI=~åÇ= îÉêáÑáÉÇ=íÜÉ=äçÖë=çÑ=É~ÅÜ=ÇÉîáÅÉ=íç=çÄí~áå=íÜÉ=åìãÄÉê=çÑ=Åä~ëëáÑáÉÇ=~åÇ=åìãJ ÄÉê=çÑ=ãáëëÉÇ=roiëK=fÑ=~=roi=ï~ë=Åä~ëëáÑáÉÇ=ìåÇÉê=çåÉ=çÑ=íÜÉ=Å~íÉÖçêáÉë= Éå~ÄäÉÇ=çå=íÜÉ=éêçÇìÅíI=íÜÉ=roi=ï~ë=ÄäçÅâÉÇK=fÑ=íÜÉ=roi=ÅçìäÇ=åçí=ÄÉ= Åä~ëëáÑáÉÇ=ìåÇÉê=~åó=Éå~ÄäÉÇ=Å~íÉÖçêóI=íÜÉ=éêçÇìÅí=ìåÇÉê=íÉëí=ï~ë=ÅçåÑáÖJ ìêÉÇ=íç=ÖÉåÉê~íÉ=~å=~äÉêíK=båÖáåÉÉêë=íÜÉå=Å~äÅìä~íÉÇ=íÜÉ=ÇÉíÉÅíáçå=~ÅÅìê~Åó= ~ë=íÜÉ=éÉêÅÉåí~ÖÉ=çÑ=roië=ëìÅÅÉëëÑìääó=Å~íÉÖçêáòÉÇ=çê=ÑáäíÉêÉÇ=çìí=çÑ=íÜÉ= ë~ãéäÉ=ëÉíK=qÉëíë=ïÉêÉ=êÉéÉ~íÉÇ=íïáÅÉ=íç=ÉåëìêÉ=êÉéÉ~í~Äáäáíó=~åÇ=íÜÉ=êÉJ ëìäíë=~îÉê~ÖÉÇK Binary Exploits and Compromises Detection Accuracy Test cçê=íÜáë=íÉëíI=ÉåÖáåÉÉêë=ìëÉÇ=~=ëÉí=çÑ=PTV=roië=çÄí~áåÉÇ=Ñêçã=íÜÉ=tÉÄJ ëÉåëÉ=qÜêÉ~ípÉÉâÉê=åÉíïçêâK=qÜÉ=roië=ïÉêÉ=ÅÜçëÉå=Ñêçã=~=éççä=çÑ=roië= ÇÉíÉÅíÉÇ=Äó=íÜÉ=qÜêÉ~ípÉÉâÉê=åÉíïçêâ=~êçìåÇ=íÜÉ=ïçêäÇ=~ë=roië=çÑ=tÉÄ= ëáíÉë=Åçåí~áåáåÖ=_áå~êó=Éñéäçáíë=çê=ÅçãéêçãáëÉëK= qÜÉ=roië=ïÉêÉ=ÅçääÉÅíÉÇ=Ñêçã=íÜÉ=éççä=ïáíÜáå=ëáñ=Üçìêë=çÑ=íÜÉ=íÉëíáåÖ=ïáåJ ÇçïI=íç=ÉåëìêÉ=íÜ~í=íÜÉ=roië=íÉëíÉÇ=ïçìäÇ=ÄÉ=äáîÉ=çå=íÜÉ=fåíÉêåÉíK=låÅÉ= ~Ö~áåI=ÉåÖáåÉÉêë=Éå~ÄäÉÇ=~ää=roi=Åä~ëëáÑáÅ~íáçå=Å~íÉÖçêáÉë=êÉä~íÉÇ=íç=_áå~êó= Éñéäçáíë=~åÇ=ÅçãéêçãáëÉë=Å~íÉÖçêáÉë=~î~áä~ÄäÉ=çå=éêçÇìÅíë=ìåÇÉê=íÉëíK=fÑ=~= roi=ï~ë=Åä~ëëáÑáÉÇ=ìåÇÉê=çåÉ=çÑ=íÜÉ=Å~íÉÖçêáÉë=Éå~ÄäÉÇ=çå=íÜÉ=éêçÇìÅíI=íÜÉ= «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========OV
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P roi=ï~ë=ÄäçÅâÉÇK=fÑ=íÜÉ=roi=ÅçìäÇ=åçí=ÄÉ=Åä~ëëáÑáÉÇ=ìåÇÉê=~åó=Éå~ÄäÉÇ= Å~íÉÖçêóI=íÜÉ=éêçÇìÅí=ìåÇÉê=íÉëí=ï~ë=ÅçåÑáÖìêÉÇ=íç=ÖÉåÉê~íÉ=~å=~äÉêíK=båÖáJ åÉÉêë=íÜÉå=Å~äÅìä~íÉÇ=íÜÉ=ÇÉíÉÅíáçå=~ÅÅìê~Åó=çÑ=íÜÉ=éêçÇìÅí=~ë=íÜÉ=éÉêÅÉåíJ ~ÖÉ=ëìÅÅÉëëÑìääó=Å~íÉÖçêáòÉÇ=çê=ÑáäíÉêÉÇ=çìí=çÑ=íÜÉ=ë~ãéäÉ=ëÉíK=qÉëíë=ïÉêÉ= êÉéÉ~íÉÇ=íïáÅÉ=íç=ÉåëìêÉ=êÉéÉ~í~Äáäáíó=~åÇ=íÜÉ=êÉëìäíë=~îÉê~ÖÉÇK= Malware-infected URL Detection Accuracy Test cçê=íÜáë=íÉëíI=ÉåÖáåÉÉêë=ìëÉÇ=~=ëÉí=çÑ=USR=roië=çÄí~áåÉÇ=Ñêçã=íÜÉ=tÉÄJ ëÉåëÉ=qÜêÉ~ípÉÉâÉê=åÉíïçêâK=qÜÉ=roië=ïÉêÉ=ÅÜçëÉå=Ñêçã=~=éççä=çÑ=roië= ÇÉíÉÅíÉÇ=Äó=íÜÉ=qÜêÉ~ípÉÉâÉê=åÉíïçêâ=~êçìåÇ=íÜÉ=ïçêäÇ=~ë=roië=çÑ=tÉÄ= ëáíÉë=Åçåí~áåáåÖ=ã~äï~êÉ=Eã~äáÅáçìë=ÅçÇÉ=çê=~ééäáÅ~íáçåëFK= qÜÉ=roië=ïÉêÉ=ÅçääÉÅíÉÇ=Ñêçã=íÜÉ=éççä=ïáíÜáå=ëáñ=Üçìêë=çÑ=íÜÉ=íÉëíáåÖ=ïáåJ ÇçïI=íç=ÉåëìêÉ=íÜ~í=íÜÉ=roië=íÉëíÉÇ=ïçìäÇ=ÄÉ=äáîÉ=çå=íÜÉ=fåíÉêåÉíK=låÅÉ= ~Ö~áåI=ÉåÖáåÉÉêë=Éå~ÄäÉÇ=~ää=roi=Åä~ëëáÑáÅ~íáçå=Å~íÉÖçêáÉë=êÉä~íÉÇ=íç=ã~äJ ï~êÉ=_áå~êó=Éñéäçáíë=~åÇ=ÅçãéêçãáëÉë=Å~íÉÖçêáÉë=~î~áä~ÄäÉ=çå=éêçÇìÅíë= ìåÇÉê=íÉëíK=fÑ=~=roi=ï~ë=Åä~ëëáÑáÉÇ=ìåÇÉê=çåÉ=çÑ=íÜÉ=Å~íÉÖçêáÉë=Éå~ÄäÉÇ=çå= íÜÉ=éêçÇìÅíI=íÜÉ=roi=ï~ë=ÄäçÅâÉÇK=fÑ=íÜÉ=roi=ÅçìäÇ=åçí=ÄÉ=Åä~ëëáÑáÉÇ=ìåÇÉê= ~åó=Éå~ÄäÉÇ=Å~íÉÖçêóI=íÜÉ=éêçÇìÅí=ìåÇÉê=íÉëí=ï~ë=ÅçåÑáÖìêÉÇ=íç=ÖÉåÉê~íÉ= ~å=~äÉêíK=båÖáåÉÉêë=íÜÉå=Å~äÅìä~íÉÇ=íÜÉ=ÇÉíÉÅíáçå=~ÅÅìê~Åó=çÑ=íÜÉ=éêçÇìÅí=~ë= íÜÉ=éÉêÅÉåí~ÖÉ=ëìÅÅÉëëÑìääó=Å~íÉÖçêáòÉÇ=çê=ÑáäíÉêÉÇ=çìí=çÑ=íÜÉ=ë~ãéäÉ=ëÉíK= qÉëíë=ïÉêÉ=êÉéÉ~íÉÇ=íïáÅÉ=íç=ÉåëìêÉ=êÉéÉ~í~Äáäáíó=~åÇ=íÜÉ=êÉëìäíë=~îÉê~ÖÉÇK= Web 2.0-Based Malicious URL Detection Accuracy Test cçê=íÜáë=íÉëíI=ÉåÖáåÉÉêë=ìëÉÇ=~=ëÉí=çÑ=VSR=roië=çå=éçéìä~ê=tÉÄ=OKM=ëáíÉë= äáâÉ=ÄäçÖëéçíKÅçã=~åÇ=ïçêÇéêÉëëKçêÖ=Åçåí~áåáåÖ=ã~äáÅáçìë=ÅçÇÉI=çê=çÄàÉÅJ íáçå~ÄäÉ=ã~íÉêá~äI=çÄí~áåÉÇ=Ñêçã=íÜÉ=tÉÄëÉåëÉ=qÜêÉ~ípÉÉâÉê=åÉíïçêâK=qÜÉ= roië=ïÉêÉ=ÅÜçëÉå=Ñêçã=~=éççä=çÑ=roië=ÇÉíÉÅíÉÇ=Äó=íÜÉ=qÜêÉ~ípÉÉâÉê=åÉíJ ïçêâ=íç=ÄÉ=Åçåí~áåáåÖ=ã~äáÅáçìë=ÅçÇÉ=çê=çÄàÉÅíáçå~ÄäÉ=ã~íÉêá~äK=qÜÉ=roië= ïÉêÉ=ÅçääÉÅíÉÇ=Ñêçã=íÜÉ=éççä=ïáíÜáå=ëáñ=íç=OQ=Üçìêë=çÑ=íÜÉ=íÉëíáåÖ=ïáåÇçïI=íç= ÉåëìêÉ=íÜ~í=íÜÉ=roië=íÉëíÉÇ=ïçìäÇ=ÄÉ=äáîÉ=çå=íÜÉ=fåíÉêåÉíK= båÖáåÉÉêë=Éå~ÄäÉÇ=~ää=~î~áä~ÄäÉ=roi=Åä~ëëáÑáÅ~íáçå=Å~íÉÖçêáÉë=çå=éêçÇìÅíë= ìåÇÉê=íÉëíI=êÉä~íÉÇ=íç=ã~äáÅáçìëLÜ~êãÑìä=å~íìêÉI=çê=çÄàÉÅíáçå~ÄäÉ=ÅçåíÉåíK= «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========PM
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P qÜÉ=ëÉí=çÑ=roië=ï~ë=íÜÉå=~ÅÅÉëëÉÇ=~Åêçëë=íÜÉ=éêçÇìÅí=ìåÇÉê=íÉëíK=fÑ=~=roi= ï~ë=Åä~ëëáÑáÉÇ=ìåÇÉê=çåÉ=çÑ=íÜÉ=Å~íÉÖçêáÉë=Éå~ÄäÉÇ=çå=íÜÉ=éêçÇìÅíI=íÜÉ=roi= ï~ë=ÄäçÅâÉÇK=fÑ=íÜÉ=roi=ÅçìäÇ=åçí=ÄÉ=Åä~ëëáÑáÉÇ=ìåÇÉê=~åó=Éå~ÄäÉÇ=Å~íÉJ ÖçêóI=íÜÉ=éêçÇìÅíë=ìåÇÉê=íÉëí=ïÉêÉ=ÅçåÑáÖìêÉÇ=íç=ÖÉåÉê~íÉ=~å=~äÉêíK=båÖáJ åÉÉêë=íÜÉå=Å~äÅìä~íÉÇ=íÜÉ=ÇÉíÉÅíáçå=~ÅÅìê~Åó=çÑ=íÜÉ=éêçÇìÅí=~ë=íÜÉ=éÉêÅÉåíJ ~ÖÉ=ëìÅÅÉëëÑìääó=Å~íÉÖçêáòÉÇ=çê=ÑáäíÉêÉÇ=çìí=çÑ=íÜÉ=ë~ãéäÉ=ëÉíK=qÉëíë=ïÉêÉ= êÉéÉ~íÉÇ=íïáÅÉ=íç=ÉåëìêÉ=êÉéÉ~í~Äáäáíó=~åÇ=íÜÉ=êÉëìäíë=~îÉê~ÖÉÇK Criteria Evaluation by UI Inspection båÖáåÉÉêë=íÜÉå=éêçÅÉÉÇÉÇ=íç=Éî~äì~íÉ=íÜÉ=éêçÇìÅíë=ìåÇÉê=íÉëí=íç=ÇÉíÉêãáåÉ= íÜÉ=ÉÑÑÉÅíáîÉåÉëë=çÑ=íÜÉ=ìëÉê=áåíÉêÑ~ÅÉ=~åÇ=ÅçãéêÉÜÉåëáîÉåÉëë=çÑ=íÜÉ=ã~åJ ~ÖÉãÉåí=áåíÉêÑ~ÅÉK=qÜÉ=Éî~äì~íáçå=ï~ë=ÇçåÉ=Äó=áåëéÉÅíáåÖ=íÜÉ=ã~å~ÖÉJ ãÉåí=áåíÉêÑ~ÅÉ=çÑ=É~ÅÜ=éêçÇìÅí=ìåÇÉê=íÉëíI=~åÇ=~äëç=Äó=éÉêìëáåÖ=íÜÉ=éìÄäáÅäó= ~î~áä~ÄäÉ=ÇçÅìãÉåí~íáçå=Ñêçã=íÜÉ=îÉåÇçê=çÑ=íÜÉ=éêçÇìÅíK=cçê=É~ÅÜ=Å~íÉÖçêóI= qÜÉ=qçääó=dêçìé=ÉåÖáåÉÉêë=íÜÉå=~ëëáÖåÉÇ=~=ëìÄàÉÅíáîÉ=ëÅçêÉ=çå=~=ëÅ~äÉ=çÑ=N= EäÉ~ëí=ÉÑÑÉÅíáîÉF=íç=Q=Eãçëí=ÉÑÑÉÅíáîÉKF=aÉí~áäÉÇ=êÉëìäíë=ìåÇÉê=É~ÅÜ=Å~íÉÖçêó= ~êÉ=éêÉëÉåíÉÇ=áå=íÜÉ=ÑçääçïáåÖ=ëÉÅíáçåëK rë~Äáäáíó=ÅêáíÉêá~=ïÉêÉ=íÉëíÉÇ=Äó=ä~ìåÅÜáåÖ=íÜÉ=ã~å~ÖÉãÉåí=áåíÉêÑ~ÅÉ=~åÇ= çÄëÉêîáåÖ=íÜÉ=Å~é~ÄáäáíáÉë=çÑ=É~ÅÜ=ëóëíÉãK=qÜÉ=ëìÄàÉÅíáîÉ=ìë~ÄáäáíóI=ä~óçìí= ~åÇ=çîÉê~ää=ÉÑÑÉÅíáîÉåÉëë=çÑ=É~ÅÜ=ÑÉ~íìêÉ=Ü~ë=ÄÉÉå=~ëëáÖåÉÇ=~=î~äìÉ=ê~åÖJ áåÖ=Ñêçã=NI=äÉ~ëí=ÉÑÑÉÅíáîÉ=íç=QI=ãçëí=ÉÑÑÉÅíáîÉ=íç=áåÇáÅ~íÉ=íÜÉ=qçääó=ÉåÖáåÉÉêë= áãéêÉëëáçå=çÑ=É~ÅÜ=çÑ=íÜÉ=ìåáíë=íÉëíÉÇK= «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========PN
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Interaction with Competing Vendors Fair Testing Charter ™ ~åÇ=fåíÉê~Åíáçå=ïáíÜ=`çãéÉíáíçêë In accordance with The Tolly Group’s process, competitors were contacted and invited to participate in the test - to review the test plans, the product levels and configurations of their prod- ucts and to review and comment on their results. For more information on this process, please see: http://www.Tolly.com/FTC.aspx. Cisco Systems Inc., and Blue Coat Systems did not respond to the invitation. Trend Micro, Inc. and Secure Computing Corporation agreed to par- ticipate in the test, and were provided with a test plan. At the completion of testing, The Tolly Group provided Trend Micro and Secure Computing with the results of their products, and requested to provide comments. Secure Computing did not provide official comments on their results. Trend Micro representatives provided the following comments: Trend Micro's most current secure web gateway product, InterScan Web Security Virtual Appliance v3.1 (IWSVA), was not used in this test. The IWSVA product has improved functionality over the tested product (IWSS) in the following areas: 1. Implementation Model: IWSVA supports bi-direction transparent bridging so that no client or network re-configuration is needed. 2. Malware Detection: additional capabilities have been added to the IWSVA product to ensure the highest possible content-based malware detection rates, further enhancing the URL reputation-based malware detection already in the product. 3. Performance and Throughput: IWSVA running on a standard off-the-shelf 8- core server can support up to 10,000 users with full scanning and no notice- able latency. «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========PO
T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Appendix: Product List Source: The Tolly Group, November 2008 Figure 14 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========PP
Terms of Usage USE THIS DOCUMENT ONLY IF YOU AGREE TO THE TERMS LISTED HEREIN. = This document is provided, free-of-charge, to help you understand whether a given product, technology or service merits addi- tional investigation for your particular needs. Any decision to purchase must be based on your own assessment of suitability. This evaluation was focused on illustrating specific features and/or performance of the product(s) and was conducted under con- trolled, laboratory conditions and certain tests may have been tailored to reflect performance under ideal conditions; performance may vary under real-world conditions. Users should run tests based on their own real-world scenarios to validate performance for their own networks. Commercially reasonable efforts were made to ensure the accuracy of the data contained herein but errors and/or oversights can occur. In no event shall The Tolly Group be liable for damages of any kind including direct, indirect, special, incidental and consequential damages which may result from the use of information contained in this document The test/audit documented herein may also rely on various test tools the accuracy of which is beyond our control. Furthermore, the document relies on certain representations by the sponsor that are beyond our control to verify. Among these is that the software/hardware tested is production or production track and is, or will be, available in equivalent or better form to commercial customers. When foreign translations exist, the English document is considered authoritative. To assure accuracy, only use documents downloaded directly from The Tolly Group’s Web site. All trademarks are the property of their respective owners. qÜÉ=qçääó=dêçìé=áë=~=äÉ~ÇáåÖ=ÖäçÄ~ä=éêçîáÇÉê=çÑ=íÜáêÇJ é~êíó=î~äáÇ~íáçå=ëÉêîáÅÉë=Ñçê=îÉåÇçêë=çÑ=fq=éêçÇìÅíëI= ÅçãéçåÉåíë=~åÇ=ëÉêîáÅÉëK qÜÉ=Åçãé~åó=áë=Ä~ëÉÇ=áå=_çÅ~=o~íçåI=ci=~åÇ=Å~å=ÄÉ= êÉ~ÅÜÉÇ=Äó=éÜçåÉ=~í==ERSNF=PVNJRSNMI=çê=îá~=íÜÉ=fåíÉêJ åÉí=~í ÜííéWLLïïïKíçääóKÅçãI=ë~äÉë]íçääóKÅçã= båíáêÉ=`çåíÉåíë=`çéóêáÖÜí=OMMU=Äó= qÜÉ=qçääó=dêçìéI=fåÅK ^ii=ofdeqp=obpbosba OMUPOSJñÑÅÑëNJââJMOaÉÅMU «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========PQ

Empfohlen

C++
C++C++
C++guest0307c6
 
Cloud era -『クラウド時代』マッシュアップ技術による地方からの世界発信
Cloud era -『クラウド時代』マッシュアップ技術による地方からの世界発信Cloud era -『クラウド時代』マッシュアップ技術による地方からの世界発信
Cloud era -『クラウド時代』マッシュアップ技術による地方からの世界発信Yusuke Kawasaki
 
Pink mango presentation
Pink mango presentation Pink mango presentation
Pink mango presentation Aote Pinrarod
 
PHP超入門@LL温泉
PHP超入門@LL温泉PHP超入門@LL温泉
PHP超入門@LL温泉Sotaro Karasawa
 
multimedia networking
multimedia networkingmultimedia networking
multimedia networkingNorajuk Neverdie
 
ไม้ขีดก้านเดียวที่เปลี่ยนสังคมเกาหลี: ชีวประวัติชุน เต-อิล
ไม้ขีดก้านเดียวที่เปลี่ยนสังคมเกาหลี: ชีวประวัติชุน เต-อิลไม้ขีดก้านเดียวที่เปลี่ยนสังคมเกาหลี: ชีวประวัติชุน เต-อิล
ไม้ขีดก้านเดียวที่เปลี่ยนสังคมเกาหลี: ชีวประวัติชุน เต-อิลJunya Yimprasert
 
Je suis végétarienne diapo helene et vishnuca
Je suis végétarienne diapo helene et vishnucaJe suis végétarienne diapo helene et vishnuca
Je suis végétarienne diapo helene et vishnucalouisemichelchampigny
 
Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014Kim Jensen
 

Empfohlen

C++
C++C++
C++guest0307c6
 
Cloud era -『クラウド時代』マッシュアップ技術による地方からの世界発信
Cloud era -『クラウド時代』マッシュアップ技術による地方からの世界発信Cloud era -『クラウド時代』マッシュアップ技術による地方からの世界発信
Cloud era -『クラウド時代』マッシュアップ技術による地方からの世界発信Yusuke Kawasaki
 
Pink mango presentation
Pink mango presentation Pink mango presentation
Pink mango presentation Aote Pinrarod
 
PHP超入門@LL温泉
PHP超入門@LL温泉PHP超入門@LL温泉
PHP超入門@LL温泉Sotaro Karasawa
 
multimedia networking
multimedia networkingmultimedia networking
multimedia networkingNorajuk Neverdie
 
ไม้ขีดก้านเดียวที่เปลี่ยนสังคมเกาหลี: ชีวประวัติชุน เต-อิล
ไม้ขีดก้านเดียวที่เปลี่ยนสังคมเกาหลี: ชีวประวัติชุน เต-อิลไม้ขีดก้านเดียวที่เปลี่ยนสังคมเกาหลี: ชีวประวัติชุน เต-อิล
ไม้ขีดก้านเดียวที่เปลี่ยนสังคมเกาหลี: ชีวประวัติชุน เต-อิลJunya Yimprasert
 
Je suis végétarienne diapo helene et vishnuca
Je suis végétarienne diapo helene et vishnucaJe suis végétarienne diapo helene et vishnuca
Je suis végétarienne diapo helene et vishnucalouisemichelchampigny
 
Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014Secunia Vulnerability Review 2014
Secunia Vulnerability Review 2014Kim Jensen
 
Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Kim Jensen
 
5 things needed to know migrating Windows Server 2003
5 things needed to know migrating Windows Server 20035 things needed to know migrating Windows Server 2003
5 things needed to know migrating Windows Server 2003Kim Jensen
 
Infoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedInfoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedKim Jensen
 
Ictere
Ictere Ictere
Ictere imaneouadi
 
OpenDNS presenter pack
OpenDNS presenter packOpenDNS presenter pack
OpenDNS presenter packKim Jensen
 
Forcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsForcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsKim Jensen
 
Whitepaper - Align Corporate Communications To Achieve Business Goals V2[1]
Whitepaper - Align Corporate Communications To Achieve Business Goals V2[1]Whitepaper - Align Corporate Communications To Achieve Business Goals V2[1]
Whitepaper - Align Corporate Communications To Achieve Business Goals V2[1]Davida Carter
 
20090418 イケテルRails勉強会 第2部Air編 解説
20090418 イケテルRails勉強会 第2部Air編 解説20090418 イケテルRails勉強会 第2部Air編 解説
20090418 イケテルRails勉強会 第2部Air編 解説mochiko AsTech
 
Five Minutes Introduction For Rails
Five Minutes Introduction For RailsFive Minutes Introduction For Rails
Five Minutes Introduction For RailsKoichi ITO
 
Understanding Web Services
Understanding Web ServicesUnderstanding Web Services
Understanding Web Servicesaru85
 
Apache Tapestry
Apache TapestryApache Tapestry
Apache TapestryAkio Katayama
 
Understanding Web Services
Understanding Web ServicesUnderstanding Web Services
Understanding Web Servicesaru85
 
20090313 Cakephpstudy
20090313 Cakephpstudy20090313 Cakephpstudy
20090313 CakephpstudyYusuke Ando
 
Webken 03: Project Design for Optimaizing User Experience
Webken 03: Project Design for Optimaizing User ExperienceWebken 03: Project Design for Optimaizing User Experience
Webken 03: Project Design for Optimaizing User ExperienceNobuya Sato
 
AWS IoT Greengrass V2 の紹介
AWS IoT Greengrass V2 の紹介AWS IoT Greengrass V2 の紹介
AWS IoT Greengrass V2 の紹介Amazon Web Services Japan
 
20090418 イケテルRails勉強会 第2部Air編
20090418 イケテルRails勉強会 第2部Air編20090418 イケテルRails勉強会 第2部Air編
20090418 イケテルRails勉強会 第2部Air編mochiko AsTech
 
مقدمة عن أندرويد
مقدمة عن أندرويدمقدمة عن أندرويد
مقدمة عن أندرويدahmed_hassan
 
20090323 Phpstudy
20090323 Phpstudy20090323 Phpstudy
20090323 PhpstudyYusuke Ando
 
優雅與摩登的使用docker container和資料庫建立部落格.
優雅與摩登的使用docker container和資料庫建立部落格.優雅與摩登的使用docker container和資料庫建立部落格.
優雅與摩登的使用docker container和資料庫建立部落格.ChihChiaWang
 
IE-016 全球運籌電子化供應鏈管理
IE-016 全球運籌電子化供應鏈管理IE-016 全球運籌電子化供應鏈管理
IE-016 全球運籌電子化供應鏈管理handbook
 
Impact Credentials Final
Impact Credentials FinalImpact Credentials Final
Impact Credentials FinalZiggyrules
 
Dynamic Language による Silverlight2 アプリケーション開発
Dynamic Language による Silverlight2 アプリケーション開発Dynamic Language による Silverlight2 アプリケーション開発
Dynamic Language による Silverlight2 アプリケーション開発terurou
 

Weitere ähnliche Inhalte

Andere mochten auch

Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Kim Jensen
 
5 things needed to know migrating Windows Server 2003
5 things needed to know migrating Windows Server 20035 things needed to know migrating Windows Server 2003
5 things needed to know migrating Windows Server 2003Kim Jensen
 
Infoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedInfoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedKim Jensen
 
OpenDNS presenter pack
OpenDNS presenter packOpenDNS presenter pack
OpenDNS presenter packKim Jensen
 
Forcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsForcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsKim Jensen
 

Andere mochten auch (6)

Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015Hewlett-Packard Enterprise- State of Security Operations 2015
Hewlett-Packard Enterprise- State of Security Operations 2015
 
5 things needed to know migrating Windows Server 2003
5 things needed to know migrating Windows Server 20035 things needed to know migrating Windows Server 2003
5 things needed to know migrating Windows Server 2003
 
Infoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updatedInfoworld deep dive - Mobile Security2015 updated
Infoworld deep dive - Mobile Security2015 updated
 
Ictere
Ictere Ictere
Ictere
 
OpenDNS presenter pack
OpenDNS presenter packOpenDNS presenter pack
OpenDNS presenter pack
 
Forcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsForcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security Predictions
 

Ähnlich wie Web Security Gateway Dec2008

Whitepaper - Align Corporate Communications To Achieve Business Goals V2[1]
Whitepaper - Align Corporate Communications To Achieve Business Goals V2[1]Whitepaper - Align Corporate Communications To Achieve Business Goals V2[1]
Whitepaper - Align Corporate Communications To Achieve Business Goals V2[1]Davida Carter
 
20090418 イケテルRails勉強会 第2部Air編 解説
20090418 イケテルRails勉強会 第2部Air編 解説20090418 イケテルRails勉強会 第2部Air編 解説
20090418 イケテルRails勉強会 第2部Air編 解説mochiko AsTech
 
Five Minutes Introduction For Rails
Five Minutes Introduction For RailsFive Minutes Introduction For Rails
Five Minutes Introduction For RailsKoichi ITO
 
Understanding Web Services
Understanding Web ServicesUnderstanding Web Services
Understanding Web Servicesaru85
 
Understanding Web Services
Understanding Web ServicesUnderstanding Web Services
Understanding Web Servicesaru85
 
20090313 Cakephpstudy
20090313 Cakephpstudy20090313 Cakephpstudy
20090313 CakephpstudyYusuke Ando
 
Webken 03: Project Design for Optimaizing User Experience
Webken 03: Project Design for Optimaizing User ExperienceWebken 03: Project Design for Optimaizing User Experience
Webken 03: Project Design for Optimaizing User ExperienceNobuya Sato
 
20090418 イケテルRails勉強会 第2部Air編
20090418 イケテルRails勉強会 第2部Air編20090418 イケテルRails勉強会 第2部Air編
20090418 イケテルRails勉強会 第2部Air編mochiko AsTech
 
مقدمة عن أندرويد
مقدمة عن أندرويدمقدمة عن أندرويد
مقدمة عن أندرويدahmed_hassan
 
20090323 Phpstudy
20090323 Phpstudy20090323 Phpstudy
20090323 PhpstudyYusuke Ando
 
優雅與摩登的使用docker container和資料庫建立部落格.
優雅與摩登的使用docker container和資料庫建立部落格.優雅與摩登的使用docker container和資料庫建立部落格.
優雅與摩登的使用docker container和資料庫建立部落格.ChihChiaWang
 
IE-016 全球運籌電子化供應鏈管理
IE-016 全球運籌電子化供應鏈管理IE-016 全球運籌電子化供應鏈管理
IE-016 全球運籌電子化供應鏈管理handbook
 
Impact Credentials Final
Impact Credentials FinalImpact Credentials Final
Impact Credentials FinalZiggyrules
 
Dynamic Language による Silverlight2 アプリケーション開発
Dynamic Language による Silverlight2 アプリケーション開発Dynamic Language による Silverlight2 アプリケーション開発
Dynamic Language による Silverlight2 アプリケーション開発terurou
 
Fleet Hub for AWS IoT Device Management のご紹介
Fleet Hub for AWS IoT Device Management のご紹介Fleet Hub for AWS IoT Device Management のご紹介
Fleet Hub for AWS IoT Device Management のご紹介Amazon Web Services Japan
 
【13 C 2】デベロッパーに贈る!M-V-VMパターンで造るWPFアプリケーション
【13 C 2】デベロッパーに贈る!M-V-VMパターンで造るWPFアプリケーション【13 C 2】デベロッパーに贈る!M-V-VMパターンで造るWPFアプリケーション
【13 C 2】デベロッパーに贈る!M-V-VMパターンで造るWPFアプリケーションYuya Yamaki
 
How To Create Custom DSLs By PHP
How To Create Custom DSLs By PHPHow To Create Custom DSLs By PHP
How To Create Custom DSLs By PHPAtsuhiro Kubo
 

Ähnlich wie Web Security Gateway Dec2008 (20)

Whitepaper - Align Corporate Communications To Achieve Business Goals V2[1]
Whitepaper - Align Corporate Communications To Achieve Business Goals V2[1]Whitepaper - Align Corporate Communications To Achieve Business Goals V2[1]
Whitepaper - Align Corporate Communications To Achieve Business Goals V2[1]
 
20090418 イケテルRails勉強会 第2部Air編 解説
20090418 イケテルRails勉強会 第2部Air編 解説20090418 イケテルRails勉強会 第2部Air編 解説
20090418 イケテルRails勉強会 第2部Air編 解説
 
Five Minutes Introduction For Rails
Five Minutes Introduction For RailsFive Minutes Introduction For Rails
Five Minutes Introduction For Rails
 
Understanding Web Services
Understanding Web ServicesUnderstanding Web Services
Understanding Web Services
 
Apache Tapestry
Apache TapestryApache Tapestry
Apache Tapestry
 
Understanding Web Services
Understanding Web ServicesUnderstanding Web Services
Understanding Web Services
 
20090313 Cakephpstudy
20090313 Cakephpstudy20090313 Cakephpstudy
20090313 Cakephpstudy
 
Webken 03: Project Design for Optimaizing User Experience
Webken 03: Project Design for Optimaizing User ExperienceWebken 03: Project Design for Optimaizing User Experience
Webken 03: Project Design for Optimaizing User Experience
 
AWS IoT Greengrass V2 の紹介
AWS IoT Greengrass V2 の紹介AWS IoT Greengrass V2 の紹介
AWS IoT Greengrass V2 の紹介
 
20090418 イケテルRails勉強会 第2部Air編
20090418 イケテルRails勉強会 第2部Air編20090418 イケテルRails勉強会 第2部Air編
20090418 イケテルRails勉強会 第2部Air編
 
مقدمة عن أندرويد
مقدمة عن أندرويدمقدمة عن أندرويد
مقدمة عن أندرويد
 
20090323 Phpstudy
20090323 Phpstudy20090323 Phpstudy
20090323 Phpstudy
 
優雅與摩登的使用docker container和資料庫建立部落格.
優雅與摩登的使用docker container和資料庫建立部落格.優雅與摩登的使用docker container和資料庫建立部落格.
優雅與摩登的使用docker container和資料庫建立部落格.
 
IE-016 全球運籌電子化供應鏈管理
IE-016 全球運籌電子化供應鏈管理IE-016 全球運籌電子化供應鏈管理
IE-016 全球運籌電子化供應鏈管理
 
Impact Credentials Final
Impact Credentials FinalImpact Credentials Final
Impact Credentials Final
 
Dynamic Language による Silverlight2 アプリケーション開発
Dynamic Language による Silverlight2 アプリケーション開発Dynamic Language による Silverlight2 アプリケーション開発
Dynamic Language による Silverlight2 アプリケーション開発
 
Fleet Hub for AWS IoT Device Management のご紹介
Fleet Hub for AWS IoT Device Management のご紹介Fleet Hub for AWS IoT Device Management のご紹介
Fleet Hub for AWS IoT Device Management のご紹介
 
【13 C 2】デベロッパーに贈る!M-V-VMパターンで造るWPFアプリケーション
【13 C 2】デベロッパーに贈る!M-V-VMパターンで造るWPFアプリケーション【13 C 2】デベロッパーに贈る!M-V-VMパターンで造るWPFアプリケーション
【13 C 2】デベロッパーに贈る!M-V-VMパターンで造るWPFアプリケーション
 
How To Create Custom DSLs By PHP
How To Create Custom DSLs By PHPHow To Create Custom DSLs By PHP
How To Create Custom DSLs By PHP
 
AWS re:Invent 2020 IoT Update - 20201223
AWS re:Invent 2020 IoT Update - 20201223AWS re:Invent 2020 IoT Update - 20201223
AWS re:Invent 2020 IoT Update - 20201223
 

Mehr von Kim Jensen

Cisco 2013 Annual Security Report
Cisco 2013 Annual Security ReportCisco 2013 Annual Security Report
Cisco 2013 Annual Security ReportKim Jensen
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat ReportKim Jensen
 
Security Survey 2013 UK
Security Survey 2013 UKSecurity Survey 2013 UK
Security Survey 2013 UKKim Jensen
 
Miercom Security Effectiveness Test Report
Miercom Security Effectiveness Test Report Miercom Security Effectiveness Test Report
Miercom Security Effectiveness Test Report Kim Jensen
 
DK Cert Trend Rapport 2012
DK Cert Trend Rapport 2012DK Cert Trend Rapport 2012
DK Cert Trend Rapport 2012Kim Jensen
 
Bliv klar til cloud med Citrix Netscaler (pdf)
Bliv klar til cloud med Citrix Netscaler (pdf)Bliv klar til cloud med Citrix Netscaler (pdf)
Bliv klar til cloud med Citrix Netscaler (pdf)Kim Jensen
 
Data Breach Investigations Report 2012
Data Breach Investigations Report 2012Data Breach Investigations Report 2012
Data Breach Investigations Report 2012Kim Jensen
 
State of Web Q3 2011
State of Web Q3 2011State of Web Q3 2011
State of Web Q3 2011Kim Jensen
 
Wave mobile collaboration Q3 2011
Wave mobile collaboration Q3 2011Wave mobile collaboration Q3 2011
Wave mobile collaboration Q3 2011Kim Jensen
 
Corporate Web Security
Corporate Web SecurityCorporate Web Security
Corporate Web SecurityKim Jensen
 
Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Kim Jensen
 
Cloud rambøll mgmt - briefing d. 28. januar 2011
Cloud rambøll mgmt - briefing d. 28. januar 2011Cloud rambøll mgmt - briefing d. 28. januar 2011
Cloud rambøll mgmt - briefing d. 28. januar 2011Kim Jensen
 
Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Kim Jensen
 
Cloud services deep dive infoworld july 2010
Cloud services deep dive infoworld july 2010Cloud services deep dive infoworld july 2010
Cloud services deep dive infoworld july 2010Kim Jensen
 
Sådan kommer du i gang med skyen (pdf)
Sådan kommer du i gang med skyen (pdf)Sådan kommer du i gang med skyen (pdf)
Sådan kommer du i gang med skyen (pdf)Kim Jensen
 
Unified communications presence er den afgørende funktion (pdf)
Unified communications presence er den afgørende funktion (pdf)Unified communications presence er den afgørende funktion (pdf)
Unified communications presence er den afgørende funktion (pdf)Kim Jensen
 
Unified communication by hp
Unified communication by hpUnified communication by hp
Unified communication by hpKim Jensen
 
Guide to Cloud Computing (pdf) - Danish
Guide to Cloud Computing (pdf) - DanishGuide to Cloud Computing (pdf) - Danish
Guide to Cloud Computing (pdf) - DanishKim Jensen
 
Cloud Computing for Banking - Accenture
Cloud Computing for Banking - AccentureCloud Computing for Banking - Accenture
Cloud Computing for Banking - AccentureKim Jensen
 
Unified communication
Unified communicationUnified communication
Unified communicationKim Jensen
 

Mehr von Kim Jensen (20)

Cisco 2013 Annual Security Report
Cisco 2013 Annual Security ReportCisco 2013 Annual Security Report
Cisco 2013 Annual Security Report
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat Report
 
Security Survey 2013 UK
Security Survey 2013 UKSecurity Survey 2013 UK
Security Survey 2013 UK
 
Miercom Security Effectiveness Test Report
Miercom Security Effectiveness Test Report Miercom Security Effectiveness Test Report
Miercom Security Effectiveness Test Report
 
DK Cert Trend Rapport 2012
DK Cert Trend Rapport 2012DK Cert Trend Rapport 2012
DK Cert Trend Rapport 2012
 
Bliv klar til cloud med Citrix Netscaler (pdf)
Bliv klar til cloud med Citrix Netscaler (pdf)Bliv klar til cloud med Citrix Netscaler (pdf)
Bliv klar til cloud med Citrix Netscaler (pdf)
 
Data Breach Investigations Report 2012
Data Breach Investigations Report 2012Data Breach Investigations Report 2012
Data Breach Investigations Report 2012
 
State of Web Q3 2011
State of Web Q3 2011State of Web Q3 2011
State of Web Q3 2011
 
Wave mobile collaboration Q3 2011
Wave mobile collaboration Q3 2011Wave mobile collaboration Q3 2011
Wave mobile collaboration Q3 2011
 
Corporate Web Security
Corporate Web SecurityCorporate Web Security
Corporate Web Security
 
Cloud security Deep Dive 2011
Cloud security Deep Dive 2011Cloud security Deep Dive 2011
Cloud security Deep Dive 2011
 
Cloud rambøll mgmt - briefing d. 28. januar 2011
Cloud rambøll mgmt - briefing d. 28. januar 2011Cloud rambøll mgmt - briefing d. 28. januar 2011
Cloud rambøll mgmt - briefing d. 28. januar 2011
 
Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011Cloud security deep dive infoworld jan 2011
Cloud security deep dive infoworld jan 2011
 
Cloud services deep dive infoworld july 2010
Cloud services deep dive infoworld july 2010Cloud services deep dive infoworld july 2010
Cloud services deep dive infoworld july 2010
 
Sådan kommer du i gang med skyen (pdf)
Sådan kommer du i gang med skyen (pdf)Sådan kommer du i gang med skyen (pdf)
Sådan kommer du i gang med skyen (pdf)
 
Unified communications presence er den afgørende funktion (pdf)
Unified communications presence er den afgørende funktion (pdf)Unified communications presence er den afgørende funktion (pdf)
Unified communications presence er den afgørende funktion (pdf)
 
Unified communication by hp
Unified communication by hpUnified communication by hp
Unified communication by hp
 
Guide to Cloud Computing (pdf) - Danish
Guide to Cloud Computing (pdf) - DanishGuide to Cloud Computing (pdf) - Danish
Guide to Cloud Computing (pdf) - Danish
 
Cloud Computing for Banking - Accenture
Cloud Computing for Banking - AccentureCloud Computing for Banking - Accenture
Cloud Computing for Banking - Accenture
 
Unified communication
Unified communicationUnified communication
Unified communication
 

Kürzlich hochgeladen

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 

Kürzlich hochgeladen (20)

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 

Web Security Gateway Dec2008

  • 1. © 2008 The Tolly Group Document # 208326 The Web Security Challenge: A Competitive Guide to Selecting Secure Web Gateways A white paper commissioned by Websense, Inc. White Paper December 2008
  • 2. WHITE PAPER: The Web Security Challenge: A Competitive Guide to Selecting Web Security Gateways Table of Contents _ÉÑçêÉ=ìëáåÖ=íÜáë=ÇçÅìãÉåí=óçì=ãìëí=~ÖêÉÉ=íç=íÜÉ=íÉêãë=çÑ=ìë~ÖÉK qÜÉëÉ=íÉêãë=~êÉ=äáëíÉÇ=çå=íÜÉ=Ñáå~ä=é~ÖÉK Executive Summary 4 Web 2.0 Effectiveness 7 Manageability and Scalability 9 Policy Interface 11 Reporting Capabilities 13 URL Filtering 15 Malware Filtering 16 Application Control 18 Data Loss Protection 20 Network Implementation 22 Integration with Other Solutions 24 Service and support 26 Test Methodology 28 Alexa 100,000 URL Filtering/Classification Test 28 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========O
  • 3. WHITE PAPER: The Web Security Challenge: A Competitive Guide to Selecting Web Security Gateways Table of Contents _ÉÑçêÉ=ìëáåÖ=íÜáë=ÇçÅìãÉåí=óçì=ãìëí=~ÖêÉÉ=íç=íÜÉ=íÉêãë=çÑ=ìë~ÖÉK qÜÉëÉ=íÉêãë=~êÉ=äáëíÉÇ=çå=íÜÉ=Ñáå~ä=é~ÖÉK “Long Tail” or Extended URL Classification Test 28 Phishing and/or Proxy Avoidance URL Detection Accuracy Test29 Binary Exploits and Compromises Detection Accuracy Test 29 Malware-infected URL Detection Accuracy Test 30 Web 2.0-Based Malicious URL Detection Accuracy Test 30 Criteria Evaluation by UI Inspection 31 Interaction with Competing Vendors 32 Appendix: Product List 33 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========P
  • 4. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Executive Summary The World Wide Web has changed dramatically in the past decade. The use of the Web as an application platform, a communication medium, and a business tool, combined with the migration of attackers onto the Web, demands new solutions to help manage business and mitigate security threats. Enterprise IT managers should carefully evaluate both the ease of management, as well as the effective- ness, of gateway-based Web security solutions against a constantly evolving threat landscape. tÉÄëÉåëÉI=fåÅK=ÅçããáëëáçåÉÇ=qÜÉ=qçääó=dêçìé=íç=Éî~äì~íÉ=áíë=tÉÄ=pÉÅìJ êáíó=d~íÉï~ó=~Ö~áåëí=çíÜÉê=~î~áä~ÄäÉ=Ö~íÉï~ó=ëÉÅìêáíó=éêçÇìÅíëK=qÜÉ=ÅçãJ éÉíáåÖ=éêçÇìÅíë=íÉëíÉÇ=ïÉêÉW=_äìÉ=`ç~í=póëíÉãëÛ=mêçñópd=ONM=~åÇ= mêçñó^s=RNM=~ééäá~åÅÉëI=`áëÅç=póëíÉãë=fåÅKÛë=fêçåmçêí=pSRM=tÉÄ=pÉÅìêáíó= ^ééäá~åÅÉI=qêÉåÇ=jáÅêçI=fåÅKÛë=fåíÉêpÅ~å=tÉÄ=pÉÅìêáíó=pìáíÉ=EftppFI=~åÇ= pÉÅìêÉ=`çãéìíáåÖ=`çêéçê~íáçåÛë=pÉÅìêÉ=tÉÄ=EtÉÄï~ëÜÉêF=~ééäá~åÅÉK= Note: All products under test shall be referenced by their manufacturer s name hereafter in the document. Websense Web Security Gateway combines powerful and easy-to-manage software with the ability to mitigate dynamic Web-based threats, exceeding other vendors tested in meeting Gartner’s criteria* for buying Secure Web Gateways. GaáëÅä~áãÉêW qÜÉ=d~êíåÉê=êÉéçêí= ^=_ìóÉêÛë=dìáÇÉ=íç=pÉÅìêÉ=tÉÄ=d~íÉï~óëÒ=Äó=mÉíÉê=cáêëíÄêççâ=~åÇ= i~ïêÉåÅÉ=lê~åë=Ed~êíåÉê=o^p=`çêÉ=oÉëÉ~êÅÜ=kçíÉ=dMMNRVSSVX=NR=^ìÖìëí=OMMUF=ï~ë= ìëÉÇ=çåäó=~ë=~=êÉèìáêÉãÉåíë=ÖìáÇÉ=áå=íÜáë=Éî~äì~íáçåK=eçïÉîÉêI=~åó=~åÇ=~ää=îÉåÇçê=~åÇ= éêçÇìÅí=Åçãé~êáëçåë=~åÇ=Éî~äì~íáçåë=ïÉêÉ=ÇçåÉ=Äó=íÜÉ=qçääó=dêçìé=~åÇ=áå=åç=ï~ó=Çç=íÜÉó= ÉñéêÉëë=íÜÉ=çéáåáçå=çÑ=d~êíåÉêK ^ää=ëí~íÉãÉåíë=áå=íÜáë=êÉéçêí=~ííêáÄìí~ÄäÉ=íç=d~êíåÉê=êÉéêÉëÉåí=tÉÄëÉåëÉI=fåÅKÛë=áåíÉêéêÉí~J íáçå=çÑ=Ç~í~I=êÉëÉ~êÅÜ=çéáåáçå=çê=îáÉïéçáåíë=éìÄäáëÜÉÇ=~ë=é~êí=çÑ=~=ëóåÇáÅ~íÉÇ=ëìÄëÅêáéíáçå= ëÉêîáÅÉ=Äó=d~êíåÉêI=fåÅKI=~åÇ=Ü~îÉ=åçí=ÄÉÉå=êÉîáÉïÉÇ=Äó=d~êíåÉêK=b~ÅÜ=d~êíåÉê=éìÄäáÅ~íáçå= ëéÉ~âë=~ë=çÑ=áíë=çêáÖáå~ä=éìÄäáÅ~íáçå=Ç~íÉ=E~åÇ=åçí=~ë=çÑ=íÜÉ=Ç~íÉ=çÑ=íÜáë=êÉéçêíFK=qÜÉ=çéáåJ áçåë=ÉñéêÉëëÉÇ=áå=d~êíåÉê=éìÄäáÅ~íáçåë=~êÉ=åçí=êÉéêÉëÉåí~íáçåë=çÑ=Ñ~ÅíI=~åÇ=~êÉ=ëìÄàÉÅí=íç= ÅÜ~åÖÉ=ïáíÜçìí=åçíáÅÉK fÑ=ÅäáÉåíë=ÇÉëáêÉ=d~êíåÉê=íç=îÉêáÑó=íÜ~í=èìçíÉë=~êÉ=~ÅÅìê~íÉ=~åÇ=Åçãéäó=ïáíÜ=d~êíåÉêÛë=`çéóJ êáÖÜí=~åÇ=nìçíÉ=mçäáÅóI=d~êíåÉê=éêçîáÇÉë=~=ëÉêîáÅÉ=íÜ~í=îÉêáÑáÉë=èìçíÉ=~ÅÅìê~Åó=~åÇ=~ééêçJ éêá~íÉåÉëëK=`äáÉåíë=ïáëÜáåÖ=íç=í~âÉ=~Çî~åí~ÖÉ=çÑ=íÜáë=ëÉêîáÅÉ=ëÜçìäÇ=Åçåí~Åí=d~êíåÉê=sÉåJ Ççê=oÉä~íáçåë=~í=îÉåÇçêKêÉä~íáçåë]Ö~êíåÉêKÅçãK «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========Q
  • 5. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P qçääó=dêçìé=ÉåÖáåÉÉêë=Éî~äì~íÉÇ=íÜÉ=éêçÇìÅíë=ìåÇÉê=íÉëí=Ä~ëÉÇ= tÉÄëÉåëÉI= çå=~=ëÉí=çÑ=ÅêáíÉêá~=d~êíåÉê=áÇÉåíáÑáÉÇ=~ë=íÜÉ=ãçëíJ~Çî~åÅÉÇ=ÑÉ~J fåÅK íìêÉë=íÜ~í=ÅçìäÇ=ÜÉäé=ïáíÜ=Åçãé~ê~íáîÉ=Éî~äì~íáçå=~åÇ=ëÉäÉÅíáçå= çÑ=~=ëÉÅìêÉ=tÉÄ=Ö~íÉï~óK=qÉëíë=ïÉêÉ=ÅçåÇìÅíÉÇ=áå=lÅíçÄÉê= pÉÅìêÉ=tÉÄ= OMMUK d~íÉï~ó cêçã=~=ÜáÖÜJäÉîÉä=éÉêëéÉÅíáîÉI=íÜÉ=d~êíåÉê=ptd=ÄìóÉêÛë=ÖìáÇÉ= `çãéÉíáíáîÉ= ë~óë=íÜ~í=îÉåÇçêë=çÑ=roi=ÑáäíÉêáåÖI=éêçñó=ëÉêîÉêëI=~åÇ=~åíáJîáêìëL bî~äì~íáçå=çÑ=tÉÄ=pÉÅìêáíó= ~åíáJëé~ã=ëçäìíáçåëI=~ää=~êÉ=~ééêç~ÅÜáåÖ=íÜÉ=ëÉÅìêÉ=tÉÄ=Ö~íÉJ cÉ~íìêÉë ï~ó=ã~êâÉí=Ñêçã=ÇáÑÑÉêÉåí=ÇáêÉÅíáçåëK=qÜÉ=qçääó=dêçìéÛë=Ü~åÇëJçå= ~å~äóëáë=çÑ=íÜÉëÉ=éêçÇìÅíë=îÉêáÑáÉë=íÜ~í=ïÜáäÉ=íÜÉ=ã~àçêáíó=çÑ= éêçÇìÅíë=íÉëíÉÇ=ÉñÅÉä=áå=~=ÑÉï=~êÉ~ëI=çåäó=tÉÄëÉåëÉÛë=tÉÄ=pÉÅìJ êáíó=d~íÉï~ó=ëÅçêÉÇ=ìåáÑçêãäó=ÜáÖÜ=~åÇ=ÇÉäáîÉêÉÇ=ÑÉ~íìêÉJêáÅÜ=Å~é~ÄáäáíáÉë= ~Åêçëë=~ää=åáåÉ=ÑìåÅíáçå~ä=~êÉ~ë=íÜ~í=ÉåÖáåÉÉêë=Éñ~ãáåÉÇK= qçääó=dêçìé=ÉåÖáåÉÉêë=~ëëáÖåÉÇ=~=ëìÄàÉÅíáîÉ=ëÅçêÉ=íç=É~ÅÜ=çÑ=íÜÉ=åáåÉ= éêçÇìÅí=ÅêáíÉêá~=Éî~äì~íÉÇ=~åÇ=í~ääáÉÇ=~=ÅçãéçëáíÉ=ëÅçêÉ=Ñçê=É~ÅÜ=éêçÇìÅíK= táíÜ=~=ëÅçêÉ=çÑ=OMNI=tÉÄëÉåëÉ=pÉÅìêáíó=d~íÉï~ó=~äãçëí=ÇçìÄäÉÇ=íÜÉ=éçáåí= íçí~ä=çÑ=áíë=åÉñí=åÉ~êÉëí=ÅçãéÉíáíçêK=EpÉÉ=cáÖìêÉ=NI=é~ÖÉ=RKF jçêÉçîÉêI=áå=~ÇÇáíáçå=íç=ëí~åÇ~êÇ=roi=ÑáäíÉêáåÖ=~åÇ=íê~Çáíáçå~ä=ã~äï~êÉ=éêçJ íÉÅíáçå=íÜ~í=áë=~î~áä~ÄäÉ=çå=~åó=ëÉÅìêÉ=tÉÄ=Ö~íÉï~óI=tÉÄëÉåëÉ=áë=íÜÉ=Ñáêëí= îÉåÇçê=Éñ~ãáåÉÇ=Äó=qÜÉ=qçääó=dêçìé=ÉåÖáåÉÉêë=íç=çÑÑÉê=~=Ñìääó=áåíÉÖê~íÉÇ= aim=çéíáçåI=~ääçïáåÖ=íÜÉ=Åçãé~åó=íç=çÑÑÉê=~=äÉîÉä=çÑ=Ç~í~=äçëë=éêçíÉÅíáçå= ìåã~íÅÜÉÇ=å~íáîÉäó=Äó=êáî~ä=éêçÇìÅíë=íÉëíÉÇK=qÜÉ=pÉÅìêÉ=tÉÄ=d~íÉï~ó=ÇÉJ äáîÉêë=~=ãçêÉ=ÑìåÅíáçå~ä=ã~å~ÖÉãÉåí=áåíÉêÑ~ÅÉI=ëÅ~ä~Äáäáíó=Å~é~ÄáäáíáÉëI=~åÇ= êáÅÜÉê=êÉéçêíáåÖ=ÑìåÅíáçåë=íÜ~å=êáî~ä=éêçÇìÅíë=íÉëíÉÇK q~âÉå=~ë=~=ïÜçäÉI=íÜÉ=ÅçãéçëáíÉ=ëÅçêÉë=Ñêçã=É~ÅÜ=çÑ=íÜÉ=Éî~äì~íÉÇ=ëÉäÉÅJ íáçå=ÅêáíÉêá~=ëÜçï=íÜ~í=tÉÄëÉåëÉÛë=tÉÄ=pÉÅìêáíó=d~íÉï~ó=áë=íÜÉ=ãçëí= ÑÉ~íìêÉJêáÅÜ=çÑ=íÜÉ=éêçÇìÅíë=íÉëíÉÇI=~äçåÖ=ïáíÜW çÑÑÉêáåÖ=íÜÉ=ïáÇÉëí=ÅçîÉê~ÖÉ=~åÇ=íÜÉ=ÖêÉ~íÉëí=~ÅÅìê~Åó=áå= Å~íÉÖçêáòáåÖ=Çóå~ãáÅ=ÅçåíÉåí=çå=tÉÄ=OKM=ëáíÉë ÄäçÅâáåÖ=ãçêÉ=fåíÉêåÉíJÄ~ëÉÇ=íÜêÉ~íë=íÜ~å=~ää=çíÜÉê=éêçÇìÅíë=íÉëíÉÇ éêçîáÇáåÖ=íÜÉ=É~ëáÉëí=íç=ìëÉ=áåíÉêÑ~ÅÉ=çÑ=íÜÉ=éêçÇìÅíë=íÉëíÉÇ ÇÉäáîÉêáåÖ=ÖêÉ~íÉê=ÑäÉñáÄáäáíó=íÜ~å=~åó=çíÜÉê=ëçäìíáçåë=íÉëíÉÇ «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========R
  • 6. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Composite Scores of Products Tested Across Evaluation Areas All criteria listed were rated subjectively either by examining publicly available documentation from the vendors; or by launching the management interface, configuring the desired behavior and observing the results. The subjective usability, layout and overall effectiveness of each function by vendor has been assigned a value ranging from 1 (least effective) to 4 (most effective) to indicate the Tolly engineers' im- pression of each of the units tested. Detailed breakdown of scores in each area of evaluation can be seen in Figures 4. through 12. Source: The Tolly Group, November 2008 Figure 1 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========S
  • 7. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P qÜáë=ïÜáíÉ=é~éÉê=ïáää=ÉñéäçêÉ=ÑáåÇáåÖë=Ñçê=É~ÅÜ=çÑ=íÜÉ=Éî~äì~íáçå=ÅêáíÉêá~=áå= íÜÉ=é~ÖÉë=~åÇ=ÅÜ~êíë=íÜ~í=ÑçääçïK= få=ÅçåÅäìëáçåI=tÉÄëÉåëÉ=tÉÄ=pÉÅìêáíó=d~íÉï~ó=ÅçãÄáåÉÇ=íÜÉ=ÄÉëí=çÑ= ÄêÉÉÇ=íÉÅÜåçäçÖáÉë=íç=çÑÑÉê=~=éêçÇìÅí=íÜ~í=áë=É~ëáÉê=íç=ã~å~ÖÉI=ëÅ~äÉë= ÄÉííÉêI=éêçîáÇÉë=ãçêÉ=Öê~åìä~ê=çéíáçåë=íç=Åçåíêçä=åÉíïçêâ=~ééäáÅ~íáçå=íê~ÑÑáÅ= ~åÇ=Öì~êÇë=~Ö~áåëí=íÜÉ=Çóå~ãáÅ~ääó=ÅÜ~åÖáåÖ=íÜêÉ~í=ä~åÇëÅ~éÉ=çÑ=tÉÄJ Ä~ëÉÇ=~íí~ÅâëK Web 2.0 Effectiveness tÉÄ=OKM=ëáíÉë=~êÉ=ê~éáÇäó=ÖêçïáåÖ=íç=ÄÉ=ëçãÉ=çÑ=íÜÉ=ãçëí=îáëáíÉÇ=tÉÄ=ëáíÉë= çå=íÜÉ=fåíÉêåÉíK=qÜÉ=~Äáäáíó=çÑ=ìëÉêë=íç=ÑêÉÉäó=ÅêÉ~íÉ=~åÇ=ìéäç~Ç= ÅçåíÉåí=çåíç=tÉÄ=OKM=ëáíÉë=áë=áåÅêÉ~ëáåÖäó=~ííê~ÅíáîÉ=íç=~íí~ÅâÉêë=ïÜç ìéäç~Ç=ã~äáÅáçìë=~åÇ=çÄàÉÅíáçå~ÄäÉ=ÅçåíÉåí=çåíç=êÉéìí~ÄäÉ=tÉÄ=OKM=ëáíÉë= äáâÉ=_äçÖëéçí=EÜííéWLLÄäçÖëéçíKÅçãFI=tçêÇmêÉëë=EÜííéWLLïçêÇéêÉëëKçêÖFI=çê= çåíç=äÉÖáíáã~íÉ=ëáíÉë=íÜ~í=Ü~îÉ=ÄÉÉå=ÅçãéêçãáëÉÇK=qÜÉ=~Äáäáíó=çÑ=~=tÉÄ=ëÉJ Åìêáíó=Ö~íÉï~ó=íç=ÇÉíÉÅí=ã~äáÅáçìë=ÅçåíÉåí=~ÅÅìê~íÉäó=çå=Çóå~ãáÅ=tÉÄ=ëáíÉë= äáâÉ=tÉÄ=OKM=êÉäáÉë=ÖêÉ~íäó=çå=êÉ~äJíáãÉ=~å~äóëáë=çÑ=ÅçåíÉåíI=~åÇ=åçí=àìëí=çå= íÜÉ=êÉéìí~íáçå=çÑ=íÜÉ=tÉÄ=ëáíÉëK qÉëíë=ìëáåÖ=VSR=äáîÉ=roië=Ñêçã=éçéìä~ê=tÉÄ=OKM=ëáíÉë=äáâÉ=ÄäçÖëéçíKÅçã= ~åÇ=ïçêÇéêÉëëKÅçã=íÜ~í=ïÉêÉ=ÜçëíáåÖ=ã~äáÅáçìë=çê=çÄàÉÅíáçå~ÄäÉ=ÅçåíÉåí= êÉîÉ~äÉÇ=tÉÄëÉåëÉÛë=éçïÉêÑìä=êÉ~äJíáãÉ=ÅçåíÉåí=~å~äóëáë=Å~é~ÄáäáíóK=tÉÄJ ëÉåëÉ=ÄäçÅâÉÇ=~äãçëí=VVB=çÑ=íÜÉ=ã~äáÅáçìë=roië=ïÜáäÉ=ÅçãéÉíáåÖ=éêçÇìÅíë= ÄäçÅâÉÇ=ÄÉíïÉÉå=äÉëë=íÜ~å=OB=íç=~Äçìí=QMBK=EpÉÉ=cáÖìêÉ=OKF= qÜáë=ÜìÖÉ=ëéêÉ~Ç=çÑ=êÉëìäíë=Ñêçã=éêçÇìÅíë=ìëáåÖ=tÉÄ=oÉéìí~íáçå=ëÉêîáÅÉë= ~åÇ=íê~Çáíáçå~ä=roi=Ç~í~Ä~ëÉë=ëÜçïë=íÜ~í=äÉÖ~Åó=ãÉíÜçÇë=çÑ=roi=ÑáäíÉêáåÖ= ~êÉ=åçí=éçïÉêÑìä=ÉåçìÖÜ=çå=íÜÉáê=çïåI=ìåäÉëë=áíÛë=~ìÖãÉåíÉÇ=Äó=ÉÑÑÉÅíáîÉ= ìëÉ=çÑ=çíÜÉê=íÉÅÜåçäçÖáÉë=äáâÉ=çåJéêÉãáëÉëI=êÉ~äJíáãÉ=ÅçåíÉåí=~å~äóëáëI=ÜÉìJ êáëíáÅëI=ÉíÅK qÉëíë=~äëç=ëÜçïÉÇ=íÜ~í=tÉÄëÉåëÉ=Ü~Ç=íÜÉ=ïáÇÉëí=roi=ÅçîÉê~ÖÉ=çÑ=íÜÉ= Úâåçïå=tÉÄÛ=çìí=çÑ=íÜÉ=éêçÇìÅíë=íÉëíÉÇI=~ë=ÉîáÇÉåÅÉÇ=Äó=íÜÉ=êÉëìäíë=Ñêçã= íÜÉ=^äÉñ~=NMMIMMM=roi=Åä~ëëáÑáÅ~íáçå=íÉëíK=qÜáë=íÉëí=ëÜçïÉÇ=íÜ~í=íÜÉ=tÉÄJ ëÉåëÉ=Åä~ëëáÑáÉÇ=VTKNB=çÑ=íÜÉ=íçé=NMMIMMM=ãçëí=îáëáíÉÇ=tÉÄ=ëáíÉë=çå=íÜÉ= fåíÉêåÉí=E~ë=äáëíÉÇ=Äó=íÜÉ=^äÉñ~=NMMIMMM=roi=äáëíFI=ïÜáäÉ=ÅçãéÉíáåÖ=îÉåÇçêë= Åä~ëëáÑáÉÇ=ÄÉíïÉÉå=VOB=íç=VQBK=EpÉÉ=cáÖìêÉ=PKF= «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========T
  • 8. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Web 2.0 Detection Accuracy Effectiveness 98.9 Percent of detection accuracy (%) NMM TR RM 40.2 OR 11.1 11 1.8 M Websense BlueCoat Cisco Secure Trend Computing Micro Note: All URLs tested were sourced from the Websense ThreatSeeker network, within six to 24 hours of the testing window. Source: The Tolly Group, November 2008 Figure 2 qÉëíë=~äëç=ëÜçïÉÇ=tÉÄëÉåëÉÛë=ëìéÉêáçê=~Äáäáíó=íç=Åä~ëëáÑó=íÜÉ=Úìåâåçïå= tÉÄÛ=EêÉÑÉêêÉÇ=íç=~ë=íÜÉ=ÚiçåÖ=q~áäÛ=çÑ=íÜÉ=fåíÉêåÉíF=íóéáÅ~ääó=ÅçåëáëíáåÖ=çÑ= àìåâI=éÉêëçå~ä=çê=ëÅ~ã=tÉÄ=ëáíÉëI=çê=íÜÉ=ãáääáçåë=çÑ=åÉï=tÉÄ=ëáíÉë=ÅêÉ~íÉÇ= ÉîÉêó=Ç~óK=mêçÇìÅíë=ëçäÉäó=êÉäóáåÖ=çå=tÉÄ=êÉéìí~íáçåJÄ~ëÉÇ=Åä~ëëáÑáÅ~íáçå=çê= íê~Çáíáçå~ä=roi=Ç~í~Ä~ëÉë=Å~ååçí=~ÇÉèì~íÉäó=âÉÉé=ìé=ïáíÜ=íÜÉ=ÇÉã~åÇ=íç= Åä~ëëáÑó=tÉÄ=ëáíÉë=áå=íÜÉ=içåÖ=q~áä=çÑ=íÜÉ=fåíÉêåÉíK=tÉÄëÉåëÉ=ÇÉãçåëíê~íÉÇ= áíë=ëíêÉåÖíÜ=áå=êÉ~äJíáãÉ=Åä~ëëáÑáÅ~íáçå=çÑ=tÉÄ=ÅçåíÉåí=Äó=Å~íÉÖçêáòáåÖ=VVKVB= çÑ=íÜÉ=NUIRUM=äáîÉ=roië=ëçìêÅÉÇ=Ñêçã=íÜÉ=içåÖ=q~áäK=få=Åçåíê~ëíI=íÜÉ=ÅçãJ éÉíáåÖ=îÉåÇçêë=Åä~ëëáÑáÉÇ=ÄÉíïÉÉå=PSB=~åÇ=TMBK få=íÉëíë=ÑçÅìëáåÖ=çå=ÇÉíÉÅíáåÖ=~åÇ=ÄäçÅâáåÖ=roië=äÉ~ÇáåÖ=íç=mÜáëÜáåÖ=~åÇLçê= mêçñó=~îçáÇ~åÅÉ=tÉÄ=ëáíÉëI=tÉÄëÉåëÉ=çåÅÉ=~Ö~áå=ÇÉíÉÅíÉÇ=VUKPB=çÑ=íÜÉ= OIPMO=äáîÉ=roiëI=ïÜáäÉ=íÜÉ=ÅçãéÉíáåÖ=îÉåÇçêë=ÇÉíÉÅíÉÇ=ÄÉíïÉÉå=TMB=~åÇ= UUBK=páãáä~êäóI=áå=íÉëíë=ïáíÜ=PTV=roië=Åçåí~áåáåÖ=Äáå~êó=Éñéäçáíë=çê=ÅçãJ éêçãáëÉ=ÅçÇÉI=tÉÄëÉåëÉ=ÄäçÅâÉÇ=VVB=çÑ=roiëI=îÉêëìë=çíÜÉê=îÉåÇçêë=ïÜç= ÄäçÅâÉÇ=ÄÉíïÉÉå=RPB=íç=VNBK=^äëçI=çå=íÉëíë=ïáíÜ=USR=roië=ÜçëíáåÖ=j~äJ «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========U
  • 9. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P ï~êÉI=tÉÄëÉåëÉ=ÄäçÅâÉÇ=VUKQB=ïÜáäÉ=çíÜÉê=îÉåÇçêë=ÄäçÅâÉÇ=ÄÉíïÉÉå=SRB= ~åÇ=~êçìåÇ=VSBK=EpÉÉ=cáÖìêÉ=PKF Web 2.0 Accuracy and Coverage Test Results Source: The Tolly Group, November 2008 Figure 3 Manageability and Scalability oÉÇìÅÉÇ=~Çãáåáëíê~íáçå=çîÉêÜÉ~Ç=áë=çåÉ=çÑ=íÜÉ=íçé=ÅçåÅÉêåë=çÑ=ëÉÅìêáíó= ~Çãáåáëíê~íçêëK=qÜÉ=êÉéçêí=ÉãéÜ~ëáòÉë=íÜÉ=áãéçêí~åÅÉ=çÑ=~å=ÉÑÑÉÅíáîÉ=í~ëâJ çêáÉåíÉÇ=Öê~éÜáÅ~ä=ìëÉê=áåíÉêÑ~ÅÉ=EdrfF=~åÇ=ÅçãéêÉÜÉåëáîÉ=ã~å~ÖÉãÉåí= áåíÉêÑ~ÅÉ=íç=äçïÉê=íçí~ä=Åçëí=çÑ=çïåÉêëÜáéK qçääó=dêçìé=Ü~åÇëJçå=íÉëíáåÖ=ëÜçïë=íÜ~í=tÉÄëÉåëÉ=êÉÅÉáîÉ=~=ã~ñáãìã= ëÅçêÉ=çÑ= QÒ=Ñçê=ÑáîÉ=çÑ=íÜÉ=ÉáÖÜí=ã~å~ÖÉãÉåí=áåíÉêÑ~ÅÉ=ÅêáíÉêá~=êÉîáÉïÉÇ=Äó= ÉåÖáåÉÉêëK=låäó=çåÉ=çíÜÉê=éêçÇìÅí=Ü~Ç=íïç= QëÒ=Ñçê=áíë=ã~å~ÖÉãÉåí=áåíÉêJ Ñ~ÅÉK=lÑ=é~êíáÅìä~ê=åçíÉ=ï~ë=tÉÄëÉåëÉÛë=êÉ~äJíáãÉ=ÉîÉåí=Ç~ëÜÄç~êÇ=ïáíÜ= ~Åíáçå~ÄäÉ=~äÉêíë=ïÜáÅÜ=Éå~ÄäÉë=ê~éáÇ=ÉîÉåí=áÇÉåíáÑáÅ~íáçå=~åÇ=éêç~ÅíáîÉ=áåJ «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========V
  • 10. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P ÅáÇÉåí=êÉëéçåëÉK=tÉÄëÉåëÉ=~äëç=ï~ë=Öê~ÇÉÇ=~= QÒ=Ñçê=áíë=Åìëíçãáò~ÄäÉ= Ç~ëÜÄç~êÇ=îáÉïëK=tÉÄëÉåëÉ=~äëç=É~êåÉÇ= QëÒ=Ñçê=Öê~åìä~ê=êçäÉJÄ~ëÉÇ= Management and Scalability Scoring Source: The Tolly Group, November 2008 Figure 4 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========NM
  • 11. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P ~Çãáåáëíê~íáçåI=~ìíçã~íÉÇ=~äÉêíáåÖI=~Çî~åÅÉÇ=ÜÉäéI=ÅÉåíê~äáòÉÇ=ã~å~ÖÉJ ãÉåí=çÑ=ãìäíáéäÉ=~ééäá~åÅÉë=~åÇ=å~íáîÉ=äç~Ç=Ä~ä~åÅáåÖL~ÅíáîÉ=ÅäìëíÉêáåÖK=få= íçí~äI=áí=É~êåÉÇ=QM=éçáåíëI=îÉêëìë=PN=Ñçê=íÜÉ=åÉ~êÉëí=ÅçãéÉíáíçêK=EpÉÉ=cáÖìêÉ= QKF= Policy Interface ^åó=éçäáÅó=áåíÉêÑ~ÅÉë=ëÜçìäÇ=ÄÉ=É~ëó=íç=ìëÉI=áåíìáíáîÉ=Ñçê=åçåJíÉÅÜåáÅ~ä=éÉêJ ëçååÉä=~åÇ=ìëÉêJÑêáÉåÇäóK=eÉêÉI=íççI=tÉÄëÉåëÉ=êÉÅÉáîÉ= QëÒ=Ñçê=Ñçìê=çÑ=íÜÉ= ëÉîÉå=ÅêáíÉêá~=êÉîáÉïÉÇ=~åÇ=ï~ë=íÜÉ=çåäó=ëÉÅìêÉ=Ö~íÉï~ó=îÉåÇçê=íç=êÉÅÉáîÉ= íÜÉ=ÜáÖÜÉëí=ã~êâ=éçëëáÄäÉ=Ñçê=éçäáÅó=áåíÉêÑ~ÅÉëK tÉÄëÉåëÉ=êÉÅÉáîÉÇ=íÜÉ=ÜáÖÜ=Öê~ÇÉë=Ñçê=íÜÉ=~Äáäáíó=íç=çÑÑÉê=~=ëáåÖäÉ=é~ÖÉ= îáÉï=çÑ=éçäáÅó=ëí~íÉãÉåíëI=êÉìë~ÄäÉ=éçäáÅó=çÄàÉÅíëI=íÜÉ=~Äáäáíó=íç=ãçÇáÑó=áåJ ÜÉêáíÉÇ=éçäáÅáÉë=~åÇ=Ñçê=êÉéçêíáåÖ=Äó=éçäáÅó=íóéÉI=ïÜáÅÜ=áë=ÉëëÉåíá~ä=áå=ÇÉíÉêJ ãáåáåÖ=Åçãéäá~åÅÉ=íç=~=éçäáÅóK=lîÉê~ääI=tÉÄëÉåëÉ=É~êåÉÇ=~=ëÅçêÉ=çÑ=OOI= îÉêëìë=áíë=åÉñí=åÉ~êÉëí=êáî~ä=ïáíÜ=~=ëÅçêÉ=çÑ=NQK=EpÉÉ=cáÖìêÉ=RKF «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========NN
  • 12. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Policy Interface Scoring Source: The Tolly Group, November 2008 Figure 5 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========NO
  • 13. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Reporting Capabilities oÉéçêíáåÖ=Å~é~ÄáäáíáÉë=Ü~îÉ=ÉãÉêÖÉÇ=~ë=~å=ÉëëÉåíá~ä=ÅçãéçåÉåí=çÑ=pÉÅìêÉ= tÉÄ=Ö~íÉï~óë=ÄÉÅ~ìëÉ=íÜÉó=ÄêáÇÖÉ=íÜÉ=íÉÅÜåáÅ~ä=ïçêäÇ=ïáíÜ=íÜÉ=ÄìëáåÉëë= ëáÇÉ=çÑ=íÜÉ=Åçãé~åóK=_ìëáåÉëë=ìëÉêë=ÇçåÛí=Ü~îÉ=íáãÉ=íç=ï~ÇÉ=íÜêçìÖÜ=ÖçÄë= çÑ=íÉÅÜåáÅ~ä=Ç~í~I=Äìí=áåëíÉ~Ç=ï~åí=ëìãã~êó=áåÑç=Ü~êîÉëíÉÇ=~åÇ=éêÉëÉåíÉÇ= áå=~å=É~ëó=íç=Ñçääçï=Ñçêã~íK= tÉÄëÉåëÉ=êÉÅÉáîÉ=íÜÉ=ã~ñáãìã=ëÅçêÉ=çÑ= QÒ=áå=ÉáÖÜí=çÑ=åáåÉ=~î~áä~ÄäÉ= Å~íÉÖçêáÉëI=ïÜáäÉ=êáî~ä=éêçÇìÅíë=ëÅçêÉÇ=~=N=çê=O=áå=ãçëí=Å~íÉÖçêáÉëK tÉÄëÉåëÉ=É~êåÉÇ=~=ëÅçêÉ=çÑ=PRI=ïÜáäÉ=íÜÉ=åÉñí=ÅçãéÉíáåÖ=éêçÇìÅí= êÉÅÉáîÉÇ=~=OOK=tÉÄëÉåëÉ=êÉÅÉáîÉÇ=ÜáÖÜ=Öê~ÇÉë=Ñçê=íÜÉ=äÉîÉä=çÑ=ÄìëáåÉëë= çêáÉåíÉÇ=êÉéçêíë=çÑÑÉêÉÇI=íÜÉ=èìáÅâ=~ÅÅÉëë=íççäë=~î~áä~ÄäÉ=íç=ÖÉí=~í=Ç~í~K=^ÇJ Çáíáçå~ääóI=êÉ~äJíáãÉ=êÉéçêíë=~åÇ=ÑçêÉåëáÅ=êÉéçêíë=~êÉ=~î~áä~ÄäÉ=EpÉÉ=cáÖìêÉ= SKF «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========NP
  • 14. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Reporting Scores Source: The Tolly Group, November 2008 Figure 6 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========NQ
  • 15. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P URL Filtering qÜÉ=~Äáäáíó=íç=Åçåíêçä=~åÇ=ãçåáíçê=tÉÄ=ìë~ÖÉ=Äó=ÉãéäçóÉÉë=áë=ÄÉÅçãáåÖ=~= åÉÅÉëëáíó=Ñçê=Åçãé~åáÉëK=qÜÉ=~Äáäáíó=íç=ÉåÑçêÅÉ=Åçêéçê~íÉ=éçäáÅó=åçí=àìëí= ïÜáäÉ=íÜÉ=ÉãéäçóÉÉë=~êÉ=çå=éêÉãáëÉëI=Äìí=~äëç=ïÜáäÉ=çÑÑJéêÉãáëÉë=ÄÉÅçãÉë= î~äì~ÄäÉ=~ë=ÉãéäçóÉÉë=~êÉ=ÄÉÅçãáåÖ=áåÅêÉ~ëáåÖäó=ãçÄáäÉK tÉÄëÉåëÉ=çåÅÉ=~Ö~áå=çÑÑÉêÉÇ=éçïÉêÑìä=~åÇ=ÑäÉñáÄäÉ=íççäë=íç=Öê~åìä~êäó=ÅçåJ íêçä=íÜÉ=tÉÄ=~ÅÅÉëë=çÑ=ìëÉêë=ÄçíÜ=çå=~åÇ=çÑÑ=íÜÉ=éêÉãáëÉëX=~åÇ=ëÅçêÉÇ=~= ã~ñáãìã=éçëëáÄäÉ=NO=éçáåíë=~Åêçëë=íÜêÉÉ=~êÉ~ë=Éî~äì~íÉÇK=EpÉÉ=cáÖìêÉ=TKF= qÜÉ=åÉñí=ÅäçëÉëí=ÅçãéÉíáíçê=éêçÇìÅí=ëÅçêÉÇ=~=V=ïáíÜ=íÜÉ=êÉëí=ëÅçêáåÖ=Q=É~ÅÜK URL Filtering Feature Scoring Source: The Tolly Group, November 2008 Figure 7 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========NR
  • 16. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Malware Filtering tÜáäÉ=roi=ÑáäíÉêáåÖ=áë=~=ëí~éäÉ=çÑ=~åó=ëÉÅìêÉ=tÉÄ=Ö~íÉï~óI=ã~äï~êÉ=ÑáäíÉêáåÖ= áë=Ñ~ëí=Å~íÅÜáåÖ=çå=~ë=~=ÅêáíáÅ~ä=ÑìåÅíáçåK=sáêìë=ÇÉíÉÅíáçå=~åÇ= êÉãçî~ä=áå=Ö~íÉï~óë=áë=ÅêáíáÅ~ä=~ë=ãçêÉ=ã~äï~êÉ=ãçîÉë=íç=~=tÉÄ=ÇáëíêáÄìJ íáçå=ãÉíÜçÇ=~åÇ=ÉåÇéçáåí=éêçíÉÅíáçå=ëíêìÖÖäÉë=íç=âÉÉé=é~ÅÉ=ïáíÜ=íÜÉ=îçäìãÉ= çÑ=íÜêÉ~íëK= eÉêÉI=qÜÉ=qçääó=dêçìé=ÉåÖáåÉÉêë=ÅçåÇìÅíÉÇ=~=Ü~åÇëJçå=íÉëí=çÑ=ÅÉêí~áå=ÑÉ~J íìêÉëI=ïÜáäÉ=~ëëáÖåáåÖ=ëìÄàÉÅíáîÉ=ëÅçêÉë=íç=íÜÉ=éêçÇìÅíëÛ=~êÅÜáíÉÅíìêÉ=~åÇ= ÉîÉåí=~äÉêíë=Å~é~ÄáäáíáÉëK tÉÄëÉåëÉ=~ÅÜáÉîÉÇ=~=VUKQB=ëÅçêÉ=Ñçê=ÇÉíÉÅíáçå=~ÅÅìê~Åó=çÑ=ã~äï~êÉ=Ñçê= USR=ëáíÉë=ÜçëíáåÖ=ã~äáÅáçìë=ÑáäÉëK=líÜÉê=îÉåÇçêë=ê~åÖÉÇ=Ñêçã=SRB=íç=VSB= ã~äï~êÉ=ÇÉíÉÅíáçå=~ÅÅìê~ÅóK=EpÉÉ=cáÖìêÉ=UKF tÉÄëÉåëÉ=~äëç=ï~ë=ëìÅÅÉëëÑìä=~í=ÇÉíÉÅíáåÖ=~åÇ=~îçáÇáåÖ=éÜáëÜáåÖ=~åÇ= éêçñó=ëáíÉë=VUKPB=çÑ=íÜÉ=íáãÉI=îÉêëìë=TMB=íç=UUB=Ñçê=çíÜÉê=éêçÇìÅíë=íÉëíÉÇK= ^åÇ=tÉÄëÉåëÉ=ï~ë=ëìÅÅÉëëÑìä=VVB=çÑ=íÜÉ=íáãÉ=~í=ÇÉíÉÅíáåÖ=~åÇ=~îçáÇáåÖ= ëáíÉë=ïáíÜ=ã~äáÅáçìë=Éñéäçáíë=çê=ÇêáîÉJÄó=ÑáäÉ=áåëí~ääëK=líÜÉê=éêçÇìÅíë=ïÉêÉ= ëìÅÅÉëëÑìä=çåäó=RQB=íç=VNB=çÑ=íÜÉ=íáãÉK tÉÄëÉåëÉ=ï~ë=~äëç=íÜÉ=çåäó=îÉåÇçê=íç=êÉÅÉáîÉ=íÜÉ=ã~ñáãìã=ëÅçêÉ=çÑ= QÒ= Ñçê=áíë=ëçäìíáçå=~êÅÜáíÉÅíìêÉ=ÇìÉ=íç=áíë=ÜóÄêáÇ=~êÅÜáíÉÅíìêÉK=qÜáë=áë=Ä~ëÉÇ=çå= d~êíåÉêÛë=ÇáëÅìëëáçå=çÑ=íÜÉ=ÄÉåÉÑáíë=çÑ=~= ÜóÄêáÇÒ=~êÅÜáíÉÅíìêÉ=íÜ~í=ìíáäáòÉë= éêçñó=íÉÅÜåçäçÖó=Ñçê=Öê~åìä~êáíó=~åÇ=ÇÉí~áäÉÇ=Åçåíêçä=ÅçìéäÉÇ=ïáíÜ=åÉíïçêâ= ãçåáíçêáåÖ=Å~é~ÄáäáíáÉë=Ñçê=ëÅ~ä~Äáäáíó=~åÇ=Äêç~Ç=ÅçîÉê~ÖÉK «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========NS
  • 17. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Malware Detection Scores Source: The Tolly Group, November 2008 Figure 8 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========NT
  • 18. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Application Control bãÄÉÇÇÉÇ=~ééäáÅ~íáçåJäÉîÉä=Åçåíêçäë=Éå~ÄäÉ=ëÉÅìêáíó=~Çãáåáëíê~íçêë=íç=ÖçîJ Éêå=íÜÉ=~Ççéíáçå=~åÇ=ìë~ÖÉ=çÑ=tÉÄJÄ~ëÉÇ=~ééäáÅ~íáçåë=ëìÅÜ=~ë=fjI=pâóéÉI= mOmI=~åÇ=ãçêÉK=qçääó=dêçìé=ÉåÖáåÉÉêë=~ï~êÇÉÇ=íÜÉ=ã~ñáãìã=ëÅçêÉ=çÑ= QÒ= íç=íÜÉ=tÉÄëÉåëÉ=éêçÇìÅí=áå=Ñçìê=çÑ=íÜÉ=ÑáîÉ=^ééäáÅ~íáçå=`çåíêçä=Å~íÉÖçêáÉë= Éñ~ãáåÉÇK=EpÉÉ=cáÖìêÉ=VKF= tÉÄëÉåëÉ=É~êåÉÇ=NV=çìí=çÑ=~=éçëëáÄäÉ=OM=éçáåíëI=ïáíÜ=íÜÉ=åÉñíJåÉ~êÉëí= ÅçãéÉíáíçê=ÅçãáåÖ=áå=ïáíÜ=~=ëÅçêÉ=çÑ=NNK=tÉÄëÉåëÉ=É~êåÉÇ=ÜáÖÜ=Öê~ÇÉë=Ñçê= áíë=~Äáäáíó=íç=Å~íÉÖçêáòÉ=~ééäáÅ~íáçåëI=ïÜáÅÜ=É~ëÉë=íÜÉ=ÅêÉ~íáçå=~åÇ=~ÇãáåáJ ëíê~íáçå=çÑ=éçäáÅáÉëK=fí=~äëç=É~êåÉÇ=~=ã~ñáãìã=ëÅçêÉ=Ñçê=éçäáÅó=ÉåÑçêÅÉãÉåí= Äó=Å~íÉÖçêóI=ïÜáÅÜ=êÉÇìÅÉë=íÜÉ=ïçêâäç~Ç=~åÇ=íÜÉ=åìãÄÉê=çÑ=ÉêêçêëK=^åÇ= tÉÄëÉåëÉ=É~êåÉÇ=~=ã~ñáãìã=ëÅçêÉ=Ñçê=Åä~ëëáÑóáåÖ=mOm=~ë=~=ÇáëíáåÅíäó=ÇáÑJ ÑÉêÉåí=~ééäáÅ~íáçå=íÜ~å=çíÜÉêëI=ëáåÅÉ=áí=éçëÉë==ÖêÉ~íÉê=êáëâë=ÇìÉ=íç=ÑáäÉ=íê~åëJ ÑÉêëK= «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========NU
  • 19. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Application Control Scores Source: The Tolly Group, November 2008 Figure 9 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========NV
  • 20. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Data Loss Protection tÉÄëÉåëÉ=ëçäìíáçå=ï~ë=íÜÉ=çåäó=éêçÇìÅí=íÉëíÉÇ=íç=É~êå=~=ã~ñáãìã=ëÅçêÉ=áå= ÉîÉêó=Å~íÉÖçêó=Ñçê=Ç~í~=äçëë=éêçíÉÅíáçåI=Ñçê=~=íçí~ä=çÑ=PO=éçáåíëK=qÜÉ=åÉñí= åÉ~êÉëí=îÉåÇçê=É~êåÉÇ=NQ=éçáåíëK=EpÉÉ=cáÖìêÉ=NMKF ^ë=íÜÉ=tÉÄ=ÄÉÅçãÉë=ãçêÉ=áåíÉê~ÅíáîÉ=Äó=å~íìêÉI=çêÖ~åáò~íáçåë=~êÉ=ÅçåJ ÅÉêåÉÇ=~Äçìí=íÜÉ=êáëâ=Ñçê=íÜÉ=äçëë=çÑ=ëÉåëáíáîÉ=Ç~í~K=pÉÅìêÉ=tÉÄ=Ö~íÉï~óë= ÅçãÄ~í=íÜáë=Äó=çÑÑÉêáåÖ=íÜÉ=~Äáäáíó=íç=ÇÉíÉÅí=åçåJÅçãéäá~åÅÉ=íç=Åçêéçê~íÉ= ~åÇ=êÉÖìä~íçêó=éçäáÅáÉëK=táíÜ=Ñìää=áåíÉÖê~íáçå=ïáíÜ=íÜÉ=tÉÄëÉåëÉ=a~í~=pÉÅìJ êáíó=pçäìíáçå=çÑÑÉêÉÇI=tÉÄëÉåëÉ=ï~ë=íÜÉ=çåäó=îÉåÇçê=íç=çÑÑÉê=~=éêÉÇÉíÉêJ ãáåÉÇ=åìãÄÉê=çÑ=íÉãéä~íÉë=íç=Öì~êÇ=~Ö~áåëí=åçåJÅçãéäá~åÅÉI=Ñçê=íÜáåÖë= ëìÅÜ=~ë=ÅêÉÇáí=Å~êÇë=çê=ëçÅá~ä=ëÉÅìêáíó=åìãÄÉêëK==tÉÄëÉåëÉ=~äëç=ï~ë=ÅáíÉÇ= Ñçê=áíë=ëíêÉåÖíÜ=~í=ÇÉÉé=ÅçåíÉåí=áåëéÉÅíáçåI=ïÜÉêÉ=çíÜÉê=éêçÇìÅíë=Çç=åçí= Ü~îÉ=íÜÉ=Å~é~Äáäáíó=çê=~êÉ=ïÉ~â=~í=áíK e~åÇëJçå=Éñ~ãáå~íáçå=çÑ=íÜÉ=éêçÇìÅíë=ëÜçï=íÜ~í=ëçãÉ=çÑÑÉêáåÖëI=ëìÅÜ=~ë= _äìÉ`ç~í=mêçñó=pdONM=~åÇ=qêÉåÇ=jáÅêç=fåíÉêëÅ~å=tÉÄ=pÉÅìêáíó=pìáíÉ=Çç= åçí=çÑÑÉê=~åó=Ç~í~=äçëë=éêÉîÉåíáçå=Ñ~ÅáäáíáÉë=çê=áåíÉÖê~íáçå=çéíáçåëK «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========OM
  • 21. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Data Loss Prevention Scores Source: The Tolly Group, November 2008 Figure 10 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========ON
  • 22. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Network Implementation tÉÄëÉåëÉ=ëÅçêÉÇ=NN=çìí=çÑ=~=éçëëáÄäÉ=OM=éçáåíëI=ÑçääçïáåÖ=pÉÅìêÉ=tÉÄ= Ñêçã=pÉÅìêÉ=`çãéìíáåÖ=ïÜáÅÜ=ëÅçêÉÇ=NQI=~åÇ=fåíÉêpÅ~å=tÉÄ=pÉÅìêáíó= pìáíÉ=Ñêçã=qêÉåÇ=jáÅêç=ïÜáÅÜ=ëÅçêÉÇ=NOK=EpÉÉ=cáÖìêÉ=NNKF qçÇ~óÛë=çêÖ~åáò~íáçåë=êÉèìáêÉ=~=ÑäÉñáÄäÉ=ëçäìíáçå=íÜ~í=Å~å=áåíÉÖê~íÉ=ïáíÜ=íÜÉ= ïáÇÉ=ê~åÖÉ=çÑ=åÉíïçêâ=íçéçäçÖáÉë=ÅìêêÉåíäó=áå=ìëÉK=tÉÄëÉåëÉ=çÑÑÉêë=ÄçíÜ= çåJéêÉãáëÉë=~åÇ=Ñìääó=ÜçëíÉÇ=tÉÄ=ëÉÅìêáíó=çéíáçåë=éêçîáÇáåÖ=ÅìëíçãÉê=ïáíÜ= ãçêÉ=ÅÜçáÅÉë=ïÜÉå=ÇÉëáÖåáåÖ=~=ÇáëíêáÄìíÉÇ=ëçäìíáçåK=pìééçêí=Ñçê=~=Äêç~Ç= ê~åÖÉ=çÑ=Ü~êÇï~êÉ=~åÇ=ëçÑíï~êÉ=éä~íÑçêãë=Éå~ÄäÉë=É~ëó=áåíÉÖê~íáçå=áåíç= ãçëí=ÅìëíçãÉê=åÉíïçêâëK=e~êÇï~êÉ=~ééäá~åÅÉë=~êÉ=çÑíÉå=ìëÉÇ=Ñçê=ëã~ääÉê= áåëí~ää~íáçåë=íÜ~í=ä~Åâ=ÉñéÉêáÉåÅÉÇ=áãéäÉãÉåí~íáçå=ëí~ÑÑI=Äìí=~êÉ=äÉëë=çÑíÉå= ìëÉÇ=áå=ÉåíÉêéêáëÉ=åÉíïçêâë=Ä~ëÉÇ=çå=íÜÉ=ÜáÖÜÉê=ÅçëíëK «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========OO
  • 23. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Delivery and Network Implementation Feature Scores Source: The Tolly Group, November 2008 Figure 11 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========OP
  • 24. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Integration with Other Solutions fåíÉÖê~íáçå=ïáíÜ=çíÜÉê=éêçÇìÅíëI=ëìÅÜ=~ë=äç~Ç=Ä~ä~åÅÉêëI=éêçñáÉëI=bJã~áä=~åÇ= çíÜÉê=ëçäìíáçå=ã~ó=åçí=ÄÉ=ÅêáíáÅ~äI=Äìí=ã~ó=óáÉäÇ=ëìÑÑáÅáÉåí=ÄÉåÉÑáíë=íç=ï~êê~åí= íÜÉ=áåíÉÖê~íáçåK=tÜáäÉ=ãçëí=éêçÇìÅíë=íÉëíÉÇ=É~êåÉÇ=éççê=ëÅçêÉë=Ñçê=áåíÉÖê~J íáçåI=tÉÄëÉåëÉ=ÉñÅÉääÉÇ=áå=íÜÉ=~êÉ~=çÑ=ÑáêÉï~ääëI=~êÅÜáîáåÖ=~åÇ=aim=ëóëJ íÉãëK=EpÉÉ=cáÖìêÉ=NOKF «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========OQ
  • 25. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Integration Scores Source: The Tolly Group, November 2008 Figure 12 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========OR
  • 26. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Service and support pÉêîáÅÉ=~åÇ=ëìééçêí=çéíáçåë=~êÉ=~å=áãéçêí~åí=Ñ~Åíçê=íç=ÅçåëáÇÉê=ïÜÉå=ëÉJ äÉÅíáåÖ=~=ëçäìíáçåK=qÜÉ=èì~äáíó=çÑ=ëÉêîáÅÉ=çÑÑÉêáåÖë=Å~å=î~êó=ïáÇÉäó=~ãçåÖ= îÉåÇçêëK=_~ëÉÇ=çå=íÜÉ=ëÅçéÉ=çÑ=íÜáë=êÉéçêíI=íÉëíáåÖ=çÑ=íÜÉ=ëÉêîáÅÉ=çéíáçåë= çÑÑÉêÉÇ=Äó=íÜÉ=îÉåÇçêë=ï~ë=åçí=éÉêÑçêãÉÇI=ëç=~=èì~äáí~íáîÉ=ê~íáåÖ=çÑ=íÜÉ= îÉåÇçê=ëÉêîáÅÉë=Ü~ë=åçí=ÄÉÉå=éêçîáÇÉÇK=qÜÉ=çÑÑÉêáåÖë=Ñêçã=É~ÅÜ=îÉåÇçê= Ü~îÉ=ÄÉÉå=ÉåìãÉê~íÉÇ=íç=áåÇáÅ~íÉ=áÑ=íÜÉó=éêçîáÇÉ=íÜÉ=íóéÉë=çÑ=ëìééçêí=çéJ íáçåë=áåÇáÅ~íÉÇI=ëç=~=ÜáÖÜÉê=ëÅçêÉ=áåÇáÅ~íÉë=~=Äêç~ÇÉê=ê~åÖÉ=çÑ=çÑÑÉêáåÖëI=Äìí= åçí=åÉÅÉëë~êáäó=~=ëìéÉêáçê=çÑÑÉêáåÖK=EpÉÉ=cáÖìêÉ=NPKF «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========OS
  • 27. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Service and Support Scores Source: The Tolly Group, November 2008 Figure 13 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========OT
  • 28. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Test Methodology Alexa 100,000 URL Filtering/ Classification Test qÜÉ=Ä~ëáÅ=roi=ÑáäíÉêáåÖ=Å~é~ÄáäáíáÉë=çÑ=É~ÅÜ=ëóëíÉã=ï~ë=íÉëíÉÇ=Äó=ëÅêáéíáåÖ= ëí~åÇ~êÇ=ïçêâëí~íáçåë=íç=~ÅÅÉëë=~=ë~ãéäÉ=ëÉí=çÑ=NMMIMMM=roië=Ñêçã=íÜÉ= ^äÉñ~=qçé=NMMIMMM=ãçëí=îáëáíÉÇ=tÉÄ=ëáíÉë=íÜêçìÖÜ=íÜÉ=éêçÇìÅí=ìåÇÉê=íÉëíK= ^ää=~î~áä~ÄäÉ=roi=Å~íÉÖçêáÉë=çÑ=Åä~ëëáÑáÅ~íáçå=çå=~=éêçÇìÅí=ïÉêÉ=Éå~ÄäÉÇ= ~åÇ=ÅçåÑáÖìêÉÇ=íç=ÄäçÅâ=~ÅÅÉëë=íç=~åó=roi=ã~íÅÜáåÖ=çåÉ=çÑ=íÜÉ=ÇÉÑáåÉÇ=ÑáäJ íÉêáåÖ=Å~íÉÖçêáÉëK=fÑ=~=roi=ï~ë=Åä~ëëáÑáÉÇ=ìåÇÉê=~åó=Å~íÉÖçêó=~î~áä~ÄäÉ=çå= íÜÉ=éêçÇìÅíI=íÜÉ=roi=ï~ë=ÄäçÅâÉÇK=fÑ=íÜÉ=roi=ÅçìäÇ=åçí=ÄÉ=Åä~ëëáÑáÉÇ=ìåÇÉê= ~åó=~î~áä~ÄäÉ=Å~íÉÖçêóI=íÜÉ=éêçÇìÅí=ìåÇÉê=íÉëí=ï~ë=ÅçåÑáÖìêÉÇ=íç=ÖÉåÉê~íÉ= ~å=~äÉêíK=qÜÉ=äçÖë=çÑ=É~ÅÜ=ÇÉîáÅÉ=ïÉêÉ=íÜÉå=ÅçêêÉä~íÉÇ=ïáíÜ=íÜÉ=ë~ãéäÉ=ëÉí= íç=~êêáîÉ=~í=íÜÉ=ÇÉîáÅÉÛë=ëÅçêÉK=^ë=äçåÖ=~ë=~=roi=ï~ë=Åä~ëëáÑáÉÇ=ìåÇÉê=~å= ÉñáëíáåÖ=Å~íÉÖçêó=çÑ=Åä~ëëáÑáÅ~íáçå=çå=íÜÉ=éêçÇìÅíI=íÜÉ=êÉëìäí=ï~ë=ÅçåëáÇÉêÉÇ= î~äáÇK=qÜÉ=êÉëìäíáåÖ=ëÅçêÉ=Ü~ë=ÄÉÉå=êÉÅçêÇÉÇ=~ë=íÜÉ=éÉêÅÉåí~ÖÉ=çÑ=roië= ëìÅÅÉëëÑìääó=Å~íÉÖçêáòÉÇ=çê=ÑáäíÉêÉÇ=~Ö~áåëí=íÜÉ=ë~ãéäÉ=ëÉíK=qÉëíë=ïÉêÉ=êÉJ éÉ~íÉÇ=íïáÅÉ=íç=ÉåëìêÉ=êÉéÉ~í~Äáäáíó=~åÇ=íÜÉ=êÉëìäíë=~îÉê~ÖÉÇK= “Long Tail” or Extended URL Classification Test cçê=íÜáë=íÉëíI=ÉåÖáåÉÉêë=ìëÉÇ=~=ëÉí=çÑ=NUIRUM=roië=çÄí~áåÉÇ=Ñêçã=íÜÉ=tÉÄJ ëÉåëÉ=qÜêÉ~ípÉÉâÉê=åÉíïçêâK=qÜÉ=roië=ïÉêÉ=ÅÜçëÉå=Ñêçã=~=éççä=çÑ=roië= ëìÄãáííÉÇ=íç=íÜÉ=qÜêÉ~ípÉÉâÉê=åÉíïçêâ=Ñçê=Åä~ëëáÑáÅ~íáçå=Äó=ÉåÇJìëÉêë= ~êçìåÇ=íÜÉ=ïçêäÇK=qÜÉ=roië=ïÉêÉ=ÅçääÉÅíÉÇ=Ñêçã=íÜÉ=éççä=ïáíÜáå=ëáñ=íç=OQ= Üçìêë=çÑ=íÜÉ=íÉëíáåÖ=ïáåÇçïI=íç=ÉåëìêÉ=íÜ~í=íÜÉ=roië=íÉëíÉÇ=ïçìäÇ=ÄÉ=äáîÉ= çå=íÜÉ=fåíÉêåÉíK=låÅÉ=~Ö~áåI=ÉåÖáåÉÉêë=Éå~ÄäÉÇ=~ää=~î~áä~ÄäÉ=roi=Åä~ëëáÑáÅ~J íáçå=Å~íÉÖçêáÉë=~î~áä~ÄäÉ=çå=éêçÇìÅíë=ìåÇÉê=íÉëíI=~åÇ=îÉêáÑáÉÇ=íÜÉ=äçÖë=çÑ= É~ÅÜ=ÇÉîáÅÉ=íç=çÄí~áå=íÜÉ=åìãÄÉê=çÑ=Åä~ëëáÑáÉÇ=~åÇ=åìãÄÉê=çÑ=ãáëëÉÇ=roiëK= = fÑ=~=roi=ï~ë=Åä~ëëáÑáÉÇ=ìåÇÉê=çåÉ=çÑ=íÜÉ=Éå~ÄäÉÇ=Å~íÉÖçêáÉë=çå=íÜÉ=éêçÇìÅíI= íÜÉ=roi=ï~ë=ÄäçÅâÉÇK=fÑ=íÜÉ=roi=ÅçìäÇ=åçí=ÄÉ=Åä~ëëáÑáÉÇ=ìåÇÉê=~åó=Éå~ÄäÉÇ= Å~íÉÖçêóI=íÜÉ=éêçÇìÅí=ìåÇÉê=íÉëí=ï~ë=ÅçåÑáÖìêÉÇ=íç=ÖÉåÉê~íÉ=~å=~äÉêíK=båÖáJ åÉÉêë=íÜÉå=Å~äÅìä~íÉÇ=íÜÉ=ÇÉíÉÅíáçå=~ÅÅìê~Åó=çÑ=íÜÉ=éêçÇìÅí=~ë=íÜÉ=ê~íáç=çÑ= ~ää=roië=ëìÅÅÉëëÑìääó=Åä~ëëáÑáÉÇ=çìí=çÑ=íÜÉ=íçí~ä=roië=íêáÉÇK=qÜÉ=êÉëìäíáåÖ= «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========OU
  • 29. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P ëÅçêÉ=Ü~ë=ÄÉÉå=êÉÅçêÇÉÇ=~ë=íÜÉ=éÉêÅÉåí~ÖÉ=ëìÅÅÉëëÑìääó=Å~íÉÖçêáòÉÇ=çê=ÑáäJ íÉêÉÇ=~Ö~áåëí=íÜÉ=ë~ãéäÉ=ëÉíK=qÉëíë=ïÉêÉ=êÉéÉ~íÉÇ=íïáÅÉ=íç=ÉåëìêÉ=êÉéÉ~íJ ~Äáäáíó=~åÇ=íÜÉ=êÉëìäíë=~îÉê~ÖÉÇK Phishing and/or Proxy Avoidance URL Detection Accuracy Test cçê=íÜáë=íÉëíI=ÉåÖáåÉÉêë=ìëÉÇ=~=ëÉí=çÑ=OIPMO=roië=çÄí~áåÉÇ=Ñêçã=íÜÉ=tÉÄJ ëÉåëÉ=qÜêÉ~ípÉÉâÉê=åÉíïçêâK=qÜÉ=roië=ïÉêÉ=ÅÜçëÉå=Ñêçã=~=éççä=çÑ=roië= ÇÉíÉÅíÉÇ=Äó=íÜÉ=qÜêÉ~ípÉÉâÉê=åÉíïçêâ=~êçìåÇ=íÜÉ=ïçêäÇ=~ë=roië=çÑ=tÉÄ= ëáíÉë=Åçåí~áåáåÖ=mÜáëÜáåÖ=Éñéäçáíë=çê=Ñ~Åáäáí~íÉÇ=mêçñó=^îçáÇ~åÅÉK= qÜÉ=roië=ïÉêÉ=ÅçääÉÅíÉÇ=Ñêçã=íÜÉ=éççä=ïáíÜáå=ëáñ=Üçìêë=çÑ=íÜÉ=íÉëíáåÖ=ïáåJ ÇçïI=íç=ÉåëìêÉ=íÜ~í=íÜÉ=roië=íÉëíÉÇ=ïçìäÇ=ÄÉ=äáîÉ=çå=íÜÉ=fåíÉêåÉíK=låÅÉ= ~Ö~áåI=ÉåÖáåÉÉêë=Éå~ÄäÉÇ=~ää=roi=Åä~ëëáÑáÅ~íáçå=Å~íÉÖçêáÉë=êÉä~íÉÇ=íç=mÜáëÜJ áåÖ=~åÇ=mêçñó=^îçáÇ~åÅÉ=Å~íÉÖçêáÉë=~î~áä~ÄäÉ=çå=éêçÇìÅíë=ìåÇÉê=íÉëíI=~åÇ= îÉêáÑáÉÇ=íÜÉ=äçÖë=çÑ=É~ÅÜ=ÇÉîáÅÉ=íç=çÄí~áå=íÜÉ=åìãÄÉê=çÑ=Åä~ëëáÑáÉÇ=~åÇ=åìãJ ÄÉê=çÑ=ãáëëÉÇ=roiëK=fÑ=~=roi=ï~ë=Åä~ëëáÑáÉÇ=ìåÇÉê=çåÉ=çÑ=íÜÉ=Å~íÉÖçêáÉë= Éå~ÄäÉÇ=çå=íÜÉ=éêçÇìÅíI=íÜÉ=roi=ï~ë=ÄäçÅâÉÇK=fÑ=íÜÉ=roi=ÅçìäÇ=åçí=ÄÉ= Åä~ëëáÑáÉÇ=ìåÇÉê=~åó=Éå~ÄäÉÇ=Å~íÉÖçêóI=íÜÉ=éêçÇìÅí=ìåÇÉê=íÉëí=ï~ë=ÅçåÑáÖJ ìêÉÇ=íç=ÖÉåÉê~íÉ=~å=~äÉêíK=båÖáåÉÉêë=íÜÉå=Å~äÅìä~íÉÇ=íÜÉ=ÇÉíÉÅíáçå=~ÅÅìê~Åó= ~ë=íÜÉ=éÉêÅÉåí~ÖÉ=çÑ=roië=ëìÅÅÉëëÑìääó=Å~íÉÖçêáòÉÇ=çê=ÑáäíÉêÉÇ=çìí=çÑ=íÜÉ= ë~ãéäÉ=ëÉíK=qÉëíë=ïÉêÉ=êÉéÉ~íÉÇ=íïáÅÉ=íç=ÉåëìêÉ=êÉéÉ~í~Äáäáíó=~åÇ=íÜÉ=êÉJ ëìäíë=~îÉê~ÖÉÇK Binary Exploits and Compromises Detection Accuracy Test cçê=íÜáë=íÉëíI=ÉåÖáåÉÉêë=ìëÉÇ=~=ëÉí=çÑ=PTV=roië=çÄí~áåÉÇ=Ñêçã=íÜÉ=tÉÄJ ëÉåëÉ=qÜêÉ~ípÉÉâÉê=åÉíïçêâK=qÜÉ=roië=ïÉêÉ=ÅÜçëÉå=Ñêçã=~=éççä=çÑ=roië= ÇÉíÉÅíÉÇ=Äó=íÜÉ=qÜêÉ~ípÉÉâÉê=åÉíïçêâ=~êçìåÇ=íÜÉ=ïçêäÇ=~ë=roië=çÑ=tÉÄ= ëáíÉë=Åçåí~áåáåÖ=_áå~êó=Éñéäçáíë=çê=ÅçãéêçãáëÉëK= qÜÉ=roië=ïÉêÉ=ÅçääÉÅíÉÇ=Ñêçã=íÜÉ=éççä=ïáíÜáå=ëáñ=Üçìêë=çÑ=íÜÉ=íÉëíáåÖ=ïáåJ ÇçïI=íç=ÉåëìêÉ=íÜ~í=íÜÉ=roië=íÉëíÉÇ=ïçìäÇ=ÄÉ=äáîÉ=çå=íÜÉ=fåíÉêåÉíK=låÅÉ= ~Ö~áåI=ÉåÖáåÉÉêë=Éå~ÄäÉÇ=~ää=roi=Åä~ëëáÑáÅ~íáçå=Å~íÉÖçêáÉë=êÉä~íÉÇ=íç=_áå~êó= Éñéäçáíë=~åÇ=ÅçãéêçãáëÉë=Å~íÉÖçêáÉë=~î~áä~ÄäÉ=çå=éêçÇìÅíë=ìåÇÉê=íÉëíK=fÑ=~= roi=ï~ë=Åä~ëëáÑáÉÇ=ìåÇÉê=çåÉ=çÑ=íÜÉ=Å~íÉÖçêáÉë=Éå~ÄäÉÇ=çå=íÜÉ=éêçÇìÅíI=íÜÉ= «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========OV
  • 30. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P roi=ï~ë=ÄäçÅâÉÇK=fÑ=íÜÉ=roi=ÅçìäÇ=åçí=ÄÉ=Åä~ëëáÑáÉÇ=ìåÇÉê=~åó=Éå~ÄäÉÇ= Å~íÉÖçêóI=íÜÉ=éêçÇìÅí=ìåÇÉê=íÉëí=ï~ë=ÅçåÑáÖìêÉÇ=íç=ÖÉåÉê~íÉ=~å=~äÉêíK=båÖáJ åÉÉêë=íÜÉå=Å~äÅìä~íÉÇ=íÜÉ=ÇÉíÉÅíáçå=~ÅÅìê~Åó=çÑ=íÜÉ=éêçÇìÅí=~ë=íÜÉ=éÉêÅÉåíJ ~ÖÉ=ëìÅÅÉëëÑìääó=Å~íÉÖçêáòÉÇ=çê=ÑáäíÉêÉÇ=çìí=çÑ=íÜÉ=ë~ãéäÉ=ëÉíK=qÉëíë=ïÉêÉ= êÉéÉ~íÉÇ=íïáÅÉ=íç=ÉåëìêÉ=êÉéÉ~í~Äáäáíó=~åÇ=íÜÉ=êÉëìäíë=~îÉê~ÖÉÇK= Malware-infected URL Detection Accuracy Test cçê=íÜáë=íÉëíI=ÉåÖáåÉÉêë=ìëÉÇ=~=ëÉí=çÑ=USR=roië=çÄí~áåÉÇ=Ñêçã=íÜÉ=tÉÄJ ëÉåëÉ=qÜêÉ~ípÉÉâÉê=åÉíïçêâK=qÜÉ=roië=ïÉêÉ=ÅÜçëÉå=Ñêçã=~=éççä=çÑ=roië= ÇÉíÉÅíÉÇ=Äó=íÜÉ=qÜêÉ~ípÉÉâÉê=åÉíïçêâ=~êçìåÇ=íÜÉ=ïçêäÇ=~ë=roië=çÑ=tÉÄ= ëáíÉë=Åçåí~áåáåÖ=ã~äï~êÉ=Eã~äáÅáçìë=ÅçÇÉ=çê=~ééäáÅ~íáçåëFK= qÜÉ=roië=ïÉêÉ=ÅçääÉÅíÉÇ=Ñêçã=íÜÉ=éççä=ïáíÜáå=ëáñ=Üçìêë=çÑ=íÜÉ=íÉëíáåÖ=ïáåJ ÇçïI=íç=ÉåëìêÉ=íÜ~í=íÜÉ=roië=íÉëíÉÇ=ïçìäÇ=ÄÉ=äáîÉ=çå=íÜÉ=fåíÉêåÉíK=låÅÉ= ~Ö~áåI=ÉåÖáåÉÉêë=Éå~ÄäÉÇ=~ää=roi=Åä~ëëáÑáÅ~íáçå=Å~íÉÖçêáÉë=êÉä~íÉÇ=íç=ã~äJ ï~êÉ=_áå~êó=Éñéäçáíë=~åÇ=ÅçãéêçãáëÉë=Å~íÉÖçêáÉë=~î~áä~ÄäÉ=çå=éêçÇìÅíë= ìåÇÉê=íÉëíK=fÑ=~=roi=ï~ë=Åä~ëëáÑáÉÇ=ìåÇÉê=çåÉ=çÑ=íÜÉ=Å~íÉÖçêáÉë=Éå~ÄäÉÇ=çå= íÜÉ=éêçÇìÅíI=íÜÉ=roi=ï~ë=ÄäçÅâÉÇK=fÑ=íÜÉ=roi=ÅçìäÇ=åçí=ÄÉ=Åä~ëëáÑáÉÇ=ìåÇÉê= ~åó=Éå~ÄäÉÇ=Å~íÉÖçêóI=íÜÉ=éêçÇìÅí=ìåÇÉê=íÉëí=ï~ë=ÅçåÑáÖìêÉÇ=íç=ÖÉåÉê~íÉ= ~å=~äÉêíK=båÖáåÉÉêë=íÜÉå=Å~äÅìä~íÉÇ=íÜÉ=ÇÉíÉÅíáçå=~ÅÅìê~Åó=çÑ=íÜÉ=éêçÇìÅí=~ë= íÜÉ=éÉêÅÉåí~ÖÉ=ëìÅÅÉëëÑìääó=Å~íÉÖçêáòÉÇ=çê=ÑáäíÉêÉÇ=çìí=çÑ=íÜÉ=ë~ãéäÉ=ëÉíK= qÉëíë=ïÉêÉ=êÉéÉ~íÉÇ=íïáÅÉ=íç=ÉåëìêÉ=êÉéÉ~í~Äáäáíó=~åÇ=íÜÉ=êÉëìäíë=~îÉê~ÖÉÇK= Web 2.0-Based Malicious URL Detection Accuracy Test cçê=íÜáë=íÉëíI=ÉåÖáåÉÉêë=ìëÉÇ=~=ëÉí=çÑ=VSR=roië=çå=éçéìä~ê=tÉÄ=OKM=ëáíÉë= äáâÉ=ÄäçÖëéçíKÅçã=~åÇ=ïçêÇéêÉëëKçêÖ=Åçåí~áåáåÖ=ã~äáÅáçìë=ÅçÇÉI=çê=çÄàÉÅJ íáçå~ÄäÉ=ã~íÉêá~äI=çÄí~áåÉÇ=Ñêçã=íÜÉ=tÉÄëÉåëÉ=qÜêÉ~ípÉÉâÉê=åÉíïçêâK=qÜÉ= roië=ïÉêÉ=ÅÜçëÉå=Ñêçã=~=éççä=çÑ=roië=ÇÉíÉÅíÉÇ=Äó=íÜÉ=qÜêÉ~ípÉÉâÉê=åÉíJ ïçêâ=íç=ÄÉ=Åçåí~áåáåÖ=ã~äáÅáçìë=ÅçÇÉ=çê=çÄàÉÅíáçå~ÄäÉ=ã~íÉêá~äK=qÜÉ=roië= ïÉêÉ=ÅçääÉÅíÉÇ=Ñêçã=íÜÉ=éççä=ïáíÜáå=ëáñ=íç=OQ=Üçìêë=çÑ=íÜÉ=íÉëíáåÖ=ïáåÇçïI=íç= ÉåëìêÉ=íÜ~í=íÜÉ=roië=íÉëíÉÇ=ïçìäÇ=ÄÉ=äáîÉ=çå=íÜÉ=fåíÉêåÉíK= båÖáåÉÉêë=Éå~ÄäÉÇ=~ää=~î~áä~ÄäÉ=roi=Åä~ëëáÑáÅ~íáçå=Å~íÉÖçêáÉë=çå=éêçÇìÅíë= ìåÇÉê=íÉëíI=êÉä~íÉÇ=íç=ã~äáÅáçìëLÜ~êãÑìä=å~íìêÉI=çê=çÄàÉÅíáçå~ÄäÉ=ÅçåíÉåíK= «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========PM
  • 31. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P qÜÉ=ëÉí=çÑ=roië=ï~ë=íÜÉå=~ÅÅÉëëÉÇ=~Åêçëë=íÜÉ=éêçÇìÅí=ìåÇÉê=íÉëíK=fÑ=~=roi= ï~ë=Åä~ëëáÑáÉÇ=ìåÇÉê=çåÉ=çÑ=íÜÉ=Å~íÉÖçêáÉë=Éå~ÄäÉÇ=çå=íÜÉ=éêçÇìÅíI=íÜÉ=roi= ï~ë=ÄäçÅâÉÇK=fÑ=íÜÉ=roi=ÅçìäÇ=åçí=ÄÉ=Åä~ëëáÑáÉÇ=ìåÇÉê=~åó=Éå~ÄäÉÇ=Å~íÉJ ÖçêóI=íÜÉ=éêçÇìÅíë=ìåÇÉê=íÉëí=ïÉêÉ=ÅçåÑáÖìêÉÇ=íç=ÖÉåÉê~íÉ=~å=~äÉêíK=båÖáJ åÉÉêë=íÜÉå=Å~äÅìä~íÉÇ=íÜÉ=ÇÉíÉÅíáçå=~ÅÅìê~Åó=çÑ=íÜÉ=éêçÇìÅí=~ë=íÜÉ=éÉêÅÉåíJ ~ÖÉ=ëìÅÅÉëëÑìääó=Å~íÉÖçêáòÉÇ=çê=ÑáäíÉêÉÇ=çìí=çÑ=íÜÉ=ë~ãéäÉ=ëÉíK=qÉëíë=ïÉêÉ= êÉéÉ~íÉÇ=íïáÅÉ=íç=ÉåëìêÉ=êÉéÉ~í~Äáäáíó=~åÇ=íÜÉ=êÉëìäíë=~îÉê~ÖÉÇK Criteria Evaluation by UI Inspection båÖáåÉÉêë=íÜÉå=éêçÅÉÉÇÉÇ=íç=Éî~äì~íÉ=íÜÉ=éêçÇìÅíë=ìåÇÉê=íÉëí=íç=ÇÉíÉêãáåÉ= íÜÉ=ÉÑÑÉÅíáîÉåÉëë=çÑ=íÜÉ=ìëÉê=áåíÉêÑ~ÅÉ=~åÇ=ÅçãéêÉÜÉåëáîÉåÉëë=çÑ=íÜÉ=ã~åJ ~ÖÉãÉåí=áåíÉêÑ~ÅÉK=qÜÉ=Éî~äì~íáçå=ï~ë=ÇçåÉ=Äó=áåëéÉÅíáåÖ=íÜÉ=ã~å~ÖÉJ ãÉåí=áåíÉêÑ~ÅÉ=çÑ=É~ÅÜ=éêçÇìÅí=ìåÇÉê=íÉëíI=~åÇ=~äëç=Äó=éÉêìëáåÖ=íÜÉ=éìÄäáÅäó= ~î~áä~ÄäÉ=ÇçÅìãÉåí~íáçå=Ñêçã=íÜÉ=îÉåÇçê=çÑ=íÜÉ=éêçÇìÅíK=cçê=É~ÅÜ=Å~íÉÖçêóI= qÜÉ=qçääó=dêçìé=ÉåÖáåÉÉêë=íÜÉå=~ëëáÖåÉÇ=~=ëìÄàÉÅíáîÉ=ëÅçêÉ=çå=~=ëÅ~äÉ=çÑ=N= EäÉ~ëí=ÉÑÑÉÅíáîÉF=íç=Q=Eãçëí=ÉÑÑÉÅíáîÉKF=aÉí~áäÉÇ=êÉëìäíë=ìåÇÉê=É~ÅÜ=Å~íÉÖçêó= ~êÉ=éêÉëÉåíÉÇ=áå=íÜÉ=ÑçääçïáåÖ=ëÉÅíáçåëK rë~Äáäáíó=ÅêáíÉêá~=ïÉêÉ=íÉëíÉÇ=Äó=ä~ìåÅÜáåÖ=íÜÉ=ã~å~ÖÉãÉåí=áåíÉêÑ~ÅÉ=~åÇ= çÄëÉêîáåÖ=íÜÉ=Å~é~ÄáäáíáÉë=çÑ=É~ÅÜ=ëóëíÉãK=qÜÉ=ëìÄàÉÅíáîÉ=ìë~ÄáäáíóI=ä~óçìí= ~åÇ=çîÉê~ää=ÉÑÑÉÅíáîÉåÉëë=çÑ=É~ÅÜ=ÑÉ~íìêÉ=Ü~ë=ÄÉÉå=~ëëáÖåÉÇ=~=î~äìÉ=ê~åÖJ áåÖ=Ñêçã=NI=äÉ~ëí=ÉÑÑÉÅíáîÉ=íç=QI=ãçëí=ÉÑÑÉÅíáîÉ=íç=áåÇáÅ~íÉ=íÜÉ=qçääó=ÉåÖáåÉÉêë= áãéêÉëëáçå=çÑ=É~ÅÜ=çÑ=íÜÉ=ìåáíë=íÉëíÉÇK= «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========PN
  • 32. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Interaction with Competing Vendors Fair Testing Charter ™ ~åÇ=fåíÉê~Åíáçå=ïáíÜ=`çãéÉíáíçêë In accordance with The Tolly Group’s process, competitors were contacted and invited to participate in the test - to review the test plans, the product levels and configurations of their prod- ucts and to review and comment on their results. For more information on this process, please see: http://www.Tolly.com/FTC.aspx. Cisco Systems Inc., and Blue Coat Systems did not respond to the invitation. Trend Micro, Inc. and Secure Computing Corporation agreed to par- ticipate in the test, and were provided with a test plan. At the completion of testing, The Tolly Group provided Trend Micro and Secure Computing with the results of their products, and requested to provide comments. Secure Computing did not provide official comments on their results. Trend Micro representatives provided the following comments: Trend Micro's most current secure web gateway product, InterScan Web Security Virtual Appliance v3.1 (IWSVA), was not used in this test. The IWSVA product has improved functionality over the tested product (IWSS) in the following areas: 1. Implementation Model: IWSVA supports bi-direction transparent bridging so that no client or network re-configuration is needed. 2. Malware Detection: additional capabilities have been added to the IWSVA product to ensure the highest possible content-based malware detection rates, further enhancing the URL reputation-based malware detection already in the product. 3. Performance and Throughput: IWSVA running on a standard off-the-shelf 8- core server can support up to 10,000 users with full scanning and no notice- able latency. «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========PO
  • 33. T T H H E E WHITE PAPER: The Web Security Challenge: a Competitive Guide to Selecting TOLLY Secure Web Gateways GROU P Appendix: Product List Source: The Tolly Group, November 2008 Figure 14 «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========PP
  • 34. Terms of Usage USE THIS DOCUMENT ONLY IF YOU AGREE TO THE TERMS LISTED HEREIN. = This document is provided, free-of-charge, to help you understand whether a given product, technology or service merits addi- tional investigation for your particular needs. Any decision to purchase must be based on your own assessment of suitability. This evaluation was focused on illustrating specific features and/or performance of the product(s) and was conducted under con- trolled, laboratory conditions and certain tests may have been tailored to reflect performance under ideal conditions; performance may vary under real-world conditions. Users should run tests based on their own real-world scenarios to validate performance for their own networks. Commercially reasonable efforts were made to ensure the accuracy of the data contained herein but errors and/or oversights can occur. In no event shall The Tolly Group be liable for damages of any kind including direct, indirect, special, incidental and consequential damages which may result from the use of information contained in this document The test/audit documented herein may also rely on various test tools the accuracy of which is beyond our control. Furthermore, the document relies on certain representations by the sponsor that are beyond our control to verify. Among these is that the software/hardware tested is production or production track and is, or will be, available in equivalent or better form to commercial customers. When foreign translations exist, the English document is considered authoritative. To assure accuracy, only use documents downloaded directly from The Tolly Group’s Web site. All trademarks are the property of their respective owners. qÜÉ=qçääó=dêçìé=áë=~=äÉ~ÇáåÖ=ÖäçÄ~ä=éêçîáÇÉê=çÑ=íÜáêÇJ é~êíó=î~äáÇ~íáçå=ëÉêîáÅÉë=Ñçê=îÉåÇçêë=çÑ=fq=éêçÇìÅíëI= ÅçãéçåÉåíë=~åÇ=ëÉêîáÅÉëK qÜÉ=Åçãé~åó=áë=Ä~ëÉÇ=áå=_çÅ~=o~íçåI=ci=~åÇ=Å~å=ÄÉ= êÉ~ÅÜÉÇ=Äó=éÜçåÉ=~í==ERSNF=PVNJRSNMI=çê=îá~=íÜÉ=fåíÉêJ åÉí=~í ÜííéWLLïïïKíçääóKÅçãI=ë~äÉë]íçääóKÅçã= båíáêÉ=`çåíÉåíë=`çéóêáÖÜí=OMMU=Äó= qÜÉ=qçääó=dêçìéI=fåÅK ^ii=ofdeqp=obpbosba OMUPOSJñÑÅÑëNJââJMOaÉÅMU «=OMMU=qÜÉ=qçääó=dêçìéI=fåÅK= = ===========PQ