RealTime IT News

Cisco Defends Against the 'Dark Web'

What is the Dark Web? According to Cisco (NASDAQ: CSCO), it's a part of the Internet landscape that enterprises security solutions have not defended against to date.

The concept of URL filtering to protect enterprises and users from malicious sites and content is not a new one. Cisco's view is that traditional URL filtering techniques that rely on lists of malicious URLs don't properly defend against the modern era of rapidly evolving dynamic Web 2.0 sites. In order to defend enterprises against the Dark Web, Cisco is now out with a new service called Web Usage Controls for its Cisco IronPort S-series appliances in an effort to provide more dynamic content analysis.

"What we're targeting with this is the fact that there has been an explosive growth in content and that has resulted in the creation of the Dark Web," Cisco product manager Kevin Kennedy told InternetNews.com. "Lists only cover about 20 percent of content and the remaining 80 percent is dark."

Kennedy noted that the challenge for Dark Web detection is to do it in real time without affecting user experience.

The system doesn't eliminate URL lists, but rather supplements them. Kenney explained that the system fetches an updated URL list from Cisco's servers on a regular basis that covers many of the usual suspects of where users will go.

"What we have after that is dynamic content analysis for the other chunk of traffic, making the decision in real-time," Kennedy said.

Kennedy added that the real-time dynamic content categorization occurs on the user's IronPort box in order to ensure the best response time. "We do content categorization on box so we can deliver a sub 10 millisecond verdict," Kennedy said.

If the customer has chosen to share their data with Cisco, the decision on the URL is shared with Cisco's cloud service and gets incorporated into future URL lists.

According to Kennedy, the new Dark Web detection is superior to the URL filtering alone approach that Cisco IronPort customers can currently purchase.

"We've done a bunch of analysis with customers and the overall efficacy is better than the existing solution," Kennedy said. "Where the real benefit comes is that in the most commonly blocked content, we've seen a boost of about 50 percent, and that's a pretty significant reduction in their compliance and liability risk."

The Cisco solution for monitoring the Dark Web is currently limited, in that it is specifically looking at HTTP-based content. As such, the Cisco solution is not looking at UDP or peer-to-peer (P2P) traffic. The Dark Web detection capabilities are also currently limited to the IronPort S-series of appliances, although Kennedy noted that the technology might end up on other platforms at some point in the future.

Other vendors, such as Blue Coat (NASDAQ: BCSI), have URL-filtering detection technologies. Blue Coat this week expanded its Blue Coat WebFilter database to provide expanded category coverage, but Kennedy said he isn't worried about what the competition is doing.

"There are many competitors out there, and at the end of the day we'll leave it up to customers and the market to determine where we are. We feel strongly that we're at the leading edge of the market," Kennedy said.

Cisco acquired IronPort in 2007 for $803 million. It has since gone on to expand the product lineup with cloud and small business hardware, as well as updating the platform for broader deployment scenarios.