Enhancing Aruba PEF with Web Content Classification

Share Post

What do botnets, malware, phishing, and spam URLs all have in common?  They are part of a growing trend by hackers to compromise networks by tricking employees within the organization to help infect internal resources.  Since traditional security point solutions protect the network from outside influences and not within the organization, hackers have evolved their techniques to compromise networks in new ways.

Aruba has a solution to that helps solve this problem - the WebCC bundle.

The Web Content Classification (WebCC) bundle is a subscription feature in Aruba's Policy Enforcement Firewall which includes IP Reputation, Geolocation filtering, and URL filtering.  The service constantly updates a denylist containing millions of known malicious IP addresses. On average WebCC adds and removes over 85,000 addresses to and from the denylist every day.

Recent analytics garnered from the denylist shows that there are 10 countries with reputation scores that comprise nearly three-fourths of the denylisted IP addresses, with the top three—China, India, and Vietnam—being the source of nearly half of all malicious IP addresses.

Based on these findings, some customers have chosen to block access to sites by country code through WebCC's Geolocation Filtering service, which is also part of the Aruba WebCC solution. With Geolocation Filtering and the WebCC IP Reputation service combined, sites from the riskiest places can be blocked effectively, reducing the risk of attacks.  With URL filtering, policies can be made that will list websites that will always be blocked or allowed, and custom URL categories can be created that can be used the same way.

In the same analysis, 92 percent of the malicious sites were associated with spam generation. Spam is frequently used to deliver malware or can link to malicious sites. IP Reputation is one of the most effective ways to reduce spam traffic on networks. And by effectively blocking spam associated sites, network load can be reduced significantly.

When spam is omitted, the most prevalent threat types are scanners and probes (55 percent)—which are frequently looking for open ports and vulnerabilities—and proxies (42 percent), with phishing, web attacks, and other types of threats comprising a total of three percent of denylisted sites. Although three percent seems like a small number, this equates to thousands of threats daily, many of which are considered to be the most dangerous types of threats—such as Botnets and Denial of Service (DoS) attacks.

With the WebCC bundle, enterprises can now:

  • Limit access based on security concerns (block access to malware, phishing, spyware/adware, spam, and botnet URLS)
  • Limit access to control bandwidth usage (content delivery networks, peer-to-peer, and streaming media)
  • Prohibit access based on organizational policy decisions (adult and pornography, illegal, and hate and racism)

Through the implementation and proper configuration of the WebCC service that's built into Aruba's Policy Enforcement Firewall, customers can greatly reduce the risk associated with unwanted or malicious network traffic.

(Sources of Data: Webroot)