4 posts categorized "Web/Tech"

About This Blog

The Content Security Research Team's Mission: Deliver security research and intelligence that educates, supports and strengthens the security community, and drives innovation in our eSafe solutions.

Learn More

Follow Us on Twitter


eSafe Version 8.6 Has Been Released

Discover eSafe Content Security v8.6

When it comes to content security, it is essential to stay ahead of the times by incorporating new features and functions for a more secure email and web gateway. We are glad to announce the release of eSafe Content Security v8.6  managed availability from June 28, 2011

New Functionalities & Enhancements

The highlights of this release of eSafe include:

  • Additional Data Loss / Leak Prevention (DLP) functionality with an advanced dictionary creator tool
    - Allows create unique and costume DLP dictionaries per the organization needs with full Unicode support
  • New Transparent SSL Mode
    - Intercepts and scans encrypted SSL/HTTP traffic is now built-in part of the eSafe bridge/router installation mode
  • Web Quota Control enhancements
    - New competitive feature allowing monitor and enforce company policy for users/groups that exceeded their daily web quota
  • Mail IP Reputation features
    - New Anti-Spam engine that rejects spam email based on the sender IP reputation on connection time.
    - Rejects and eliminates 80% of spam email before they even establish SMTP connection
  • New dynamic URL Filtering Engine
    - 80 URL categories, over 100m URLs categories - More than 90% URL category classification
    - No more huge local DB, only local dynamic cache with common URLs
  • New Web 2.0 Script analysis engine
    - New faster and better script analysis engine to treat the latest up-to-date malwares and web exploits
  • Central Management functionalities enhancements

For more information about the new eSafe v8.6 version and evaluation process, please contact your local SafeNet sales representative


Weekly Security News – December 20, 2010

1. NSA considers its networks compromised
Read More

2.  Top Five Vishing Techniques
Read More

3. New Google service identifies hacked sites
Read More

4. Your Apps Are Watching You
Read More

5. FarmVille players lured with fake "farm cash" offer from Zynga
Read More

6. Another Massive Data Breach in University of Wisconsin
Read More

7. Staying Secure Through the Holidays
Read More

8. The 10 Most Destructive Hacker Attacks In The Past 25 Years
Read More

9. Nigerian Scam Victim Sues Bank, Loses in California Appellate Court in Riverside
Read More

10. Performance concerns make 25% of users turn off AV
Read More


Weekly Security News – November 18, 2010

1. McAfee CEO: Get ready for tidal wave of mobile attacks
Read More

2. Drive-By Downloads Still Running Wild
Read More

3. Malware pushers lure victims with leaked Harry Potter movie screener
Read More

4. Scareware SEO attack exploits engagement of Prince William and Kate Middleton
Read More

5. Well crafted PayPal phishing e-mail doing rounds
Read More

6. Debt collectors utilize Facebook to embarrass those who owe
Read More

7. Chinese ISP hijacked US military, gov web traffic
Read More

8. Rogue e-mail makes Swiss bank lose millions?
Read More

9. LinkedIn attack comprised over 31% of all spam
Read More

10. 10 security tips for retailers
Read More

11. One Hundred Naked Citizens: One Hundred Leaked Body Scans
Read More

12. The 12 most dangerous online scams
Read More

13. 10 holiday ID theft prevention tips
Read More

14. Joshua Simon Ashby gets 4 months in jail for posting naked photo of ex-girlfriend on Facebook
Read More

15. Web users deceived into downloading malicious anti-virus software
Read More

16. Top 10 Security Threats for 2011
Read More

17. Holiday spam e-mail runs start off
Read More

18. 40% of all rogueware was created in 2010
Read More

19. Palin hacker sentenced to one year in custody
Read More

20. Half of SMBs block employee access to Facebook
Read More


Protecting the perimeter in SMB’s

A few weeks ago, a research was published regarding the response time of AV products. They compared several of the main and known products, and checked how much time it took them to release an update for their virus definition in order to detect new threats.

While reading it, I asked myself: will this research interest anyone apart from the AV companies themselves? Does a customer who is about to buy an AV/security product really care about it? And most importantly, what are the parameters that a customer should consider when looking for a new security solution?

When buying a network and local security solution for SMB’s, you probably will not be looking to purchase variety of specialized solutions for each security domain. It is more likely that you will combine between several modules and features that will provide the best security solution for your perimeter.

Today, there are various products that combine several modules, with each module being developed separately as a standalone module.

4 important things to consider before choosing a security solution for your SMB:

  1. AV Engines - 10 minutes, 5 minutes or maybe 6 minute? Is it relay relevant? No. If the malware was not detected, it is not important if the detection definitions for it were released 5 or 8 minutes after it has been detected. It only means that the customer was exposed to infection.
    There is no 100% detection. Yet, if the product has more than 1 engine, it improves the statistics for detecting new malicious code. Saying that, bear in mind that a product could have 20 engines, but it will cost in performance, so it is not necessarily the bigger the better.

  2. Support – maybe the most important parameter when checking for a new security solution. False positives, false negatives, updates, installations, network architecture and so on. Since these products are installed on networks, which don’t always have a straight or typical topology, the support quality that is given by the software manufacturer is crucial.

  3. Additional Features – more features and modules that provide more capabilities, should also be carefully considered. Some of the content security products have features that help strengthen  your security and make up for AV response time, for example:
    1. Application filtering – the ability to block specific applications and protocols. In some cases you have the ability to block specific features/operations of an application and not the whole application.
    2. DLP – Data Leak Prevention. A very hot trend in the content security field. Helps prevent leakage of important data from our perimeter, be it unintentional or with malicious intent.
    3. URL filtering – the ability to block groups of web sites, based on their content.
    4. Anti spam – an integrated module, that combines technology and provides both real-time reputation and deep content analysis technologies, will give you a better solution.
  4. Management and Reporting – in large scale networks, where there is a need to install several units of the product, in order to prevent traffic overload, it is important to have a central management platform, to configure, maintain and get reports for all the units.

As I mentioned above, there is no AV or content security product that gives you 100% protection. It always reminds me the “Die Hard” movie, where the criminals were trying to penetrate a vault with 7 locks. In order to do that, they had to break each lock in a different way; this is why it took them so long and we all know what happened in the end…

Same goes for a security solution. There is no one mega product that will give you a 100% protection; you need to put several locks, different locks (features/modules), in order to make the hacker’s life harder.