Actu
Blue Coat Expands Malware Defenses in WebPulse Service to Immediately Protect 70 Million Users
September 2010 by Marc Jacob
Blue Coat Systems, Inc. announced that it has expanded the malware defenses in its cloud-based WebPulse™ service to provide customers with more timely and comprehensive protection against Web-based threats. The new defenses in WebPulse are immediately available to all users without requiring software downloads or updates.
As Web-based threats continue to rapidly evolve and new content is added to the Internet, it is important that Web defenses be just as agile. In the past 90 days alone, Blue Coat has added more than 100 new detection rules to the WebPulse service to target malicious traffic, such as botnets and exploit kits, and to more quickly identify new and unknown content. Roughly 65 percent of these new rules are designed to help identify malware and its sources, typically targeting traffic from a specific malware ring or botnet. Blue Coat malware experts continuously analyze intelligence from the WebPulse service to fine tune and expand these detection rules, eliminating the need for customers to become experts in all Web defenses.
Additionally, Blue Coat has developed and added to the WebPulse service a mal-PDF scanner to protect users from exploit sources that include malicious PDF files targeting specific vulnerabilities in Acrobat and Acrobat Reader. This scanner flags mal-PDFs in real time and PDFs that are merely suspicious for additional background research. The mal-PDF scanner recently protected WebPulse users from several attacks in which malicious PDFs were served to innocent Websites via an infected advertising server.
To provide further intelligence about malicious and suspicious content, Blue Coat has added a mal-script detector to the background processes of the WebPulse service. The detector logs JavaScript from the millions of Web pages that are requested every day. Using this intelligence, Blue Coat researchers can identify the characteristics that are indicative of suspicious behavior and create appropriate defenses. This new detector recently identified and protected WebPulse users from a network of suspicious download sites with heavily encrypted fake AV scanner exploits.
These new defenses augment existing WebPulse defenses, such as malware signature and behavioral scanners, proprietary malware behavioral analyzers and statistical analysis techniques, real-time proprietary Phishing detection engines, Web reputation algorithms and third-party intelligence sources, to categorize new and unknown content, identify malware and protect more users. To match the speed with which malicious sites change their domains, the Blue Coat WebPulse service also utilizes advanced fingerprinting modules that quickly recognize when similar sites appear on new servers. These techniques, coupled with unparalleled visibility into the real-time requests of 70 million users, make WebPulse the most comprehensive Web security defense available.
