Introduction
This document provides an overview of Cisco Web Reputation (WBRS) for the Cisco Web Security Appliance (WSA).
Contributed by Josh Wolfer and Stephan Fiebrandt, Cisco TAC Engineers.
WBRS Overview
WBRS is an innovative method that analyzes the behavior and characteristics of a Web server and provides the latest defense in the fight against spam, viruses, phishing, and spyware threats.
WBRS uses real-time analysis on a vast, diverse, and global dataset in order to detect URLs that contain some form of malware. WBRS is a critical part of the Cisco security database, which protects customers from blended threats from email or Web traffic.
WBRS Use of SenderBase
WBRS leverages data from Cisco's Common Security Database (SenderBase ® Network), which is the world's largest email and Web traffic monitoring network. It tracks over 50 distinct parameters that are excellent indicators of a URL's reputation. With sophisticated security modeling and malware detection agents, Cisco evaluates these URLs based on these inputs.
Some of the parameters include:
- URL categorization data
- Presence of downloadable code
- Presence of long, obfuscated End-User License Agreements (EULAs)
- Global volume and changes in volume
- Network owner information
- History of a URL
- Age of a URL
- Presence of virus / spam / spyware / phishing / pharming blacklist(s)
- URL typos of popular domains
- Domain registrar information
- IP address information
WBRS Granularity
WBRS differs from a traditional URL blacklist or whitelist because it analyzes a broad set of data and produces a highly granular score of -10 to +10, instead of the binary good or bad categorizations of most malware detection applications. This granular score offers administrators increased flexibility; different security policies can be implemented based on different WBRS scoring ranges.
Feedback