Anti-virus is becoming obsolete, as full content scanning is needed on web pages

News by Dan Raywood

Basic whitelisting and scanning of websites is not enough as web pages become more content driven.

Basic whitelisting and scanning of websites is not enough as web pages become more content driven.

Speaking at a reseller event this week David Meizlik, director of product marketing for web and data security at Websense, said that there was a ‘need to classify content, as there may be some inappropriate or compromised content' on existing websites. He pointed to iGoogle as an example, as it ‘is a mash up of content, and some of it may not be appropriate'.

Meizlik said: “With Google it is very difficult to filter it, it is not that there is anything malicious on it but somebody may put something on it and it is tough to categorise it.

“This is down to search engine optimisation (SEO) poisoning, people are logging keywords and it may not be the top result but the 12th in the list, it may be a copy of a news article and the user does not realise it but anti-virus does not see the exploit on the page. Because the page was not blacklisted it bypassed anti-virus.”

He claimed that while anti-virus is great for legacy threats and it does have a use, it is not good at detecting exploits.

He said: “The days of traditional URL filtering are dead, we care about where users go and they all use the top 500 websites. We care about enforcing capable policy security and the content on pages is dynamic.

“At the end, Google is a search engine, and anti-virus traditionally classifies it as a search engine, but you need to classify the data on each page, and this is what we do with the web security gateway, we are moving to security scanning as we let you understand the threat but not allow you to post or send confidential data.”

David Hobson, managing director of GSS, said: “Not everything needs to be secured in real-time, it depends on the content of the page, if it is dynamic processing you will want to scan on the fly, you do not have to set all controls to scan the page but ask yourself if what is happening is abnormal for the page?”

Websense launched its Triton unified security architecture to combine its web, data and email security technologies into a single platform last month.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews