New Finjan Appliance Sniffs Web Traffic for Crimeware

Secure Web gateway products vendor Finjan unveiled version 9.0 of its Vital Security Web appliance on Monday at the RSA Security (Nasdaq: RSAS) Conference.

This includes a new active real-time inspection technology that checks both inbound and outbound Web traffic and SSL (secure socket layer) traffic for malicious content to provide enterprises real-time information on system performance and security risk levels.

The active real-time content inspection capability "combines both static and dynamic code analysis technologies, benefiting from the advantages of both while avoiding the limitations of each," Finjan's chief technology officer, Yuval Ben-Itzhak, told TechNewsWorld.

Graphical View

The new technology comes in an integrated dashboard that provides users graphs and graphical views of their system. It lets enterprises manage security policies easily and lets them refine rules quickly.

While this security refinement capability is new in v9.0, it is accessible from both the integrated dashboard and from the application's main management console.

Vital Security v9.0 also includes Web 2.0 and productivity control modules that use URL (universal resource locater) filtering engines from IBM (NYSE: IBM) and Websense.

It helps organizations comply with the Sarbanes-Oxley Act (SOX) through the use of COBIT (Control Objectives for Information and related Technology) practices; PCI DSS (Payment Card Industry Data Security Standard) 1.1; the Graham-Leach-Bliley Act; HIPAA (Health Insurance Portability and Accountability Act) and FISMA (the Federal Information Security Management Act of 2002).

New Stuff in v9.0

Finjan's appliances inspect both inbound and outbound Web traffic as well as SSL traffic to sniff out malicious content.

Version 9.0 has added an external reporting and logging system to provide large enterprises with "a flexible and scalable data analysis platform for internal use, audits and compliance requirements," Werner Hammier, vice president of products at Finjan, told TechNewsWorld. "With version 9.0, our enterprise customers get top-notch security."

The filtering engines "provide categories of domains such as gambling, Web 2.0, and news that let administrators select and control the ones employees are allowed to visit during working hours," Ben-Itzhak said.

Version 9.0 also offers HTTPS/SSL content inspection in real time to prevent crimeware hiding in SSL (secure) traffic. Inspected content remains encrypted when entering and exiting the appliance. Crimeware is a type of malware designed specifically to automate financial crime.

In addition, it supports Cisco's (Nasdaq: CSCO) WCCPv2 standard so it can interoperate with more equipment from Cisco.

The appliance offers users wizards to simplify decision-making for security policies.

Finjan's Solution Examined

Generally, people take a slash-and-burn approach to malware, and the cure may be worse than the disease. "Often the answer is, don't let any executable code through, but that can break all sorts of useful things," Peter Christy, analyst at the Internet Research Group, told TechNewsWorld.

Finjan's approach is more sophisticated: "Finjan treats malware almost as a compilation problem -- they deconstruct the code, build a model of what it looks like internally and what calls come to it, and when it gets something it hasn't seen before, it makes an intelligent decision based on what calls the code makes and the executables it wants to run," Christy said. "I don't think anyone else does that now."

This is increasingly important in the crimeware field because "attackers have gone from people who just want recognition and make trouble to people who want money," Christy explained. "If you get a job in an Eastern European crimeware company, it's like going to work at Google (Nasdaq: GOOG) here."

Finjan "has done a lot to cope with this," and offering real-time analysis is important because "the quicker you can see non-compliant behavior, the better," Christy added.