Cisco Cisco Web Security Appliance S360 Fehlerbehebungsanleitung

Jun 26, 2014

Introduction
WBRS Overview
     WBRS Use of SenderBase
     WBRS Granularity

This document provides an overview of Cisco Web Reputation (WBRS) for the Cisco Web Security
Appliance (WSA).

Contributed by Josh Wolfer and Stephan Fiebrandt, Cisco TAC Engineers.

WBRS is an innovative method that analyzes the behavior and characteristics of a Web server and provides
the latest defense in the fight against spam, viruses, phishing, and spyware threats.

WBRS uses real−time analysis on a vast, diverse, and global dataset in order to detect URLs that contain
some form of malware. WBRS is a critical part of the Cisco security database, which protects customers from
blended threats from email or Web traffic.

WBRS leverages data from Cisco's Common Security Database (SenderBase 

®

 Network), which is  the

world's largest email and Web traffic monitoring network. It tracks over 50 distinct parameters that are
excellent indicators of a URL's reputation. With sophisticated security modeling and malware detection
agents, Cisco evaluates these URLs based on these inputs.

Some of the parameters include:

URL categorization data

• 

Presence of downloadable code

• 

Presence of long, obfuscated End−User License Agreements (EULAs)

• 

Global volume and changes in volume

• 

Network owner information

• 

History of a URL

• 

Age of a URL

• 

Presence of virus / spam / spyware / phishing / pharming blacklist(s)

• 

URL typos of popular domains

• 

Domain registrar information

• 

IP address information

•