Cisco Cisco Web Security Appliance S390 Guida Utente

 

Web Reputation Filters assigns a web-based reputation score (WBRS) to a URL to determine the 
likelihood that it contains URL-based malware. The Web Security appliance uses web reputation scores 
to identify and stop malware attacks before they occur. You can use Web Reputation Filters with Access, 
Decryption, and Cisco IronPort Data Security Policies.

Web Reputation Filters use data to assess the reliability of Internet domains and score the reputation of 
URLs. The web reputation calculation associates a URL with network parameters to determine the 
probability that malware exists. The aggregate probability that malware exists is then mapped to a Web 
Reputation Score between -10 and +10, with +10 being the least likely to contain malware.

Example parameters include the following:

URL categorization data

Presence of downloadable code

Presence of long, obfuscated End-User License Agreements (EULAs)

Global volume and changes in volume

Network owner information

History of a URL

Age of a URL

Presence on any block lists

Presence on any allow lists

URL typos of popular domains

Domain registrar information

IP address information

Cisco does not collect identifiable information such as user names, passwords, or client IP addresses.

Web Reputation Scores are associated with an action to take on a URL request. You can configure each 
policy group to correlate an action to a particular Web Reputation Score. The available actions depend 
on the policy group type that is assigned to the URL request: