Leveraging Reputation As A Security Defense

Reputation
What is reputation? By definition Reputation is the opinion (more technically, a social evaluation) of the group of entities toward a person, a group of people, or an organization on a certain criterion. It is an important factor in many fields, such as education, business, online communities or social status”. Older security technologies use signatures of known bad elements however those remain static and can’t detect changes without regular updates. Many leading vendors are realizing it’s easier to watch the change of Reputation of information rather than trying to capture signatures of attacks and updating their technology.

Cisco looks at this from the web viewpoint. They acquired Iron Port a few years ago, which relies on their “sender base” research of web and email Reputation (www.senderbase.com). Sender Base looks at things like how long a website has been up, what type of content is present, has the sender been flagged for spamming, etc. to develop a credit score of the traffic. An example of this is how I launched my hip-hop group’s website and it was flagged with a mid range credit score based on it being up for a few days and the hosting agent being a group hosting firm. It took a few weeks before my group moved into a safe music site category.

Another area Cisco uses this is for email security. Spammers have cleaver ways to bypass standard security scanning technology. Some common methods are using spotting to slightly change the message (IE d.o some.th ing like th is) or including links to phishing websites that pull down the bots post email.

We use Iron Port at WWT, which below shows I’ve received 2,145,843 emails this month that were blocked based on bad reputation. Only a few got through and had older scanning technology catch them, which is crazy that 98.5% of my email is crap.

Symantec is starting to use reputation from a different viewpoint by looking at the reputation of application use. They are looking at things like how many people are using an application, where did it come from, etc. to determine if it can be installed. Think about it, who wants to be the first person in the world to install a software application? I think it’s pretty awesome to create a check that says “ only install application form these vendors that at least a thousand people have installed as a security checkpoint prior to scanning it for viruses. (http://www.symantec.com/business/theme.jsp?themeid=insight)

Word from both Cisco and Symantec is that reputation will appear in more of their security products. Reputation seems like the future of real-time defense and a lot faster to leverage since there isn’t a time wasted on scanning.

VN:F [1.9.22_1171]
Rating: 4.5/5 (2 votes cast)
Leveraging Reputation As A Security Defense, 4.5 out of 5 based on 2 ratings

12 thoughts on “Leveraging Reputation As A Security Defense”

  1. I do enjoy the manner in which you have framed this issue and it really does offer me some fodder for thought. On the other hand, through just what I have seen, I only wish that as other responses pack on that people keep focussed on the point and don’t start on their soap box issues of the news of the day. Anyway, thank you for this outstanding point and while I can not go along with the idea in totality, I value your point of view.

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)

Leave a Reply

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.