Fight the Malware Battle

Content Filter Application Guide


• Complete solutions • Comprehensive offering from a single vendor • Proven leading edge technology

Overview Control Access to Web Content and Block Web Threats Content filtering faces new challenges and opportunities. As the evolving Web makes managing appropriate surfing and bandwidth use more difficult, it also introduces new security threats, that filtering may be ideally suited to address. ZyWALL USG Content Filter, powered by Blue Coat, protects user productivity, blocks malware downloads and Web threats, and enables compliance. ZyXEL’s USG Content Filter is continuously updated by Blue Coat’s WebPulse community watch cloud defense, which detects hidden malware and provides reputation and Web content analysis. ZyXEL USG

Content Filter is 100% user driven for relevance, creating an unmatched realtime Web content rating service. The WebPulse uses Dynamic Link Analysis (DLA) to check popular Websites for attack injections and search engine results for bait pages, both leading to Web threats via dynamic links. The WebPulse provides cloud intelligence to ZyWALL USG appliances. USG Content Filter leverages the next generation of Web filtering technology by combining URL filtering and anti-malware technologies together, into a collaborative cloud defense architecture.

Table of Content




The Changing Threat Landscape


Features to Address the Threats


ZyWALL USG Content Filter URL Categories


The Changing Threat Landscape The World Wide Web has become the main attack vector for network threats because the Internet is a very attractive malware delivery mechanism. With threats hidden directly in the content such as cookies, add-ons and rootkits, it makes malware exceptionally difficult to detect. Overall, the web threats have huge potential including: Unprecedented malicious code volume: malicious code variants increased by nearly 300% in 2009. Dangerous Web content: more than 40% of malicious code threats target Internet browsers due to the increased popularity of Web 2.0. Social networking scams: 40% of social network users have encountered malicious attacks. Targeted attacks: web attacks can be extremely targeted on a particular geographic region, industry, or company but may not always execute right away.

Key issues for businesses Malware has become a serious issue for business. If businesses don’t start to prepare consolidated protection, they will suffer the impact of malware directly. Increasing security risks: when employees contact potentially dangerous web pages that attempt to exploit their visitors by installing and running malware automatically, it increases network security risks. Increasing IT costs: An infected machine increases IT costs associated with control, removal of malware, and even reinstall programs and restore the computer to its former state. Loss of crucial information or data revenue: malware is frequently used to infect computers to steal sensitive information which can be sold to a third-party or competitors who could then use it to make a profit. Why your current security solution is not enough Malicious code is discovered “in-the-wild”. Signature based security has two major challenges and drawbacks so that it can cope with today’s high volume dynamic threat landscape. Exponential malicious code volume challenges: signaturebased security has a complete but long process that a signature vendor needs to detect and isolate the threat, develop the signature, and push it out to the millions of systems that use it. This process can take hours to weeks, depending on the complexity of the security threat. Web threats up the ante challenges: any element in daily dynamic link avalanche can contain a malicious payload even when they originate from trusted sites. By the time security tools recognise targeted attacks, systems are often already infected.


What is the best solution for today’s businesses? The best solution can address the new threat landscape and overcome the shortcomings of traditional security defenses that will require two major features. 1 A common community A fairly large population of community participants willing to share insights about new threats in real-time. 2 The scale and ubiquity of the cloud Cloud-based assets and services will supplement onsite security gateways and signature databases, creating a defensein-depth architecture. Based on these two features, cloud-based community security is the best solution that collectively addresses the speed, variety, and ever-changing nature of today’s threats with a


large diverse community, constant threat discovery, blocking unknown Web content, real-time analysis, immediate signature updates. Identify new Web threats in real time: cloud-based tools and researchers then perform a deep inspection of the content, URLs, IP addresses, and protocols in real time. Improve security efficiency and operations: the cloudbased community security is designed for incident prevention and analysing, rating, and blocking threats before they penetrate networks and infect systems.

Features to Address the Threats 1 Awareness & Response ZyXEL’s USG Content Filter provides over 6 billion ratings per day for over 70 million users located in the largest enterprise and service provider networks around the world: WebPulse has eight operation centers to support cloud defense analysis of over 1 billion Web requests per week New Web content or links detected by Web gateways or remote clients are sent in real-time to the WebPulse cloud for DLA inspection where updates to the master Blue Coat WebFilter database provide immediate protection Blocks malware, Web threats, fake software updates, fake AV offers, phishing offers Blocks only Web threats using DLA inspection, allowing users access to popular Websites and avoiding over blocking Provides Web 2.0 filtering for mashed up web portals, blocking panels and dynamic content per policy settings Provides coverage in over 50 languages using proprietary machine analysis knowledge algorithms and ? USG Content Filter integrates with Google malware feeds and other third party ratings for Web threats, phishing, scamware and content ratings 2 Accuracy & Relevance ZyXEL’s USG Content Filter is 100% user driven for Web content rating inputs from a broad and diverse user community, without the need for Web crawlers or artificial analysis: For new customers the USG Content Filter quickly learns user habits with real-time feedback for relevance – in new ratings

3 Effectiveness and Security Thanks to Blue Coat WebPulse technology, the USG Content Filter provides Web 2.0 protection and content ratings with cloud awareness from a global user community and an array of threat prevention technologies in the cloud and on the USG gateway: Downloads and patch cycles are no longer required as Web gateways and remote clients are cloud connected for immediate protection with rating updates Leading edge Web 2.0 is defended by uniting edge Web 2.0 defense by uniting URL filtering with threat analysis in a cloud architecture to rapidly find hidden malware downloads, fake software updates, scamware and phishing attacks 4 Reporting and Visibility Extend USG Content Filter with Vantage Report to provide visibility and governance verification of web filtering policies:

The dashboard provides a quick view of real-time status of the security threat at your fingertips. And there is a daily report automatically sent to IT executives that help to keep tracing the trend of security threat. With the Vantage Report it is easier to centralise the management of the security threat across multiple locations and devices from a single console. The comprehensive reports allow you to analyse the Internet access behaviour and find any potential risks in your network. Also the logs archiving and searching functions can help you to achieve the regulatory compliance. When you combine ZyXEL’s USG Content Filter and Vantage Report it creates an unmatched enterprise-class filtering solution for small and medium businesses.

USG Content Filter analyses content, within image searches, cached content, and translation services for accurate ratings and compliance with its real-time rating service USG Content Filter provides reputation ratings so policy controls can opt for inline threat analysis, or blocking downloads such as drive-by installers and executables from these sites


ZyWALL USG Content Filter URL Categories, Powered by Blue Coat ZyWALL USG Content Filter URL Categories, powered by Blue Coat The USG Content Filter database contains millions of website ratings representing billions of web pages, covering more than 50 languages, and organised into 79 useful categories, including:


Blue Coat WebPulse Cloud-based Defence Malware is constantly evolving, so you need a dynamic security strategy that can keep up with the latest Web-based threats. To help protect your network from sophisticated malware attacks, the Blue Coat WebPulse cloud service leverages real-time URL ratings from a growing community of 70 million users, supports more than 50 languages, integrates multiple threat detection engines and provides more than six billion real-time Web content ratings per day. As part of the ZyWALL USG Content Filter solution, the WebPulse delivers fast and effective Web 2.0 threat protection by incorporating custom script analysers, anti-malware and anti-virus scanning, sandboxing and browser simulations and other leading security technologies. As a result, the WebPulse cloud service: Dynamically analyses URL requests and immediately shares threat intelligence throughout the cloud community Leverages 16 advanced threat analysis tools to provide immediate and continuous protection against known and unknown Web-based threats

About ZyWALL USG ZyXEL’s firewall concept is a security solution that covers all areas of corporate communication. The firewall permits only desired traffic to enter the network, while the Antispam feature scans your e-mails and the content filter blocks access to undesirable or dangerous websites. The anti-virus service can block viruses, Trojan Horses and spyware, while IDP detects and eliminates malware according to the activity patterns. Depending on the device employed, the VPN allow secure remote access via IPSec, SSL or L2TP tunnels. VPN traffics can be controlled with firewall policies and contents are protected by anti-virus and IDP functionalities, while protocol independent application patrol locates and regulates undesirable traffics; combined in one device, these components guarantee that your network from hacker attacks. ZyXEL always makes sure that its solutions are effective, affordable and easy to handle: the ZyWALL USG Series not only offers an unbeatable price/performance ratio, but also low operating costs thanks to the simple configuration, automatic updates of all services and free firmware upgrades.

Delivers the latest security advances without requiring software downloads or other update cycles


Corporate Headquarters ZyXEL Communications Corp. Tel: +886-3-578-3942 Fax: +886-3-578-2439 Email: [email protected]



The Americas

ZyXEL Belarus Tel: +375 17 334 6099 Fax: +375 17 334 5899 Email: [email protected]

ZyXEL Poland Tel: +48 (22) 333 8250 Fax: +48 (22) 333 8251 Email: [email protected]

ZyXEL China (Shanghai) China Headquarters Tel: +86-021-61199055 Fax: +86-021-52069033 Email: [email protected]

ZyXEL Malaysia Tel: +603-7960-0088 Fax: +603-7960-8802 Email: [email protected]

ZyXEL Costa Rica Tel: +506-22017878 Fax: +506-22015078 Email: [email protected]

ZyXEL Benelux Tel: +31 23 5553689 Fax: +31 23 5578492 Email: [email protected]

ZyXEL Russia Tel: +7 (495) 542-8920 Fax: +7 (495) 542-8925 Email: [email protected]

ZyXEL China (Beijing) Tel: +86-010-62602249 Email: [email protected]

ZyXEL Pakistan Tel: +92 213 4310194-5 Fax: +92 213 4310196 Email: [email protected]


ZyXEL Czech Tel: +420 241 091 350 Fax: +420 241 091 359 Email: [email protected]

ZyXEL Slovakia Tel: +421 243 193 989 Fax: +421 243 193 990 Email: [email protected]

ZyXEL China (Tianjin) Tel: +86-022-87890440 Fax: +86-022-87892304 Email: [email protected]

ZyXEL Singapore Tel: +65-6899-6678 Fax: +65-6899-8887 Email: [email protected]

ZyXEL Denmark A/S Tel: +45 39 55 07 00 Fax: +45 39 55 07 07 Email: [email protected]

ZyXEL Spain Tel: +34 902 195 420 Fax: +34 913 005 345 Email: [email protected]

ZyXEL India Tel: +91-11-4760-8800 Fax: +91-11-4052-3393 Email: [email protected]

ZyXEL Taiwan (Taipei) Tel: +886-2-2739-9889 Fax: +886-2-2735-3220 Email: [email protected]

ZyXEL Finland Tel: +358-9-4780 8400 Email: [email protected]

ZyXEL Sweden A/S Tel: +46 8 5776060 Fax: +46 8 5776061 Email: [email protected]

ZyXEL Kazakhstan Tel: +7-727-2-590-699 Fax: +7-727-2-590-689 Email: [email protected]

ZyXEL Thailand Tel: +66-(0)-2831-5315 Fax: +66-(0)-2831-5395 Email: [email protected]

ZyXEL France Tel: +33 (0)4 72 52 97 97 Fax: +33 (0)4 72 52 19 20 Email: [email protected]

ZyXEL Switzerland Tel: +41 (0)44 806 51 00 Fax: +41 (0)44 806 52 00 Email: [email protected]

ZyXEL Germany GmbH Tel: +49 (0) 2405-6909 0 Fax: +49 (0) 2405-6909 99 Email: [email protected]

ZyXEL Turkey A.S. Tel: +90 212 314 18 00 Fax: +90 212 220 25 26 Email: [email protected]

ZyXEL Hungary & SEE Tel: +36-1-336-1640 Fax: +36-1-325-9100 Email: [email protected]

ZyXEL UK Ltd. Tel: +44 (0) 118 9121 700 Fax: +44 (0) 118 9797 277 Email: [email protected]

ZyXEL Italy Tel: 800 99 26 04 Fax: +39 011 274 7647 Email: [email protected]

ZyXEL Ukraine Tel: +380 44 494 49 31 Fax: +380 44 494 49 32 Email: [email protected]

ZyXEL Norway Tel: +47 22 80 61 80 Fax: +47 22 80 61 81 Email: [email protected]

Fo r m o re p ro d u c t i n fo r m a t i o n , v i s i t u s o n t h e we b a t w w w. Zy X E L . co m Copyright © 2011 ZyXEL Communications Corp. All rights reserved. ZyXEL, ZyXEL logo are registered trademarks of ZyXEL Communications Corp. All other brands, product names, or trademarks mentioned are the property of their respective owners. All specifications are subject to change without notice.

North America Headquarters

Tel: +1-714-632-0882 Fax: +1-714-632-0858 Email: [email protected]