Introducing Web Reputation

The Trend Micro Web Reputation (WR) technology joins its real-time visibility and control capabilities with CPM to prevent web-based malware from infecting your users’ computers. Web Reputation intercepts malware "in-the-cloud" before it reaches your users’ systems, reducing the need for resource-intensive threat scanning and clean-up. Specifically, WR monitors outbound web requests, stops web-based malware before it is delivered, and blocks users’ access to potentially malicious websites in real time.

Web Reputation requires no pattern updates. It checks for web threats when a user accesses the Internet by performing a lookup on an "in-the-cloud" database. Web Reputation uses the site’s "reputation" score and a security level set by the Console Operator to block access to suspicious sites. The Web Reputation database lookups are optimized to use little bandwidth (similar in size to a DNS lookup) and have a negligible impact on network performance.

Web Reputation Operation

Whenever a user tries to open an Internet site, the requested URL is scored at the proxy, in real-time, and that score is then evaluated against the security level. URLs with a score that exceeds the level you select are prevented from opening. This scoring is relative to security, not to whether a site might contain objectionable content.

Note: As you set the security level higher, the web threat detection rate improves but the likelihood of false positives also increases.

You can override incorrect blocking by adding the URL to the Approved List. Likewise, you can force blocking of a site by adding it to the Blocked List.

URLs are scored on a security scale from 0 - 100.
Safe
Scores range 81 - 100. Static and normal ratings. URLs are confirmed as secure, however content can be anything (including objectionable content).
Unrated
Score equals 71. Unknown ratings. These URLs are not included in the rating database.
Suspicious
Scores range 51 - 80. URLs that have been implicated in Phishing or Pharming attacks.
Dangerous
Scores range 0 - 49. Static and malicious ratings. URLs are confirmed as malicious, for example a known vector for spyware or viruses
Security Levels range from high to low and have the following default actions:
High
Blocks unknown, suspicious, and dangerous sites.
Medium
Blocks dangerous and suspicious sites.
Low
Blocks only dangerous sites.

For example, if you set the Security Level to Low, Web Reputation only blocks URLs that are known to contain malicious software or security threats.

Web Reputation Security Levels

After enabling WR on your endpoints, you can raise the security level to Medium or High (the default is Low) to increase the degree of sensitivity that WR uses when evaluating URLs.

Configuring a Default WR Security Level

  1. From the IBM BigFix Console, click Endpoint Protection on the lower-left pane.
  2. From the upper-left navigation pane, go to Core Protection Module > Common Tasks > Core Protection Module > Web Reputation.
  3. Click Web Reputation - Configure Web Reputation Security Level. A screen displaying the Task Description tab opens.
  4. Below Actions, choose a Security Level by clicking the hyperlink. The Take Action window opens.
  5. In the Target tab, select all Applicable Computers to apply the WR security level to all your endpoints. Click OK.
  6. In the Action | Summary window that opens, monitor the "Status" and "Count" of the Action to confirm that it is "Running" and then "Completed."