As I continued my daily scanning of articles relevant to proxies, I found yet another article on why reputation doesn't work because of IP address space. A company moving datacenters found their reputation went down and were considered spammers because they had to pick up a new IP address space in their new datacenter, and of course the IP address space was previously used by spammers.
Note: It took Ironport 7 days to rectify the situation in their reputation database. A sure sign that reputation isn't a good way to go when trying to determine threat levels, at least when it takes that long to fix a problem.
Subscribe to:
Post Comments (Atom)
Posts
2 comments:
You continue to amaze me. I guarantee you I can find countless instances where reputation based filtering prevented nefarious activity. Maybe you should focus your efforts searching for good reputation based stories vs the rare exception as you clearly seem to do. Your bias is not helping your readers in any way.
As mentioned in another response to a different comment. I don't have a problem with using reputation, as long as it doesn't bypass a step in the network security layer. The problem with reputation, is that too many vendors use it as a way to skip another layer in security. For example, one vendor uses it to bypass AV scanning. That's a really bad idea, especially when it applies to downloaded files. Use reputation when there's scant other data to determine risk, but don't use it to bypass your security.
Post a Comment