NSX-T URL analysis using Webroot
New websites are emerging at astonishing rates. It is really making it challenging for organizations to enforce internet usage policies and keep users safe from online threats. If you look at it, modern admins require more accurate & timely solutions to protect their customers. In this blog – let’s look at how NSX-T uses URL analysis to give insight into users accessed websites
URL Analysis Magic
NSX-T uses webroot’s threat intelligence services. Webroot is a USA based firm, which is classified and scored over 95% of the internet to generate the largest URL database of its kind. It uses a combination of global threat sensors, machine learning algorithms, and human classification. This means it requires continuous updates of the latest knowledge of URL classifications and risk scores for integration.
For analysis, the NSX edge nodes require access to the internet to download URL category and reputation definitions. The NSX Edge nodes connect to webroots cloud service over SSL and download the category and reputation data locally. It requests updated URL information from cloud service every 5 minutes. Once, NSX Edge nodes collect traffic data it sends it to NSX Manager, which graphically displays the information.
And also just to highlight currently with NSX-T 3.0 it does not support taking automated action against the reputation score
URL Analysis process
The URL Analysis score is based on the reputation score, which is a measure of the trustworthiness of a URL. It ranges from 1 to 100 and also based on the score, URL is classified into severities ranging from high risk to trustworthy and unknown. Moreover, regardless of classification, each site is given a reputation score. It is determined using numerous characteristics, including history, age, rank location networks, links, and other contextual and behavioral trends
Also to note, webroot’s web pacification service provides intelligence across 82 website categories to protect users from malicious sites and however to highlight, currently with NSX-T it only helps you with reputation score and insights.
UI and captured information
Once the NSX-T edge receives the details from webroot, it present to the NSX-Manager UI so that admin can get to know the URL analyzed details. The below diagram captures some key details shown in the NSX Manager UI. The main information in my opinion is the session details and reputation score.
Summary
The intention here is to use the web reputation service to observes and protect users in real-time from the risks of connecting to any URL.
With Webroot NSX-T also provides detailed insights about why the given site was determined to be a threat, empowering admins to make better-informed security decisions.
For more NSX-T specific features and consideration please visit VMware section in networkbachelor.com