What I Want to See Wednesday

John Pescatore
VP Distinguished Analyst
11 years at Gartner
32 years IT industry

John Pescatore is a vice president and research fellow in Gartner Research. Mr. Pescatore has 32 years of experience in computer, network and information security. Prior to joining Gartner, Mr. Pescatore was senior consultant for Entrust Technologies and Trusted Information Systems… Read Full Bio

Coverage Areas:

What I Want to See Wednesday

by John Pescatore | September 26, 2008 | Submit a Comment

(My blogging got a bit backed up due to travel and PC upgrades)

I want to see Web Security Gateway vendors (and any other security product vendor who can do this) add a very simple feature:

Every time there is an update to the list of bad URLs, I would like them to look at the user access logs to see what users went to those URLs before we knew they were bad. That is a good indicator of PCs that are likely to have been compromised.

After all, this is sort of what the desktop AV world has done forever: we run a disk scan to find all the malware that gone on the hard drive before we knew it was malware. When you are stuck using a reactive blacklist, you have to do this – it should be a standard part of web security gateways.

Submit a Comment »

Category: Uncategorized Tags:

0 responses so far ↓

There are no comments yet...Kick things off by filling out the form below.

John Pescatore

A member of the Gartner Blog Network

What I Want to See Wednesday

0 responses so far ↓

Leave a Comment

Who's Blogging most recent blogs first

Categories

Tags

Archives