Find a single vendor that had the technical competency and business flexibility to support web filtering solutions for the existing consumer-oriented user base, as well as provide a highly competitive premium offering for the business market being targeted by the Mobile Provider for future growth, while simultaneously addressing web-based threats to Android™ and iPhone™ devices from mobile apps and malicious websites.
Leading Wireless Service Provider with over 50 million worldwide users (“Mobile Provider”)
On-disk integration with fully mirrored URL database on Linux-based server running in Mobile Provider’s Data Center
“We needed a partner that combined the URL database technology, protection for mobile users posed by web-based threats and business flexibility to support the premium web filtering offering we envisioned to differentiate our services and accelerate our growth rate–and zvelo provided the answers.”
– Senior Vice President of Value Added Services, Mobile Provider
The Mobile Provider had been offering a standard web filtering service, utilizing one of the industry’s URL database vendors that emphasized “consumer” oriented website coverage, as part of its standard mobile subscription package. Despite significant false positive rates and performance issues, this URL database was deemed good enough for the consumer segment of the wireless market that the Mobile Provider had served for the past decade.
However, as competition for the wireless consumer market increased and growth rates slowed, the Mobile Provider recognized it needed to expand into new markets, including the potentially lucrative business and corporate market. To succeed in this market, the Mobile Provider realized it would have to provide much more compelling and differentiated offerings, such as a premium web filtering service for the business users, with more granular policy management, improved reporting, as well as considerably better business website coverage and accuracy.
Additionally, with the increasing amount of malware and web threats targeting mobile users, the Mobile Provider identified the need for significantly boosting protection for its users from malware and web-based threats targeting Android and iPhone devices by mobile apps and malicious websites.
The Mobile Provider identified a number of issues related to its existing, basic web filtering for its consumer users:
- Significant false positive rate – there was a considerable rate of miscategorized URLs in the database; however, as the web filtering offering was packaged into the basic monthly package and considered free, there was not a sense of urgency or importance in improving the quality or accuracy of the URL database. Further, there were no means by which users could even request changes to false positives and miscats.
- Consumer-oriented coverage not appropriate for business users – as the URL database was oriented towards the wireless consumer market, it had significant shortcomings for coverage of business-oriented websites or websites in foreign languages frequently used by business customers.
- Limited category set – the existing web filtering offering only provided a handful of categories (good or bad), while a business user would require potentially dozens of categories and much more granular policy management and reporting to address business requirements, including:
- Liability Management – to reduce the risk of litigation due to inappropriate website usage by employees, such as surfing porn or downloading copyrighted materials, movies and files.
- Productivity – to ensure employees and users were productive wherever they were working.
- Resource Utilization – to limit the amount of high-bandwidth utilization for certain video and streaming sites.
- Security and Web threat protection – the existing web filtering offering and URL database had virtually no support for detecting or protecting against malicious websites and other web-based threats to mobile users.
- ActiveWeb* support – the existing URL database was static with only daily updates, while the business market requires continuous, real-time categorizations and inspection of websites for malicious content or infections as the websites come online and are visited by users.
As a result, the Mobile Provider identified the requirement for a premium web filtering offering designed to address the needs of the business market it was targeting, as well as significantly improved protection and coverage for its users against web-based threats.
“We realized the need for a partner that could address each of the business and technical requirements. These included excellent URL database technology, coverage and accuracy, with the ability to support multiple tiers of service, as well as a pioneer in zero-hour protection and coverage for our mobile users against malicious websites and web-based threats.”
– Vice President of Product Management, Mobile Provider
After determining it required a new URL database vendor, the Mobile Provider initiated a formal RFP and evaluation process. The Mobile Provider invited four vendors to respond to the RFP and, after reviewing responses, selected three vendors for a formal evaluation.
The evaluation criteria included:
- Coverage – an evaluation of the respective vendors’ URL database coverage compared with the Alexa™ global top 100,000 list was conducted. Additionally, as the initial rollout of the service was targeted for specific countries, an evaluation of the Alexa top 25,000 list for these markets was also performed.
- Accuracy – an evaluation of the URL database accuracy was conducted, with an in-depth analysis of over 10,000 URLs collected from the Mobile Provider’s proxy logs. The accuracy evaluation compared the three vendors with the Mobile Provider’s results for these URLs.
- Malicious Website Detection – an evaluation of the vendors’ coverage and detection abilities of malicious websites was performed, using feeds from several sources including Phishtank™ (for phishing and fraud websites), IWF™ (for child sexual exploitation websites), and a range of internal/external sources for websites identified as hosting spyware, malware or other threats.
- Speed to categorize new URLs – an evaluation was conducted by submitted new URLs to determine the speed at which new URLs were categorized and added to the URL database
- Response time to handle Miscats – an evaluation was conducted by submitting miscategorized URLs to determine the time it took the vendor to research and correct a miscategorized URL, as well as the support for an automated user submission process for miscats
- Performance – the time required to perform a URL query, as well as the maximum number of queries per second per server, was measured for the vendors.
- SDK Option – the vendors were asked to prepare SDKs for the UNIX environment utilized by the Mobile Provider, including the ability to mirror the vendor’s entire URL database on a server based in the Mobile Provider’s data center
- Category Mapping – an evaluation of the vendors’ abilities to “map” their URL database categories to the “consumer” category set as well as the “business” category set was performed (note – only one vendor was able to meet this requirement).
The evaluation process took nearly two months to complete, after which the final evaluation report was prepared and presented to the mobile provider’s management responsible for value added services.
“The final evaluation report confirmed our belief that zvelo had the best combination of technical excellence for our requirements. The zveloDB® coverage and accuracy were tops amongst the vendors we evaluated, while zvelo also had the distinction of being uniquely able to address the malicious threats we tested and provide the category mapping we required.”
– Vice President of Service Development, Mobile Provider
Following the evaluation, the Mobile Provider completed development of its business-oriented Web Filtering application, as well as the integration of the zveloDB SDK on the UNIX platform deployed in its data centers. The Mobile Provider’s implementation included real-time lookups to zveloNET® (the zvelo “cloud”), which provides coverage and real-time automated categorization and malicious inspection of new ActiveWeb sites visited by the collective community of all of users of zvelo customers.
Mobile Provider’s Web Filtering in Action
The Mobile Provider introduced its premium, business-oriented web filtering offering as part of a “business services” bundle and began seeing immediate success in the target markets, with sales by both direct and channel sales groups. Additionally, the Mobile Provider also saw traction amongst users due to heightened awareness threats posed by malicious websites, mobile Apps and headlines of Android and iPhone attacks.
Upon subscribing to the Web Filtering offering, users set acceptable use policies and can begin web surfing as normal. When the user accesses a website, the URL is directed to the Mobile Provider’s data center running the Web Filtering application.
For example, if a user requests access to www.existingwebsite.com, the URL is then directed to the Web Filtering application, which queries the zveloDB via the zveloDB SDK. The zveloDB SDK performs a fast lookup in the following order:
- First – the “Custom” database provided by the Mobile Provider of specific blacklist URLs.
- Second – the zveloDB.
- Third – the zveloNET CACHE™ database, followed by a query to the zveloNET Master Database (at the zveloNET “cloud”).
If www.existingwebsite.com is found in any of these databases, the category value(s) are returned to the Web Filtering application and the Web Filtering application uses the acceptable use policies for the particular user to block or allow access to the requested website.
If, however, the user requests access to www.newwebsite.com, and the URL is not found in the above-mentioned query process, the URL is immediately processed by the zveloNET real-time AutoCat systems to determine the appropriate category (up to 5 categories) and to identify if the website is infected, compromised or contains any type of threat. The www.newwebsite.com URL and its categories are then added to the zveloNET Master Database and available for any subsequent queries for the community of users for all customers. If any other user from any customer then requests access to the www.newwebsite.com, it is then found in the query and the URL and its category values are downloaded to the zveloNET Cache database, making for even faster lookup speed.
zveloNET’s ability to harness the collective web activity of all of the users of zvelo customers provides the basis for the extremely high coverage of the ActiveWeb and malicious websites. Each additional user increases the breadth of ActiveWeb sites visited and categorized, thereby further increasing the coverage and malicious website detection for all of the collective users.
Ease of Integration
A key consideration and evaluation criteria for the Mobile Provider was ease of integration and performance, with a requirement for over 500,000 URL queries per second per server. With the zveloDB SDK, the integration is simple and straightforward. zvelo was able to quickly deliver the specific UNIX version required by the Mobile Provider as well as mirror the full Master zveloDB to the server running in the Mobile Provider’s data center. With only a few API calls to develop and test, the resulting zveloDB SDK integration was simple and completed in less than a month.
“The zvelo SDK integration was very straightforward. zvelo’s SDK was tailored for our UNIX operating environment, we were able to mirror the entire zveloDB in our local data center, create the category mapping required for the various service offerings and deliver the required SDK performance.”
– Director of Service Deployment, Mobile Provider
Benefits of zveloDB
The zveloDB’s 99.99% coverage of the ActiveWeb sites visited by users, combined with zveloNET’s real-time AutoCategorization (AutoCat) for new websites, provided excellent website coverage and accuracy for the Mobile Provider’s consumer and business mobile users, while zvelo’s malicious website detection capabilities provided zero-hour protection against threats posed to mobile users by mobile apps, malicious websites and other web-based threats. The zveloDB SDK was tailored for easy integration with the UNIX operating environment and provided an API to automate end-user submissions of any miscats for immediate research and response by zvelo’s quality assurance team of Web Analysts.
The Mobile Provider experienced immediate success with the introduction of its business-oriented service package which included the premium web filtering offering. The Mobile Provider has been able to penetrate new business markets and sales channels due to its expanded suite of offerings.
“zvelo provides us with the right mix of URL database coverage, accuracy, performance and threat prevention. They have been an excellent and responsive partner from the start of evaluation through the integration, launch and ongoing ramp up of the service.”
– Senior Vice President of Value Added Services, Mobile Provider
*ActiveWeb – those websites visited by actual users.