Metacert – Real-time URL Classification and Threat Intelligence

Overview

Metacert, founded in 2012, specializes in real-time URL classification and threat intelligence. Its core technology focuses on analyzing web content to determine its category, identify malicious links, and detect phishing attempts. Following its acquisition by Forcepoint, Metacert's capabilities have been integrated into Forcepoint's unified security platform, contributing to solutions for web security, data loss prevention (DLP), and cloud access security broker (CASB) services. This integration means that Metacert's functionalities are generally accessed as part of a larger Forcepoint product offering rather than as a standalone API or service.

The system is designed to provide granular classification of URLs, enabling organizations to implement precise content filtering policies. For instance, it can differentiate between various categories such as social media, news, gambling, or malicious sites like phishing and malware distribution points. This granular control is critical for enforcing corporate acceptable use policies, protecting employees from web-based threats, and ensuring compliance with regulatory requirements. The real-time nature of its classification engine allows for immediate analysis of new or previously uncategorized URLs, adapting to the evolving threat landscape.

Metacert's threat intelligence component involves continuously monitoring and analyzing global web traffic for emerging threats. This includes identifying new phishing campaigns, zero-day exploits distributed via compromised websites, and other forms of web-borne malware. The intelligence gathered is fed into the classification engine, enhancing its ability to block access to dangerous sites proactively. This proactive defense mechanism is a key benefit for organizations facing a constant barrage of sophisticated cyberattacks.

Target users for Metacert's integrated technology include enterprises, government agencies, and managed security service providers (MSSPs) that require robust web security and threat intelligence capabilities. It is particularly well-suited for environments where comprehensive content filtering, advanced threat detection, and real-time protection against phishing and malicious URLs are critical. Developers and technical buyers looking to integrate Metacert's specific functionalities typically engage with Forcepoint's sales or partner channels to understand how these capabilities can be leveraged within their existing security infrastructure or custom applications. Direct developer access to Metacert APIs as a standalone product is generally not available, as its technology is embedded within Forcepoint's broader security portfolio.

Key features

• Real-time URL Classification: Categorizes web pages and domains in real time, supporting over 100 categories for granular content filtering and policy enforcement.
• Phishing Detection: Identifies and blocks access to known and emerging phishing sites by analyzing URL patterns, content, and reputation data.
• Malware and Exploit Kit Detection: Detects URLs associated with malware distribution, drive-by downloads, and exploit kits to prevent infection.
• Threat Intelligence Feeds: Provides updated threat data on malicious URLs, compromised websites, and command-and-control servers to enhance security posture.
• Reputation Scoring: Assigns reputation scores to URLs based on various factors, including age, content, and historical threat data, to aid in risk assessment.
• Contextual Analysis: Utilizes advanced algorithms to understand the context and intent of web content, reducing false positives in classification.

Pricing

Metacert's technology is integrated into Forcepoint's enterprise security products. As such, there is no public, standalone pricing for Metacert APIs or services. Pricing is typically part of a broader Forcepoint solution package and is determined through custom enterprise quotes based on specific organizational needs, user count, and feature requirements.

For detailed pricing inquiries, prospective customers are advised to contact Forcepoint's sales team directly.

Common integrations

Metacert's technology is primarily integrated within Forcepoint's product ecosystem. Therefore, common integrations refer to how Metacert's capabilities enhance other Forcepoint offerings rather than direct, standalone API integrations with third-party systems.

• Forcepoint Web Security: Provides real-time URL classification and threat intelligence to block access to malicious and undesirable websites, enforce acceptable use policies, and protect against web-borne threats.
• Forcepoint Cloud Access Security Broker (CASB): Enhances visibility and control over cloud applications by classifying cloud-bound URLs and detecting shadow IT or risky cloud services.
• Forcepoint Data Loss Prevention (DLP): Integrates to ensure that sensitive data is not exfiltrated via web channels, especially through classified risky or unapproved sites.
• Forcepoint Next-Generation Firewall (NGFW): Contributes to advanced threat prevention capabilities by providing URL filtering and threat intelligence at the network perimeter.
• Security Information and Event Management (SIEM) Systems: Forcepoint products leveraging Metacert's intelligence can forward security events and logs to SIEM platforms (e.g., Splunk, IBM QRadar) for centralized monitoring and analysis.

Alternatives

Organizations seeking standalone URL classification or threat intelligence services may consider the following alternatives:

• Webroot BrightCloud Threat Intelligence: Offers an array of threat intelligence services, including URL classification, IP reputation, and file reputation, available via APIs.
• Palo Alto Networks URL Filtering: Provides enterprise-grade URL filtering as part of their network security platform, offering extensive classification and policy enforcement.
• Zvelo: Specializes in URL categorization, malicious website detection, and contextual data for content classification, often integrated by OEMs and service providers.
• Cloudflare API: Cloudflare offers various APIs, including those for security services like bot management and WAF, which can contribute to web security policies, though direct URL classification may be more rudimentary than dedicated providers.
• Google Safe Browsing API: Provides lists of unsafe web resources (phishing and malware) that applications can use to check URLs against known threats.

Getting started

As Metacert's technology is integrated into Forcepoint's broader security portfolio, direct API access for developers to Metacert as a standalone product is not generally available. Instead, developers would typically interact with Forcepoint's platform APIs or integrate with Forcepoint's security solutions. The process for integrating with Forcepoint's products, which leverage Metacert's capabilities, would involve:

1. Contacting Forcepoint Sales: Engage with Forcepoint to discuss specific security requirements and understand which Forcepoint products incorporate the desired Metacert functionalities (Forcepoint Contact Page).
2. Solution Design: Work with Forcepoint engineers to design a solution that integrates Forcepoint's security products into your existing infrastructure.
3. Deployment and Configuration: Deploy and configure the Forcepoint products. This might involve setting up proxies, agents, or cloud services.
4. API Interaction (if applicable): If the chosen Forcepoint product exposes APIs for management, logging, or custom policy enforcement, developers would then use those APIs.

Below is a conceptual example of how one might interact with a hypothetical Forcepoint API to query URL classification, demonstrating a pattern that might exist if direct access were possible. This Python example uses a placeholder API endpoint and authentication, as specific Forcepoint API details are product-dependent and require an active subscription.

import requests
import json

# Placeholder for a Forcepoint API endpoint that might expose URL classification
# NOTE: This is a conceptual example. Actual Forcepoint API endpoints and authentication
# will vary by product and require proper credentials/subscription.
FORCEPOINT_API_ENDPOINT = "https://api.forcepoint.com/v1/url_classification"
API_KEY = "YOUR_FORCEPOINT_API_KEY" # Replace with your actual API key

def classify_url(url_to_classify):
    headers = {
        "Authorization": f"Bearer {API_KEY}",
        "Content-Type": "application/json"
    }
    payload = {
        "url": url_to_classify
    }
    
    try:
        response = requests.post(FORCEPOINT_API_ENDPOINT, headers=headers, data=json.dumps(payload))
        response.raise_for_status() # Raise an exception for HTTP errors (4xx or 5xx)
        
        classification_result = response.json()
        return classification_result
    except requests.exceptions.RequestException as e:
        print(f"An error occurred during API request: {e}")
        return None

if __name__ == "__main__":
    test_url = "https://www.example.com/malicious-phishing-site"
    
    print(f"Attempting to classify URL: {test_url}")
    result = classify_url(test_url)
    
    if result:
        print("\nClassification Result:")
        print(json.dumps(result, indent=2))
        # Expected structure might include categories, reputation, threat level
        # Example of accessing data:
        # if 'categories' in result:
        #     print(f"  Categories: {', '.join(result['categories'])}")
        # if 'threat_level' in result:
        #     print(f"  Threat Level: {result['threat_level']}")
    else:
        print("Failed to get URL classification.")

    # Another example
    safe_url = "https://www.developers.google.com/safe-browsing"
    print(f"\nAttempting to classify URL: {safe_url}")
    result_safe = classify_url(safe_url)
    if result_safe:
        print("\nClassification Result:")
        print(json.dumps(result_safe, indent=2))

This Python script illustrates the general pattern for making a POST request to an API endpoint with a JSON payload and handling the response. Authentication is typically handled via API keys or OAuth tokens, which would be obtained from Forcepoint after purchasing a relevant product or service. Developers should consult the specific API documentation provided by Forcepoint for the product they are using to understand the exact endpoints, request formats, and authentication mechanisms.