Cryptolocker being installed via HTTPS

We know, we know, we know... proxies are complex.  It's much easier to install a Next Gen Firewall and check the box.  However, what are you going to do about DLP?  Additionally, what are you going to do about the latest Cryptolocker attack? Per here and below, Firefoxpatch.exe, which is indeed malware, is being distributed via the phaaccounty-taxes website:

Your answer may be to turn on HTTPS Decryption.  We'll let you in on an ugly little secret... most Next Gen Firewalls have performance degradation issues when this feature is turned on per this NSS Labs Test:

Are we saying Next Gen Firewalls are not the answer?  Not at all... they are absolutely part of the answer as the IPS, VPN, Application ID capabilities and traditional firewalling features are necessary.  However, you need to augment these solutions with feature rich proxies ala the Raytheon|Websense APX Solution to enable a complete Security Architecture.  Schedule a briefing with ESPO Systems today to learn more.