It’s not news that the web is dangerous and getting more dangerous by the day. Cyber criminals have ample economic motive and easy-to-use tools to harness the power of the web in capturing and misusing your data. What is news is that now you can protect your company’s valuable assets from web-based attacks with an effective new form of web security – cloud-based, reputation-driven defense.
Web Threats are on the Rise
The web is experiencing phenomenal growth, and with it, an unprecedented increase in the amount of new malware types that target web browsers, applications, and Web 2.0 infrastructure. Because cybercriminals can reap large profits from attacks that result in identity and data theft, a growing number of organized crime rings continuously fund new attempts to spread malware and acquire web users’ personal data. Through modified packing and encrypting techniques, and other obfuscation methods, attackers can now create thousands of new variants of the same threat with relatively little effort. Despite these threats, most organizations continue to leverage new web-based applications to drive revenue and efficiencies, particularly as Web 2.0 technologies deliver new ways to interact and engage with customers and stakeholders.
Organizations frequently underestimate their exposure to malicious attacks. The statistics can be sobering. In 2009 alone, there was a dramatic 345% increase in the number of new malicious web links discovered. These included high-profile sites, including those run by MSNBC, ZDNet, The United Nations and Honda. According to IDC, up to 30% of companies with 500 or more staff have been infected as a result of Internet surfing. In other words, anywhere web users interact, malware encounters are frequent and common. To fend off new forms of malware – including spyware, viruses, crimeware and other malicious codes – organizations must better safeguard their web security infrastructure. A reactive and fixed security infrastructure must be turned into one that is proactive and adaptable to changes in the threat landscape. There are many ways that legitimate websites can become infected. One inbound threat that has recently gained popularity among cybercriminals is the SQL injection. Hackers use SQL injections to get access to database-driven websites, planting malicious code for site visitors. This can be combined with Web 2.0-based social engineering attacks in which users believe they are being pointed to legitimate content. Compromised sites may host drive-by-downloads, where malware exploits vulnerabilities on the users’ systems to download malware without any user interaction. Common applications such as Apple QuickTime and Adobe PDF may be exploited. Thus, an organization’s own application vulnerabilities and web site code flaws open the door to cybercriminals seeking to infiltrate the organization.
The need to balance security and
Many IT security professionals face conflicting demands from management and network users when it comes to web security. The need for speed is always in demand, but delivering that speed while enhancing security for a broader, more dynamic threat environment is quite challenging. Following are some of the most frequent obstacles to achieving this goal:
- A lack of additional IT budget to shore up network security
- Network constraints that conflict with security issues around cloud computing
- Performance degradations across the network due to additional hosted services
The options for overcoming these obstacles to proactive, multi-layered security are either unappealing or insufficient. For example, one defense against the widespread proliferation of malware is to install anti-virus scanning at the gateway, capturing malware before it ever enters the network. But scanning every page and object at the URL can slow down web page delivery and affect both throughput at the device and the user experience at the browser. Some network administrators may be reluctant to use gateway anti-virus because of its performance impact. Finally, desktop or browser-based scanning solutions only catch threats once they are in the network. By the time these solutions alert users, today’s malware could have already inflicted great amounts of damage to the organization’s computing infrastructure and/or compromised sensitive data from within the organization.
URL Filtering is Not Enough
Since the 1990s, reputation services have been helping organizations block unwanted or bad traffic to ensure that threats never enter the network. By identifying and blocking threats at the perimeter, reputation services help prevent attacks, reduce the on-premise IT footprint required to scan traffic, and lower the costs associated with the bandwidth, hardware, and other resources required to block threats. As web technologies and the web itself have grown more sophisticated, early generation reputation services have become less effective in identifying and blocking threats. To fully understand this loss of effectiveness, it's important to understand how these services have evolved.
On the dynamic web, sites are continuously updated with new content, while URLs are frequently sold and altered. So a site that is scanned and categorized as legitimate by URL filters today may become a malware hub at some later point in time. In order to properly filter out hazardous and dangerous website, a filter cannot merely rely on a static database. According to a report by IDC, “The advances in Web 2.0 technologies require a new generation of web security tools that go well beyond traditional URL filtering.” They add that it must be as dynamic as the web itself, providing real-time protection. In addition, it must scale in order to handle the vast growth of the Internet.
Effective Security is Proactive and Multi-Layered
The most effective approach for defending against the web’s dynamic threats is a proactive, multi-layered approach to web security. Being proactive requires that the security solution reaches into the Internet cloud, obtains the latest threat data from multiple threat-monitoring sources, and prepares a network’s perimeter in the event that one of the threats presents itself to the network.Effective defense is multi-layered, applying additional measures of threat scanning, depending on the type of content that attempt to enter the network.
An example of this is Reputation Enabled Defense which includes real-time monitoring of web traffic, including scanning of URLs to determine the risk level of each and every web page before it enters the network. The solution assesses each threat and type of network traffic. By scanning for hostile content and blocking malicious URLs at the connection level, Reputation Enabled Defense bridges the web security gap left exposed by simple URL filtering, provides safer web surfing and faster web performance.
What to look for in reputation services
Reputation services complement gateway antivirus and traditional desktop solutions by providing improved performance and an additional layer of protection. Unlike traditional gateway anti-virus solutions which typically update signatures on an hourly or daily basis, reputation services provide the equivalent of real-time updates of malware intelligence. The broader and improved URL reputation data they provide result in greater protection from web threats and faster, more productive web surfing. However, not all reputation services function in the same manner, so IT security professionals should exercise caution when evaluating potential solutions.
Many reputation services are implemented as plug-ins that prevent users from visiting web sites known for malware or phishing. However, WatchGuard has adapted a contributor approach to reputation services to offer next-generation reputation services. This approach reflects the belief that to be truly effective and proactively prevent against evolving threats, reputation services must be a true zero-hour first line of defense. Thus, they must not act simply as a monitoring system that relies on static databases as most reputation services on the market do today. WatchGuard’s approach is to manage web threats at the connection level and to perform in-depth analysis at the gateway layer. It then contributes the findings from the gateway to the reputation service in real time, harnessing the intelligence of millions of global users and sources for more powerful and intelligent protection from malicious URLs and web threats. Users can choose to bypass anti-virus and other scanning functions for URLs that are known to have a current good reputation, saving time and helping to maintain performance levels.