Secure Web Gateways Buyer s Guide >

Transcription

1 White Paper Secure Web Gateways Buyer s Guide > (Abbreviated Version)

2 The web is the number one source for malware distribution. With more than 2 million 1 new pages added every day and 10,000 new malicious Web sites found on a daily basis, 2 how do you keep up with the volume, not to mention the increasing sophistication of all these web-based threats? If you are like most organizations, you are looking to shore up or transition from legacy solutions, such as URL filtering, to more modern web security solutions, such as Secure Web Gateways, to try to adapt to the realities of this new threat landscape. Secure Web Gateways give you more control over your Web traffic and protect you from a host of Web-based threats (malware, phishing, botnets, etc.). But not all Secure Web Gateways are created equal. The number of capabilities you need to consider when choosing a Secure Web Gateway can be daunting. This Buyer s Guide is designed to help you determine the key areas you should focus on during your search, so you can select the best Secure Web Gateway solution for your organization. Key Capabilities Most Secure Web Gateways offer lots of different features, however, there are a few key capabilities you should pay close attention to when evaluating a Secure Web Gateway. The implementation of these capabilities can create big differences in your ability to effectively protect against the breadth and sophistication of the web threats you are facing; they can also impact your ongoing operations. You want to look for solutions that enable you to easily add strong security, without disruption, so you can support your users business needs. At a high-level, the capabilities you will want to focus on include: 1. Advanced Web threat protection 2. Application control 3. Flexible deployment options 4. High Performance 1 Google < >

3 Advanced Web Threat Protection To combat the ever-changing, web-based threats you are facing, you are going to want to have a solution that can identify the many potential attack vectors of a sophisticated attack. You are going to want a Secure Web Gateway that s capable of keeping up with the dynamic and scalable changes in web threats. In general, this requires being able to conduct: -> Advanced URL/Web Filtering -> Malware Detection Advanced URL/Web Filtering Filtering is a critical tool for combating malware. It restricts access to content that s inappropriate or liable for your organization, as well as access to sites that are known to contain attacks. But filtering, based on static, reputation-based categorizations of a particular URL can t keep up with the scale and dynamicnature of today s web. The URL/Web Filtering of Secure Web Gateway solutions must be advanced to support characterizations and policy enforcement that is: -> Accurate -> Real-time -> Multi-dimensional Advanced URL/Web Filtering Checklist Database Accuracy Real-Time Analysis Multi- Dimensional Categories While many believe, URL databases have been commoditized, the ability to accurately categorize particular URLs varies greatly from one vendor to another, as well as the speed in which they perform the analysis. Because a benign URL can be hacked and immediately start serving malware to its visitors, it s important the solution can identify risks real-time, so you can identify: whether a particular benign URL has recently (as recent as few hours ago) been compromised. what content resides on a particular URL, even if it s a completely new URL, with no previous history or reputation. Single categories, such as sports, entertainment, gambling, etc., are not accurate characterizations for a particular URL in today s web landscape. The use of multiple categories is a requirement for any Gateway. You should be able to define policies using any or all of the categories identified. Where does the Gateway get the information that is fed into the database? How is the information checked/validated? Have there been any third-party tests done around the accuracy of the solution? How frequently is the database updated? - Is it static, with regular updates? (inefficient) - Is it dynamically updated? What is the vantage point of the solution? - Is it monitoring traffic? - Is it part of the Web infrastructure, so it s positioned to see exactly what s happening? How do you rate pages, like Facebook, that contain entertainment, news, gaming, etc. content? How granular can you get on the categorization? - For example, can you enforce a policy that enables access to sites categorized as social networking and entertainment, as long as they do not also include gambling content? 2 < >

4 Malware Detection With new URLs emerging daily and existing URLs routinely targeted and compromised by hackers, URL/Web Filtering alone cannot secure enterprise users and networks in real-time. All modern Secure Web Gateways must include some form of malware detection that can identify and protect against polymorphic viruses and attacks. It must support: -> Anti-virus and signature-based attack protection -> Proactive analysis Malware Detection Checklist Anti-virus and signaturebased attack protections Proactive Analysis Network anti-virus solutions continue to be a critical part of any security strategy. Most use signatures (patterns) of known attacks to look for and block the attack from entering your network. The challenge is which AV vendor to use, since different AV vendors excel at identifying different types of attacks. Many Web Security Gateways are designed on architectures that are inherently reactive waiting for an attack to launch and then trying to identify the particular malware. Rather than waiting to react to an attack that already occurred, the Web Security Gateway should be proactively scanning for potential attacks. For example, they should be monitoring malware networks (Malnets), which are a source of more than 2/3 of malware in the world. Is the AV vendor well-respected in the industry? How flexible is the AV engine? - How quickly/easily can updates be pushed live? - Are all updates verified to ensure continuous operation? Does it complement the AV solution you have deployed at the desktop/laptop? - If you have one vendor deployed at the desktop, you may consider deploying another vendor at the network to increase coverage and overall effectiveness. Can the solution block the transmission of attacks from a particular source before an attack occurs? How does the solution anticipate potential attacks? - Any examples of attacks that were detected weeks or even months before it was launched? 3 < >

5 Application Control Web application control is an emerging technology that is rapidly becoming a requirement for all Secure Web Gateways. Application control offers the next level of granular control, beyond enabling or disabling the use of applications it offers control over the individual operations available on a particular application. The number of applications, along with the number of operations, that can be controlled, vary greatly from one Secure Web Gateway to another. Some vendors provide application controls as an extension of their categories, which inherently limits how quickly new applications can be supported; others focus specifically on social networking applications. While a hot topic, social networking are not the only applications you need to control. The Secure Web Gateway should be able to provide comprehensive: -> Web App Control -> Mobile App Control Application Control Checklist Web App Control Mobile App Control The ideal Web application control capabilities should support various types of applications, including , IM, audio, video, financial services, news, etc. Applications have different features and functionality when accessed via a Web browser, native application on a smartphone, or mobile browser. Each provides different capabilities and user experiences. As such, a Secure Web Gateway should have the ability to control mobile applications, whether they are native apps or accessed via a mobile browser. Is there a proven track record of supporting a wide range of applications? How many applications are supported? - Should have at least 100+ different applications supported, spanning all different application types. - Should have more than 250 controls for the application operations. How easy is it to add support for an application? What kind (number) of mobile applications are supported? Can it distinguish between native applications on a smartphone and applications accessed via a mobile browser? 4 < >

6 Flexible Deployment Options Because your network is increasingly made up of a mix of hardware, virtual appliances, and cloud-based solutions, you need a vendor that can support the range of deployment options you require. Multiple vendors for different deployment scenarios can add a lot of costs and complexity to your environment ideally, you want a single vendor capable of supporting all your different deployment requirements with a coordinated solution, backed by a common architecture. You want to look for a vendor that offers: -> Multiple deployment options, with a traditional appliance, virtual appliance and cloud-based solution options -> Consistent security enforcement, regardless of the mode of deployment Deployment Option Checklist Multiple Deployment Options Consistent Enforcement Enterprises require different deployment options to meet different business requirements e.g. they may want to deploy a traditional appliance at their headquarters, a virtual appliance at their remote offices, and a cloud-based solution for their remote/field workers. When selecting the best Secure Web Gateway, enterprise must consider that future needs may dictate the need to support a wide range of deployment options. Common management and enforcement of policies across all deployments simplifies the ongoing operations associated with the solution. However, many solutions that provide a common GUI do not provide consistent capabilities and policy enforcement across deployments it s not surprising if you consider many vendors have added cloud-based solutions to their portfolio through acquisitions. Does the vendor offer a: - Traditional, on-premise appliance - Virtual appliance - Cloud-based solution Is there a proven track record of supporting these different deployment options? - Has the virtual solution been purpose built or is it simply the software from their appliance solution? Can you apply consistent policy enforcement across all deployments? - Traditional on-premise appliance - Virtual appliance - Cloud-based solution Do the solutions share a common GUI? Do the solutions share a common architecture? What is the background of the solutions? (Are they home-grown or acquisitions) 5 < >

7 High Performance The performance of an inline security solution, such as a Secure Web Gateway, is critical for the ongoing operations of your enterprise. As you depend more and more on Web applications to connect, collaborate, and conduct business, the performance of everything on that network is ever more critical. You cannot afford network degradations or disruptions to service. You need to pay particular attention to the architecture vendors use for their solutions because it can have a significant impact on the overall performance. You want to look for vendors that provide: -> Qualified High Performance -> On-Box Analysis Performance Checklist Qualified High Performance On-Box Analysis The architecture of the Secure Web Gateway can significantly impact its performance. For example, it s difficult for software-based solutions that use 3rd party hardware to deliver high performance because the hardware is not optimized to work with that software. As needs grow and change, it can be hard for these vendors to recommend appropriate hardware to achieve the required scale. You want a vendor that has the experience of offering the highest performing solution possible. Traditional solutions are often designed to analyze traffic using the resources of the appliance. Once the network traffic exceeds the capacity of the appliance, the overflow traffic is often discarded. To avoid this situation, some solutions are designed to selectively scan traffic; hedging their bets that uninspected traffic will be benign this leaves you vulnerable. The preferred approach to addressing performance bottlenecks is to offload specific capabilities, such as real-time analysis, to the cloud. This architecture offers the benefit of the almost unlimited computing capacity of the cloud. Modern Secure Web Gateways based on this architecture ensure all network traffic is inspected. Does the vendor have a history of offering a true appliance, with the experience of developing both the software and hardware components of the solution. How is the solution architected? Can the vendor scale the solution to meet your needs as they grow and change? What happens when the network traffic exceeds the Gateway s capacity? At peak times, is all traffic still inspected? 6 < >

8 About Blue Coat Blue Coat Systems is a leading provider of web security and WAN optimization solutions that optimize and secure the flow of information across the network. These technologies speed decision making, maximize employee productivity and reduce bandwidth costs, while protecting against web-based threats. For additional information, please visit 7 < >

9 Blue Coat Systems, Inc BCOAT Direct Fax Copyright 2012 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of Blue Coat Systems, Inc. Specifications are subject to change without notice. Information contained in this document is believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use. Blue Coat, ProxySG, PacketShaper, CacheFlow, IntelligenceCenter and BlueTouch are registered trademarks of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their respective owners. v.wp-swg-buyers-guide-v1b-1012