Whitepaper Cyren Delivering the Best Security for Public WiFi Users VCW SECURITY. Delivering the Best Security for Public WiFi Users

Transcription

1 VCW Whitepaper Cyren Delivering the Best Security for Public WiFi Users SECURITY Delivering the Best Security for Public WiFi Users

2 Overview Today s technology user expects ubiquitous internet access wherever they go, yet for them security is an after thought. If you provide public internet connectivity, it is important to deliver a great browsing experience and the best protection from the many dangers that lurk on the Internet. Effective filtering for content such as pornography, graphically violent videos and hate speech is important, but even more so is to ensure that users of your service are protected from web-borne threats that may take over their device or worse still, steal their valuable personal data. Malicious content such as malware or phishing sites are hazardous, not only to visitors but also potentially to the network itself. Deploying CYREN WebSecurity for Public Networks in full content-inspection mode brings peace of mind; that visitors and your organisation are protected from the worst of today s internet threats and that your acceptable use policy is relentlessly enforced. The Risk is Very Real As a long-time provider of global security services, CYREN process over 17 BILLION internet transactions every day, originating from more than 600 million users in every part of the globe. The infographic shown below was extracted from the latest CYREN Cyber Threat Report and the view it presents of threat trends is a worrying one.

3 Why is the Outlook So Worrying? Modern web-borne threats are devious. Unprotected WiFi users are particularly vulnerable to sophisticated cyber threats that hide in plain sight as either trusted communications, or on legitimate, well-trafficked websites. Here are some examples: But What If I Use a DNS-Based Security Solution? Many Public and Guest WiFi network operators use a cloud-based Domain Name Server (DNS) based tool to deliver their web content filtering and security. The principle behind this approach is simple: when a user connected to the network makes a request to access a web URL, the request is passed to a DNS lookup service. Before the request is processed, the DNS service checks the requested domain portion of the URL against a database of sites known to host inappropriate and/or malicious content: If the requested domain is not in the database, it is assumed that domain is good and hands the transaction off to the requested site to be fulfilled Malvertising Malware delivery that is embedded within online ads displayed on trusted sites, such as Yahoo! or Facebook. If the requested domain is in the database, it is assumed that the domain is bad and the transaction is blocked with a block message being passed back to the user. While this approach is a step in the right direction, it has several disadvantages, each of which creates risk: 1. DNS-only tools only deal with outbound requests. While this will block access to known hosts of bad content, it will not block unknown sites or sites that contain zero day malware RISK: Cyber criminals know this and sometimes evade detection by using auto-generated brand-new domain names as part of their campaigns. Watering-Hole Concealed malware located on hacked member-based sites; these threats phish targeted individuals for personal information or credentials, while botnets take control of the victim s device. Phishing disguised as trusted communication that contains malware attachments or embedded links to malware sites. Phishing is the preferred method of threat delivery for modern cyber criminals as it is particularly effective on mobile devices. 2. DNS-only tools can only enforce policy for the domain portion of a given URL. This means that if the request is made to access a site such as Forbes.com, this will be permitted as Forbes.com is a well-known, trusted website. RISK: There are times where this is not sufficient. For example, CYREN disclosed in the 2015 Q1 Cyber Threat Report that Forbes.com was recently the victim of a Watering-Hole attack. It is also sometimes impossible to apply an accurate categorisation to a site that has complex user generated content such as blogspot.com. 3. DNS-only tools cannot inspect the content (files, links, etc.) returned by the request. RISK: However, if the request was allowed, malware, or other types of threat such as exploit kits will be sent back to the unsuspecting user, where they will then commence the process of compromising the device. So, as we see, while DNS-based tools can offer a basic level of protection, what they provide is far from comprehensive. Given the rapidly evolving nature of web-based threats, these simple protection measures are becoming less effective, CYREN has performed a detailed analysis of traffic it processes on behalf of Public WiFi network operators and found that anywhere between 0.5% and 1.3% of all requests made by users at these locations are to sites of questionable quality. The majority of these sites were detected by CYREN as hosting exploit kits as well as other types of malware, so the threat is very real and very present.

4 So what is the best way forward? The Best Solution is to Filter at the Traffic Content Level Help is at-hand. CYREN WebSecurity offers both DNS-based policy enforcement and security, as well as full traffic processing. Users accessing public networks are routed through standard networking configurations to CYREN WebSecurity points-of-presence in the cloud. There are two easy ways to deploy the system: 1. Point your DNS to the CYREN cloud and optionally, 2. Map your HTTP port to CYREN WebSecurity and forward your traffic to the CYREN Cloud. Once this is done, you define your routing devices public IP addresses to the system and via the easy-to-use CYREN WebSecurity interface, set an acceptable internet usage policy for traffic from each address. In this way, users are protected from cyber threats and organisations protect the network-accessing public from inappropriate internet use or content. The foundation of the service is the CYREN global cloud platform, which has been in operation for over 15 years across multiple worldwide high-availability data centres. Multiple global points of presence ensure low latency (making sure your users aren t left waiting to access Web sites), as well as local data handling - keeping data in-region - where required. CYREN WebSecurity Delivers Applied Cyber Intelligence to Your Traffic Modern Cloud-based Web Security for the Latest Cyber Threats - With CYREN WebSecurity you have one cloud-based solution for every user, wherever they are and whatever devices they use. CYREN WebSecurity provides consistent real-time cyber intelligence on active online threats. Best-of-Breed Web Filtering with Flexible Policies and Controls - CYREN uses a unique combination of automated engines and human analysts to continuously classify the current status of the Web using a real-time database of over 150 million URLs. Using this data, CYREN WebSecurity allows you to define, apply and enforce your acceptable use policy for web use. You can set policies by user, group, location, time of day and/or type of device in a matter of minutes. Inline AntiMalware - Minimise the risk of infection on devices. CYREN WebSecurity includes the same best-in-class antimalware trusted by the world s largest IT brands, including Google and Microsoft. So you can detect known and previously unseen web malware in scripts and downloads and provide immediate protection for your users.

5 Benefits of CYREN WebSecurity Enforce Your Acceptable Use Policies - Providers of guest and/or public WiFi-based Internet access can use CYREN WebSecurity to comply with regulatory, customer-driven, or organisational guidelines for acceptable use of the Internet. Easy Integration - Route your traffic to the CYREN cloud for processing and you can immediately enforce policy. Management for hotspots and policy is simple with our intuitive web dashboard. Layered Security - CYREN WebSecurity applies up-to-the-moment cyber intelligence to protect users against new and emerging threats. To do this, CYREN utilises DNS filtering for HTTP, as well as cyber intelligence derived from the analysis of 17 BILLION Internet transactions from more than 600 million users in 200 countries on a daily basis. Best of Breed URL Filtering CYREN is a global leader of real time cloud-based URL filtering, delivering solutions to major security solution vendors and service providers around the world. CYREN continuously classifies URLs with automated engines and human analysts, maintaining 64 URL categories in a real time database averaging over 150 million URLs. CYREN WebSecurity enables network providers to directly manage the application of this database in easily configured policies for public WiFi services and networks. Optimise Your Bandwidth Utilisation CYREN WebSecurity enables network providers to shape and filter internet traffic. Providers can optimise network utilisation and consistently provide a great user experience. About VCW Security VCW SECURITY VCW Security specialises in the distribution and marketing of IT security solutions and services to end-user companies via the reseller channel. VCW Security is different to other companies. Instead of simply replicating existing products at a lower cost, the company has successfully pioneered many new and innovative technologies and challenged the market dominance of established vendors. A wide range of products and services are offered from leading edge, non-competing vendors that help define the market and ensure higher margins for channel partners, all of which are recognised for the delivery of next generation security management solutions. VCW Security only works with a select group of channel partners that have a proven track record in the markets in which they operate. This ensures limited competition, a cleaner more qualified channel and no erosion of margin. Address: Hollis House, Maesbury Road, Oswestry, Shropshire, SY10 8NR Tel: Fax: enquiries@vcwsecurity.com Web: