Managing Web Security in an Increasingly Challenging Threat Landscape

Similar documents
Building a Business Case:

Next-Generation Firewalls: Critical to SMB Network Security

Putting Web Threat Protection and Content Filtering in the Cloud

isheriff CLOUD SECURITY

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO p f

INTRODUCING isheriff CLOUD SECURITY

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Cyber Security Solutions:

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

Spear Phishing Attacks Why They are Successful and How to Stop Them

Secure Your Mobile Workplace

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

Secure Web Gateways Buyer s Guide >

A Manager s Guide to Unified Threat Management and Next-Gen Firewalls

White Paper. How to Effectively Provide Safe and Productive Web. Environment for Today's Businesses

Types of cyber-attacks. And how to prevent them

Security A to Z the most important terms

Firewall and UTM Solutions Guide

Fighting Advanced Threats

ISB13 Web security deployment options - which is really best for you? Duncan Mills, Piero DePaoli, Stuart Jones

AVeS Cloud Security powered by SYMANTEC TM

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Hosted Web Security

Endpoint Protection Small Business Edition 2013?

Next-Generation Firewalls: CEO, Miercom

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security

Enabling Business Beyond the Corporate Network. Secure solutions for mobility, cloud and social media

Guest Speaker. Michael Sutton Chief Information Security Officer Zscaler, Inc.

Technical Product Overview. Employing cloud-based technologies to address security risks to endpoint systems

Stop advanced targeted attacks, identify high risk users and control Insider Threats

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS

SafeNet Content Security Product Overview. Protecting the Network Edge

10 Smart Ideas for. Keeping Data Safe. From Hackers

Symantec Protection Suite Add-On for Hosted and Web Security

Endpoint protection for physical and virtual desktops

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Ibrahim Yusuf Presales Engineer at Sophos Smartphones and BYOD: what are the risks and how do you manage them?

Five Trends to Track in E-Commerce Fraud

Why Encryption is Essential to the Safety of Your Business

Cyber Security. John Leek Chief Strategist

Protect Your Business and Customers from Online Fraud

SIZE DOESN T MATTER IN CYBERSECURITY

2012 Endpoint Security Best Practices Survey

Marble & MobileIron Mobile App Risk Mitigation

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Webroot Security Intelligence. The World s Most Powerful Real-Time Network Security Services

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

The Attacker s Target: The Small Business

Top 10 Reasons Enterprises are Moving Security to the Cloud

WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

Webroot Security Intelligence for Mobile Suite. Cloud-based security solutions for mobile management providers

Finding Security in the Cloud

The SMB Cyber Security Survival Guide

Security Intelligence

Top tips for improved network security

Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks

Internet threats: steps to security for your small business

Next Gen Firewall and UTM Buyers Guide

Simple security is better security Or: How complexity became the biggest security threat

Cisco ASA and Cloud Web Security: Best-in-Class Network Security Combined with Best-in-Class Web Security

Utilizing Pervasive Application Monitoring and File Origin Tracking in IT Security

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

Top five strategies for combating modern threats Is anti-virus dead?

Defending Against. Phishing Attacks

Replacing Microsoft Forefront Threat Management Gateway with F5 BIG-IP. Dennis de Leest Sr. Systems Engineer Netherlands

DUBEX CUSTOMER MEETING

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

Advanced Online Threat Protection: Defending. Malware and Fraud. Andrew Bagnato Senior Systems Engineer

Defend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall

SafeNet Content Security. esafe SmartSuite - Security that Thinks. Real-time, Smart and Simple Web and Mail Security Solutions.

Why Device Fingerprinting Provides Better Network Security than IP Blocking. How to transform the economics of hacking in your favor

What Do You Mean My Cloud Data Isn t Secure?

10 Things Every Web Application Firewall Should Provide Share this ebook

White Paper. What the ideal cloud-based web security service should provide. the tools and services to look for

SYMANTEC ENDPOINT PROTECTION SMALL BUSINESS EDITION

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Transcription:

Managing Web Security in an Increasingly Challenging Threat Landscape Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Small wonder. Those who would do harm to our computer systems for profit or malice always manage to focus their efforts on our most vulnerable weak spots. Today, that is the web, for a wide number of reasons.

Managing Web Security in an Increasingly Challenging Threat Landscape Table of Contents Executive Summary...1 A Challenging Threat Landscape...3 Taking Action to Address Web Threats...4 Conclusion...5 2

p Ubiquity: Everyone uses the web all the time for all types of activities. Because individuals tend to trust major sites such as Google, Amazon and Yahoo, it s easier and more attractive for cybercriminals to target users at these sites. According to one report, in the second half of 2011, 30,000 new malicious URLs were created every day. 1 p Social Networking: Again, playing into user habits, comforts and vulnerabilities, criminals are increasingly targeting social networks. In one survey, more than 70% of users said they or their colleagues had been spammed on a social networking site, 46% had been the target of phishing exploits and 45% were sent malware. 2 Yet, despite the growth in threats through social networking, 70% of small and midsize businesses still have no policies in place for employee social media use. 3 p Increased Mobility: Everyone is more mobile, driven by the dramatic growth of powerful smartphones, tablets and mobile applications. Unfortunately, increased mobility has made us much more vulnerable to attack. Smartphones are part of the consumerization-of-it trend, and they tend to be less secure than devices designed for businesses. What s more, users often keep their smartphones on all the time, making them much more vulnerable and inviting as a target. The number of malware attacks aimed a mobile devices rose by 185% in less than a year through the first part of 2012 compared with the previous year, according to a congressional report by the U.S. Government Accountability Office. 4 p BYOD: Organizations are finding that they have no choice but to support the bring-your-owndevice phenomenon. Users are hooking up to the corporate network whether their devices are sanctioned or not. They are also bringing all of their bad personal computing habits to the corporate network, which is particularly dangerous if IT has not set up adequate policies and safeguards. So here we have devices that can access valuable corporate data and networks being used to go to web sites that are highly vulnerable to malicious activities. Scary, indeed. A Challenging Threat Landscape Just how challenging and dangerous are the threats? Here s the bad news, according to a wide variety of sources: p More than 30,000 web sites are infected every day, and 80% of those sites are legitimate. Approximately 85% of all malware, including viruses, worms, spyware, adware and Trojans, comes from the Web. Today, drive-by downloads have become the top Web threat. 5 p Malicious sites increased by 240% in 2011 compared with 2010, driven largely by the growth of malware networks, or malnets, as a mode of attack. A malware network directs users visiting trusted sites to malware via relay, exploit and payload servers that continually shift to new domains and locations. According to one report, the average business confronts 5,000 malware threats every single month. Where do the attacks enter the organization? Some 40% come from search engines, 13% from mobile devices, 11% from e-mail and 6.5% from social networking. 6 1 Security Threat Report, 2012, Sophos 2 Security Threat Report, Mid-Year 2011, Sophos 3 New Survey Shows U.S. Small Business Owners Not Concerned About Cybersecurity: Majority Have No Policies or Contingency Plans, National Cyber Security Alliance and Symantec, October 15, 2012 4 Ten common mobile security problems to attack, PCWorld, September 21, 2012 5 Security Threat Report, Websense Security, 2012 6 Blue Coat Systems 2012 Web Security Report, Exposing Malnet Strategies and Best Practices for Threat Protection, Blue Coat Systems, 2012 3

p The Web Application Security Consortium (WASC) lists a total of 34 different types of threats that can compromise a web site, its data or its users, ranging from content spoofing and cross-site request forgery to HTTP response smuggling and XML injection, among dozens of others in between. And those are just threats focused on web applications. 7 Then add in some of the additional ways in which cybercriminals commonly use the web to distribute malware: black-hat search engine optimization, social-engineered click-jacking, spearphishing sites, maladvertising, compromised legitimate Web sites and drive-by downloads. The other bad news is that the bad guys are becoming increasingly coordinated and sophisticated. As noted by one major security report, The sophisticated business models used by cybercriminals have allowed tools and services once reserved for the cybercrime elite to be made available on the black market as commodities. The more savvy criminals offer their goods and services to those who may be starting out or are in need of setup and instructions. Whether selling off-the-shelf botnets, Trojans by the binary or Zeus recompiles, the underground is loaded with tools to allow any newbie cybercriminal to launch an attack. 8 Successful web security attacks can, of course, be devastating. The average cost of a data breach is $5.5 million, and the cost of losing a single record is $194, according to the 2011 Cost of Data Breach Study by the Ponemon Institute. 9 Lost business costs alone averaged $3.01 million and, for the first time in the study s history, malicious or criminal attacks accounted for more than a third of the total breaches. Further, malicious attacks have been the most costly of all types of breaches. Taking Action to Address Web Threats The good news is that leading vendors in the security technology industry, such as Webroot, are providing a wide range of innovative solutions to enable small and midsize businesses to stay on top of this changing threat landscape and prevent damaging attacks. Foremost among these solutions are secure web gateways and, specifically, the rapidly growing market for cloud-based secure web gateways. So what are secure web gateways, and how do they protect small and midsize businesses? Here is a definition from research firm Gartner: A secure web gateway (SWG) is a solution that filters unwanted and malicious software from userinitiated web/internet traffic, and enforces corporate Internet policy compliance. SWGs must, at a minimum, include URL filtering, malicious code detection and filtering, and application controls for popular Webbased applications. Native or integrated contentaware data loss prevention (DLP) is also increasingly included. The fastest growing segment of the SWG market is in the cloud, where SWG as a service is projected to grow by about 35% in 2012, according to Gartner. There are significant advantages to deploying a cloud-based secure web gateway, particularly for SMBs that need to get security solutions up and running quickly and inexpensively. By using a cloud-based SWG, organizations don t have to spend money on hardware and software, and they also save money over time on maintenance, updating and service. What s more, a cloud-based service provides a more secure perimeter for the organization, especially with the growth of mobility, 7 The WASC Threat Classification 2.0 8 RSA 2012 Cybercrime Trends Report, EMC, 2012 9 2011 Cost of Data Breach Study, United States, Ponemon Institute, March 2012 4

the shift to the BYOD paradigm and the growing deployment of less secure platforms like tablets and smartphones. How can a cloud-based service give you more protection? p Better defense against zero-day threats and spam servers p Real-time threat detection and immediate deployment p More comprehensive signature and URL databases p Better performance p Support for remote and roaming employees p Fault tolerance Of course, not all cloud-based secure web security solutions are created equal. In looking for a solution, SMBs should focus on certain key characteristics. Does your provider offer service-level agreements (SLAs)? Does the service enable users to authenticate directly to the service from any location, supporting policy enforcement for roaming users while ensuring that users can t bypass company policy? Does the solution take advantage of a comprehensive, cloud-based malware detection service to enable real-time protection against threats as they are discovered? Does it utilize a small client plug-in that makes it simple to deploy on all devices, without having any impact on the user experience or network performance? In weighing all of the features an SMB should be looking for in a secure web gateway, the logical first-choice solution is the cloud-based Webroot Web Security Service. Among the key benefits of the Webroot service are: p 100% protection against known viruses as part of the SLA p The only cloud-based solution that provides separate antivirus and antispyware engines p Industry-leading URL filtering and IP protection through the Webroot Intelligence Network p Simplified management and deployment through a centralized web-based management console p Advanced Desktop Web Proxy Plug-In Agent, which is a small client plug-in that enables a wide range of management features, including the ability to control which sites will not be filtered and the flexibility to transparently handle hot spots accessed by roaming users p Rapid deployment and guaranteed service availability p Option to extend protection with Webroot SecureAnywhere Business Mobile to smartphones and tablets, including Android and Apple ios devices, and to manage everything via the same management portal as the web service Conclusion The major trends that are driving businesses and information technology today mobility, social networking, BYOD and cloud computing are also making organizations more vulnerable to security threats. More than ever, cybercriminals are on the prowl to take advantage of these vulnerabilities, making the threat landscape more challenging. Threats are evolving quickly and increasingly targeted at web-based vulnerabilities. Organizations need solutions that are effective in this new environment, as well as easy to deploy, quick to respond and flexible as threats change. Cloudbased secure web gateways such as Webroot Web Security Service are the best way to address this changing landscape. Webroot provides a comprehensive, feature-rich and innovative cloud-based secure web gateway that addresses all of the web security requirements of any small or midsize business. For more information, please visit: http://www.webroot.com/en_us/business/web-security/. For a free trial of the Webroot Web Security Service, go to: http://www.webroot.com/en_us/business/land/security-risk.html 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information