Balancing Social Networking with Network Security Objectives >



Similar documents
Blue Coat WebFilter >

Threat Containment for Facebook

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

Secure Web Gateways Buyer s Guide >

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS

Top five strategies for combating modern threats Is anti-virus dead?

WEB PROTECTION. Features SECURITY OF INFORMATION TECHNOLOGIES

THE WEBPULSE COLLABORATIVE DEFENSE

ENABLING FAST RESPONSES THREAT MONITORING

How To Control Your Network With A Firewall On A Network With An Internet Security Policy On A Pc Or Ipad (For A Web Browser)

Types of cyber-attacks. And how to prevent them

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

isheriff CLOUD SECURITY

Application Visibility and Monitoring >

Application Delivery Networks: The New Imperative for IT Visibility, Acceleration and Security > White Paper

How To Protect Your Online Banking From Fraud

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security

Downloading and Configuring WebFilter

INTRODUCING isheriff CLOUD SECURITY

Netsweeper Whitepaper

Advanced Persistent Threats

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Hosted Web Security

REVOLUTIONIZING ADVANCED THREAT PROTECTION

The Benefits of SSL Content Inspection ABSTRACT

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

The enemy within: Stop students from bypassing your defenses

WEBSENSE TRITON SOLUTIONS

1110 Cool Things Your Firewall Should Do. Extending beyond blocking network threats to protect, manage and control application traffic

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community

10 Things Every Web Application Firewall Should Provide Share this ebook

White Paper. What the ideal cloud-based web security service should provide. the tools and services to look for

The Hillstone and Trend Micro Joint Solution

What Do You Mean My Cloud Data Isn t Secure?

Advantages of Managed Security Services

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

AVG AntiVirus. How does this benefit you?

Managing Web Security in an Increasingly Challenging Threat Landscape

Internet threats: steps to security for your small business

Spyware: Securing gateway and endpoint against data theft

Cyber Security Solutions:

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

DUBEX CUSTOMER MEETING

Next-Generation Firewalls: Critical to SMB Network Security

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

The Value of Managed Security Services > White Paper

Addressing Big Data Security Challenges: The Right Tools for Smart Protection

Top 10 Reasons Enterprises are Moving Security to the Cloud

Secure Your Mobile Workplace

10 Quick Tips to Mobile Security

Defending Against. Phishing Attacks

Malware & Botnets. Botnets

Protecting Your Network Against Risky SSL Traffic ABSTRACT

Fighting Advanced Threats

Top tips for improved network security

NEXT GENERATION SECURE WEB GATEWAY: THE CORNERSTONE OF YOUR SECURITY ARCHITECTURE

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

WEB ATTACKS AND COUNTERMEASURES

Security Report. Security Empowers Business DO NOT ENTER. Blue Coat Research Maps the Web s Shadiest Neighborhoods. September 2015

Proxy Blocking: Preventing Tunnels Around Your Web Filter. Information Paper August 2009

Streamlining Web and Security

Protecting Your Roaming Workforce With Cloud-Based Security

Bad Ads Trend Alert: Shining a Light on Tech Support Advertising Scams. May TrustInAds.org. Keeping people safe from bad online ads

How Traditional Firewalls Fail Today s Networks And Why Next-Generation Firewalls Will Prevail

Five Tips to Reduce Risk From Modern Web Threats

How to stay safe online

ProxySG TechBrief Downloading & Configuring Web Filter

TRITON APX. Websense TRITON APX

Content Security: Protect Your Network with Five Must-Haves

AVeS Cloud Security powered by SYMANTEC TM

Endpoint Security Management

SafeNet Content Security Product Overview. Protecting the Network Edge

A Websense White Paper Implementing Best Practices for Web 2.0 Security with the Websense Web Security Gateway

Perception and knowledge of IT threats: the consumer s point of view

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management.

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

End-user Security Analytics Strengthens Protection with ArcSight

Transcription:

Balancing Social Networking with Network Security Objectives > October, 2010

Social Networking is Here to Stay With the explosion of other options for social networking, interaction and collaboration, email has lost its position as the primary Internet-based communication tool. In fact, The Wall Street Journal reported that there were more social networking accounts than Webmail accounts in 2009. i Today, users rely more on blogs, tweets, social networking posts and even video clip communications to enrich both personal and professional information exchange. Even businesses are leveraging social networking and other Web 2.0 services to communicate with customers, employees and partners. A recent survey found that 65 percent of the largest 100 international companies have active accounts on Twitter, 54 percent have a Facebook fan page, 50 percent have a YouTube channel and one-third have corporate blogs. ii One in five of major international businesses are actually using all four of these technologies. While these sites and services offer tremendous business benefits, they also present serious risks that have to be managed. For instance, they are often the target of malicious attacks due to their popularity. Video sites like YouTube consume tremendous amounts of bandwidth if they are not properly managed on the corporate network. And employees may intentionally or accidentally leak sensitive company data onto a social networking site, breaches that can result in lost competitive information, public Email vs Social Networking Users relations headaches, fines, legal action and more. The good news is, with the right security approach, these consequences can be successfully avoided. 230.2 229.2 2008 Email Social Networking 276.9 301.5 2009 Source: Wall Street Journal 3 1 < >

Managing the risks The benefits of social networking also come with significant risks, including: Security: Threats such as malware, phishing and data loss are increasingly targeting social networking because the wide range of communication features makes it easier to spread untrustworthy messages or hazardous malware. By exploiting the trust factor inherent in social networking, malware can more easily bypass traditional security approaches by manipulating users to download malicious content that appears to come from a trusted source, such as a friend or familiar organization. Bandwidth management: The rich media inherent in much of social networking s interactions, including pictures, music, and video, consume vast amounts of bandwidth. If left uncontrolled, streaming video to hundreds of systems at the same time can shut down critical applications. Inappropriate Internet use: Recreational surfing and posting on personal blogs or social networking accounts not only diminish employee productivity, they can have other costs as well. If not properly managed, recreational network use can impact business application performance, create liability risks, and potentially introduce malware into the organization. Enforcing network usage policies and maintaining a secure web gateway are critical to ensuring optimum business performance. Responses to these challenges are equally broad. Luckily, the best practices for securing social networking are similar to those used for web threats in general. The task facing today s businesses, therefore, is to understand their organizations priorities around effective and appropriate social networking use, and the strengths and limitations of the various security options. The ultimate goal is to find the balance between achieving the productivity benefits of social networking while protecting the organization from dangerous threats. 2 < >

The usual suspects Practically every web threat against email or web browsing has found new life in the world of social networking. Sites and services like Facebook and Twitter provide new ways for cybercriminals to hide malware, set up fake sites, compromise legitimate sites and spread an attack from one member of a social network to another. They simply bypass most traditional defenses along the way. Here s how these different types of attacks work: Malware Malware remains the number one threat to anyone using the Internet, and these threats often combine botnets, spyware, viruses, Trojans, worms and other techniques into complex attacks. Malware can also be part of a targeted attack on an organization with potentially catastrophic consequences. For example, between January and March 2010, the computers of 13 South Korean Army officers became infected with malware that resulted in the theft of war operation plans. iii In a recent survey, antivirus solution vendor Sophos reported that 36% of users revealed that they had been sent malware via social networking sites. iv Blue Coat Security Labs reported that two-thirds of all malware attacks in 2009 were spread when users were offered a video clip which, when clicked, would report that the user needed to update their Flash player or install new software to view the video. v This malwarespreading mechanism depends on a user behavior that is almost automatic among social networking users where video content sharing is so common. In addition, many threats often capitalize on highly publicized events and catastrophes such as natural disasters, massive power outages, civil disturbances and more. These attacks may pose as charitable organizations to solicit donations or offer fake video of dramatic events to manipulate users into downloading malware. Phishing Phishing attacks attempts to trick users into revealing confidential information are on the rise within social networking environments. Some are designed to simply collect hundreds of thousands of email addresses that can then be used for spam, email virus attacks and so forth. Other phishing attempts can be complex, targeted attacks intended to dupe smaller numbers of select individuals into revealing more valuable details such as financial or personal data. In 2009, blended threats evolved into much more complex structures, adapting to the current environment of technology, users and vulnerabilities. 3 < >

Phishing attacks use social engineering techniques to deceive people into divulging confidential information. Just like malware, these attacks have been extremely successful within social networking sites because they exploit the high level of trust users place in their network of friends. Unlike suspiciouslooking URLs sent anonymously via email, users are far more likely to trust content, such as a video link, that comes from a familiar source. The success of these attacks is perhaps why Facebook is the fourth most popular online phishing target. vi The sheer popularity of these sites makes them attractive targets for cybercriminals. In fact, Blue Coat Security Labs found that social networking sites account for 25% of the top 10 most active URL categories. vii So, as their popularity has grown, so have the attacks. And while personal information loss is typically the first victim of these attacks, corporate assets may also be compromised as a result. Data Loss Industry analyst Forrester Research has reported that Web 2.0 applications such as blogs, wikis and social networking sites provide an easy way for data to escape from an organization. viii An individual who wants to steal corporate data is highly unlikely to use the company s email system because it s almost impossible to do quickly or anonymously. As a result, social networking services have become a highly attractive way to steal information because they provide several ways to post documents, video or plain text. However, nearly 80 percent of data loss is unintentional, and accidental information leakage through social networking sites may present a greater risk than criminal activity. ix This may be the result of the casual and open nature in which users approach social networking, or the atmosphere of trust that weakens a user s judgment. Things that they would never discuss openly in a public setting are often shared freely within social networking sites including confidential data. Bandwidth Abuse Social networking encourages frequent communication. It often involves visiting pages that contain dozens or even hundreds of comments and links. Every time a user visits a page to see what is new, their browser is also presented with mostly old content as well. And the user dynamically moves 4 < >

from one page to another as they follow different trains of thought or simply visit the pages of key members of their social network. The total gateway bandwidth hit can be staggering for many organizations. Combine this with the extensive sharing of multimedia on social networks and it s easy to see that bandwidth consumption can quickly become a problem, and could cause more mission-critical applications to fall below their necessary performance levels. Critical tasks such as retrieving database records or electronically submitting important information frequently hits performance bottlenecks. Bandwidth abuse is even more detrimental to organizations who rely on Software-as-a-Service (SaaS) solutions, or who manage virtual desktops for remote or mobile users. 40M 30M 20M 10M Jan 09 Source: Twitter Jul 09 Dec 09 The number of tweets per day grew from just 2.5 million in January 2009 to over 30 million by the end of the year, with no indication of slowing down. Layered defenses optimize security and bandwidth Just as cybercriminals have applied innovative techniques to leverage social networking, IT must find equally innovative ways to apply their security knowledge, expertise and available technologies to a new environment. A layered defense helps protect against malware, phishing, data loss and bandwidth abuse with a comprehensive security approach that includes real-time web filtering, antivirus software, data loss prevention, mobile security and user education components. Each of these is described in detail below: Web filtering Web filtering provides a front line to neutralize links, scripts and other techniques used to either trick a user or automatically cause the computer to connect to a malware infection source. Next-generation web filtering solutions can preserve and support legitimate social networking activities while preventing the victim s browser from accessing potentially dangerous content and phishing scams. However, many solutions 5 < >

tend to block legitimate pages or even entire domains because they lack more granular response capabilities. So it s important to have a solution that can filter URLs using multiple categories, real-time ratings and a deep level of visibility. Today s web threats move quickly, with an average lifespan of less than two hours in any one location. Even a web filtering solution that provides hourly updates is statistically going to miss half of all active, fast-moving threats. Therefore, an effective web filtering solution must be paired with cloudbased services that increase awareness of web activity and provide access to constantly evolving defense technologies all without requiring frequent downloads and updates to on-premise solutions. Blue Coat WebFilter includes full access to the Blue Coat WebPulse cloud service with over 70 million users and a 100% uptime record since 2004. As a result, it is the largest, most reliable and most respected security cloud service in the industry. Increased web awareness, provided by WebPulse, helps direct and prioritize research efforts to concentrate where users are surfing. WebPulse also includes many automated technologies and can provide real-time category ratings for never-before-seen URLs from around the world in 50 languages. Rather than depending on a single technology, such as reputation analysis, WebPulse accurately categorizes URLs by applying reputation, heuristics, sandboxing, content analysis, deep link inspection and other technologies to web requests. Also, WebFilter is one of the few solutions that can differentiate URLs that are sources of potential malware infection from those used by systems already infected with spyware that attempts to send stolen information back to its creator. First, this ability provides another layer of defense using a single technology. Second, it can immediately alert IT about potentially compromised systems so they can evaluate and clean the system if necessary and ensure nothing else has been compromised on the end point. Antivirus There is little truth to the rumors that antivirus has become a commodity. Indeed, the fast-moving, rapidly evolving nature of today s malware has put even greater demands on antivirus vendors. Yet while the best practice of multi-vendor antivirus has not changed, the reasons behind this practice have. 6 < >

In the 1990 s, multi-vendor antivirus usage evolved because it was never clear which vendor would be the first to respond to a new threat at a time when response times were measured in days. Having two vendors increased the chance of at least one vendor catching the threat. But today s vendors can typically respond in just a few hours to a totally new threat. However, most new threats are simply variants of previously identified malware. In a single day, hundreds or even thousands of variants of a single virus may be released onto the web. So each antivirus vendor has developed their own approach to identify and block a variant of known malware. However, few can claim even a 40-50% detection rate. Therefore, using one AV vendor on the end point, and another at the gateway, increases the likelihood of blocking a recently introduced malware variant. Since the first FTP/HTTP antivirus scanners were introduced in the mid- 90s, performance was the primary obstacle to fully implementing a gateway antivirus security layer. So Blue Coat introduced the ICAP protocol and the ProxyAV platform, which works in conjunction with Blue Coat ProxySG to help leading AV vendors deliver web security solutions that optimize performance as well. Data Loss Prevention (DLP) DLP must protect against both intentional data theft and accidental data loss. And while email has been the traditional area of focus for DLP deployments, it is clear that email is no longer the dominant form of electronic communication. Organizations must ensure their DLP strategies include the ability to inspect all SSL traffic as well as that used by social networking offerings. Forrester Research has reported that deep content analysis and data-centric control is on many users wish lists, yet web filtering products that offer good DLP functionality are few and far between. x Other research has shown DLP buyers and users to be frustrated with solutions that are either too complex to be usable or too simplistic to be effective. An effective DLP strategy must include data registration features for accurate content identification, offer multi-function capabilities (for email, web and network DLP), include proactive discovery DLP capabilities and still be easy to use and maintain. 7 < >

The Blue Coat Data Loss Prevention appliance was created to deliver on those requirements. With a typical one-day deployment, companies can quickly begin to detect and block potential data leaks. Pre-defined policies can be used as-is or customized to monitor and control information traveling across the network, in email, or to the web, including posts to social networks. Support for full data registration capabilities help ensure accurate, proactive discovery and real-time leak detection while minimizing false positives. Bandwidth Management Managing bandwidth is a complicated responsibility. While it s easy to completely block malicious or inappropriate sites, managing connections to other URLs can be more complex. Web filtering is the most effective way to control malicious or recreational web traffic, but require granular capabilities that enable more than just the ability to allow or deny access. Controlling bandwidth requires visibility into current traffic patterns. IT must identify which applications are in use, their performance requirements, peak usage times and their importance to the business. Mission-critical applications should be given priority to ensure quality of service, and some applications or types of network traffic may be restricted to a fixed percentage of available bandwidth. The impact from video clips and streaming media may be constant or IT may find spikes in activity at certain times of the day or around certain events. Personnel conducting research, or just staying on top of the news as part of their morning ritual, are now watching video clips as well as reading articles. For instance, many U.S. businesses found their networks saturated and mission-critical applications failing on the day their employees tried to watch the presidential inauguration of Barack Obama online. Sports events often pose another performance threat to network bandwidth as online broadcasting expands. The most effective way to manage peak demand is to grant various levels of 8 < >

access based on a user s role, time of day and the content type. For example, Facebook access may be permissible during certain hours but not the games offered through the site. By limiting bandwidth consumption and setting application priorities, it s possible to provide access to social networking and multimedia content and still ensure mission-critical applications operate at acceptable levels. For example, employees can view YouTube, but only with 8% bandwidth. And if a mission-critical application periodically requires additional bandwidth, lower priority applications and traffic can be further restricted. Thus, employees can access bandwidth-consuming applications without impacting key agency functions. Blue Coat PacketShaper provides these granular features with integrated visibility and control capabilities in a single appliance. With PacketShaper s application performance monitoring capabilities, IT can identify all the applications on the network and monitor response times and utilization at the application level. Web traffic can be correlated with URL categories to ensure mission-critical application bandwidth requirements are met before social networking, for example. Social networking access would remain available during these times, although with reduced performance due to its lower priority. Mobile Security Mobile and remote workers also require web filtering for front-line protection against malware and phishing attacks. Mobile workers have a far greater need for effective security because they typically operate in unsecured environments such as airports, hotels or on their home networks. Because these systems frequently operate outside of the corporate network, they face threats that go beyond social networking. Blue Coat ProxyClient provides a critical way to protect mobile and remote workers on any network. ProxyClient is centrally managed and enforces the organization s policies on web access, and works with the WebPulse cloud service to gather the latest categorization intelligence. But ProxyClient also delivers WAN optimization to help deliver a headquarters work experience to all employees wherever they are. With ProxyClient, you can define which applications to accelerate and which to block based on security and 9 < >

bandwidth requirements. As a result, web filtering is the perfect complement to the end-point antivirus solution, which has become standard on end points. User Education In addition to addressing technology gaps, you also have to educate users about social networking security problems that stem from simple human error. And while the end user will likely remain the number one security risk for any organization, dramatic results can be achieved with just general security training. Education should begin with the basics, but can be placed in the context of social networking to make them fresh and interesting. For example, good login and password practices are a common problem within social networking. Routinely changing login credentials and protecting the confidentiality of passwords are basic security requirements or should be. While this may sound like common sense, the recent Climategate fiasco may have been caused by one scientist who actually included his password in his email signature. xi So even highly educated users need to be reminded about basic security measures. Cybercriminals also know that many users use the same login ID and password on multiple sites, which enables attackers to easily gain access to social networking accounts. In one instance, many Twitter accounts were hacked when users were tricked into creating an account on a fake torrent site. xii Other examples that are much less dramatic, but occur much more frequently, take place when users try to share something to a select group in an appropriate way, but do not realize that the way they shared it made it available to a broader group. Some applications may be popular enough to reasonably provide in-depth application training for users. A great example of an easily avoidable issue recently occurred when over 100 million Facebook pages were compromised simply because most users did not understand some of the security settings 10 < >

available. xiii It may be worthwhile to start surveying users to identify their needs, applications of choice and perhaps even their own list of concerns. Then prepare a plan to ensure users are aware of how to use those applications safely. Also, users need to be reminded that there are no safe zones on the web including social networking sites. Assume that everything revealed on a social networking site will be visible on the Internet forever. Once it has been searched, indexed and cached, it may later turn up online no matter what steps are taken to delete it. Finally, most users are no different than IT no one reads the manual. So many users won t really understand security guidelines until they violate them once or twice. Coaching screens are informational pop-ups or browser redirects that would appear at the instant a violation occurs to inform the user they have violated a policy, someone else knows about it, and explains how to prevent it from happening again. From a product standpoint, IT should look for solutions that not only provide security, but can also support education efforts. Conclusion Social networking has achieved a level of popularity that requires reasonable access at work, but it is also sufficiently mature to bring value to many businesses. But safe social networking requires an aggressive and layered security strategy at the web gateway, as well as the definition of new usage policies and priorities from management and IT. Better end-user education will also be required to ensure workers use social networking applications safely and appropriately. The combination of layered security and education can help organizations dramatically reduce the risks from malware, phishing, data loss and bandwidth abuse. Why is all this necessary? As Jon Otsik of the Enterprise Strategy Group said, Clearly, cybercriminals are taking advantage of social networking s fundamental model of familiarity, trust, sharing and open communications to dupe users and steal valuable data. xiv To close these security gaps, IT and business leaders must ensure they have the right security strategies in place to identify and protect against the rapid evolution of social networking threats. 11 < >

i ii iii The Wall Street Journal, October 12, 2009: Why email no longer rules http://online.wsj.com/article/sb10001424052970203803904574431151489408372.html Burson-Marsteller, February 23, 2010: The Global Social Media Check-up. http://www.burson-marsteller.com/innovation_and_insights/blogs_and_podcasts/bm_ Blog/Lists/Posts/Post.aspx?ID=160 Softpedia, August 21, 2010: Malware Used to Steal South Korean Military Secrets http://news.softpedia.com/news/malware-used-to-steal-south-korean-military- Secrets-153153.shtml iv Sophos, February 2010: Security Threat Report: 2010 http://www.sophos.com/pressoffice/news/articles/2010/02/security-report-2010.html v Blue Coat Security Labs: Web Security Report for 2009 http://dc.bluecoat.com/content/securityreport2010?refer=securitylab vi Mashable, May 12, 2010: Facebook Attracts More Phishing Attacks Than Google and IRS http://mashable.com/2010/05/12/facebook-phishing-target/ vii Blue Coat Security Labs, 2009 viii Forrester Research, April 16, 2009: The Forrester Wave : Web Filtering, Q2 2009 ix eweek, April 29, 2010: How to Integrate Data Loss Protection in Web 2.0 Security Strategies http://www.eweek.com/c/a/web-services-web-20-and-soa/how-to- Integrate-Data-Loss-Protection-in-Web-20-Security-Strategies/ x Forrester Research, April 16, 2009 xi TechWorld, November 26, 2009 xii SC Magazine, February 4, 2010: Twitter accounts compromised in torrent site scam http://www.securecomputing.net.au/news/166357,twitter-accounts-compromised-intorrent-site-scam.aspx xiii SC Magazine, July 30, 2010: 100 million Facebook accounts exposed http://www.securecomputing.net.au/news/221419,100-million-facebook-accountsexposed.aspx xiv Enterprise Strategy Group, July 2010: Cloud-based Community Security http://dc.bluecoat.com/content/esg 12 < >

Blue Coat Systems, Inc. 1.866.30.BCOAT +1.408.220.2200 Direct +1.408.220.2250 Fax www.bluecoat.com Copyright 2010 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of Blue Coat Systems, Inc. Specifications are subject to change without notice. Information contained in this document is believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use. Blue Coat, ProxySG, PacketShaper, CacheFlow, IntelligenceCenter and BlueTouch are registered trademarks of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their respective owners. v.wp-balance-socialnetworks-network-security-objectives-v1-1110

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information