Security and control: The smarter approach to malware and compliance



Similar documents
Spyware: Securing gateway and endpoint against data theft

Instant Messaging, VoIP, P2P, and games in the workplace: How to take back control

Assessing endpoint security solutions: why detection rates aren t enough

brilliantly simple security and control

Top five strategies for combating modern threats Is anti-virus dead?

Small business solutions. All-in-one security that s easy to set up and use ANTI-VIRUS ANTI-SPYWARE ANTI-ADWARE ANTI-SPAM CLIENT FIREWALL

Stopping zombies, botnets and other - and web-borne threats

Windows Vista: Is it secure enough for business?

NAC at the endpoint: control your network through device compliance

Applications, virtualization, and devices: Taking back control

Reviewer s Guide. PureMessage for Windows/Exchange Product tour 1

McAfee Endpoint Protection Products

Protection for Mac and Linux computers: genuine need or nice to have?

Top Four Considerations for Securing Microsoft SharePoint

Did you know your security solution can help with PCI compliance too?

Seven for 7: Best practices for implementing Windows 7

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community

Laws, regulations and compliance: Top tips for keeping your data under your control

The Challenge of a Comprehensive Network Protection. Introduction

A progressive and integrated approach to protecting corporate networks

Cisco ASA 5500 Series Content Security Edition for the Enterprise

The dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more

Symantec Endpoint Protection

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

Stopping data leakage: Making the most of your security budget

How To Use Puremessage For Microsoft Exchange

The spam economy: the convergent spam and virus threats

Mobile Devices and Malicious Code Attack Prevention

Zscaler Cloud Web Gateway Test

Cyber Security Solutions:

overview Enterprise Security Solutions

Copyright 2011 Sophos Ltd. Copyright strictly reserved. These materials are not to be reproduced, either in whole or in part, without permissions.

Endpoint protection for physical and virtual desktops

Symantec Endpoint Protection

The Latest Internet Threats to Affect Your Organisation. Tom Gillis SVP Worldwide Marketing IronPort Systems, Inc.

Protecting personally identifiable information: What data is at risk and what you can do about it

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

INFORMATION PROTECTED

Symantec Endpoint Protection

Top tips for improved network security

Endpoint Security More secure. Less complex. Less costs... More control.

Symantec Endpoint Protection

CA Host-Based Intrusion Prevention System r8.1

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

for businesses with more than 25 seats

McAfee Total Protection Reduce the Complexity of Managing Security

How To Protect Your Network From Threats From Your Network (For A Mobile) And From Your Customers (For An Enterprise)

Symantec Endpoint Protection Datasheet

Websense: Worldwide Leader in Web Filtering Expands into Web Security

Cisco & Big Data Security

Netsweeper Whitepaper

How to stay safe online

Eight threats your anti-virus won t stop

Endpoint protection for physical and virtual desktops

Symantec Protection Suite Add-On for Hosted and Web Security

Cisco ASA 5500 Series Business Edition

Cisco ASA 5500 Series Anti-X Edition for the Enterprise

Integrated Protection for Systems. João Batista Territory Manager

Remote-Access VPNs: Business Productivity, Deployment, and Security Considerations

IBM Endpoint Manager for Core Protection

WHITE PAPER. Understanding How File Size Affects Malware Detection

White Paper. What the ideal cloud-based web security service should provide. the tools and services to look for

The enemy within: Stop students from bypassing your defenses

AVG AntiVirus. How does this benefit you?

Choose Your Own - Fighting the Battle Against Zero Day Virus Threats

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS

Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media

Understanding the Total Cost of Ownership for Endpoint Security Solutions. A TCO White Paper

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

Best Practices Top 10: Keep your e-marketing safe from threats

Security for Small Businesses: What's the Right Solution For You?

Features Business Perspective.

Technical Product Overview. Employing cloud-based technologies to address security risks to endpoint systems

Taking a Proactive Approach to Patch Management. B e s t P r a c t i c e s G u i d e

Cascadia Labs URL Filtering and Web Security

A progressive and integrated approach to protecting corporate networks

Next-Generation Firewalls: Critical to SMB Network Security

Eight threats your antivirus won t stop

W H I T E P A P E R W e b S e c u r i t y S a a S : T h e N ext Generation of Web Security

Managing Security Risks in Modern IT Networks

Tough Times. Tough Choices.

isheriff CLOUD SECURITY

What's the difference between spyware and a virus? What is Scareware?

Data Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement

Defending Against Data Beaches: Internal Controls for Cybersecurity

Symantec Endpoint Protection

Addressing BYOD Challenges with ForeScout and Motorola Solutions

Firewall and UTM Solutions Guide

Our Mission. Provide traveling, remote and mobile laptop users with corporate-level security

Commtouch RPD Technology. Network Based Protection Against -Borne Threats

Juniper Networks Solution Portfolio for Public Sector Network Security

Introduction (Contd )

100% Malware-Free A Guaranteed Approach

BEST PRACTICES FOR SECURE REMOTE ACCESS A GUIDE TO THE FUTURE

Sophos Computer Security Scan startup guide

Protecting Your Roaming Workforce With Cloud-Based Security

Executive Overview...4. Importance to Citizens, Businesses and Government...5. Emergency Management and Preparedness...6

Small Business Protection Guide. Don t Leave Your Business at Risk Protect it Completely

Cisco ASA 5500 Series Content Security Edition for the Enterprise

Transcription:

Security and control: The smarter approach to malware and compliance The continuing evolution of malware threats combined with the demand for increasingly flexible working practices is a significant challenge to IT departments seeking to reduce help desk support and get better value for money from their investment in security. This paper looks at how organizations can benefit from a more integrated, policy-driven approach to protecting the network at all levels and controlling both user access and behavior. A Sophos white paper March 2007

Security and control: The smarter approach to malware and compliance The security challenge IT departments are under continuous pressure to cut costs by reducing the load on the help desk, and to maximize their return on investment (ROI) in security and network management. At the same time, organizations and individuals alike expect greater flexibility in working practices from mobile and remote connections to web access and instant messaging (IM). Now, however, it seems that productivity and network security are out of balance: the need to increase business productivity is driving greater network openness, which in turn is increasing the risk to network security. The challenge for IT departments is to manage the demand for flexibility in a fast-changing environment. External pressures include the rapid growth in highly targeted threats and ever more stringent regulatory and audit compliance requirements; internally, help desk costs are escalating and the network is becoming increasingly heterogeneous, with multiple security layers, operating systems, and device types. Anti-virus and anti-spam solutions in particular have been seen as a drain on budgets and IT resources, particularly with the effort involved in troubleshooting and fixing the problems associated with implementing some solutions. To get better protection and improve ROI, the IT department needs to manage not only the obvious threats of malware and spam, but also users access to the network controlling how they connect, the computers and security they use, and what applications they run. The continuing malware threat Uncontrolled user behavior is only one aspect of the threat landscape. The basic problem of rapid malware evolution has not gone away it is getting faster and more complex, with more focused attacks. The need for multi-tier protection has never been greater, and organizations must safeguard the network from the gateway to the endpoint, including all points of access. Figure 1 shows the explosion of new threats detected by Sophos during 2006, totalling more than 40,000. The surge to over 7,600 in November nearly four times as many as the same month in 2005 can be attributed to the Stratio family of mass-mailing worms that had thousands of variants, increasing the chances of evading detection. Although this was a spike, the overall growth trend looks likely to continue. 8000 7000 6000 5000 4000 3000 2000 1000 0 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Figure 1: New malware threats each month in 2006 1

The threat from the web The web is now perceived by administrators as the biggest threat to security and productivity. 1 Not only do some websites contain visibly undesirable content many also harbor spyware and adware. There has been an explosive growth in web-based downloaders that deliver spyware: Figure 2 shows the percentage of email that contained spyware and the percentage of email that linked to websites from which spyware is downloaded, demonstrating a clear shift towards downloaders during 2006. According to one survey, workers spend around 20% of their internet time on personal business or entertainment, 2 increasing the risk of inadvertently downloading malware particularly spyware and Trojan downloaders. Unmanaged web browsing and personal web transactions in the workplace play into the hands of spammers and malware writers, exposing company email addresses to spam, harvesting, and phishing. Analysis by SophosLabs in 2006 found that over 75% of all phishing emails targeted users of PayPal or ebay. 3 50% 40% 30% 20% 10% 0% Jan Dec Spyware Downloaders Figure 2: Spyware and downloaders in 2006 Organizations need an effective web security solution that must do more than just protect against all forms of malware it must also eliminate potentially unwanted applications (PUAs) and automatically prevent unauthorized web browsing by controlling access to known bad sites. Such a solution needs to be backed by continuous analysis of web traffic around the world, that evaluates the category, code, and conduct of web pages. The threat from email Organizations should continue to be vigilant in order to safeguard their messaging systems by ensuring email gateway and groupware servers, and messaging databases such as Lotus Domino and Microsoft Exchange, are protected from email-borne threats. However, malicious code is being concealed and delivered in ever more devious ways, and the simple inclusion of malware in an email attachment is in decline affecting just 1 in 337 emails in 2006, compared with 1 in 44 in 2005. More spam now contains embedded images, increasing the chances of messages being read and reducing the detection rate by anti-spam filters that rely on the analysis of textual content. These larger files clog up mailboxes and can direct users to websites that deliver malware. For example, a spammed email in November 2006 that offered free explicit images and videos actually contained a weblink to the Psyme-DL Trojan, which has the potential to take control of the target computer. Modern spam can also mutate to avoid detection, and often uses zombie networks for mass delivery at almost no cost or risk of being blocklisted. Truly effective protection is provided by solutions that can identify spam campaigns and malware families, rather than relying exclusively on specific spam and virus identities, and allow varied policies to be applied that meet the needs of different groups of users and compliance requirements. 2

The threat to endpoint computers Specific protection against malware, hackers, and unwanted applications at the desktop/laptop level is still essential, as highlighted by three high-profile email-aware worms that represented almost 40% of those circulating in November 2006: Stratio-Zip, Netsky-D, and MyDoom-O were all capable of running on Windows Vista. However, there is no longer a need to manage a variety of products to stop different threats. The best endpoint security products have moved way beyond simple protection from spyware, viruses, Trojans, worms, and PUAs. It is now possible to enforce policy from the same single central console to manage intrusion protection via a client firewall, block malicious code before it executes giving the benefits of a Host Intrusion Protection System (HIPS) and control access to unauthorized applications. The enforcement of a broad-based endpoint security policy will itself provide significant protection against the worms and blended attacks that are among the most significant threats the enterprise faces today. Scott Crawford, Enterprise Management Associates 4 Unauthorized applications Despite the potential business and productivity advantages of applications such as Voice over Internet Protocol (VoIP) and IM, they can be a distraction if used inappropriately. VoIP, which allows internet telephony, and distributed computing projects, such as SETI@Home that supports the search for extraterrestrial intelligence, also use up spare capacity slowing the network and unnecessarily increasing the IT burden. Games and peer-to-peer (P2P) file sharing can also cause problems with legitimate corporate applications, adversely affecting both personal and IT productivity. Emerging threats To add to administrators woes, emerging threats include scareware and mobile malware. Scareware is software designed to dupe internet users into believing that their PC is infected or suffering from another security problem, and then encouraging them to purchase a fully-working version of the software that will disinfect their computer. Mobile malware that infects PDAs and smartphones remains a relatively small problem compared with the much larger amount of malware targeting Windows computers, but the threat is slowly becoming real and organizations should be prepared to implement an effective mobile security solution. Controlling user behavior Both remote workers and guests on the network can compromise security if they connect devices that are not compliant with the organization s security policy for authorized applications, anti-virus software, and operating system patches. Security risks are substantially increased when employees connect remotely using wireless technology, or plug in PDAs and memory sticks to the network. Contractors and business partners can similarly threaten network security if they connect computers that do not comply with corporate policy, possibly running unauthorized applications and downloading files from the internet all potentially without any intervention or control. As users of all types continue to take advantage of new technology to work smarter and faster, organizations need to minimize the impact this can have on network security and IT resources by implementing policies that control not just which users have access to what parts of the network, but what they do while they are connected. 3

Network access control Industry analysts are clear that implementing network access control (NAC) is essential to mitigate the potential risks posed by a more mobile and technology-driven workforce, and to combat It [Network Access Control] allows network managers to gain back control of their networks. Before this, it was like leaving the front door to the network wide open. Lawrence Orans, Gartner Inc 5 regulatory pressures. True NAC includes reporting on the state of security compliance of computers connecting to the network, as well as enforcing policies that manage access at various levels. NAC also allows organizations to enforce security policies that hitherto may have been enshrined only in company guidelines. By developing policies at a sufficiently granular level for different groups of users, productivity can be maintained and all points on the network protected automatically without increasing help desk load. Furthermore, a software-based solution that retains and utilizes existing security layers will not only minimize disruption to enterprise infrastructure and simplify implementation, it will also maximize effectiveness and ROI. Figure 3 demonstrates the ultimate benefit to network administrators of using integrated policies and a single agent to monitor and control both user behavior and security. Centralized management Anti-virus INTEGRATED POLICIES Anti-spyware Anti-spam Unwanted applications Compliance reporting Network access control INTEGRATED AGENT Behavior blocking (HIPS) Client firewall Application control Figure 3: Integrated security and control 4

Summary Conventional security tools offer protection from individual threat sources (e.g. anti-virus or web blocking), but do not cover unknown or noncompliant computers connecting to the network. As the network becomes increasingly open and threats increasingly diverse, security solutions have to change to control user access and behavior, rather than just detecting and blocking threats. Organizations can maximize their ROI in security and control by implementing a policy-driven solution that provides a simplified, integrated, and automated approach with single agent, single control that protects against all threats and non-compliant behaviors. Application control, network access control, and web access control will progressively become part of normal security management for organizations of all sizes significantly reducing business risk and improving IT productivity at a lower overall cost. The Sophos solution Sophos protects at all levels from gateway to endpoint. Sophos Endpoint Security provides integrated protection against viruses, spyware, adware, PUAs, and hackers, as well as preventing the use of unauthorized applications all managed from a central console. It also protects against viruses and spyware on Windows Mobile devices. Sophos NAC blocks unauthorized users, controls guest access, and ensures that legitimate users comply with the organization s security policy so administrators know who and what is connecting to the network. Sophos gateway security integrates anti-virus, anti-spam, and policy enforcement at the email gateway, with a choice of highly flexible, scalable software solutions and managed email appliances. Sophos web appliances also protect the web gateway against malware and unwanted content enabling safe and productive web browsing. SophosLabs is a global network of threat research centers that analyzes web and email traffic 24 hours a day to provide protection against known and unknown threats anywhere in the world, irrespective of origin. To find out more about Sophos products and how to evaluate them, please visit www.sophos.com 5

Sources 1 Security threat report 2007. Sophos. http://www.sophos.com/security/whitepapers/sophos-security-threats-2007_wsrus 2 Burstek releases 2005 internet usage study. www.findarticles.com/p/articles/mi_m0ein/is_2006_march_20/ai_n16109780 3 www.sophos.com/pressoffice/news/articles/2006/07/top-phishing-targets.html 4 Scott Crawford, Senior Analyst, Enterprise Management Associates, 2007 5 Lawrence Orans, Research Director, Gartner Inc See also: Instant Messaging, VoIP, P2P and games in the workplace: how to take back control Sophos white paper. February 2007. http://www.sophos.com/security/whitepapers/sophos-app-control-wpus Maximizing security and performance for web browsing: the challenge for SMBs Sophos white paper. October 2006. http://www.sophos.com/security/whitepapers/sophos-web-security-wpus About Sophos Sophos is a world leader in IT security and control. We offer complete protection and control to business, education and government organizations defending against known and unknown malware, spyware, intrusions, unwanted applications, spam, and policy abuse, and providing comprehensive network access control (NAC). Our reliably engineered, easy-tooperate products protect over 100 million users in more than 150 countries. With over 20 years experience and a global network of threat analysis centers, the company responds rapidly to emerging threats and achieves the highest levels of customer satisfaction in the industry. Sophos is a global company with headquarters in Boston, MA., and Oxford, UK. Boston, USA Mainz, Germany Milan, Italy Oxford, UK Paris, France Singapore Sydney, Australia Vancouver, Canada Yokohama, Japan Copyright 2007. Sophos Plc. All registered trademarks and copyrights are understood and recognized by Sophos. No part of this publication may be reproduced, stored in a retrieval system, or transmitted by any form or by any means without the prior written permission of the publishers.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information