Cloud-based Web Security Isn t Hype: It s Here and It Works



Similar documents
Security from Above: How Cloud based Security Delivers Up to the Minute Network Protection

WatchGuard Gateway AntiVirus

Firewall and UTM Solutions Guide

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

Maintaining Strong Security and PCI DSS Compliance in a Distributed Retail Environment

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

Defining, Evaluating, and Designing Best-in-Class Network Security

Managing Web Security in an Increasingly Challenging Threat Landscape

Secure Remote Access Give users in office remote access anytime, anywhere

DOWNTIME CAN SPELL DISASTER

NETWORK SECURITY 101 The Value of a Protected Network

Types of cyber-attacks. And how to prevent them

NetDefend Firewall UTM Services

WildFire. Preparing for Modern Network Attacks

Netsweeper Whitepaper

Secure Web Gateways Buyer s Guide >

INTRODUCING isheriff CLOUD SECURITY

Fighting Advanced Threats

NetDefend Firewall UTM Services

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

Trust the Innovator to Simplify Cloud Security

Advantages of Managed Security Services

How To Control Your Computer With Watchguard Application Control

White Paper. How to Effectively Provide Safe and Productive Web. Environment for Today's Businesses

Putting Web Threat Protection and Content Filtering in the Cloud

Agile Business, Flexible Choices

White Paper. What the ideal cloud-based web security service should provide. the tools and services to look for

McAfee Endpoint Protection for SMB. You grow your business. We keep it secure.

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

WatchGuard Technologies, Inc. 505 Fifth Avenue South Suite 500, Seattle, WA

Towards a Comprehensive Internet Security Strategy for SMEs

User Documentation Web Traffic Security. University of Stavanger

GFI White Paper. How Web Reputation increases your online protection

Content-ID. Content-ID URLS THREATS DATA

Top five strategies for combating modern threats Is anti-virus dead?

Buyers Guide to Web Protection

Comprehensive security solution provides reliable connectivity and faster VPN throughput with unprecedented visibility from WatchGuard Dimension

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Secure Computing s TrustedSource

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security

What Do You Mean My Cloud Data Isn t Secure?

UTM-Enabled Network Protection

White Paper. McAfee Web Security Service Technical White Paper

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

Clustering and Queue Replication:

WHITE PAPER. Understanding How File Size Affects Malware Detection

Next-Generation Firewalls: Critical to SMB Network Security

Protect Your Business and Customers from Online Fraud

Symantec Protection Suite Add-On for Hosted and Web Security

AVeS Cloud Security powered by SYMANTEC TM

The enemy within: Stop students from bypassing your defenses

WatchGuard SSL 2.0 New Features

How To Stop Cyberbullying

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Hosted Web Security

BYOD: Bring Your Own Device or Bring Your Own Danger?

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

Next Gen Firewall and UTM Buyers Guide

Enterprise-Grade Security from the Cloud

IBM Internet Security Systems

WEB PROTECTION. Features SECURITY OF INFORMATION TECHNOLOGIES

Tough Times. Tough Choices.

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community

Cisco Security Intelligence Operations

Advanced Persistent Threats

Spear Phishing Attacks Why They are Successful and How to Stop Them

WEBSENSE TRITON SOLUTIONS

TRUSTED IDENTITIES, MANAGED ACCESS Implementing an Identity and Access Management Strategy for the Mobile Enterprise. Introduction.

McAfee Firewall Enterprise: The only Firewall with the Intelligence to Continuously, Automatically Reduce the Risk and Threat Exposure of Your Network

Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

SAAS VS. ON-PREMISE SECURITY. Why Software-as-a-Service Is a Better Choice for and Web Threat Management

Content Security Gateway Series Real-time Gateway Web Security Against Spyware and Viruses

Symantec Messaging Gateway powered by Brightmail

Choose Your Own - Fighting the Battle Against Zero Day Virus Threats

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks

isheriff CLOUD SECURITY

Microsoft Security Intelligence Report volume 7 (January through June 2009)

Devising a Server Protection Strategy with Trend Micro

IREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business

Technical Brief ActiveSync Configuration for WatchGuard SSL 100

ESET Security Solutions for Your Business

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

Powerful and reliable virus and spam protection for your GMS installation

When Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling

Defend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall

Devising a Server Protection Strategy with Trend Micro

End-to-End Application Security from the Cloud

Finding Security in the Cloud

Content Security: Protect Your Network with Five Must-Haves

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management.

Websense Messaging Security Solutions. Websense Security Websense Hosted Security Websense Hybrid Security

Websense Web Security Solutions

10 Things Every Web Application Firewall Should Provide Share this ebook

Defend Your Network with DNS Defeat Malware and Botnet Infections with a DNS Firewall

Cyber Security Solutions:

Content-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.

ISS X-Force. IBM Global Services. Angel NIKOLOV Country Manager BG, CZ, HU, RO and SK IBM Internet Security Systems

Introducing IBM s Advanced Threat Protection Platform

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Transcription:

Cloud-based Web Security Isn t Hype: It s Here and It Works June 2010 INTRODUCTION It s not news that the web is dangerous and getting more dangerous by the day. Cyber criminals have ample economic motive and easy-to-use tools to harness the power of the web in capturing and misusing your data. What is news is that now you can protect your company s valuable assets from web-based attacks with an innovative, effective new form of web security cloud-based, reputation-driven defense. Web Threats are on the Rise The web is experiencing phenomenal growth, and with it, an unprecedented increase in the amount of new malware types that target web browsers, applications, and Web 2.0 infrastructure. Because cybercriminals can reap large profits from attacks that result in identity and data theft, a growing number of organized crime rings continuously fund new attempts to spread malware and acquire web users personal data. Through modified packing and encrypting techniques, and other obfuscation methods, attackers can now create thousands of new variants of the same threat with relatively little effort. Despite these threats, most organizations continue to leverage new web-based applications to drive revenue and efficiencies, particularly as Web 2.0 technologies deliver new ways to interact and engage with customers and stakeholders. Organizations frequently underestimate their exposure to malicious attacks. The statistics can be sobering. In 2009 alone, there was a dramatic 345% increase in the number of new malicious web links discovered. 1 These included high-profile sites, including those run by MSNBC, ZDNet, The United Nations, 1 IBM X-Force 2009 Trend and Risk Report WatchGuard Technologies www.watchguard.com

and Honda. 2 According to IDC, up to 30% of companies with 500 or more staff have been infected as a result of Internet surfing. 3 In other words, anywhere web users interact, malware encounters are frequent and common. To fend off new forms of malware including spyware, viruses, crimeware and other malicious codes organizations must better safeguard their web security infrastructure. A reactive and fixed security infrastructure must be turned into one that is proactive and adaptable to changes in the threat landscape. There are many ways that legitimate websites can become infected. One inbound threat that has recently gained popularity among cybercriminals is the SQL injection. Hackers use SQL injections to get access to database-driven websites, planting malicious code for site visitors. This can be combined with Web 2.0-based social engineering attacks in which users believe they are being pointed to legitimate content. Compromised sites may host drive-by-downloads, where malware exploits vulnerabilities on the users systems to download malware without any user interaction. Common applications such as Apple QuickTime and Adobe PDF may be exploited. Thus, an organization s own application vulnerabilities and web site code flaws open the door to cybercriminals seeking to infiltrate the organization. THE NEED TO BALANCE SECURITY AND PERFORMANCE Many IT security professionals face conflicting demands from management and network users when it comes to web security. The need for speed is always in demand, but delivering that speed while enhancing security for a broader, more dynamic threat environment is quite challenging. Following are some of the most frequent obstacles to achieving this goal: A lack of additional IT budget to shore up network security Network constraints that conflict with security issues around cloud computing Performance degradations across the network due to additional hosted services The options for overcoming these obstacles to proactive, multi-layered security are either unappealing or insufficient. For example, one defense against the widespread proliferation of malware is to install antivirus scanning at the gateway, capturing malware before it ever enters the network. But scanning every page and object at the URL can slow down web page delivery and affect both throughput at the device and the user experience at the browser. Some network administrators may be reluctant to use gateway anti-virus because of its performance impact. Finally, desktop or browser-based scanning solutions only catch threats once they are in the network. By the time these solutions alert users, today s malware could have already inflicted great amounts of damage to the organization s computing infrastructure and/or compromised sensitive data from within the organization. URL Filtering is Not Enough Since the 1990s, reputation services have been helping organizations block unwanted or bad traffic to ensure that threats never enter the network. By identifying and blocking threats at the perimeter, reputation services help prevent attacks, reduce the on-premise IT footprint required to scan traffic, and lower the costs associated with the bandwidth, hardware, and other resources required to block threats. As web technologies and the web itself have grown more sophisticated, early generation reputation 2 Gartner IT Security Conference 2009, Securing the Web Gateway, Peter Firstbrook 3 Journal Of Emerging Technologies In Web Intelligence, Vol. 2, No. 2, May 2010, Protecting Data from the Cyber Theft A Virulent Disease www.watchguard.com page 2

services have become less effective in identifying and blocking threats. To fully understand this loss of effectiveness, it's important to understand how these services have evolved. On the dynamic web, sites are continuously updated with new content, while URLs are frequently sold and altered. So a site that is scanned and categorized as legitimate by URL filters today may become a malware hub at some later point in time. In order to properly filter out hazardous and dangerous websites, a filter cannot merely rely on a static database. According to a report by IDC, The advances in Web 2.0 technologies require a new generation of web security tools that go well beyond traditional URL filtering. 4 It must be as dynamic as the web itself, providing real-time threat protection. In addition, it must scale to handle the vast growth of the Internet. Effective Security is Proactive and Multi-Layered The most effective approach for defending against the web s dynamic threats is a proactive, multi-layered approach to web security. Being proactive requires that the security solution reach into the Internet cloud, obtain the latest threat data from multiple threat-monitoring sources, and prepare a network s perimeter in the event that one of the threats presents itself to the network. Effective defense is multi-layered, applying additional measures of threat scanning, depending on the type of content that attempts to enter the network. WatchGuard Reputation Enabled Defense provides effective, instantaneous, in-depth web security in real time. Based on the from-the-cloud security of WatchGuard ReputationAuthority, Reputation Enabled Defense leverages the cloud-based intelligence of millions of global sources and users, sharing information about threats associated with URLs and domains in real-time to automatically block new threats before they enter an organization's network. WatchGuard Reputation Enabled Defense includes real-time monitoring of web traffic, including scanning of URLs, to determine the risk level of each and every web page before it enters the network. The solution assesses each threat and type of network traffic. By scanning for hostile content and blocking malicious URLs at the connection level, Reputation Enabled Defense bridges the web security gap left exposed by simple URL filtering, provides safer web surfing and faster web performance. Web Security Numbers A look at some of the most recent figures related to web security demonstrates the need for IT security professionals to proactively manage a broad array of ever-changing threat types. 40,000 websites per week were compromised during 2008-2009. 5 The Gumblar virus alone compromised 60,000 websites. 6 In 2009, 23,500 new web pages were infected per day. 7 0.7% of Google Search results display sites that have been infected by malware. 8 The Mal/Bredo malware had 838 variants during the first quarter of 2010. 9 4 IDC, Worldwide Web Security 2009-1013 Forecast and 2008 Marketshares: It s All About Web 2.0 You TwitFace, August 2009 5 Google Online Security Blog, Malware Statistics Update, August 25, 2009 6 Google Online Security Blog, Top 10 Malware Sites, June 3, 2009 7 Sophos, Sophos Security Threat Report, July 2009 8 Google Online Security Blog, Malware Statistics Update, August 25, 2009 9 Commtouch, Well-known Web Names Misused to Give Spam Deceptive Legitimacy, According to New Report by Commtouch, April 14, 2010 www.watchguard.com page 3

WHAT TO LOOK FOR IN REPUTATION SERVICES Reputation services complement gateway antivirus and traditional desktop solutions by providing improved performance and an additional layer of protection. Unlike traditional gateway anti-virus solutions, which typically update signatures on an hourly or daily basis, reputation services provide the equivalent of real-time updates of malware intelligence. The broader and improved URL reputation data they provide result in greater protection from web threats and faster, more productive web surfing. However, not all reputation services function in the same manner, so IT security professionals should exercise caution when evaluating potential solutions. Many reputation services are implemented as plug-ins that prevent users from visiting web sites known for malware or phishing. By contrast, WatchGuard has adapted a contributor approach to reputation services to offer next-generation reputation services. WatchGuard s reputation and connection management approach reflects the belief that, to be truly effective and proactively prevent against evolving threats, reputation services must be a true zero-hour first line of defense. They must not act simply as a monitoring system that relies on static databases, as most reputation services on the market do today. Rather, to achieve proactive, adaptive identification, the WatchGuard approach is to manage web threats at the connection level, and to perform in-depth analysis at the gateway layer. It then contributes the findings from the gateway to the reputation service in real time, harnessing the intelligence of millions of global users and sources for more powerful and intelligent protection from malicious URLs and web threats. WatchGuard Reputation Enabled Defense users can choose to bypass anti-virus and other scanning functions for URLs that are known to have a current good reputation, saving time and helping to maintain performance levels. WatchGuard Reputation Enabled Defense WatchGuard Reputation Enabled Defense is available on WatchGuard s line of multi-function firewall, unified threat management (XTM) appliances, as well as on its XCS extensible content security appliances by adding a web security subscription. It provides a cloud-based reputation lookup to identify safe or harmful URLs. Harnessing threat intelligence from millions of users worldwide, Reputation Enabled Defense offers an extra layer of protection that acts as a powerful first line of defense from web threats. By preempting threats before they enter the network, Reputation Enabled Defense helps reduce computing overhead incurred by anti-virus scanning, particularly costly on-box scanning at the gateway, and helps speed delivery of approved content. In essence, WatchGuard takes web security beyond the box and network, managing as much as possible in the cloud. How Reputation Enabled Defense works As a cloud-assisted service, Reputation Enabled Defense provides instantaneous security that is updated continuously. Not only does it improve proactive security, it helps organizations take advantage of greater computing and processor power from servers hosted in the cloud. IT can save valuable processor resources on local appliances. As a result, more users can be served at higher rates of throughput for less money. Figure 1 below provides an overview of how Reputation Enabled Defense works to enhance web security. The core of the service is its cloud-based reputation-scoring database the industry s most comprehensive database and an on-appliance query system. www.watchguard.com page 4

Give users a faster, safer web surfing experience Figure 1: Reputation Enabled Defense uses a powerful, cloud-based database to allow safe traffic in while keeping bad traffic out. Only unknown traffic is directed to further AV scanning, for substantial gains in web processing time. When a web user browses to a URL, the WatchGuard appliance checks a local cache for that URL s reputation scores. If the result is not found in the local cache, WatchGuard then queries its cloud-based ReputationAuthority server for a reputation score for the URL. If the URL has a good reputation, the appliance approves the URL and bypasses local anti-virus scanning, allowing for faster page rendering and content delivery. In the event that a URL is deemed to have a bad reputation (i.e., it contains hostile web threats), the WatchGuard appliance blocks the URL outright, immediately protecting users from malicious content and again bypassing local anti-virus scanning. If a URL s score appears in the gray area between good and bad, or if there is no score available, the appliance performs its routine defense-in-depth web security checks and then passes or blocks the URL based on these checks. WatchGuard recognizes that all organizations use the web differently. That is why Reputation Enabled Defense is fully configurable. Today s threats introduce the possibility for normally safe web sites to become compromised within seconds of their last scan. Administrators can optionally choose not to use the feature that bypasses scanning of URLs with good reputation. A True Service that Pays for Itself WatchGuard ensures that Reputation Enabled Defense is delivering the strongest possible security with the lowest resource usage. WatchGuard manages the growth of the URL Reputation database via multiple feeds and aggregated data. This is a continuous and ongoing process, performed by WatchGuard, enabling customers to benefit from far greater intelligence and security than they have implemented in their own environment. Reputation Enabled Defense typically allows the bypass of antivirus scanning for 30-50% of URLs, with an accompanying increase in web browsing speed and throughput at the multi-function firewall. With the www.watchguard.com page 5

web s top URLs always clearly rated and always in the reputation database, anti-virus scanning for these URLs can be bypassed at very low risk. This maximizes performance without sacrificing security when visiting these sites. BENEFITS OF REPUTATION ENABLED DEFENSE WatchGuard Reputation Enabled Defense provides a broad set of security and performance benefits arising from the ability to perform proactive security measures in the cloud. Below are the most salient benefits for IT and network administrators. Security Organizations can protect their valuable data by increasing efficacy and catch rate of every URLbased type of malware. Administrators gain comfort in knowing that unsafe URLs face multiple levels of automated protection prior to gaining network access. The full power and knowledge of the broad WatchGuard user community is brought to bear on the network s security stance through cloud-based security. Administrators can strike the ideal balance of security and performance by monitoring scan results and modifying system configurations. Performance Administrators can deliver higher performance to the business and raise user satisfaction levels by minimizing URL scanning and gaining higher throughput at the gateway. Administrators can reduce bandwidth and processing cycles with connection-level rejections of bad web sites. The most frequented URLs are regularly updated in the ReputationAuthority database because the WatchGuard technology learns which URLs are popular. Proactively Fight Malware Malware continues to spread across the web. The ability of a single organization s IT staff to monitor and protect against all threats is eaten away by growing threat volumes and by new and ever-morphing threat variations. That is why WatchGuard is constantly pushing the envelope to improve methods for proactive and cloud-based security, taking into account the critical balance that must be maintained between security and performance. WatchGuard Reputation Enabled Defense enables organizations to proactively fight the threat of malware without sacrificing user experience and network performance. In fact, WatchGuard is the only UTM/multifunction firewall vendor with a URL reputation solution at the gateway. WatchGuard customers with Reputation Enabled Defense protecting their networks benefit from multiple outstanding anti-malware technologies that provide more coverage than systems that rely on just one anti-malware source. And benefits of Reputation Enabled Defense extend to all participating customers, because the cloud-based service dynamically protects them from newly discovered threats in real time. By making the incremental investment in Reputation Enabled Defense, customers will gain exponential levels of protection. Why wait? The cybercriminals are acting now. Get one step ahead of them. www.watchguard.com page 6

MORE INFORMATION To find out more about Reputation Enabled Defense and WatchGuard XTM security solutions, contact your authorized WatchGuard reseller, visit www.watchguard.com/red, or call WatchGuard directly at +1.800.734.9905 (North America) or +1.206.613.0895 (international). NOTE: Reputation Enabled Defense is available as a subscription for all WatchGuard XTM 2, 5, 8, and 10 Series Unified Threat Management appliances. For WatchGuard XCS appliances, URL reputation enabled defense is available with the purchase of the XCS Web Security subscription. Every WatchGuard XCS appliance includes ReputationAuthority, an IP reputation-enabled defense for enterprise-class email security. ADDRESS: 505 Fifth Avenue South Suite 500 Seattle, WA 98104 WEB: www.watchguard.com NORTH AMERICA SALES: +1.800.734.9905 INTERNATIONAL SALES: +1.206.613.0895 ABOUT WATCHGUARD Since 1996, WatchGuard Technologies has provided reliable, easy to manage security appliances to hundreds of thousands of businesses worldwide. WatchGuard s award-winning extensible threat management (XTM) network security solutions combine firewall, VPN, and security services. The extensible content security (XCS) appliances offer content security across email and web, as well as data loss prevention. More than 15,000 partners represent WatchGuard in 120 countries. WatchGuard is headquartered in Seattle, Washington, with offices in North America, Latin America, Europe, and Asia Pacific. For more information, please visit www.watchguard.com. No express or implied warranties are provided for herein. All specifications are subject to change and any expected future products, features, or functionality will be provided on an if and when available basis. 2010 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard Logo, and WatchGuard ReputationAuthority are either registered trademarks or trademarks of WatchGuard Technologies, Inc. in the United States and/or other countries. All other trademarks and tradenames are the property of their respective owners. Part.No. WGCE66705_061710 www.watchguard.com page 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information