|
|
|
|
|
|
The Pillars Of Modern Web Protection
|
Today’s rapidly evolving web threats and the instant exploitation of any vulnerability by malware authors means that it is simply not enough for businesses to protect their email and endpoint systems. They need to act now to ensure that surfing the web at work poses no threat to IT security, to network resources or to staff productivity. In addition to good preventive practice such as rigorous patching and educating users about the risks of browsing, it is vital that organizations implement a comprehensive web security solution, comprising three key pillars of protection which are:
Pillar one:
Reputation-based filtering
Reputation-based filters are the first critical component in the fight against web-based threats. They prevent access to a catalogue of sites that are known to have hosted malware or other unwanted content, by filtering URLs based on their reputation as “good” or “bad”, and are an established and proven tool for successfully protecting against already known and located web-based threats. As well as providing this basic form of preventive protection, they help optimize network performance and staff productivity by blocking access to illegal, inappropriate or non business- critical web content.
Although these traditional URL filters often connect to vast, regularly updated databases of sites known to host malware or suspicious content, they have one significant shortcoming …quot; that cybercriminals are well aware of …quot; namely that they offer no protection against malware hosted on legitimate, previously safe, sites that have become hijacked or on newly created websites. Traffic from these sites is not blocked and malware, whether new or old, is allowed into the organization.
Pillar two:
Real-time predictive threat filtering
Real-time predictive threat filtering goes a long way to closing the gap left by reputation-based filters. All web traffic passes through a scanner designed to identify both known and newly emerging zeroday malware. The malware engine is optimized for low-latency scanning and whenever a user accesses a website, irrespective of its reputation or category, the traffic is scanned using a combination of signatures and behavior-based technologies.
It is worth noting that this type of real-time scanning has a further advantage over traditional URL filters, in that the filtering is, almost by definition, bi-directional …quot; both the user request to, and information returning from, the web server are scanned. In addition to detecting known malware as it moves across legitimate sites, this bi-directional filtering can also provide protection against new threats regardless of where they are hosted.
The use of real-time predictive threat filtering remains uncommon amongst many of the leading web filtering security solutions in the market today. Many security vendors are currently relying on signatures alone. Others who are fairly recent entrants to the market claim comprehensive solutions but lack the evidence to prove they are delivering fully proactive protection.
Pillar three:
Content-based filtering
Content-based filtering analyzes all web traffic on the network to determine the true filetype of content coming back from a website and can allow or disallow this traffic, based on corporate policy.
Content filters scan the actual content of a file, rather than simply looking at the file extension or the MIME-type reported by the web server, and so can identify and block files that are masquerading as innocent/allowed filetypes but really contain unauthorized content. A file might, for example, have a .TXT extension but in fact be an executable file.
By enabling enforcement of only business type content, this pillar of protection enables organizations to create policies around a variety of content types that can be used to send malware, thereby reducing the risks of infection. For example Windows executables or screensavers might be disallowed. Content-based filtering also improves bandwidth optimization by blocking large or resource-hungry content, such as streaming video.
User education as a tool for defense
Many firms already have procedures in place that define which websites are considered appropriate, but few have updated these to include guidance on how to avoid infection whilst surfing the net. A good policy will dictate that:
• Employees must never open spam emails
• Employees must never click on links included in emails sent from unknown senders
• IT must ensure that the organization’s web browsers are patched at all times
• Employees should minimize their nonwork-related browsing for both security and productivity reasons.
Users can also be encouraged or required to report unusual behavior, such as their computer suddenly becoming slow, or the homepage changing when they open their browser with no input from them, or they open a file that does nothing.
Posted by ROOT Technologies
|
|
|
