Threats outside your network are not your only concern. Users inside the business may be putting your organization at risk by consuming excess bandwidth and accessing content—like social media, Internet videos, and personal applications—outside your acceptable-use policies. This may occur at headquarters and branch offices among employees and guest users, and while employees are roaming. Overconsumption of resources can slow performance of software-as-a-service (SaaS) applications and other high-priority business functions.
Meanwhile, nonintegrated point solutions and multiple management platforms intended to enhance security only create gaps that adversaries can use to launch targeted malware that can modify its behavior and evade detection. Some of the most dangerous web-based threats today include:
- “Watering hole” attacks, which infect trusted sites with malware to compromise end users
- Spear phishing, a technique that criminals use to target specific users and trick them into clicking compromised links
- Dropper attacks, which deliver malware with stealthy and self-deleting programs
These threats aren’t tied just to questionable websites or bad URLs. Today users are more likely to be compromised by malware through legitimate websites than attack sites, according to Talos research.
All the above challenges underscore the need for comprehensive content security, including a web security solution with the following requirements:
REQUIREMENT 1: PROTECTION ACROSS THE ATTACK CONTINUUM – BEFORE, DURING, AND AFTER AN ATTACK
In today’s threat landscape, where the security perimeter has been pushed to the cloud and data is a prime target for attack, the chance of a compromised network is essentially assured. Organizations must therefore be prepared to address a broad range of attack vectors with solutions that operate everywhere a threat can manifest itself—on the network, on endpoints, from mobile devices, and in virtual environments.
Today’s content security solutions provide continuous monitoring and analysis across the extended network, so enterprises have a greater ability to stop threats and protect users across the full attack continuum—before, during, and after an attack. And when compromise inevitably occurs, security personnel will be better positioned to determine the scope of the damage, contain the event, remediate, and bring operations back to normal as quickly as possible.
REQUIREMENT 2: FLEXIBLE DEPLOYMENT OPTIONS
The “Cisco Security Manifesto,” introduced in the Cisco 2015 Annual Security Report, outlines several basic principles for achieving “real-world security.” One principle: “Security must work with existing architecture and be usable.”
To be truly effective, a trustworthy security solution must fit into your existing infrastructure, reducing the need to “rip and replace” infrastructure and technologies. It must also adapt and scale to provide the same level of protection as your company grows and changes.
Small branch offices or remote locations should have the same protection that the corporate headquarters has without your having to install and support hardware at those locations. Custom deployments should be easily managed through central configuration management and reporting.
REQUIREMENT 3: THE CAPABILITY TO PROTECT SENSITIVE DATA AND PREVENT IT FROM LEAVING THE ORGANIZATION
Cisco Talos research suggests that organizations may not be able to prevent all malware from infiltrating their networks. However, modern content security solutions can help reduce the chance that critical data will leave the network either by accident or by design. Enterprises need solutions that can scan all inbound and outbound web traffic in real time for both new and known malware, and that apply dynamic reputation and behavior-based analysis to every piece of accessed web content.
Organizations also need the ability to detect, block, and manage risks in both inbound and outbound email. Solutions with content-aware, policy-based data loss prevention (DLP) and encryption capabilities can offer that protection. Outbound antispam and antivirus scanning, along with outbound rate limiting, help organizations keep compromised machines or accounts from ending up on email blacklists.
REQUIREMENT 4: REDUCED RISK THROUGH ROBUST CONTROLS
Today’s organizations need advanced control over dynamic web content and applications for all users regardless of location. As they expand their use of the web for competitive advantage, organizations also increase their exposure to tangible risks that can undermine data security. Some of the most sophisticated web-based threats are designed to hide in plain sight on legitimate and well-trafficked websites and serve up data-stealing malware to unsuspecting users.
Blocking websites is not practical or realistic in today’s Web 2.0 world, but blocking features is. Content security solutions that offer application visibility and control help administrators create and enforce detailed policies within websites that contain embedded applications— without hindering workforce productivity or burdening IT resources. This helps organizations reduce their exposure to web-based malware and prevent data loss.
Sophisticated content security solutions will not only identify applications but also identify and categorize microapplications so administrators can easily allow or deny access to the relevant parts of an application. For instance, microapplications on Facebook can be categorized as business, community, education, entertainment, games, and so on. Similarly, applications like Google+, LinkedIn, Twitter, and iTunes can be broken down into microapplications.
Enterprises also need content security solutions that help enable them to control application behavior: what action a user is taking within an application. As an example, a videos category can identify whether a user is uploading, tagging, or posting a video. An administrator can then set a precise control for this category, allowing users to view and tag videos but not to upload a video.
REQUIREMENT 5: QUICK IDENTIFICATION AND REMEDIATION OF ZERO-DAY ATTACKS
The threat landscape is more dynamic and advanced than ever before. According to the Cisco 2015 Annual Security Report, malware is becoming increasingly sophisticated and elusive. Cybercriminals are launching attacks through a variety of attack vectors, including tools that users trust or view as benign. And targeted attacks are on the rise, creating a persistent, hidden presence from which they carry out their mission.
It’s no longer enough to focus solely on the perimeter with point-in-time solutions that have the capability to scan only once for suspicious activity. Today’s threats change with time, evading detection by point-in-time solutions.
Identifying zero-day attacks requires big data analytics that examine data on users and traffic over time and can flag suspect behaviors. Discreet attacks over time have become the norm, and organizations must be prepared to identify threats given this dynamic.
Furthermore, if a threat is identified after it has evaded the initial defenses in a network, organizations need to have the retrospective capabilities to “turn back time” and eliminate the malware in all infected devices.
5thColumn, LLC is a full service information technology company centered on next generation cyber threat protection and enterprise data security. We are true technology partners who take the time to understand your business requirements and build a strategy to mitigate the risk of data breaches and ensure system reliability across the entire enterprise.
Our services have been developed and refined over time to help you incorporate best practices and increase the return on existing IT investments. This approach is built on decades of technical leadership and practical, real-world experience assessing, designing, implementing and operating security solutions in most complex environments.