Protecting the Corporate Network from the New Threats

Nigel Hawthorn, Blue Coat Systems EMEA marketing VP, says it’s not hard to see why online crime has skyrocketed recently. In the past several weeks.

“We have seen two attacks using rogue Facebook applications that have hit the world’s most popular social network including the re-emergence of ‘Koobface’, which originally surfaced towards the end of last year. News and shopping sites have also been compromised, redirecting users to infected content that users considered safe because they trusted the original source.

It seems that hardly a day goes by at the moment without online crime making headlines. Only now, we are finding that it’s not just the vulnerabilities of the Web 2.0 applications that are being targeted. Most recently, Spotify, the up-and-coming online music service, was compromised by hackers, resulting in a breach of user data including email address, birth date, gender and other personal data such postal code and billing receipt details.

The problem for IT directors is that the boundaries between home and work are blurring. There are now millions of people downloading music from the Web or visiting other recreational legal sites on their work desktops and with the potential for content and their personal information to spread virally; they’re potentially a scammer’s dream. Faced with the growing severity of these Web-based threats, as well as new threats that are appearing every few seconds, organisations should undertake a number of important defensive measures to protect their users, networks and data.

It is clear that organisations must look at ways to protect themselves from malicious content that can be delivered via legal downloaded and from legitimate web sites. However, they must also protect themselves from unmonitored and unmanaged employee use of applications such as unauthorised peer-to-peer file-sharing systems, consumer-oriented instant-messaging clients, consumer voice-over-IP tools and the like that can be the conduit for loss of sensitive corporate information.

What can organisations do?

Companies should deploy a variety of tools in a multi-layered architecture to monitor, manage and control the use of a growing variety of applications that are used in the workplace. The defences should include an integrated community database to ensure that every user is gaining by the experience of every other user. As threats are constantly changing, the system must also be able to provide instant reviews of new web pages so that a new threat is identified even for the first potential victim. A layered defence should be deployed that gathers together reputation, web text inspection, malware scanning and the sharing of threats from organisations that understand spam and those that understand web content. Of course, the ultimate goal is to keep users safe and advise them on threats to the organisation of data leakage while ensuring compliance with corporate, legal and other policies, tying defences into a cohesive defense strategy to protect against the growing variety of threats.

Employ a community based Web infrastructure

Deploying a neighbourhood watch-based approach has distinct advantages over conventional centralised web-spider approaches. As we know; web pages can be infected at a moment’s notice, so a daily crawls from a single place leave web sites unprotected except at the instant that the crawler inspects the page. A large group of users can access tens or hundreds of millions of Web pages daily, providing a constant stream of fresh information about Web sites and Web pages and therefore more readily detect new infections. For example, a conventional system may verify that a specific Web page is secure every day at 10:00am, but that system will not detect a malware attack that occurs on the page any other time of the day. However, a system in which members of a large community are visiting that page regularly are far more likely to detect the attack.

As an example, Blue Coat’s WebPulse cloud service gathers knowledge from more than 55million users in large organisations, over 50 million users on ISP and mobile networks and around 1 million consumers – each user adds to the knowledge of the whole when surfing the web and WebPulse therefore receives over a billion requests and updates a week.

Shared defences are stronger defences ……….

Organisations should ask their supplier how they gather further information and inspect pages for threats. Does the organisation cooperate with other vendors and use multiple technologies to inspect the web? As most email spam now contains a link to the real source of the threat on the web – email and web companies should be sharing their knowledge for the greater good. Online malware scanning and feeds from Google of known bad or questionable sites also increase defences from the single-vendor solutions. The key for such a defence is a significant volume of traffic analysed repeatedly by multiple anti-malware defence, machine analysis and human raters to provide reliable feedback on threats. Volume provides visibility and repetition provides timeliness across a large volume of web content which no one organisation can analyse.

Finally, employ granular management and check the validity of old policies

It is clear that organisations need to enable certain web 2.0 applications to realise the productivity gains they offer for their employees. For example, various Web 2.0 technologies can be good for business contacts. However, they also need to protect their users from the myriad threats that can be delivered through these venues, as well as the new threats that are emerging through file downloads. Granular policies can allow text and graphics content while blocking applications, AV gateways can inspect traffic on the fly and neighbourhood-watch services can deliver broader knowledge than singular systems working on their own. The key is to be able to monitor and control access to critical technologies while protecting users and networks from malware.