Secure Web gateways: slamming the door on malware

The Web has become the new security battle front, surpassing even e-mail as the leading source of malware infections. In a recent study, Google found that one in 10 Web sites that it crawled contained a malicious payload. And Gartner Group estimates that 75% of enterprises will be infected this year with targeted malware that evades their traditional defenses.
Why? While more than 80% of enterprises have some form of URL filtering in place, less than 15% have any form of deep inspection on Web payloads, resulting in a Web security gap.
To make matters worse, this new class of threats — known by many names, including spyware, adware, crimeware and botnets — doesn’t make itself visible the way viruses or spam do. Instead, like a parasite that attaches and feeds silently, they do everything they can to infect a PC and avoid detection. Because the threats fly beneath the radar of detection, many enterprises can be lulled into a false sense of security.

Other stories on this topic
Trend Micro anti-malware update targets online transactions 9/26/2007
FireEye network battles bots 9/24/2007
Exploiting Web 2.0: Barbarians inside the firewall 9/24/2007
Powered by Inform

Enter the secure Web gateway

Although organizations need tools that can block Web malware at the edge to supplement desktop defenses, adding another single-function point product and one more management console is not the answer. What’s required is a single platform that consolidates Web security functions without slowing down the network. Gartner has defined this new class of products as secure Web gateways, which combine URL filtering, Web malware protection and application control (and will no doubt combine other Web security functions in the future).
This market is evolving in a similar way to the secure e-mail gateway market of a few years ago, when enterprises transitioned from single-function antivirus gateways to multifunction gateways that handled antivirus, antispam, archiving, encryption and other functions on a single platform.
Like the leaders in the secure e-mail gateway market, the visionaries in the secure Web gateway market started with a blank sheet of paper. As a result, they have built solutions that combine high-performance engines; well-integrated, best-of-breed, third-party signature libraries; and their own “special sauce” to provide solutions that go well beyond what retrofits of legacy URL-filtering solutions can achieve.
A typical secure Web gateway will perform, at a minimum, the following protection functions:
URL filtering: Enforces acceptable-use policies by blocking access to objectionable Web sites, content and applications. This capability gives organizations the ability to design Internet-use policies to maintain employee productivity, manage network bandwidth usage, lessen legal liability and prevent exposure to Web-based malware.
Antivirus: Performs deep inspection of files coming into the organization from the Web using a variety of detection methods, including pattern matching, emulation technology and heuristic techniques, without adding separate file-scanning appliances or slowing browsing performance.
Antispyware: Performs deep inspection of files and active content coming in from the Web to prevent spyware from getting inside the network, blocks “phone home” traffic from infected PCs that may contain sensitive data, and pinpoints which machines are infected with what malware to aid in prioritization and cleanup.
Antibotnet: Detects and blocks algorithms to protect against botnet infections, prevents the spread of botnets inside the network from infected machines, and blocks bot communications to command and control servers and spam and distributed denial-of-service payloads.
Malware disinfection: Identifies infected PCs and automatically dispatches a cleanup agent for targeted malware removal.
Multiprotocol processing: Inspects all inbound, outbound and internal network traffic, across all ports and protocols, in order to detect and block Web malware when it tries to enter the network, spread within the network and phone home.
High throughput and low latency: Since the amount of Web traffic is increasing daily, secure Web gateways must be able to handle significant traffic loads. They use multiple processing engines on a single platform to achieve low latency (less than a few milliseconds), so that the user Web-browsing experience is not negatively affected.
The transition from single-purpose security products to security platforms for e-mail, the Web and the network perimeter is well under way. Considering the cost and complexity associated with tuning firewalls and IPS systems, the prospect of adding additional layers of processing to them is unfeasible for most enterprises, for technical and manageability reasons. The secure Web gateway will be the platform of choice to support a growing list of content inspection capabilities.   

Read the latest WhitePaper - IP Surveillance - The Next Generation Security Camera Application
1 | 2 |  Next >
Recent News:
· McColo takedown: Vigilantism or Neighborhood Watch?
· Spam drop could boost Trojan attacks
· Hosting firm shutdown forces botnets to relocate
· ISP cut off from Internet after security concerns
· Spam plummets after hosting service shuttered
Site Map | Recent News | Related Sites

Copyright © 2006 EmailSafety.net - All Rights Reserved.