Your SlideShare is downloading. ×
Understanding SaaS Concepts
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Understanding SaaS Concepts

972
views

Published on

Understanding SaaS Concepts with isheriff

Understanding SaaS Concepts with isheriff

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
972
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. www. isheriff .com sales@ isheriff .com Understanding SaaS Concepts Web 2.0 Security in 2010
  • 2. Email & Web 2.0 Security Today
    • The Web browser has become a universal client for the workplace:
      • Customer Services and CRM (e.g. Salesforce.com)
      • File Sharing (e.g. P2P)
      • Streaming and Social Media (e.g. YouTube, Flickr)
      • VoIP (e.g. Skype)
      • Webmail
      • Social Networking and Micro Blogging (e.g. MySpace, Twitter, Facebook, LinkedIn)
  • 3. Email & Web 2.0 Security Today
    • The Web increasingly provides critical workplace resources and communication, but security is increasingly complex and threats are more insidious:
      • In 2009 over 80% of all SMTP email was spam
        • 5-6 botnets control 90% of all spam in circulation
        • Over 200 billion spam emails per day
      • Microsoft estimates 30% of home PCs and 4% of network PCs have been infected by a botnet
        • Botnet infections occur primarily through “blended email threats”, search engine poisoning and visiting infected websites
        • Drive-by vulnerability exploits, malicious scripts and social engineering are the tools of professional hackers and malware writers – a rapidly developing profession
      • Corporate and private data are key targets but ultimately profit drives the criminals
        • Phishing emails targeting your online finances
        • Keylogger spyware to learn your passwords and account numbers
        • Malicious AV programs (AKA scareware ) pressure users to pay for useless services
        • Encryption malware locks important data and ransoms it back to victims
        • 37% and 17% of all data leakage incidents occur via the Web and email respectively
          • Network World
        • 80% of malware infected websites are legitimate
          • SC Magazine
  • 4. The State of Web 2.0 Security
    • Traditional Web Security measures aren’t working:
      • Signature-based anti-virus on its own is ineffective against the latest adaptive malware and rootkits
      • Traditional URL Filtering fails to address rapidly changing website status and security breaches
      • Signature-based anti-spam fails to look for malicious URLs and is vulnerable to blended email threats
    • On any day the News Headlines are evidence of this :
    • “ Top Search Results Riddled with Malware”
    • “ Facebook user profiles hacked, Wall feature relaying spam”
    • “ Twitter accounts compromised in torrent site scam”
    • “ Criminals exploiting flood of leaked personal data”
      • SC Magazine, Feb 2010
  • 5. The iSheriff Solution
    • iSheriff
    • SaaS
    • iSheriff SaaS provides your organization with:
    • Anti-spam filtering
    • Anti-virus and malware protection for Web and Email
    • Real-time Web 2.0 security
    • Data Leakage Prevention for Web and Email
    • Website filtering and category access management
    • Website malware protection
    • Acceptable use policy enforcement
    • Email archiving and secure email encryption services
    • Reporting services for email and Web security
  • 6. Snapshot Applying iSheriff to your daily Internet use
  • 7. Twitter / MySpace / Facebook
  • 8. Twitter / MySpace / Facebook ALERT! The requested URL has been blocked by i Sher i ff URL: http://newsnet6.com/monies Action: Blocked Reason: Security Risk More >> The website you requested was prevented from loading by iSheriff Web Security services as it is considered to be a security compliance risk. If you believe that this is an error or require urgent access to this website, please advise your Network Administrator.
  • 9. Twitter / MySpace / Facebook
    • Sites like Twitter, MySpace and Facebook are increasingly popular and many employers feel pressure to enable access to these sites during office hours
    • Spam and malicious links obfuscated via URL shortening services are common to these sites
      • E.g. http://tinyurl.com/abc123
    • Security on sites such as Twitter is a minefield
    • A users’ guard is lower on social sites as communications normally only take place between known contacts
    • Hackers utilize compromised accounts to distribute malware with anonymity
    • iSheriff protects users while they surf these sites and prevents accidental exposure to malware and other threats
  • 10. YouTube / Streaming Media
  • 11. YouTube / Streaming Media Access to youtube.com is controlled by i Sher i ff URL: http://youtube.com Action: Time Quota Restriction – 30 minutes (daily) Category: Social Media TIME REMAINING: 29 minutes More >> Access to the website you requested is controlled by iSheriff Web Security in compliance with your employer’s Internet access policies. If you believe that this is an error or require urgent access to this website, please advise your Network Administrator. OK
  • 12. YouTube / Streaming Media
    • YouTube and Flash Video typically accounts for 75%-90% of an organization’s bandwidth
    • YouTube is a key target for hackers and spammers to promote malicious URLs
    • iSheriff can apply access restrictions to YouTube, including:
      • Restricting access to non-work hours
      • Limiting time or bandwidth spent on site with personalized daily or weekly quotas
      • Prohibiting access for specific users
    • iSheriff can also protect against users clicking on a malicious link promoted via YouTube
  • 13. Sports / News / Entertainment
  • 14. Sports / News / Entertainment Access to news.bbc.co.uk/sport is controlled by i Sher i ff URL: http://news.bbc.co.uk/sport Action: Time Access Restriction – Out of Office Hours Category: Sports Restricted Hours: 09:00 – 12:00 / 13:00 – 16:30 hrs / Mon - Fri More >> Access to the website you requested is controlled by iSheriff Web Security in compliance with your employer’s Internet access policies. If you believe that this is an error or require urgent access to this website, please advise your Network Administrator. OK
  • 15. Sports / News / Entertainment
    • Sports and Entertainment sites can be a serious drain on productivity
    • Many employers permit reasonable levels of personal web use but don’t monitor for abuse
    • A typical organization can expect to find 10%-15% of all their Web activity is spent on news, sports and entertainment sites
    • iSheriff can apply access restrictions to Sports or Entertainment sites, including:
      • Restricting access to non-work hours
      • Limiting time or bandwidth spent on site with personalized daily or weekly quotas
      • Prohibiting access for specific users
      • Monitor and report on sports site activity
  • 16. Anonymous Proxy
  • 17. Anonymous Proxy ALERT! The requested URL has been blocked by i Sher i ff URL: http://youhide.com Action: Blocked Reason: Anonymous Proxy More >> The website you requested was prevented from loading by iSheriff Web Security services as it is considered to be a security compliance risk. If you believe that this is an error or require urgent access to this website, please advise your Network Administrator.
  • 18. Anonymous Proxy
    • Anonymous proxy servers represent a significant security risk to your organization
    • They are used by users who wish to specifically hide their web activity and circumvent Web security policies
    • Education institutions typically have a large number of users attempting to access anonymous proxies
    • Users may try to access prohibited content or could potentially be unprotected from downloading malware
    • iSheriff prevents access to anonymous proxy sites
  • 19. Webmail
  • 20. Webmail ALERT! An attempted file upload has been blocked by i Sher i ff File: Customer List (Copy).xlsx Action: Blocked Reason: Restricted File More >> An attempted file upload has been prevented by iSheriff Web Security services . Unauthorized attempts to transmit this file are prohibited by your employer’s data security policy. This activity has been logged. If you believe that this is an error and need to transmit this file, please advise your Network Administrator.
  • 21. Webmail
    • Webmail sites such as Hotmail and Gmail can be a data leakage risk for your organization
    • Unmonitored access to these sites opens your organization to insider threats
    • Critical data or files can be easily leaked, even unintentionally
    • iSheriff can manage user’s access to Webmail sites and control the transmission of sensitive text or files
  • 22. Spam
  • 23. Spam Your Blocked Spam Report [email_address] Spam messages blocked for you today: 87 / 105 (83% spam) The emails listed here have been quarantined as spam and will be deleted after 5 days. From Date Subject [email_address] Today Give her a nice surprise Release | Delete [email_address] Today Enlarge your member today Release | Delete [email_address] Today Designer Watch Sale Release | Delete [email_address] Today You want a mortgage? Release | Delete [email_address] Today Prescription Pills delivered Release | Delete Showing messages 1 to 5 out of 87 | Next
  • 24. Spam
    • For a typical organization, spam constitutes 80%-90% of incoming email
    • Spam is a security risk and consumes valuable resources and productivity
    • iSheriff Email Security provides extensive anti-spam services
      • Filters spam in the cloud, providing your organization with a clean email connection
      • Provides extensive reporting so you can measure anti-spam results
      • Enables end users to view and manage their quarantined messages as well as personalized spam reports
  • 25. Blended Threats
  • 26. Blended Threats An email addressed to you has been blocked by i Sher i ff [email_address] From: [email_address] To: [email_address] Subject: MySpace account update Sent: Wed 2:02pm Action: Quarantined Reason: Security Risk More >> An email addressed to you had been quarantined by iSheriff Email Security services as it is considered a security compliance risk. If you believe that this is an error and require the message, please advise your Network Administrator within 7 days before the message is permanently deleted.
  • 27. Blended Threats
    • Blended Threats are email messages that contain links to malicious Websites
    • They employ social engineering and multiple exploits or attempts to install malware on your PC
    • This example purports to be from MySpace and is intended to lure the recipient to a malicious website under this pretence
      • Note the URL
      • myspace.yyyyiuk.org.uk
    • Microsoft estimates that blended threats have resulted in malware infections on 30% of consumer PC’s and 4% of corporate PC’s in 2009
    • iSheriff protects against blended threats in multiple ways
      • Blended threats are unsolicited messages and most are caught with iSheriff anti-spam filtering
      • Messages are analysed in real-time; messages with suspicious URLs are quarantined
      • Web Security services prevent users accessing a malicious site even in the unlikely event that a blended email threat makes it to their inbox
  • 28. Malware / Virus
  • 29. Malware / Virus Virus Alert Download of the file codecinst.exe has been blocked by i Sher i ff File: codecinst.exe Action: Blocked Reason: Virus Detected More >> The file you requested was prevented from downloading by iSheriff Web Security services as a virus was detected. If you believe that this is an error or require urgent access to this file, please advise your Network Administrator.
  • 30. Malware / Virus
    • iSheriff email and Web security services both provide extensive anti-virus protection against even the latest malware
    • Email and file uploads/downloads are analyzed in real-time and scanned with multiple anti-malware technologies
      • Leading protection from Sophos Anti-Virus employs signature-based protection for rapid identification of known malware and analysis of potentially unwanted applications
      • Dynamic data modelling identifies new threat outbreaks and anomalous content by monitoring email and Web traffic across numerous domains
  • 31. www. isheriff .com sales@ isheriff .com Thank you for your time! For more information Please visit us on the Web or send us an email