Uploaded bySylCotter
739 views

Watch Guard Reputation Enabled Defense (White Paper)Dna

WatchGuard Technologies is promoting its cloud-based web security solution called Reputation Enabled Defense. This solution uses reputation scoring from a large database to determine if URLs are safe to access, allowing safe URLs to bypass antivirus scanning for faster page loading. It provides an extra layer of protection against evolving web threats in real-time without sacrificing performance. The benefits include improved security against malware, better performance through reduced scanning, and a more proactive approach to fighting threats.

Embed presentation

Download to read offline
Document Presented By Wick Hill and DNA IT River Court, Albert Drive, Woking, Surrey GU21 5RP 01483 227600 info@wickhill.co.uk www.wickhill.com/watchguard Unit J 2, Maynooth Business Campus, Maynooth, Co.Kildare +353 1 651 0300 sales@dnait.ie www.dnait.ie
Cloud-based Web Security Isn’t Hype: It’s Here and It Works June 2010 INTRODUCTION It’s not news that the web is dangerous and getting more dangerous by the day. Cyber criminals have ample economic motive and easy-to-use tools to harness the power of the web in capturing and misusing your data. What is news is that now you can protect your company’s valuable assets from web-based attacks with an innovative, effective new form of web security – cloud-based, reputation-driven defense. Web Threats are on the Rise The web is experiencing phenomenal growth, and with it, an unprecedented increase in the amount of new malware types that target web browsers, applications, and Web 2.0 infrastructure. Because cybercriminals can reap large profits from attacks that result in identity and data theft, a growing number of organized crime rings continuously fund new attempts to spread malware and acquire web users’ personal data. Through modified packing and encrypting techniques, and other obfuscation methods, attackers can now create thousands of new variants of the same threat with relatively little effort. Despite these threats, most organizations continue to leverage new web-based applications to drive revenue and efficiencies, particularly as Web 2.0 technologies deliver new ways to interact and engage with customers and stakeholders. Organizations frequently underestimate their exposure to malicious attacks. The statistics can be sobering. In 2009 alone, there was a dramatic 345% increase in the number of new malicious web links 1 discovered. These included high-profile sites, including those run by MSNBC, ZDNet, The United Nations, 1 IBM X-Force 2009 Trend and Risk Report WatchGuard Technologies www.watchguard.com
2 and Honda. According to IDC, up to 30% of companies with 500 or more staff have been infected as a 3 result of Internet surfing. In other words, anywhere web users interact, malware encounters are frequent and common. To fend off new forms of malware – including spyware, viruses, crimeware and other malicious codes – organizations must better safeguard their web security infrastructure. A reactive and fixed security infrastructure must be turned into one that is proactive and adaptable to changes in the threat landscape. There are many ways that legitimate websites can become infected. One inbound threat that has recently gained popularity among cybercriminals is the SQL injection. Hackers use SQL injections to get access to database-driven websites, planting malicious code for site visitors. This can be combined with Web 2.0-based social engineering attacks in which users believe they are being pointed to legitimate content. Compromised sites may host drive-by-downloads, where malware exploits vulnerabilities on the users’ systems to download malware without any user interaction. Common applications such as Apple QuickTime® and Adobe PDF® may be exploited. Thus, an organization’s own application vulnerabilities and web site code flaws open the door to cybercriminals seeking to infiltrate the organization. THE NEED TO BALANCE SECURITY AND PERFORMANCE Many IT security professionals face conflicting demands from management and network users when it comes to web security. The need for speed is always in demand, but delivering that speed while enhancing security for a broader, more dynamic threat environment is quite challenging. Following are some of the most frequent obstacles to achieving this goal: • A lack of additional IT budget to shore up network security • Network constraints that conflict with security issues around cloud computing • Performance degradations across the network due to additional hosted services The options for overcoming these obstacles to proactive, multi-layered security are either unappealing or insufficient. For example, one defense against the widespread proliferation of malware is to install anti- virus scanning at the gateway, capturing malware before it ever enters the network. But scanning every page and object at the URL can slow down web page delivery and affect both throughput at the device and the user experience at the browser. Some network administrators may be reluctant to use gateway anti-virus because of its performance impact. Finally, desktop or browser-based scanning solutions only catch threats once they are in the network. By the time these solutions alert users, today’s malware could have already inflicted great amounts of damage to the organization’s computing infrastructure and/or compromised sensitive data from within the organization. URL Filtering is Not Enough Since the 1990s, reputation services have been helping organizations block unwanted or bad traffic to ensure that threats never enter the network. By identifying and blocking threats at the perimeter, reputation services help prevent attacks, reduce the on-premise IT footprint required to scan traffic, and lower the costs associated with the bandwidth, hardware, and other resources required to block threats. As web technologies and the web itself have grown more sophisticated, early generation reputation 2 Gartner IT Security Conference 2009, Securing the Web Gateway, Peter Firstbrook 3 Journal Of Emerging Technologies In Web Intelligence, Vol. 2, No. 2, May 2010, Protecting Data from the Cyber Theft – A Virulent Disease www.watchguard.com page 2
services have become less effective in identifying and blocking threats. To fully understand this loss of effectiveness, it's important to understand how these services have evolved. On the dynamic web, sites are continuously updated with new content, while URLs are frequently sold and altered. So a site that is scanned and categorized as legitimate by URL filters today may become a malware hub at some later point in time. In order to properly filter out hazardous and dangerous websites, a filter cannot merely rely on a static database. According to a report by IDC, “The advances in Web 2.0 technologies require a new generation of web security tools that go well beyond traditional URL 4 filtering.” It must be as dynamic as the web itself, providing real-time threat protection. In addition, it must scale to handle the vast growth of the Internet. Effective Security is Proactive and Multi-Layered The most effective approach for defending against the web’s dynamic threats is a proactive, multi-layered approach to web Web Security Numbers security. Being proactive requires that the security solution reach A look at some of the most recent into the Internet cloud, obtain the latest threat data from multiple figures related to web security threat-monitoring sources, and prepare a network’s perimeter in demonstrates the need for IT the event that one of the threats presents itself to the network. security professionals to Effective defense is multi-layered, applying additional measures of proactively manage a broad array threat scanning, depending on the type of content that attempts to enter the network. of ever-changing threat types. • 40,000 websites per week were WatchGuard® Reputation Enabled Defense™ provides effective, compromised during 2008- instantaneous, in-depth web security in real time. Based on the 2009. 5 from-the-cloud security of WatchGuard ReputationAuthority®, Reputation Enabled Defense leverages the cloud-based • The Gumblar virus alone intelligence of millions of global sources and users, sharing compromised 60,000 6 information about threats associated with URLs and domains in websites. real-time to automatically block new threats before they enter an • In 2009, 23,500 new web pages organization's network. 7 were infected per day. WatchGuard Reputation Enabled Defense includes real-time • 0.7% of Google Search results monitoring of web traffic, including scanning of URLs, to determine display sites that have been the risk level of each and every web page before it enters the infected by malware. 8 network. The solution assesses each threat and type of network traffic. By scanning for hostile content and blocking malicious URLs • The Mal/Bredo malware had at the connection level, Reputation Enabled Defense bridges the 838 variants during the first 9 web security gap left exposed by simple URL filtering, provides quarter of 2010. safer web surfing and faster web performance. 4 IDC, Worldwide Web Security 2009-1013 Forecast and 2008 Marketshares: It’s All About Web 2.0 You TwitFace, August 2009 5 Google Online Security Blog, Malware Statistics Update, August 25, 2009 6 Google Online Security Blog, Top 10 Malware Sites, June 3, 2009 7 Sophos, Sophos Security Threat Report, July 2009 8 Google Online Security Blog, Malware Statistics Update, August 25, 2009 9 Commtouch, Well-known Web Names Misused to Give Spam Deceptive Legitimacy, According to New Report by Commtouch, April 14, 2010 www.watchguard.com page 3
WHAT TO LOOK FOR IN REPUTATION SERVICES Reputation services complement gateway antivirus and traditional desktop solutions by providing improved performance and an additional layer of protection. Unlike traditional gateway anti-virus solutions, which typically update signatures on an hourly or daily basis, reputation services provide the equivalent of real-time updates of malware intelligence. The broader and improved URL reputation data they provide result in greater protection from web threats and faster, more productive web surfing. However, not all reputation services function in the same manner, so IT security professionals should exercise caution when evaluating potential solutions. Many reputation services are implemented as plug-ins that prevent users from visiting web sites known for malware or phishing. By contrast, WatchGuard has adapted a contributor approach to reputation services to offer next-generation reputation services. WatchGuard’s reputation and connection management approach reflects the belief that, to be truly effective and proactively prevent against evolving threats, reputation services must be a true zero-hour first line of defense. They must not act simply as a monitoring system that relies on static databases, as most reputation services on the market do today. Rather, to achieve proactive, adaptive identification, the WatchGuard approach is to manage web threats at the connection level, and to perform in-depth analysis at the gateway layer. It then contributes the findings from the gateway to the reputation service in real time, harnessing the intelligence of millions of global users and sources for more powerful and intelligent protection from malicious URLs and web threats. WatchGuard Reputation Enabled Defense users can choose to bypass anti-virus and other scanning functions for URLs that are known to have a current good reputation, saving time and helping to maintain performance levels. WatchGuard Reputation Enabled Defense WatchGuard Reputation Enabled Defense is available on WatchGuard’s line of multi-function firewall, unified threat management (XTM) appliances, as well as on its XCS extensible content security appliances by adding a web security subscription. It provides a cloud-based reputation lookup to identify safe or harmful URLs. Harnessing threat intelligence from millions of users worldwide, Reputation Enabled Defense offers an extra layer of protection that acts as a powerful first line of defense from web threats. By preempting threats before they enter the network, Reputation Enabled Defense helps reduce computing overhead incurred by anti-virus scanning, particularly costly on-box scanning at the gateway, and helps speed delivery of approved content. In essence, WatchGuard takes web security beyond the box and network, managing as much as possible in the cloud. How Reputation Enabled Defense works As a cloud-assisted service, Reputation Enabled Defense provides instantaneous security that is updated continuously. Not only does it improve proactive security, it helps organizations take advantage of greater computing and processor power from servers hosted in the cloud. IT can save valuable processor resources on local appliances. As a result, more users can be served at higher rates of throughput – for less money. Figure 1 below provides an overview of how Reputation Enabled Defense works to enhance web security. The core of the service is its cloud-based reputation-scoring database – the industry’s most comprehensive database – and an on-appliance query system. www.watchguard.com page 4
Give users a faster, safer web surfing experience Figure 1: Reputation Enabled Defense uses a powerful, cloud-based database to allow safe traffic in while keeping bad traffic out. Only unknown traffic is directed to further AV scanning, for substantial gains in web processing time. When a web user browses to a URL, the WatchGuard appliance checks a local cache for that URL’s reputation scores. If the result is not found in the local cache, WatchGuard then queries its cloud-based ReputationAuthority server for a reputation score for the URL. If the URL has a good reputation, the appliance approves the URL and bypasses local anti-virus scanning, allowing for faster page rendering and content delivery. In the event that a URL is deemed to have a bad reputation (i.e., it contains hostile web threats), the WatchGuard appliance blocks the URL outright, immediately protecting users from malicious content and again bypassing local anti-virus scanning. If a URL’s score appears in the gray area between good and bad, or if there is no score available, the appliance performs its routine defense-in-depth web security checks and then passes or blocks the URL based on these checks. WatchGuard recognizes that all organizations use the web differently. That is why Reputation Enabled Defense is fully configurable. Today’s threats introduce the possibility for normally safe web sites to become compromised within seconds of their last scan. Administrators can optionally choose not to use the feature that bypasses scanning of URLs with good reputation. A True Service that Pays for Itself WatchGuard ensures that Reputation Enabled Defense is delivering the strongest possible security with the lowest resource usage. WatchGuard manages the growth of the URL Reputation database via multiple feeds and aggregated data. This is a continuous and ongoing process, performed by WatchGuard, enabling customers to benefit from far greater intelligence and security than they have implemented in their own environment. Reputation Enabled Defense typically allows the bypass of antivirus scanning for 30-50% of URLs, with an accompanying increase in web browsing speed and throughput at the multi-function firewall. With the www.watchguard.com page 5
web’s top URLs always clearly rated and always in the reputation database, anti-virus scanning for these URLs can be bypassed at very low risk. This maximizes performance without sacrificing security when visiting these sites. BENEFITS OF REPUTATION ENABLED DEFENSE WatchGuard Reputation Enabled Defense provides a broad set of security and performance benefits arising from the ability to perform proactive security measures in the cloud. Below are the most salient benefits for IT and network administrators. Security  Organizations can protect their valuable data by increasing efficacy and catch rate of every URL- based type of malware.  Administrators gain comfort in knowing that unsafe URLs face multiple levels of automated protection prior to gaining network access.  The full power and knowledge of the broad WatchGuard user community is brought to bear on the network’s security stance through cloud-based security.  Administrators can strike the ideal balance of security and performance by monitoring scan results and modifying system configurations. Performance  Administrators can deliver higher performance to the business and raise user satisfaction levels by minimizing URL scanning and gaining higher throughput at the gateway.  Administrators can reduce bandwidth and processing cycles with connection-level rejections of bad web sites.  The most frequented URLs are regularly updated in the ReputationAuthority database because the WatchGuard technology learns which URLs are popular. Proactively Fight Malware Malware continues to spread across the web. The ability of a single organization’s IT staff to monitor and protect against all threats is eaten away by growing threat volumes and by new and ever-morphing threat variations. That is why WatchGuard is constantly pushing the envelope to improve methods for proactive and cloud-based security, taking into account the critical balance that must be maintained between security and performance. WatchGuard Reputation Enabled Defense enables organizations to proactively fight the threat of malware without sacrificing user experience and network performance. In fact, WatchGuard is the only UTM/multi- function firewall vendor with a URL reputation solution at the gateway. WatchGuard customers with Reputation Enabled Defense protecting their networks benefit from multiple outstanding anti-malware technologies that provide more coverage than systems that rely on just one anti-malware source. And benefits of Reputation Enabled Defense extend to all participating customers, because the cloud-based service dynamically protects them from newly discovered threats in real time. By making the incremental investment in Reputation Enabled Defense, customers will gain exponential levels of protection. Why wait? The cybercriminals are acting now. Get one step ahead of them. www.watchguard.com page 6
MORE INFORMATION To find out more about Reputation Enabled Defense and WatchGuard XTM security solutions, contact your authorized WatchGuard reseller, visit www.watchguard.com/red, or call WatchGuard directly at +1.800.734.9905 (North America) or +1.206.613.0895 (international). NOTE: Reputation Enabled Defense is available as a subscription for all WatchGuard XTM 2, 5, 8, and 10 Series Unified Threat Management appliances. For WatchGuard XCS appliances, URL reputation enabled defense is available with the purchase of the XCS Web Security subscription. Every WatchGuard XCS appliance includes ReputationAuthority, an IP reputation-enabled defense for enterprise-class email security. ADDRESS: ABOUT WATCHGUARD 505 Fifth Avenue South Since 1996, WatchGuard Technologies has provided reliable, easy to manage security appliances to Suite 500 hundreds of thousands of businesses worldwide. WatchGuard’s award-winning extensible threat Seattle, WA 98104 management (XTM) network security solutions combine firewall, VPN, and security services. The extensible content security (XCS) appliances offer content security across email and web, as well as WEB: data loss prevention. More than 15,000 partners represent WatchGuard in 120 countries. www.watchguard.com WatchGuard is headquartered in Seattle, Washington, with offices in North America, Latin America, Europe, and Asia Pacific. For more information, please visit www.watchguard.com. NORTH AMERICA SALES: +1.800.734.9905 No express or implied warranties are provided for herein. All specifications are subject to change and any expected future products, features, or functionality will be provided on an if and when available INTERNATIONAL SALES: basis. ©2010 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard Logo, +1.206.613.0895 and WatchGuard ReputationAuthority are either registered trademarks or trademarks of WatchGuard Technologies, Inc. in the United States and/or other countries. All other trademarks and tradenames are the property of their respective owners. Part.No. WGCE66705_061710 www.watchguard.com page 7

More Related Content

PDF
State of Internet 2H 2008
byKim Jensen
 
PDF
Mitigating Web 2.0 Threats
byKim Jensen
 
PDF
Advanced Web Security Deployment
byCisco Canada
 
PDF
Cisco Content Security
byCisco Canada
 
PDF
Five Network Security Threats And How To Protect Your Business Wp101112
byErik Ginalick
 
PPTX
Cisco Web and Email Security Overview
byCisco Security
 
PDF
Product Innovation Award 2009
byKim Jensen
 
PDF
Scansafe Annual Global Threat Report 2009
byKim Jensen
 
State of Internet 2H 2008
byKim Jensen
 
Mitigating Web 2.0 Threats
byKim Jensen
 
Advanced Web Security Deployment
byCisco Canada
 
Cisco Content Security
byCisco Canada
 
Five Network Security Threats And How To Protect Your Business Wp101112
byErik Ginalick
 
Cisco Web and Email Security Overview
byCisco Security
 
Product Innovation Award 2009
byKim Jensen
 
Scansafe Annual Global Threat Report 2009
byKim Jensen
 

What's hot

PDF
Cybercriminals and security attacks
byGFI Software
 
PDF
Microsoft Cyber Defense Operation Center Strategy
byIoannis Aligizakis, M.Sc.
 
PDF
security_secure_pipes_frost_whitepaper
byAlan Rudd
 
PDF
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
byBriskinfosec Technology and Consulting
 
PDF
INSECURE Magazine - 39
byFelipe Prado
 
PDF
Security_prediction_2014
byTruong Minh Yen
 
PDF
Microsoft Security Intelligence Report vol. 21
byIoannis Aligizakis, M.Sc.
 
PDF
2016 Trends in Security
byIoannis Aligizakis, M.Sc.
 
PPT
The Future of Cyber Security
byStephen Lahanas
 
PPTX
Symantec Security Refresh Webinar
byArrow ECS UK
 
PDF
MainPaper_4.0
byvarun4110
 
PDF
Topsec email security 2016
byNathan CAVRIL
 
PPTX
Scot Secure 2015
byRay Bugg
 
PDF
Security/Compliance - Advanced Threat Detection and Compliance
byAdvanced Technology Consulting (ATC)
 
PDF
Advanced Threat Detection in ICS – SCADA Environments
byLondon School of Cyber Security
 
PDF
Tt 06-ck
byNarinrit Prem-apiwathanokul
 
DOCX
What you need to know about cyber security
byCarol Meng-Shih Wang
 
PDF
NATO Cyber Security Conference: Creating IT-Security Start-Ups
byBenjamin Rohé
 
PPTX
Owasp e crime-london-2012-final
byMarco Morana
 
PDF
Cisco 2014 Midyear Security Report
byCisco Security
 
Cybercriminals and security attacks
byGFI Software
 
Microsoft Cyber Defense Operation Center Strategy
byIoannis Aligizakis, M.Sc.
 
security_secure_pipes_frost_whitepaper
byAlan Rudd
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
byBriskinfosec Technology and Consulting
 
INSECURE Magazine - 39
byFelipe Prado
 
Security_prediction_2014
byTruong Minh Yen
 
Microsoft Security Intelligence Report vol. 21
byIoannis Aligizakis, M.Sc.
 
2016 Trends in Security
byIoannis Aligizakis, M.Sc.
 
The Future of Cyber Security
byStephen Lahanas
 
Symantec Security Refresh Webinar
byArrow ECS UK
 
MainPaper_4.0
byvarun4110
 
Topsec email security 2016
byNathan CAVRIL
 
Scot Secure 2015
byRay Bugg
 
Security/Compliance - Advanced Threat Detection and Compliance
byAdvanced Technology Consulting (ATC)
 
Advanced Threat Detection in ICS – SCADA Environments
byLondon School of Cyber Security
 
Tt 06-ck
byNarinrit Prem-apiwathanokul
 
What you need to know about cyber security
byCarol Meng-Shih Wang
 
NATO Cyber Security Conference: Creating IT-Security Start-Ups
byBenjamin Rohé
 
Owasp e crime-london-2012-final
byMarco Morana
 
Cisco 2014 Midyear Security Report
byCisco Security
 

Viewers also liked

PPT
Faimosul numar e
bymarcelavmihai
 
PDF
Dna It Solutions Cloud Computing Presentation
bySylCotter
 
DOC
τηλεργασία
bynikosas
 
PPT
Prezentarea de impact
bymarcelavmihai
 
PPT
Nicholas georgescu – roegen
bymarcelavmihai
 
PPT
Metoda de inducție
bymarcelavmihai
 
PPTX
Matematica intre ieri si maine
bymarcelavmihai
 
PDF
Practical Advantages Of Fireware® Xtm For Hands On It Administrators Dna
bySylCotter
 
Faimosul numar e
bymarcelavmihai
 
Dna It Solutions Cloud Computing Presentation
bySylCotter
 
τηλεργασία
bynikosas
 
Prezentarea de impact
bymarcelavmihai
 
Nicholas georgescu – roegen
bymarcelavmihai
 
Metoda de inducție
bymarcelavmihai
 
Matematica intre ieri si maine
bymarcelavmihai
 
Practical Advantages Of Fireware® Xtm For Hands On It Administrators Dna
bySylCotter
 

Similar to Watch Guard Reputation Enabled Defense (White Paper)Dna

PDF
Advanced security - Seccom Global
byKim Tu
 
PDF
Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...
byINSPIRIT BRASIL
 
PPT
Security Lifecycle Management Process
byBill Ross
 
PDF
5 network-security-threats
byReadWrite
 
PPTX
An introduction to Unified Threat Management (UTM), for Dummies
byElsa Cariello
 
PDF
Information Security
byMadushan Sandaruwan
 
PDF
Cyber Security in a Fully Mobile World
byUniversity of Suffolk
 
PPT
Bright talk intrusion prevention are we joking - henshaw july 2010 a
byMark Henshaw
 
PDF
Countering Cyber Threats By Monitoring “Normal” Website Behavior
byEMC
 
PPT
Secure by design and secure software development
byBill Ross
 
PDF
Data security in cloud
byInterop
 
PPTX
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
byTripwire
 
PDF
2013 global security report
byYury Chemerkin
 
PDF
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
byIJNSA Journal
 
PPTX
Top Application Security Trends of 2012
byDaveEdwards12
 
PDF
People the biggest cyber risk
byUniversity of Suffolk
 
PDF
Cloudy Wpcybersecurity
byathkeb
 
PDF
Cyber security general perspective a
bymarukanda
 
PPTX
Spiceworld 2011 - AppRiver breakout session
byShane Rice
 
PPTX
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
byAndrew Gerber
 
Advanced security - Seccom Global
byKim Tu
 
Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...
byINSPIRIT BRASIL
 
Security Lifecycle Management Process
byBill Ross
 
5 network-security-threats
byReadWrite
 
An introduction to Unified Threat Management (UTM), for Dummies
byElsa Cariello
 
Information Security
byMadushan Sandaruwan
 
Cyber Security in a Fully Mobile World
byUniversity of Suffolk
 
Bright talk intrusion prevention are we joking - henshaw july 2010 a
byMark Henshaw
 
Countering Cyber Threats By Monitoring “Normal” Website Behavior
byEMC
 
Secure by design and secure software development
byBill Ross
 
Data security in cloud
byInterop
 
Cyber Threat Jujitsu 101: Acknowledge. Assess. Avoid. Address.
byTripwire
 
2013 global security report
byYury Chemerkin
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
byIJNSA Journal
 
Top Application Security Trends of 2012
byDaveEdwards12
 
People the biggest cyber risk
byUniversity of Suffolk
 
Cloudy Wpcybersecurity
byathkeb
 
Cyber security general perspective a
bymarukanda
 
Spiceworld 2011 - AppRiver breakout session
byShane Rice
 
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
byAndrew Gerber
 

Watch Guard Reputation Enabled Defense (White Paper)Dna

  • 1.
    Document Presented ByWick Hill and DNA IT River Court, Albert Drive, Woking, Surrey GU21 5RP 01483 227600 info@wickhill.co.uk www.wickhill.com/watchguard Unit J 2, Maynooth Business Campus, Maynooth, Co.Kildare +353 1 651 0300 sales@dnait.ie www.dnait.ie
  • 2.
    Cloud-based Web SecurityIsn’t Hype: It’s Here and It Works June 2010 INTRODUCTION It’s not news that the web is dangerous and getting more dangerous by the day. Cyber criminals have ample economic motive and easy-to-use tools to harness the power of the web in capturing and misusing your data. What is news is that now you can protect your company’s valuable assets from web-based attacks with an innovative, effective new form of web security – cloud-based, reputation-driven defense. Web Threats are on the Rise The web is experiencing phenomenal growth, and with it, an unprecedented increase in the amount of new malware types that target web browsers, applications, and Web 2.0 infrastructure. Because cybercriminals can reap large profits from attacks that result in identity and data theft, a growing number of organized crime rings continuously fund new attempts to spread malware and acquire web users’ personal data. Through modified packing and encrypting techniques, and other obfuscation methods, attackers can now create thousands of new variants of the same threat with relatively little effort. Despite these threats, most organizations continue to leverage new web-based applications to drive revenue and efficiencies, particularly as Web 2.0 technologies deliver new ways to interact and engage with customers and stakeholders. Organizations frequently underestimate their exposure to malicious attacks. The statistics can be sobering. In 2009 alone, there was a dramatic 345% increase in the number of new malicious web links 1 discovered. These included high-profile sites, including those run by MSNBC, ZDNet, The United Nations, 1 IBM X-Force 2009 Trend and Risk Report WatchGuard Technologies www.watchguard.com
  • 3.
    2 and Honda. Accordingto IDC, up to 30% of companies with 500 or more staff have been infected as a 3 result of Internet surfing. In other words, anywhere web users interact, malware encounters are frequent and common. To fend off new forms of malware – including spyware, viruses, crimeware and other malicious codes – organizations must better safeguard their web security infrastructure. A reactive and fixed security infrastructure must be turned into one that is proactive and adaptable to changes in the threat landscape. There are many ways that legitimate websites can become infected. One inbound threat that has recently gained popularity among cybercriminals is the SQL injection. Hackers use SQL injections to get access to database-driven websites, planting malicious code for site visitors. This can be combined with Web 2.0-based social engineering attacks in which users believe they are being pointed to legitimate content. Compromised sites may host drive-by-downloads, where malware exploits vulnerabilities on the users’ systems to download malware without any user interaction. Common applications such as Apple QuickTime® and Adobe PDF® may be exploited. Thus, an organization’s own application vulnerabilities and web site code flaws open the door to cybercriminals seeking to infiltrate the organization. THE NEED TO BALANCE SECURITY AND PERFORMANCE Many IT security professionals face conflicting demands from management and network users when it comes to web security. The need for speed is always in demand, but delivering that speed while enhancing security for a broader, more dynamic threat environment is quite challenging. Following are some of the most frequent obstacles to achieving this goal: • A lack of additional IT budget to shore up network security • Network constraints that conflict with security issues around cloud computing • Performance degradations across the network due to additional hosted services The options for overcoming these obstacles to proactive, multi-layered security are either unappealing or insufficient. For example, one defense against the widespread proliferation of malware is to install anti- virus scanning at the gateway, capturing malware before it ever enters the network. But scanning every page and object at the URL can slow down web page delivery and affect both throughput at the device and the user experience at the browser. Some network administrators may be reluctant to use gateway anti-virus because of its performance impact. Finally, desktop or browser-based scanning solutions only catch threats once they are in the network. By the time these solutions alert users, today’s malware could have already inflicted great amounts of damage to the organization’s computing infrastructure and/or compromised sensitive data from within the organization. URL Filtering is Not Enough Since the 1990s, reputation services have been helping organizations block unwanted or bad traffic to ensure that threats never enter the network. By identifying and blocking threats at the perimeter, reputation services help prevent attacks, reduce the on-premise IT footprint required to scan traffic, and lower the costs associated with the bandwidth, hardware, and other resources required to block threats. As web technologies and the web itself have grown more sophisticated, early generation reputation 2 Gartner IT Security Conference 2009, Securing the Web Gateway, Peter Firstbrook 3 Journal Of Emerging Technologies In Web Intelligence, Vol. 2, No. 2, May 2010, Protecting Data from the Cyber Theft – A Virulent Disease www.watchguard.com page 2
  • 4.
    services have becomeless effective in identifying and blocking threats. To fully understand this loss of effectiveness, it's important to understand how these services have evolved. On the dynamic web, sites are continuously updated with new content, while URLs are frequently sold and altered. So a site that is scanned and categorized as legitimate by URL filters today may become a malware hub at some later point in time. In order to properly filter out hazardous and dangerous websites, a filter cannot merely rely on a static database. According to a report by IDC, “The advances in Web 2.0 technologies require a new generation of web security tools that go well beyond traditional URL 4 filtering.” It must be as dynamic as the web itself, providing real-time threat protection. In addition, it must scale to handle the vast growth of the Internet. Effective Security is Proactive and Multi-Layered The most effective approach for defending against the web’s dynamic threats is a proactive, multi-layered approach to web Web Security Numbers security. Being proactive requires that the security solution reach A look at some of the most recent into the Internet cloud, obtain the latest threat data from multiple figures related to web security threat-monitoring sources, and prepare a network’s perimeter in demonstrates the need for IT the event that one of the threats presents itself to the network. security professionals to Effective defense is multi-layered, applying additional measures of proactively manage a broad array threat scanning, depending on the type of content that attempts to enter the network. of ever-changing threat types. • 40,000 websites per week were WatchGuard® Reputation Enabled Defense™ provides effective, compromised during 2008- instantaneous, in-depth web security in real time. Based on the 2009. 5 from-the-cloud security of WatchGuard ReputationAuthority®, Reputation Enabled Defense leverages the cloud-based • The Gumblar virus alone intelligence of millions of global sources and users, sharing compromised 60,000 6 information about threats associated with URLs and domains in websites. real-time to automatically block new threats before they enter an • In 2009, 23,500 new web pages organization's network. 7 were infected per day. WatchGuard Reputation Enabled Defense includes real-time • 0.7% of Google Search results monitoring of web traffic, including scanning of URLs, to determine display sites that have been the risk level of each and every web page before it enters the infected by malware. 8 network. The solution assesses each threat and type of network traffic. By scanning for hostile content and blocking malicious URLs • The Mal/Bredo malware had at the connection level, Reputation Enabled Defense bridges the 838 variants during the first 9 web security gap left exposed by simple URL filtering, provides quarter of 2010. safer web surfing and faster web performance. 4 IDC, Worldwide Web Security 2009-1013 Forecast and 2008 Marketshares: It’s All About Web 2.0 You TwitFace, August 2009 5 Google Online Security Blog, Malware Statistics Update, August 25, 2009 6 Google Online Security Blog, Top 10 Malware Sites, June 3, 2009 7 Sophos, Sophos Security Threat Report, July 2009 8 Google Online Security Blog, Malware Statistics Update, August 25, 2009 9 Commtouch, Well-known Web Names Misused to Give Spam Deceptive Legitimacy, According to New Report by Commtouch, April 14, 2010 www.watchguard.com page 3
  • 5.
    WHAT TO LOOKFOR IN REPUTATION SERVICES Reputation services complement gateway antivirus and traditional desktop solutions by providing improved performance and an additional layer of protection. Unlike traditional gateway anti-virus solutions, which typically update signatures on an hourly or daily basis, reputation services provide the equivalent of real-time updates of malware intelligence. The broader and improved URL reputation data they provide result in greater protection from web threats and faster, more productive web surfing. However, not all reputation services function in the same manner, so IT security professionals should exercise caution when evaluating potential solutions. Many reputation services are implemented as plug-ins that prevent users from visiting web sites known for malware or phishing. By contrast, WatchGuard has adapted a contributor approach to reputation services to offer next-generation reputation services. WatchGuard’s reputation and connection management approach reflects the belief that, to be truly effective and proactively prevent against evolving threats, reputation services must be a true zero-hour first line of defense. They must not act simply as a monitoring system that relies on static databases, as most reputation services on the market do today. Rather, to achieve proactive, adaptive identification, the WatchGuard approach is to manage web threats at the connection level, and to perform in-depth analysis at the gateway layer. It then contributes the findings from the gateway to the reputation service in real time, harnessing the intelligence of millions of global users and sources for more powerful and intelligent protection from malicious URLs and web threats. WatchGuard Reputation Enabled Defense users can choose to bypass anti-virus and other scanning functions for URLs that are known to have a current good reputation, saving time and helping to maintain performance levels. WatchGuard Reputation Enabled Defense WatchGuard Reputation Enabled Defense is available on WatchGuard’s line of multi-function firewall, unified threat management (XTM) appliances, as well as on its XCS extensible content security appliances by adding a web security subscription. It provides a cloud-based reputation lookup to identify safe or harmful URLs. Harnessing threat intelligence from millions of users worldwide, Reputation Enabled Defense offers an extra layer of protection that acts as a powerful first line of defense from web threats. By preempting threats before they enter the network, Reputation Enabled Defense helps reduce computing overhead incurred by anti-virus scanning, particularly costly on-box scanning at the gateway, and helps speed delivery of approved content. In essence, WatchGuard takes web security beyond the box and network, managing as much as possible in the cloud. How Reputation Enabled Defense works As a cloud-assisted service, Reputation Enabled Defense provides instantaneous security that is updated continuously. Not only does it improve proactive security, it helps organizations take advantage of greater computing and processor power from servers hosted in the cloud. IT can save valuable processor resources on local appliances. As a result, more users can be served at higher rates of throughput – for less money. Figure 1 below provides an overview of how Reputation Enabled Defense works to enhance web security. The core of the service is its cloud-based reputation-scoring database – the industry’s most comprehensive database – and an on-appliance query system. www.watchguard.com page 4
  • 6.
    Give users afaster, safer web surfing experience Figure 1: Reputation Enabled Defense uses a powerful, cloud-based database to allow safe traffic in while keeping bad traffic out. Only unknown traffic is directed to further AV scanning, for substantial gains in web processing time. When a web user browses to a URL, the WatchGuard appliance checks a local cache for that URL’s reputation scores. If the result is not found in the local cache, WatchGuard then queries its cloud-based ReputationAuthority server for a reputation score for the URL. If the URL has a good reputation, the appliance approves the URL and bypasses local anti-virus scanning, allowing for faster page rendering and content delivery. In the event that a URL is deemed to have a bad reputation (i.e., it contains hostile web threats), the WatchGuard appliance blocks the URL outright, immediately protecting users from malicious content and again bypassing local anti-virus scanning. If a URL’s score appears in the gray area between good and bad, or if there is no score available, the appliance performs its routine defense-in-depth web security checks and then passes or blocks the URL based on these checks. WatchGuard recognizes that all organizations use the web differently. That is why Reputation Enabled Defense is fully configurable. Today’s threats introduce the possibility for normally safe web sites to become compromised within seconds of their last scan. Administrators can optionally choose not to use the feature that bypasses scanning of URLs with good reputation. A True Service that Pays for Itself WatchGuard ensures that Reputation Enabled Defense is delivering the strongest possible security with the lowest resource usage. WatchGuard manages the growth of the URL Reputation database via multiple feeds and aggregated data. This is a continuous and ongoing process, performed by WatchGuard, enabling customers to benefit from far greater intelligence and security than they have implemented in their own environment. Reputation Enabled Defense typically allows the bypass of antivirus scanning for 30-50% of URLs, with an accompanying increase in web browsing speed and throughput at the multi-function firewall. With the www.watchguard.com page 5
  • 7.
    web’s top URLsalways clearly rated and always in the reputation database, anti-virus scanning for these URLs can be bypassed at very low risk. This maximizes performance without sacrificing security when visiting these sites. BENEFITS OF REPUTATION ENABLED DEFENSE WatchGuard Reputation Enabled Defense provides a broad set of security and performance benefits arising from the ability to perform proactive security measures in the cloud. Below are the most salient benefits for IT and network administrators. Security  Organizations can protect their valuable data by increasing efficacy and catch rate of every URL- based type of malware.  Administrators gain comfort in knowing that unsafe URLs face multiple levels of automated protection prior to gaining network access.  The full power and knowledge of the broad WatchGuard user community is brought to bear on the network’s security stance through cloud-based security.  Administrators can strike the ideal balance of security and performance by monitoring scan results and modifying system configurations. Performance  Administrators can deliver higher performance to the business and raise user satisfaction levels by minimizing URL scanning and gaining higher throughput at the gateway.  Administrators can reduce bandwidth and processing cycles with connection-level rejections of bad web sites.  The most frequented URLs are regularly updated in the ReputationAuthority database because the WatchGuard technology learns which URLs are popular. Proactively Fight Malware Malware continues to spread across the web. The ability of a single organization’s IT staff to monitor and protect against all threats is eaten away by growing threat volumes and by new and ever-morphing threat variations. That is why WatchGuard is constantly pushing the envelope to improve methods for proactive and cloud-based security, taking into account the critical balance that must be maintained between security and performance. WatchGuard Reputation Enabled Defense enables organizations to proactively fight the threat of malware without sacrificing user experience and network performance. In fact, WatchGuard is the only UTM/multi- function firewall vendor with a URL reputation solution at the gateway. WatchGuard customers with Reputation Enabled Defense protecting their networks benefit from multiple outstanding anti-malware technologies that provide more coverage than systems that rely on just one anti-malware source. And benefits of Reputation Enabled Defense extend to all participating customers, because the cloud-based service dynamically protects them from newly discovered threats in real time. By making the incremental investment in Reputation Enabled Defense, customers will gain exponential levels of protection. Why wait? The cybercriminals are acting now. Get one step ahead of them. www.watchguard.com page 6
  • 8.
    MORE INFORMATION To findout more about Reputation Enabled Defense and WatchGuard XTM security solutions, contact your authorized WatchGuard reseller, visit www.watchguard.com/red, or call WatchGuard directly at +1.800.734.9905 (North America) or +1.206.613.0895 (international). NOTE: Reputation Enabled Defense is available as a subscription for all WatchGuard XTM 2, 5, 8, and 10 Series Unified Threat Management appliances. For WatchGuard XCS appliances, URL reputation enabled defense is available with the purchase of the XCS Web Security subscription. Every WatchGuard XCS appliance includes ReputationAuthority, an IP reputation-enabled defense for enterprise-class email security. ADDRESS: ABOUT WATCHGUARD 505 Fifth Avenue South Since 1996, WatchGuard Technologies has provided reliable, easy to manage security appliances to Suite 500 hundreds of thousands of businesses worldwide. WatchGuard’s award-winning extensible threat Seattle, WA 98104 management (XTM) network security solutions combine firewall, VPN, and security services. The extensible content security (XCS) appliances offer content security across email and web, as well as WEB: data loss prevention. More than 15,000 partners represent WatchGuard in 120 countries. www.watchguard.com WatchGuard is headquartered in Seattle, Washington, with offices in North America, Latin America, Europe, and Asia Pacific. For more information, please visit www.watchguard.com. NORTH AMERICA SALES: +1.800.734.9905 No express or implied warranties are provided for herein. All specifications are subject to change and any expected future products, features, or functionality will be provided on an if and when available INTERNATIONAL SALES: basis. ©2010 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard Logo, +1.206.613.0895 and WatchGuard ReputationAuthority are either registered trademarks or trademarks of WatchGuard Technologies, Inc. in the United States and/or other countries. All other trademarks and tradenames are the property of their respective owners. Part.No. WGCE66705_061710 www.watchguard.com page 7