SlideShare a Scribd company logo

Watch Guard Reputation Enabled Defense (White Paper)Dna

S
SylCotter

WatchGuard Technologies is promoting its cloud-based web security solution called Reputation Enabled Defense. This solution uses reputation scoring from a large database to determine if URLs are safe to access, allowing safe URLs to bypass antivirus scanning for faster page loading. It provides an extra layer of protection against evolving web threats in real-time without sacrificing performance. The benefits include improved security against malware, better performance through reduced scanning, and a more proactive approach to fighting threats.

1 of 8
Download to read offline
Document Presented By Wick Hill and DNA IT River Court, Albert Drive, Woking, Surrey GU21 5RP 01483 227600 info@wickhill.co.uk www.wickhill.com/watchguard Unit J 2, Maynooth Business Campus, Maynooth, Co.Kildare +353 1 651 0300 sales@dnait.ie www.dnait.ie
Cloud-based Web Security Isn’t Hype: It’s Here and It Works June 2010 INTRODUCTION It’s not news that the web is dangerous and getting more dangerous by the day. Cyber criminals have ample economic motive and easy-to-use tools to harness the power of the web in capturing and misusing your data. What is news is that now you can protect your company’s valuable assets from web-based attacks with an innovative, effective new form of web security – cloud-based, reputation-driven defense. Web Threats are on the Rise The web is experiencing phenomenal growth, and with it, an unprecedented increase in the amount of new malware types that target web browsers, applications, and Web 2.0 infrastructure. Because cybercriminals can reap large profits from attacks that result in identity and data theft, a growing number of organized crime rings continuously fund new attempts to spread malware and acquire web users’ personal data. Through modified packing and encrypting techniques, and other obfuscation methods, attackers can now create thousands of new variants of the same threat with relatively little effort. Despite these threats, most organizations continue to leverage new web-based applications to drive revenue and efficiencies, particularly as Web 2.0 technologies deliver new ways to interact and engage with customers and stakeholders. Organizations frequently underestimate their exposure to malicious attacks. The statistics can be sobering. In 2009 alone, there was a dramatic 345% increase in the number of new malicious web links 1 discovered. These included high-profile sites, including those run by MSNBC, ZDNet, The United Nations, 1 IBM X-Force 2009 Trend and Risk Report WatchGuard Technologies www.watchguard.com
2 and Honda. According to IDC, up to 30% of companies with 500 or more staff have been infected as a 3 result of Internet surfing. In other words, anywhere web users interact, malware encounters are frequent and common. To fend off new forms of malware – including spyware, viruses, crimeware and other malicious codes – organizations must better safeguard their web security infrastructure. A reactive and fixed security infrastructure must be turned into one that is proactive and adaptable to changes in the threat landscape. There are many ways that legitimate websites can become infected. One inbound threat that has recently gained popularity among cybercriminals is the SQL injection. Hackers use SQL injections to get access to database-driven websites, planting malicious code for site visitors. This can be combined with Web 2.0-based social engineering attacks in which users believe they are being pointed to legitimate content. Compromised sites may host drive-by-downloads, where malware exploits vulnerabilities on the users’ systems to download malware without any user interaction. Common applications such as Apple QuickTime® and Adobe PDF® may be exploited. Thus, an organization’s own application vulnerabilities and web site code flaws open the door to cybercriminals seeking to infiltrate the organization. THE NEED TO BALANCE SECURITY AND PERFORMANCE Many IT security professionals face conflicting demands from management and network users when it comes to web security. The need for speed is always in demand, but delivering that speed while enhancing security for a broader, more dynamic threat environment is quite challenging. Following are some of the most frequent obstacles to achieving this goal: • A lack of additional IT budget to shore up network security • Network constraints that conflict with security issues around cloud computing • Performance degradations across the network due to additional hosted services The options for overcoming these obstacles to proactive, multi-layered security are either unappealing or insufficient. For example, one defense against the widespread proliferation of malware is to install anti- virus scanning at the gateway, capturing malware before it ever enters the network. But scanning every page and object at the URL can slow down web page delivery and affect both throughput at the device and the user experience at the browser. Some network administrators may be reluctant to use gateway anti-virus because of its performance impact. Finally, desktop or browser-based scanning solutions only catch threats once they are in the network. By the time these solutions alert users, today’s malware could have already inflicted great amounts of damage to the organization’s computing infrastructure and/or compromised sensitive data from within the organization. URL Filtering is Not Enough Since the 1990s, reputation services have been helping organizations block unwanted or bad traffic to ensure that threats never enter the network. By identifying and blocking threats at the perimeter, reputation services help prevent attacks, reduce the on-premise IT footprint required to scan traffic, and lower the costs associated with the bandwidth, hardware, and other resources required to block threats. As web technologies and the web itself have grown more sophisticated, early generation reputation 2 Gartner IT Security Conference 2009, Securing the Web Gateway, Peter Firstbrook 3 Journal Of Emerging Technologies In Web Intelligence, Vol. 2, No. 2, May 2010, Protecting Data from the Cyber Theft – A Virulent Disease www.watchguard.com page 2
services have become less effective in identifying and blocking threats. To fully understand this loss of effectiveness, it's important to understand how these services have evolved. On the dynamic web, sites are continuously updated with new content, while URLs are frequently sold and altered. So a site that is scanned and categorized as legitimate by URL filters today may become a malware hub at some later point in time. In order to properly filter out hazardous and dangerous websites, a filter cannot merely rely on a static database. According to a report by IDC, “The advances in Web 2.0 technologies require a new generation of web security tools that go well beyond traditional URL 4 filtering.” It must be as dynamic as the web itself, providing real-time threat protection. In addition, it must scale to handle the vast growth of the Internet. Effective Security is Proactive and Multi-Layered The most effective approach for defending against the web’s dynamic threats is a proactive, multi-layered approach to web Web Security Numbers security. Being proactive requires that the security solution reach A look at some of the most recent into the Internet cloud, obtain the latest threat data from multiple figures related to web security threat-monitoring sources, and prepare a network’s perimeter in demonstrates the need for IT the event that one of the threats presents itself to the network. security professionals to Effective defense is multi-layered, applying additional measures of proactively manage a broad array threat scanning, depending on the type of content that attempts to enter the network. of ever-changing threat types. • 40,000 websites per week were WatchGuard® Reputation Enabled Defense™ provides effective, compromised during 2008- instantaneous, in-depth web security in real time. Based on the 2009. 5 from-the-cloud security of WatchGuard ReputationAuthority®, Reputation Enabled Defense leverages the cloud-based • The Gumblar virus alone intelligence of millions of global sources and users, sharing compromised 60,000 6 information about threats associated with URLs and domains in websites. real-time to automatically block new threats before they enter an • In 2009, 23,500 new web pages organization's network. 7 were infected per day. WatchGuard Reputation Enabled Defense includes real-time • 0.7% of Google Search results monitoring of web traffic, including scanning of URLs, to determine display sites that have been the risk level of each and every web page before it enters the infected by malware. 8 network. The solution assesses each threat and type of network traffic. By scanning for hostile content and blocking malicious URLs • The Mal/Bredo malware had at the connection level, Reputation Enabled Defense bridges the 838 variants during the first 9 web security gap left exposed by simple URL filtering, provides quarter of 2010. safer web surfing and faster web performance. 4 IDC, Worldwide Web Security 2009-1013 Forecast and 2008 Marketshares: It’s All About Web 2.0 You TwitFace, August 2009 5 Google Online Security Blog, Malware Statistics Update, August 25, 2009 6 Google Online Security Blog, Top 10 Malware Sites, June 3, 2009 7 Sophos, Sophos Security Threat Report, July 2009 8 Google Online Security Blog, Malware Statistics Update, August 25, 2009 9 Commtouch, Well-known Web Names Misused to Give Spam Deceptive Legitimacy, According to New Report by Commtouch, April 14, 2010 www.watchguard.com page 3
WHAT TO LOOK FOR IN REPUTATION SERVICES Reputation services complement gateway antivirus and traditional desktop solutions by providing improved performance and an additional layer of protection. Unlike traditional gateway anti-virus solutions, which typically update signatures on an hourly or daily basis, reputation services provide the equivalent of real-time updates of malware intelligence. The broader and improved URL reputation data they provide result in greater protection from web threats and faster, more productive web surfing. However, not all reputation services function in the same manner, so IT security professionals should exercise caution when evaluating potential solutions. Many reputation services are implemented as plug-ins that prevent users from visiting web sites known for malware or phishing. By contrast, WatchGuard has adapted a contributor approach to reputation services to offer next-generation reputation services. WatchGuard’s reputation and connection management approach reflects the belief that, to be truly effective and proactively prevent against evolving threats, reputation services must be a true zero-hour first line of defense. They must not act simply as a monitoring system that relies on static databases, as most reputation services on the market do today. Rather, to achieve proactive, adaptive identification, the WatchGuard approach is to manage web threats at the connection level, and to perform in-depth analysis at the gateway layer. It then contributes the findings from the gateway to the reputation service in real time, harnessing the intelligence of millions of global users and sources for more powerful and intelligent protection from malicious URLs and web threats. WatchGuard Reputation Enabled Defense users can choose to bypass anti-virus and other scanning functions for URLs that are known to have a current good reputation, saving time and helping to maintain performance levels. WatchGuard Reputation Enabled Defense WatchGuard Reputation Enabled Defense is available on WatchGuard’s line of multi-function firewall, unified threat management (XTM) appliances, as well as on its XCS extensible content security appliances by adding a web security subscription. It provides a cloud-based reputation lookup to identify safe or harmful URLs. Harnessing threat intelligence from millions of users worldwide, Reputation Enabled Defense offers an extra layer of protection that acts as a powerful first line of defense from web threats. By preempting threats before they enter the network, Reputation Enabled Defense helps reduce computing overhead incurred by anti-virus scanning, particularly costly on-box scanning at the gateway, and helps speed delivery of approved content. In essence, WatchGuard takes web security beyond the box and network, managing as much as possible in the cloud. How Reputation Enabled Defense works As a cloud-assisted service, Reputation Enabled Defense provides instantaneous security that is updated continuously. Not only does it improve proactive security, it helps organizations take advantage of greater computing and processor power from servers hosted in the cloud. IT can save valuable processor resources on local appliances. As a result, more users can be served at higher rates of throughput – for less money. Figure 1 below provides an overview of how Reputation Enabled Defense works to enhance web security. The core of the service is its cloud-based reputation-scoring database – the industry’s most comprehensive database – and an on-appliance query system. www.watchguard.com page 4
Give users a faster, safer web surfing experience Figure 1: Reputation Enabled Defense uses a powerful, cloud-based database to allow safe traffic in while keeping bad traffic out. Only unknown traffic is directed to further AV scanning, for substantial gains in web processing time. When a web user browses to a URL, the WatchGuard appliance checks a local cache for that URL’s reputation scores. If the result is not found in the local cache, WatchGuard then queries its cloud-based ReputationAuthority server for a reputation score for the URL. If the URL has a good reputation, the appliance approves the URL and bypasses local anti-virus scanning, allowing for faster page rendering and content delivery. In the event that a URL is deemed to have a bad reputation (i.e., it contains hostile web threats), the WatchGuard appliance blocks the URL outright, immediately protecting users from malicious content and again bypassing local anti-virus scanning. If a URL’s score appears in the gray area between good and bad, or if there is no score available, the appliance performs its routine defense-in-depth web security checks and then passes or blocks the URL based on these checks. WatchGuard recognizes that all organizations use the web differently. That is why Reputation Enabled Defense is fully configurable. Today’s threats introduce the possibility for normally safe web sites to become compromised within seconds of their last scan. Administrators can optionally choose not to use the feature that bypasses scanning of URLs with good reputation. A True Service that Pays for Itself WatchGuard ensures that Reputation Enabled Defense is delivering the strongest possible security with the lowest resource usage. WatchGuard manages the growth of the URL Reputation database via multiple feeds and aggregated data. This is a continuous and ongoing process, performed by WatchGuard, enabling customers to benefit from far greater intelligence and security than they have implemented in their own environment. Reputation Enabled Defense typically allows the bypass of antivirus scanning for 30-50% of URLs, with an accompanying increase in web browsing speed and throughput at the multi-function firewall. With the www.watchguard.com page 5
web’s top URLs always clearly rated and always in the reputation database, anti-virus scanning for these URLs can be bypassed at very low risk. This maximizes performance without sacrificing security when visiting these sites. BENEFITS OF REPUTATION ENABLED DEFENSE WatchGuard Reputation Enabled Defense provides a broad set of security and performance benefits arising from the ability to perform proactive security measures in the cloud. Below are the most salient benefits for IT and network administrators. Security  Organizations can protect their valuable data by increasing efficacy and catch rate of every URL- based type of malware.  Administrators gain comfort in knowing that unsafe URLs face multiple levels of automated protection prior to gaining network access.  The full power and knowledge of the broad WatchGuard user community is brought to bear on the network’s security stance through cloud-based security.  Administrators can strike the ideal balance of security and performance by monitoring scan results and modifying system configurations. Performance  Administrators can deliver higher performance to the business and raise user satisfaction levels by minimizing URL scanning and gaining higher throughput at the gateway.  Administrators can reduce bandwidth and processing cycles with connection-level rejections of bad web sites.  The most frequented URLs are regularly updated in the ReputationAuthority database because the WatchGuard technology learns which URLs are popular. Proactively Fight Malware Malware continues to spread across the web. The ability of a single organization’s IT staff to monitor and protect against all threats is eaten away by growing threat volumes and by new and ever-morphing threat variations. That is why WatchGuard is constantly pushing the envelope to improve methods for proactive and cloud-based security, taking into account the critical balance that must be maintained between security and performance. WatchGuard Reputation Enabled Defense enables organizations to proactively fight the threat of malware without sacrificing user experience and network performance. In fact, WatchGuard is the only UTM/multi- function firewall vendor with a URL reputation solution at the gateway. WatchGuard customers with Reputation Enabled Defense protecting their networks benefit from multiple outstanding anti-malware technologies that provide more coverage than systems that rely on just one anti-malware source. And benefits of Reputation Enabled Defense extend to all participating customers, because the cloud-based service dynamically protects them from newly discovered threats in real time. By making the incremental investment in Reputation Enabled Defense, customers will gain exponential levels of protection. Why wait? The cybercriminals are acting now. Get one step ahead of them. www.watchguard.com page 6
MORE INFORMATION To find out more about Reputation Enabled Defense and WatchGuard XTM security solutions, contact your authorized WatchGuard reseller, visit www.watchguard.com/red, or call WatchGuard directly at +1.800.734.9905 (North America) or +1.206.613.0895 (international). NOTE: Reputation Enabled Defense is available as a subscription for all WatchGuard XTM 2, 5, 8, and 10 Series Unified Threat Management appliances. For WatchGuard XCS appliances, URL reputation enabled defense is available with the purchase of the XCS Web Security subscription. Every WatchGuard XCS appliance includes ReputationAuthority, an IP reputation-enabled defense for enterprise-class email security. ADDRESS: ABOUT WATCHGUARD 505 Fifth Avenue South Since 1996, WatchGuard Technologies has provided reliable, easy to manage security appliances to Suite 500 hundreds of thousands of businesses worldwide. WatchGuard’s award-winning extensible threat Seattle, WA 98104 management (XTM) network security solutions combine firewall, VPN, and security services. The extensible content security (XCS) appliances offer content security across email and web, as well as WEB: data loss prevention. More than 15,000 partners represent WatchGuard in 120 countries. www.watchguard.com WatchGuard is headquartered in Seattle, Washington, with offices in North America, Latin America, Europe, and Asia Pacific. For more information, please visit www.watchguard.com. NORTH AMERICA SALES: +1.800.734.9905 No express or implied warranties are provided for herein. All specifications are subject to change and any expected future products, features, or functionality will be provided on an if and when available INTERNATIONAL SALES: basis. ©2010 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard Logo, +1.206.613.0895 and WatchGuard ReputationAuthority are either registered trademarks or trademarks of WatchGuard Technologies, Inc. in the United States and/or other countries. All other trademarks and tradenames are the property of their respective owners. Part.No. WGCE66705_061710 www.watchguard.com page 7

Recommended

State of Internet 2H 2008
State of Internet 2H 2008State of Internet 2H 2008
State of Internet 2H 2008Kim Jensen
 
Mitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsMitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsKim Jensen
 
Advanced Web Security Deployment
Advanced Web Security DeploymentAdvanced Web Security Deployment
Advanced Web Security DeploymentCisco Canada
 
Cisco Content Security
Cisco Content SecurityCisco Content Security
Cisco Content SecurityCisco Canada
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Security
 
Product Innovation Award 2009
Product Innovation Award 2009Product Innovation Award 2009
Product Innovation Award 2009Kim Jensen
 
Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Kim Jensen
 

Recommended

State of Internet 2H 2008
State of Internet 2H 2008State of Internet 2H 2008
State of Internet 2H 2008Kim Jensen
 
Mitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsMitigating Web 2.0 Threats
Mitigating Web 2.0 ThreatsKim Jensen
 
Advanced Web Security Deployment
Advanced Web Security DeploymentAdvanced Web Security Deployment
Advanced Web Security DeploymentCisco Canada
 
Cisco Content Security
Cisco Content SecurityCisco Content Security
Cisco Content SecurityCisco Canada
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Security
 
Product Innovation Award 2009
Product Innovation Award 2009Product Innovation Award 2009
Product Innovation Award 2009Kim Jensen
 
Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Kim Jensen
 
Cybercriminals and security attacks
Cybercriminals and security attacksCybercriminals and security attacks
Cybercriminals and security attacksGFI Software
 
Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy Ioannis Aligizakis, M.Sc.
 
security_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepapersecurity_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepaperAlan Rudd
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
INSECURE Magazine - 39
INSECURE Magazine - 39INSECURE Magazine - 39
INSECURE Magazine - 39Felipe Prado
 
Security_prediction_2014
Security_prediction_2014Security_prediction_2014
Security_prediction_2014Truong Minh Yen
 
Microsoft Security Intelligence Report vol. 21
Microsoft Security Intelligence Report vol. 21Microsoft Security Intelligence Report vol. 21
Microsoft Security Intelligence Report vol. 21Ioannis Aligizakis, M.Sc.
 
2016 Trends in Security
2016 Trends in Security 2016 Trends in Security
2016 Trends in Security Ioannis Aligizakis, M.Sc.
 
The Future of Cyber Security
The Future of Cyber SecurityThe Future of Cyber Security
The Future of Cyber SecurityStephen Lahanas
 
Symantec Security Refresh Webinar
Symantec Security Refresh WebinarSymantec Security Refresh Webinar
Symantec Security Refresh WebinarArrow ECS UK
 
MainPaper_4.0
MainPaper_4.0MainPaper_4.0
MainPaper_4.0varun4110
 
Topsec email security 2016
Topsec email security 2016Topsec email security 2016
Topsec email security 2016Nathan CAVRIL
 
Scot Secure 2015
Scot Secure 2015Scot Secure 2015
Scot Secure 2015Ray Bugg
 
Security/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceSecurity/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceAdvanced Technology Consulting (ATC)
 
Advanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA EnvironmentsAdvanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA EnvironmentsLondon School of Cyber Security
 
Tt 06-ck
Tt 06-ckTt 06-ck
Tt 06-ckNarinrit Prem-apiwathanokul
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber securityCarol Meng-Shih Wang
 
NATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsNATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsBenjamin Rohé
 
Owasp e crime-london-2012-final
Owasp e crime-london-2012-finalOwasp e crime-london-2012-final
Owasp e crime-london-2012-finalMarco Morana
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco Security
 
Faimosul numar e
Faimosul numar eFaimosul numar e
Faimosul numar emarcelavmihai
 
Dna It Solutions Cloud Computing Presentation
Dna It Solutions Cloud Computing PresentationDna It Solutions Cloud Computing Presentation
Dna It Solutions Cloud Computing PresentationSylCotter
 

More Related Content

What's hot

Cybercriminals and security attacks
Cybercriminals and security attacksCybercriminals and security attacks
Cybercriminals and security attacksGFI Software
 
Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy Ioannis Aligizakis, M.Sc.
 
security_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepapersecurity_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepaperAlan Rudd
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
INSECURE Magazine - 39
INSECURE Magazine - 39INSECURE Magazine - 39
INSECURE Magazine - 39Felipe Prado
 
Security_prediction_2014
Security_prediction_2014Security_prediction_2014
Security_prediction_2014Truong Minh Yen
 
Microsoft Security Intelligence Report vol. 21
Microsoft Security Intelligence Report vol. 21Microsoft Security Intelligence Report vol. 21
Microsoft Security Intelligence Report vol. 21Ioannis Aligizakis, M.Sc.
 
The Future of Cyber Security
The Future of Cyber SecurityThe Future of Cyber Security
The Future of Cyber SecurityStephen Lahanas
 
Symantec Security Refresh Webinar
Symantec Security Refresh WebinarSymantec Security Refresh Webinar
Symantec Security Refresh WebinarArrow ECS UK
 
MainPaper_4.0
MainPaper_4.0MainPaper_4.0
MainPaper_4.0varun4110
 
Topsec email security 2016
Topsec email security 2016Topsec email security 2016
Topsec email security 2016Nathan CAVRIL
 
Scot Secure 2015
Scot Secure 2015Scot Secure 2015
Scot Secure 2015Ray Bugg
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber securityCarol Meng-Shih Wang
 
NATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsNATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsBenjamin Rohé
 
Owasp e crime-london-2012-final
Owasp e crime-london-2012-finalOwasp e crime-london-2012-final
Owasp e crime-london-2012-finalMarco Morana
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco Security
 

What's hot (20)

Cybercriminals and security attacks
Cybercriminals and security attacksCybercriminals and security attacks
Cybercriminals and security attacks
 
Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy
 
security_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepapersecurity_secure_pipes_frost_whitepaper
security_secure_pipes_frost_whitepaper
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
 
INSECURE Magazine - 39
INSECURE Magazine - 39INSECURE Magazine - 39
INSECURE Magazine - 39
 
Security_prediction_2014
Security_prediction_2014Security_prediction_2014
Security_prediction_2014
 
Microsoft Security Intelligence Report vol. 21
Microsoft Security Intelligence Report vol. 21Microsoft Security Intelligence Report vol. 21
Microsoft Security Intelligence Report vol. 21
 
2016 Trends in Security
2016 Trends in Security 2016 Trends in Security
2016 Trends in Security
 
The Future of Cyber Security
The Future of Cyber SecurityThe Future of Cyber Security
The Future of Cyber Security
 
Symantec Security Refresh Webinar
Symantec Security Refresh WebinarSymantec Security Refresh Webinar
Symantec Security Refresh Webinar
 
MainPaper_4.0
MainPaper_4.0MainPaper_4.0
MainPaper_4.0
 
Topsec email security 2016
Topsec email security 2016Topsec email security 2016
Topsec email security 2016
 
Scot Secure 2015
Scot Secure 2015Scot Secure 2015
Scot Secure 2015
 
Security/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and ComplianceSecurity/Compliance - Advanced Threat Detection and Compliance
Security/Compliance - Advanced Threat Detection and Compliance
 
Advanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA EnvironmentsAdvanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA Environments
 
Tt 06-ck
Tt 06-ckTt 06-ck
Tt 06-ck
 
What you need to know about cyber security
What you need to know about cyber securityWhat you need to know about cyber security
What you need to know about cyber security
 
NATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsNATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-Ups
 
Owasp e crime-london-2012-final
Owasp e crime-london-2012-finalOwasp e crime-london-2012-final
Owasp e crime-london-2012-final
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security Report
 

Viewers also liked

Dna It Solutions Cloud Computing Presentation
Dna It Solutions Cloud Computing PresentationDna It Solutions Cloud Computing Presentation
Dna It Solutions Cloud Computing PresentationSylCotter
 
τηλεργασία
τηλεργασίατηλεργασία
τηλεργασίαnikosas
 
Prezentarea de impact
Prezentarea de impactPrezentarea de impact
Prezentarea de impactmarcelavmihai
 
Nicholas georgescu – roegen
Nicholas georgescu – roegenNicholas georgescu – roegen
Nicholas georgescu – roegenmarcelavmihai
 
Matematica intre ieri si maine
Matematica intre ieri si maineMatematica intre ieri si maine
Matematica intre ieri si mainemarcelavmihai
 
Practical Advantages Of Fireware® Xtm For Hands On It Administrators Dna
Practical Advantages Of Fireware® Xtm For Hands On It Administrators DnaPractical Advantages Of Fireware® Xtm For Hands On It Administrators Dna
Practical Advantages Of Fireware® Xtm For Hands On It Administrators DnaSylCotter
 

Viewers also liked (8)

Faimosul numar e
Faimosul numar eFaimosul numar e
Faimosul numar e
 
Dna It Solutions Cloud Computing Presentation
Dna It Solutions Cloud Computing PresentationDna It Solutions Cloud Computing Presentation
Dna It Solutions Cloud Computing Presentation
 
τηλεργασία
τηλεργασίατηλεργασία
τηλεργασία
 
Prezentarea de impact
Prezentarea de impactPrezentarea de impact
Prezentarea de impact
 
Nicholas georgescu – roegen
Nicholas georgescu – roegenNicholas georgescu – roegen
Nicholas georgescu – roegen
 
Metoda de inducție
Metoda de inducțieMetoda de inducție
Metoda de inducție
 
Matematica intre ieri si maine
Matematica intre ieri si maineMatematica intre ieri si maine
Matematica intre ieri si maine
 
Practical Advantages Of Fireware® Xtm For Hands On It Administrators Dna
Practical Advantages Of Fireware® Xtm For Hands On It Administrators DnaPractical Advantages Of Fireware® Xtm For Hands On It Administrators Dna
Practical Advantages Of Fireware® Xtm For Hands On It Administrators Dna
 

Similar to Watch Guard Reputation Enabled Defense (White Paper)Dna

Four Network Security Challenges for the Cloud Generation
Four Network Security Challenges for the Cloud GenerationFour Network Security Challenges for the Cloud Generation
Four Network Security Challenges for the Cloud GenerationAboutSSL
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationKen Flott
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threatsReadWrite
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management ProcessBill Ross
 
Cyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest TechnologiesCyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest TechnologiesIRJET Journal
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443WoMaster
 
Why-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptx
Why-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptxWhy-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptx
Why-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptxdhananjay80
 
Cybersecurity Risk from User Perspective
Cybersecurity Risk from User PerspectiveCybersecurity Risk from User Perspective
Cybersecurity Risk from User PerspectiveAvinantaTarigan
 
Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118
Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118
Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118AngelaHoltby
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdSusan Darby
 
Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...
Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...
Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...INSPIRIT BRASIL
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptschwarz10
 
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud ComputingChallenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud Computingijcnes
 
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas WespiIT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas WespiIBM Switzerland
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsCognizant
 
Puppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability ExploitsPuppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability Exploitsecarrow
 

Similar to Watch Guard Reputation Enabled Defense (White Paper)Dna (20)

Four Network Security Challenges for the Cloud Generation
Four Network Security Challenges for the Cloud GenerationFour Network Security Challenges for the Cloud Generation
Four Network Security Challenges for the Cloud Generation
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threats
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management Process
 
Cyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest TechnologiesCyber Security Challenges on Latest Technologies
Cyber Security Challenges on Latest Technologies
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443
 
Why-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptx
Why-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptxWhy-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptx
Why-Cyber-Security-Matters-Protecting-Your-Business-and-Your-Reputation.pptx
 
Cybersecurity Risk from User Perspective
Cybersecurity Risk from User PerspectiveCybersecurity Risk from User Perspective
Cybersecurity Risk from User Perspective
 
Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118
Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118
Cloudifying threats-understanding-cloud-app-attacks-and-defenses joa-eng_0118
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sd
 
Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...
Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...
Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.ppt
 
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud ComputingChallenges and Mechanisms for Securing Data in Mobile Cloud Computing
Challenges and Mechanisms for Securing Data in Mobile Cloud Computing
 
Class activity 4
Class activity 4 Class activity 4
Class activity 4
 
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas WespiIT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
IT Security Bedrohungen optimal abwehren_Tom Turner und Andreas Wespi
 
188
188188
188
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting Reputations
 
Puppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability ExploitsPuppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability Exploits
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 

Watch Guard Reputation Enabled Defense (White Paper)Dna

  • 1. Document Presented By Wick Hill and DNA IT River Court, Albert Drive, Woking, Surrey GU21 5RP 01483 227600 info@wickhill.co.uk www.wickhill.com/watchguard Unit J 2, Maynooth Business Campus, Maynooth, Co.Kildare +353 1 651 0300 sales@dnait.ie www.dnait.ie
  • 2. Cloud-based Web Security Isn’t Hype: It’s Here and It Works June 2010 INTRODUCTION It’s not news that the web is dangerous and getting more dangerous by the day. Cyber criminals have ample economic motive and easy-to-use tools to harness the power of the web in capturing and misusing your data. What is news is that now you can protect your company’s valuable assets from web-based attacks with an innovative, effective new form of web security – cloud-based, reputation-driven defense. Web Threats are on the Rise The web is experiencing phenomenal growth, and with it, an unprecedented increase in the amount of new malware types that target web browsers, applications, and Web 2.0 infrastructure. Because cybercriminals can reap large profits from attacks that result in identity and data theft, a growing number of organized crime rings continuously fund new attempts to spread malware and acquire web users’ personal data. Through modified packing and encrypting techniques, and other obfuscation methods, attackers can now create thousands of new variants of the same threat with relatively little effort. Despite these threats, most organizations continue to leverage new web-based applications to drive revenue and efficiencies, particularly as Web 2.0 technologies deliver new ways to interact and engage with customers and stakeholders. Organizations frequently underestimate their exposure to malicious attacks. The statistics can be sobering. In 2009 alone, there was a dramatic 345% increase in the number of new malicious web links 1 discovered. These included high-profile sites, including those run by MSNBC, ZDNet, The United Nations, 1 IBM X-Force 2009 Trend and Risk Report WatchGuard Technologies www.watchguard.com
  • 3. 2 and Honda. According to IDC, up to 30% of companies with 500 or more staff have been infected as a 3 result of Internet surfing. In other words, anywhere web users interact, malware encounters are frequent and common. To fend off new forms of malware – including spyware, viruses, crimeware and other malicious codes – organizations must better safeguard their web security infrastructure. A reactive and fixed security infrastructure must be turned into one that is proactive and adaptable to changes in the threat landscape. There are many ways that legitimate websites can become infected. One inbound threat that has recently gained popularity among cybercriminals is the SQL injection. Hackers use SQL injections to get access to database-driven websites, planting malicious code for site visitors. This can be combined with Web 2.0-based social engineering attacks in which users believe they are being pointed to legitimate content. Compromised sites may host drive-by-downloads, where malware exploits vulnerabilities on the users’ systems to download malware without any user interaction. Common applications such as Apple QuickTime® and Adobe PDF® may be exploited. Thus, an organization’s own application vulnerabilities and web site code flaws open the door to cybercriminals seeking to infiltrate the organization. THE NEED TO BALANCE SECURITY AND PERFORMANCE Many IT security professionals face conflicting demands from management and network users when it comes to web security. The need for speed is always in demand, but delivering that speed while enhancing security for a broader, more dynamic threat environment is quite challenging. Following are some of the most frequent obstacles to achieving this goal: • A lack of additional IT budget to shore up network security • Network constraints that conflict with security issues around cloud computing • Performance degradations across the network due to additional hosted services The options for overcoming these obstacles to proactive, multi-layered security are either unappealing or insufficient. For example, one defense against the widespread proliferation of malware is to install anti- virus scanning at the gateway, capturing malware before it ever enters the network. But scanning every page and object at the URL can slow down web page delivery and affect both throughput at the device and the user experience at the browser. Some network administrators may be reluctant to use gateway anti-virus because of its performance impact. Finally, desktop or browser-based scanning solutions only catch threats once they are in the network. By the time these solutions alert users, today’s malware could have already inflicted great amounts of damage to the organization’s computing infrastructure and/or compromised sensitive data from within the organization. URL Filtering is Not Enough Since the 1990s, reputation services have been helping organizations block unwanted or bad traffic to ensure that threats never enter the network. By identifying and blocking threats at the perimeter, reputation services help prevent attacks, reduce the on-premise IT footprint required to scan traffic, and lower the costs associated with the bandwidth, hardware, and other resources required to block threats. As web technologies and the web itself have grown more sophisticated, early generation reputation 2 Gartner IT Security Conference 2009, Securing the Web Gateway, Peter Firstbrook 3 Journal Of Emerging Technologies In Web Intelligence, Vol. 2, No. 2, May 2010, Protecting Data from the Cyber Theft – A Virulent Disease www.watchguard.com page 2
  • 4. services have become less effective in identifying and blocking threats. To fully understand this loss of effectiveness, it's important to understand how these services have evolved. On the dynamic web, sites are continuously updated with new content, while URLs are frequently sold and altered. So a site that is scanned and categorized as legitimate by URL filters today may become a malware hub at some later point in time. In order to properly filter out hazardous and dangerous websites, a filter cannot merely rely on a static database. According to a report by IDC, “The advances in Web 2.0 technologies require a new generation of web security tools that go well beyond traditional URL 4 filtering.” It must be as dynamic as the web itself, providing real-time threat protection. In addition, it must scale to handle the vast growth of the Internet. Effective Security is Proactive and Multi-Layered The most effective approach for defending against the web’s dynamic threats is a proactive, multi-layered approach to web Web Security Numbers security. Being proactive requires that the security solution reach A look at some of the most recent into the Internet cloud, obtain the latest threat data from multiple figures related to web security threat-monitoring sources, and prepare a network’s perimeter in demonstrates the need for IT the event that one of the threats presents itself to the network. security professionals to Effective defense is multi-layered, applying additional measures of proactively manage a broad array threat scanning, depending on the type of content that attempts to enter the network. of ever-changing threat types. • 40,000 websites per week were WatchGuard® Reputation Enabled Defense™ provides effective, compromised during 2008- instantaneous, in-depth web security in real time. Based on the 2009. 5 from-the-cloud security of WatchGuard ReputationAuthority®, Reputation Enabled Defense leverages the cloud-based • The Gumblar virus alone intelligence of millions of global sources and users, sharing compromised 60,000 6 information about threats associated with URLs and domains in websites. real-time to automatically block new threats before they enter an • In 2009, 23,500 new web pages organization's network. 7 were infected per day. WatchGuard Reputation Enabled Defense includes real-time • 0.7% of Google Search results monitoring of web traffic, including scanning of URLs, to determine display sites that have been the risk level of each and every web page before it enters the infected by malware. 8 network. The solution assesses each threat and type of network traffic. By scanning for hostile content and blocking malicious URLs • The Mal/Bredo malware had at the connection level, Reputation Enabled Defense bridges the 838 variants during the first 9 web security gap left exposed by simple URL filtering, provides quarter of 2010. safer web surfing and faster web performance. 4 IDC, Worldwide Web Security 2009-1013 Forecast and 2008 Marketshares: It’s All About Web 2.0 You TwitFace, August 2009 5 Google Online Security Blog, Malware Statistics Update, August 25, 2009 6 Google Online Security Blog, Top 10 Malware Sites, June 3, 2009 7 Sophos, Sophos Security Threat Report, July 2009 8 Google Online Security Blog, Malware Statistics Update, August 25, 2009 9 Commtouch, Well-known Web Names Misused to Give Spam Deceptive Legitimacy, According to New Report by Commtouch, April 14, 2010 www.watchguard.com page 3
  • 5. WHAT TO LOOK FOR IN REPUTATION SERVICES Reputation services complement gateway antivirus and traditional desktop solutions by providing improved performance and an additional layer of protection. Unlike traditional gateway anti-virus solutions, which typically update signatures on an hourly or daily basis, reputation services provide the equivalent of real-time updates of malware intelligence. The broader and improved URL reputation data they provide result in greater protection from web threats and faster, more productive web surfing. However, not all reputation services function in the same manner, so IT security professionals should exercise caution when evaluating potential solutions. Many reputation services are implemented as plug-ins that prevent users from visiting web sites known for malware or phishing. By contrast, WatchGuard has adapted a contributor approach to reputation services to offer next-generation reputation services. WatchGuard’s reputation and connection management approach reflects the belief that, to be truly effective and proactively prevent against evolving threats, reputation services must be a true zero-hour first line of defense. They must not act simply as a monitoring system that relies on static databases, as most reputation services on the market do today. Rather, to achieve proactive, adaptive identification, the WatchGuard approach is to manage web threats at the connection level, and to perform in-depth analysis at the gateway layer. It then contributes the findings from the gateway to the reputation service in real time, harnessing the intelligence of millions of global users and sources for more powerful and intelligent protection from malicious URLs and web threats. WatchGuard Reputation Enabled Defense users can choose to bypass anti-virus and other scanning functions for URLs that are known to have a current good reputation, saving time and helping to maintain performance levels. WatchGuard Reputation Enabled Defense WatchGuard Reputation Enabled Defense is available on WatchGuard’s line of multi-function firewall, unified threat management (XTM) appliances, as well as on its XCS extensible content security appliances by adding a web security subscription. It provides a cloud-based reputation lookup to identify safe or harmful URLs. Harnessing threat intelligence from millions of users worldwide, Reputation Enabled Defense offers an extra layer of protection that acts as a powerful first line of defense from web threats. By preempting threats before they enter the network, Reputation Enabled Defense helps reduce computing overhead incurred by anti-virus scanning, particularly costly on-box scanning at the gateway, and helps speed delivery of approved content. In essence, WatchGuard takes web security beyond the box and network, managing as much as possible in the cloud. How Reputation Enabled Defense works As a cloud-assisted service, Reputation Enabled Defense provides instantaneous security that is updated continuously. Not only does it improve proactive security, it helps organizations take advantage of greater computing and processor power from servers hosted in the cloud. IT can save valuable processor resources on local appliances. As a result, more users can be served at higher rates of throughput – for less money. Figure 1 below provides an overview of how Reputation Enabled Defense works to enhance web security. The core of the service is its cloud-based reputation-scoring database – the industry’s most comprehensive database – and an on-appliance query system. www.watchguard.com page 4
  • 6. Give users a faster, safer web surfing experience Figure 1: Reputation Enabled Defense uses a powerful, cloud-based database to allow safe traffic in while keeping bad traffic out. Only unknown traffic is directed to further AV scanning, for substantial gains in web processing time. When a web user browses to a URL, the WatchGuard appliance checks a local cache for that URL’s reputation scores. If the result is not found in the local cache, WatchGuard then queries its cloud-based ReputationAuthority server for a reputation score for the URL. If the URL has a good reputation, the appliance approves the URL and bypasses local anti-virus scanning, allowing for faster page rendering and content delivery. In the event that a URL is deemed to have a bad reputation (i.e., it contains hostile web threats), the WatchGuard appliance blocks the URL outright, immediately protecting users from malicious content and again bypassing local anti-virus scanning. If a URL’s score appears in the gray area between good and bad, or if there is no score available, the appliance performs its routine defense-in-depth web security checks and then passes or blocks the URL based on these checks. WatchGuard recognizes that all organizations use the web differently. That is why Reputation Enabled Defense is fully configurable. Today’s threats introduce the possibility for normally safe web sites to become compromised within seconds of their last scan. Administrators can optionally choose not to use the feature that bypasses scanning of URLs with good reputation. A True Service that Pays for Itself WatchGuard ensures that Reputation Enabled Defense is delivering the strongest possible security with the lowest resource usage. WatchGuard manages the growth of the URL Reputation database via multiple feeds and aggregated data. This is a continuous and ongoing process, performed by WatchGuard, enabling customers to benefit from far greater intelligence and security than they have implemented in their own environment. Reputation Enabled Defense typically allows the bypass of antivirus scanning for 30-50% of URLs, with an accompanying increase in web browsing speed and throughput at the multi-function firewall. With the www.watchguard.com page 5
  • 7. web’s top URLs always clearly rated and always in the reputation database, anti-virus scanning for these URLs can be bypassed at very low risk. This maximizes performance without sacrificing security when visiting these sites. BENEFITS OF REPUTATION ENABLED DEFENSE WatchGuard Reputation Enabled Defense provides a broad set of security and performance benefits arising from the ability to perform proactive security measures in the cloud. Below are the most salient benefits for IT and network administrators. Security  Organizations can protect their valuable data by increasing efficacy and catch rate of every URL- based type of malware.  Administrators gain comfort in knowing that unsafe URLs face multiple levels of automated protection prior to gaining network access.  The full power and knowledge of the broad WatchGuard user community is brought to bear on the network’s security stance through cloud-based security.  Administrators can strike the ideal balance of security and performance by monitoring scan results and modifying system configurations. Performance  Administrators can deliver higher performance to the business and raise user satisfaction levels by minimizing URL scanning and gaining higher throughput at the gateway.  Administrators can reduce bandwidth and processing cycles with connection-level rejections of bad web sites.  The most frequented URLs are regularly updated in the ReputationAuthority database because the WatchGuard technology learns which URLs are popular. Proactively Fight Malware Malware continues to spread across the web. The ability of a single organization’s IT staff to monitor and protect against all threats is eaten away by growing threat volumes and by new and ever-morphing threat variations. That is why WatchGuard is constantly pushing the envelope to improve methods for proactive and cloud-based security, taking into account the critical balance that must be maintained between security and performance. WatchGuard Reputation Enabled Defense enables organizations to proactively fight the threat of malware without sacrificing user experience and network performance. In fact, WatchGuard is the only UTM/multi- function firewall vendor with a URL reputation solution at the gateway. WatchGuard customers with Reputation Enabled Defense protecting their networks benefit from multiple outstanding anti-malware technologies that provide more coverage than systems that rely on just one anti-malware source. And benefits of Reputation Enabled Defense extend to all participating customers, because the cloud-based service dynamically protects them from newly discovered threats in real time. By making the incremental investment in Reputation Enabled Defense, customers will gain exponential levels of protection. Why wait? The cybercriminals are acting now. Get one step ahead of them. www.watchguard.com page 6
  • 8. MORE INFORMATION To find out more about Reputation Enabled Defense and WatchGuard XTM security solutions, contact your authorized WatchGuard reseller, visit www.watchguard.com/red, or call WatchGuard directly at +1.800.734.9905 (North America) or +1.206.613.0895 (international). NOTE: Reputation Enabled Defense is available as a subscription for all WatchGuard XTM 2, 5, 8, and 10 Series Unified Threat Management appliances. For WatchGuard XCS appliances, URL reputation enabled defense is available with the purchase of the XCS Web Security subscription. Every WatchGuard XCS appliance includes ReputationAuthority, an IP reputation-enabled defense for enterprise-class email security. ADDRESS: ABOUT WATCHGUARD 505 Fifth Avenue South Since 1996, WatchGuard Technologies has provided reliable, easy to manage security appliances to Suite 500 hundreds of thousands of businesses worldwide. WatchGuard’s award-winning extensible threat Seattle, WA 98104 management (XTM) network security solutions combine firewall, VPN, and security services. The extensible content security (XCS) appliances offer content security across email and web, as well as WEB: data loss prevention. More than 15,000 partners represent WatchGuard in 120 countries. www.watchguard.com WatchGuard is headquartered in Seattle, Washington, with offices in North America, Latin America, Europe, and Asia Pacific. For more information, please visit www.watchguard.com. NORTH AMERICA SALES: +1.800.734.9905 No express or implied warranties are provided for herein. All specifications are subject to change and any expected future products, features, or functionality will be provided on an if and when available INTERNATIONAL SALES: basis. ©2010 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard Logo, +1.206.613.0895 and WatchGuard ReputationAuthority are either registered trademarks or trademarks of WatchGuard Technologies, Inc. in the United States and/or other countries. All other trademarks and tradenames are the property of their respective owners. Part.No. WGCE66705_061710 www.watchguard.com page 7