Story image

One against the web

01 Oct 10

With increased user exposure to the web and its associated threats, a new approach has become necessary to ensure timely and effective protection from malicious threats.
The internet has become ubiquitous, but beyond that, the new paradigms of cloud computing and social networking mean that more and more people have become dependent on the web, surfi ng it more intensely than ever before.
According to Gartner, cloud computing, web-oriented architectures, and Web 2.0 social networking technologies— and by extension Enterprise 2.0—ranked as the top 10 most impactful technologies in 2009 and companies have been implementing them, and need to continue to do so, in order to remain competitive.
CIOs face new challenges as crime syndicates use the inherent strengths of the internet, and users’ trust in it, to glean confi dential information for illegal monetary gain. These web-based attacks have grown in both size and sophistication over the last two years.
Perhaps even more pressing than the viruses and other malware that try to breach organisational defences is the rise and evolution of phishing, where tricksters pose as legitimate parties to gain personal and confi dential data, either through e-mail or fraudulent websites.
The Anti-Phishing Working Group found that such attacks have risen a whopping 585% in 2009; and what is even more worrying is that they have become harder to avoid.
Mainstream presence
Millions access the internet through search engines like Google and cybercriminals know this. Recently, they have begun adopting complex threats that start where the user searches.
By poisoning search engine results, which users tend to trust implicitly, cybercriminals can drive unsuspecting users to malware. Fake antivirus software and video codecs are favourite malware deliverables in these attacks.
There has also been a widespread increase in phishing attacks – up almost 600% in 2009. These attacks have been around for many years but are now very sophisticated, replicating banking or other sites, down to the text on the homepage. At a quick glance, these sites look exactly like the ones they mimic, fooling users into entering login or other personal information.
Such phishing attacks have become effective because traditional security puts a lot of focus on protecting from external attacks, however, a recent Symantec threat report noted that 93% of attacks get past defences by riding requested content back to the user. Only 7% of attacks are directly against the network – the traditional domain of IT security.
Tripartite protection paradigm
So, how do resellers prepare for security in this new web savvy age? Resellers can help organisations embrace three new paradigms:
1. Cloud-based defenses;
2. On-demand security intelligence;
3. Focus on the internet gateway
Let me explain why each is important. Cybercriminals utilise the power of the internet to spread malware. To combat this threat, defences must also harness the power of the internet to unite millions of people worldwide for shared protection and intelligence. One against the web is a diffi cult and costly defence to maintain, but cloud-based defenses provide an alternative. The Blue Coat WebPulse service, for example, unites 62 million members, to identify new and unknown web content and links. The discovery of malicious content or malware is immediately shared with all users for continuous protection against evolving threats. Additionally, new defences can seamlessly be added to the cloud and made available to all users without requiring a network upgrade.
With a cloud architecture like this in place, users have access to on-demand security intelligence about the latest threats. With rapidly evolving threats, that can last for as little as two hours, there has been a dramatic increase in zero day threats that render daily updates – the traditional routine for antivirus protection – less effective.
While traditional security defences, such as antivirus and fi rewall software, still have a place in the network, they cannot be the fi rst line of defence against these threats. Instead, effective protection requires on-demand intelligence that is fed by a large user community. To best protect users, this cloud-based architecture must complement strong protection and policy enforcement at the internet gateway. Setting good policies that can be consistently enforced to protect users is the domain of an internet gateway that can block malware and ensure that the network is not compromised by lurking internet threats.
Addressing these issues now is critical. All evidence shows that web-based threats continue to grow at a quickening pace. As users migrate to online communications tools such as Twitter or Facebook, they are at heightened risk of exposure to these threats. By combining a cloud-based defence that provides on-demand intelligence and immediate, continuous protection with strong policy enforcement at the internet gateway, organisations will be prepared to meet th new world.

Kiwis make waves in IoT World Cup
A New Zealand company, KotahiNet, has been named as a finalist in the IoT World Cup for its River Pollution Monitoring solution.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
How SMBs can use data to drive business outcomes
With the right technology, companies can capture consumer, sales, and expense data, and use it to evaluate and construct future plans.
Survey shows that IoT is RoI across Asia Pacific
A recent Frost & Sullivan survey across Australia, Hong Kong and Singapore shows that IoT deployment improves business metrics by around 12%.
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.