Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
The web is the number one source for malware distribution today. While many organizations have replaced first-generation URL filters with secure web gateways, even these advanced solutions do not provide web protection everywhere. This paper identifies todays most critical web threats and provides checklists for you to identify and evaluate the security capabilities you need for the best web protection.
Nearly everyone is using the web for their work today. Cloud computing, social media, SaaS (software as a service) and other web-based technologies are reshaping the IT landscape and converging around the use of the Internet. And as you expand your use of the web for critical business applications, your company is exposed to an ever-increasing diversity of threats. New web-based applications and a mobile workforce require you to defend your systems against increasingly sophisticated malware. This step-by-step guide to choosing web protection solutions can help you address these challenges and still give users flexible access to the web-based tools they need.
Here are just a few of the techniques cybercriminals commonly use to distribute malware on the web:
Malicious code typically installs spyware or malware by exploiting known vulnerabilities in your browser or associated plugins. These malware threats include:
Blackhat search engine optimization (SEO) ranks malware pages highly in search results. Social engineered click-jacking tricks users into clicking on innocent-looking webpages. Spearphishing sites mimic legitimate institutions, such as banks, in an attempt to steal account login credentials. Malvertising embeds malware in ad networks that display across hundreds of legitimate, high-traffic sites. Compromised legitimate websites host embedded malware that spreads to unsuspecting visitors. Drive-by downloads exploit flaws in browser software to install malware just by visiting a webpage.
Fake antivirus to extort money from the victim. Keyloggers to capture personal information and account passwords for identity or financial theft. Botnet software to subvert the system into silently joining a network that distributes spam, hosts illegal content or serves malware.
Description
Scans web traffic at the network-layer stack before it becomes a problem. Otherwise, web traffic scanned in a browser helper object (BHO) or plugin is limited to a single browser and can be disabled or exploited. Looks at content as its accessed or downloaded and before its passed to the browser to: De-obfuscate, emulate or sandbox it. Analyze it for suspicious or malicious behavior.
Bi-directional inspection
Inspects both incoming content and outbound requests for signs of malware on your network that calls home by capturing information from your computers and sending it to the malware server. Scales easily to support a flexible number of endpoints and provides a low-latency and transparent user experience. Includes a global threat analysis operation that is available 24/7 to provide the latest threat intelligence in cooperation with other web threat monitors, such as major search engines.
How does your web threat solution handle malware calling home? Can it easily identify infected machines calling home?
High-performance computing
What is the added latency and impact of scanning all web traffic from all computers?
Who provides your threat intelligence? What are their sources of web threat information? How often are threat updates provided?
Description
Employs one administration console and policy tool for systems on the network and off.
Sends policy updates to users instantly without any IT administrator or user intervention. Includes users offsite web activity in reports immediately, without delay. Enforces policy and scans for threats on endpoint computers without compromising the user experience. Also avoids unnecessary latency or expense caused by backhauling traffic across the Internet to a central service or gateway. Employs a single endpoint protection agent for threat protection, web protection, data protection and compliance.
How quickly do offsite endpoints adopt policy changes? How often does the administration console/ dashboard report the activity of offsite users? Where does the actual policy enforcement and malware scanning take place?
Instant activity reporting from offsite users Endpoint policy enforcement with no backhauling
Single agent
How many endpoint agents do I need to install and manage for threat protection, web filtering, data protection and compliance?
Description
Lets you control elements within a site, such as Facebook chat or games, while still allowing users to check their wall or update their status. Lets you control various types of potentially unwanted web-based applications by preventing them from downloading, running or communicating.
Lets you control users sending webmail on blogs or forums, which can create significant data loss risks. Can optionally block the sending/posting of content while still allowing users to read and access these sites. Controls various types of downloadable content to prevent illegal, dangerous or potentially unwanted content from consuming corporate bandwidth, infecting machines or being distributed from internal systems.
What kinds of policy controls do you have for managing webmail, blogs and forums?
What type of content control solutions do you have? How do they identify the true nature of content and prevent file type masquerading?
Description
Employs a single endpoint protection agent for threat protection, web protection, data protection and other security features. Offers one administration console for web usage policy and reporting on systems that are on the network or off the network.
Unified management
Enforces policy and scans for threats on the endpoint computers without compromising the user experience. Also avoids unnecessary latency or expense caused by backhauling traffic across the Internet to a central service or gateway. Provides scaling for each added user and doesnt require additional capital expenditures in gateway appliance hardware or SaaS service levels.
Where is the actual policy enforcement and malware scanning taking place?
How is your protection provided and the scanning executed? o Endpoint o Gateway o SaaS As we add more users, what needs to scale? What are the associated costs? How easy is it?
Resilient to failure
Does not have a single point of failure and continues to operate without access to a central service or gateway.
Is there a single point of failure? What happens if this is unavailable? What is the impact? Can users still access the web? Are they protected?
Provides direct control over your user data, which is not stored and maintained by a third party. Lets you create one policy that is enforced consistently: onsite or offsite; at the network gateway; or at the endpoint.
Where does your user web activity reside? What risks does this present? How do I apply my web gateway policy to endpoint computers? Do I need to create a separate policy for endpoints?
Web security that is built into the antivirus agent at the endpoint. Easy deployment at the endpoint with advanced web threat protection. Web protection that travels with you for secure web access from any location. 24/7 global web threat intelligence with the latest web-specific detection technologies. Complete IT administrator control and visibility no matter where users are. Reduced network complexity without the downsides of a SaaS or proxy solution, such as backhauling, latency and a single point of failure. Seamless scalability for easy expansion over time. Cost savings that result from avoiding the purchase of traditional appliances or pure SaaS services.
By focusing on the checklists in this buyers guide and working closely with your vendor, you can find an affordable web security solution that provides the protection you need. So you get easier web protection and control with less effort and cost.
10
Buyers Guide to Web Protection Web Protection Checklist What to look for
Advanced web threat protection
o Network-layer scanning o Advanced web threat heuristics o Bi-directional inspection o High-performance computing o Threat intelligence with frequent updates How is your web malware engine implemented? o Plugin o BHO o Network stack What kinds of web threat technologies do you include? o Heuristics o De-obfuscation o Sandboxing o Behavioral analysis How does your web threat solution handle malware calling home? Can it easily identify infected machines calling home? What is the added latency and impact of scanning all web traffic from all computers? Who provides your threat intelligence? What are their sources of web threat information? How often are threat updates provided?
What to ask
Offsite protection
o Unified endpoint/gateway policy and reporting o Instant policy updates for offsite users o Instant activity reporting from offsite users o Endpoint policy enforcement with no backhauling o Single agent How is your offsite protection provided? o Endpoint o Gateway o SaaS How is it integrated with your corporate network protection? How quickly do offsite endpoints adopt policy changes? How often does the administration console/dashboard report the activity of offsite users? Where does the actual policy enforcement and malware scanning take place? How many endpoint agents do I need to install and manage for threat protection, web filtering, data protection and compliance?
o Resilient to failure o Direct control over user data o Shared policy for gateway and endpoint enforcement
How do I apply my web gateway policy to endpoint computers? Do I need to create a separate policy for endpoints?
11
Boston, USA | Oxford, UK Copyright 2011. Sophos Ltd. All rights reserved. All trademarks are the property of their respective owners. A Sophos Whitepaper 12.11v1.dNA