Secure Web Gateways Prevent Data Theft

MBA (3/7/2008 ) Palaparty, Vijay
Web-based attacks to steal data—primarily financially driven—have increased to an extent that current security measures such as antivirus and URL filtering alone prove too limited to combat. A secure web gateway incorporating real-time content inspection, however, has potential to protect data.
“The web started to become a vector of attack a couple of years ago when we started to see more adware development and people realized that there are ways to get on people’s PCs when they surfed the web,” said Peter Firstbrook, director at Gartner Research, Stamford, Conn., in an IT Briefing Center webcast. “We started to see a lot more development of malicious attacks that originated from the web. And now we’ve developed to a point where all malware includes some kind of web component. So even if they aren’t attacking via the web, they’re actually updating software via the web and delivering new malware components. There’s always an Internet component to it.”

“Today’s hackers are motivated by money, and that means when they install malicious code on our machines, they’re looking for either our identity, confidential information or banking information,” said Yuval Ben-Itzhak, CTO of Finjan, San Jose, Calif. “They can collect and either use the information for themselves and then make money transfers from our accounts to other accounts, or just sell this information, bringing them a lot of money."

In the Web 2.0 space, social networking sources that are considered anonymous sources for attacks, such as MySpace, Wikipedia or Flickr have potential to be exploited by hackers, Firstbrook said. Web 2.0 also boasts a more powerful computing environment which makes it more susceptible to attacks.

Secure web gateways are network components or services that filter user-initiated Internet traffic , such as Web 2.0 traffic, from malware and also have capability to block access to certain websites. “The first is URL filtering, which is blocking types different categories of sites like pornography, hate or gambling so people can’t go to those sites, experience those sites or get infected by them,” Firstbrook said. “The next aspect is malicious content filtering. Trojans or utilities that you just don’t want are filtered from your Internet traffic so they can’t get into your PCs. The third component is application control. There are some places and some applications on the web, particularly Web 2.0 applications, that you probably do not want your users to use.”

Most organizations already have these components—URL filters, antivirus and network-based intrusion prevention—in their web gateways, but they are reactionary, Firstbrook said. They require detecting the threat to stop it instead of preventing it altogether.

“So when organizations are looking at secure Web gateways, they should look for malicious code detection capabilities,” Firstbrook said. “It should be able to easily stop known threats, whether it’s your signatures or identification of techniques. Second, it should have a good capability for detecting and stopping unknown threats. It should also be able to clean websites so if they’ve got an infected IFRAME or Java X content, it should be able to deliver part of the website that’s not infected and remove the infected component.”

Additional components Firstbrook recommended are bidirectional inspection of network traffic to aid in recovery and also broad protocol inspection capabilities.

“The big pain point that the secure web gateway is trying to address is really the ability to use the Internet and use it safely.” Firstbrook said. “We recognize that the Internet, while it has great productivity benefits, is also becoming more of a threat to your organization. Look for something that has broad-based malicious content inspection at the web gateway. Use your URL filtering budget dollars to upscale or upgrade to a solution that also includes malicious content inspection and potentially some application control capabilities.”