Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Small wonder. Those who would do harm to our computer systems for profit or malice always manage to focus their efforts on our most vulnerable weak spots. Today, that is the web, for a wide number of reasons.
Managing Web Security in an Increasingly Challenging Threat Landscape
2
Executive Summary .............................................................1
A Challenging Threat Landscape ............................................3
Taking Action to Address Web Threats .....................................4
Conclusion .........................................................................5
TAbLE of ConTEnTS
Managing Web Security in an Increasingly Challenging Threat Landscape
3
p Ubiquity: Everyone uses the web all the time for all types of activities. Because individuals tend to trust major sites such as Google, Amazon and Yahoo, it’s easier and more attractive for cyber-criminals to target users at these sites. Accord-ing to one report, in the second half of 2011, 30,000 new malicious URLs were created every day.1
p Social Networking: Again, playing into user habits, comforts and vulnerabilities, criminals are increas-ingly targeting social networks. In one survey, more than 70% of users said they or their colleagues had been spammed on a social networking site, 46% had been the target of phishing exploits and 45% were sent malware.2 Yet, despite the growth in threats through social networking, 70% of small and midsize businesses still have no policies in place for employee social media use.3
p Increased Mobility: Everyone is more mobile, driven by the dramatic growth of powerful smartphones, tablets and mobile applications. Unfortunately, increased mobility has made us much more vulnerable to attack. Smartphones are part of the consumerization-of-IT trend, and they tend to be less secure than devices designed for businesses. What’s more, users often keep their smartphones on all the time, making them much more vulnerable and inviting as a target. The number of malware attacks aimed a mobile devices rose by 185% in less than a year through the first part of 2012 compared with the previous year, according to a congressional report by the U.S. Government Accountability Office.4
p BYOD: Organizations are finding that they have no choice but to support the bring-your-own-device phenomenon. Users are hooking up to the corporate network whether their devices are sanctioned or not. They are also bringing all of their bad personal computing habits to the corpo-rate network, which is particularly dangerous if IT has not set up adequate policies and safeguards. So here we have devices that can access valuable corporate data and networks being used to go to web sites that are highly vulnerable to malicious activities. Scary, indeed.
A Challenging Threat LandscapeJust how challenging and dangerous are the threats? Here’s the bad news, according to a wide variety of sources:
p More than 30,000 web sites are infected every day, and 80% of those sites are legitimate. Approximately 85% of all malware, including viruses, worms, spyware, adware and Trojans, comes from the Web. Today, drive-by downloads have become the top Web threat.5
p Malicious sites increased by 240% in 2011 compared with 2010, driven largely by the growth of malware networks, or malnets, as a mode of attack. A malware network directs users visiting trusted sites to malware via relay, exploit and payload servers that continually shift to new domains and locations. According to one report, the average business confronts 5,000 malware threats every single month. Where do the attacks enter the organization? Some 40% come from search engines, 13% from mobile devices, 11% from e-mail and 6.5% from social networking.6
1 Security Threat Report, 2012, Sophos2 Security Threat Report, Mid-Year 2011, Sophos3 New Survey Shows U.S. Small Business Owners Not Concerned About Cybersecurity: Majority Have No Policies or Contingency Plans, National Cyber Security Alliance and Symantec, October 15, 20124 Ten common mobile security problems to attack, PCWorld, September 21, 20125 Security Threat Report, Websense Security, 20126 Blue Coat Systems 2012 Web Security Report, Exposing Malnet Strategies and Best Practices for Threat Protection, Blue Coat Systems, 2012
4
p The Web Application Security Consortium (WASC) lists a total of 34 different types of threats that can compromise a web site, its data or its users, ranging from content spoofing and cross-site request forgery to HTTP response smuggling and XML injection, among dozens of others in between. And those are just threats focused on web applica-tions.7 Then add in some of the additional ways in which cybercriminals commonly use the web to distribute malware: black-hat search engine optimization, social-engineered click-jacking, spearphishing sites, maladvertising, compromised legitimate Web sites and drive-by downloads.
The other bad news is that the bad guys are becoming increasingly coordinated and sophisticated. As noted by one major security report, “The sophisticated busi-ness models used by cybercriminals have allowed tools and services once reserved for the cybercrime elite to be made available on the black market as commodities. The more savvy criminals offer their goods and services to those who may be starting out or are in need of setup and instructions. Whether selling off-the-shelf botnets, Trojans by the binary or Zeus recompiles, the underground is loaded with tools to allow any ‘newbie’ cybercriminal to launch an attack.”8
Successful web security attacks can, of course, be devastating. The average cost of a data breach is $5.5 million, and the cost of losing a single record is $194, according to the 2011 Cost of Data Breach Study by the Ponemon Institute.9 Lost business costs alone averaged $3.01 million and, for the first time in the study’s history, malicious or criminal attacks accounted for more than a third of the total breaches. Further, malicious attacks have been the most costly of all types of breaches.
Taking Action to Address Web ThreatsThe good news is that leading vendors in the security technology industry, such as Webroot, are providing a wide range of innovative solutions to enable small and midsize businesses to stay on top of this chang-ing threat landscape and prevent damaging attacks. Foremost among these solutions are secure web gateways and, specifically, the rapidly growing market for cloud-based secure web gateways.
So what are secure web gateways, and how do they protect small and midsize businesses? Here is a definition from research firm Gartner:
“A secure web gateway (SWG) is a solution that filters unwanted and malicious software from user-initiated web/Internet traffic, and enforces corporate Internet policy compliance. SWGs must, at a minimum, include URL filtering, malicious code detection and filtering, and application controls for popular Web-based applications. Native or integrated content-aware data loss prevention (DLP) is also increasingly included.”
The fastest growing segment of the SWG market is in the cloud, where SWG as a service is projected to grow by about 35% in 2012, according to Gartner. There are significant advantages to deploying a cloud-based secure web gateway, particularly for SMBs that need to get security solutions up and running quickly and inexpensively.
By using a cloud-based SWG, organizations don’t have to spend money on hardware and software, and they also save money over time on maintenance, updating and service. What’s more, a cloud-based service provides a more secure perimeter for the organization, especially with the growth of mobility,
7 The WASC Threat Classification 2.08 RSA 2012 Cybercrime Trends Report, EMC, 20129 2011 Cost of Data Breach Study, United States, Ponemon Institute, March 2012
5
the shift to the BYOD paradigm and the growing deployment of less secure platforms like tablets and smartphones. How can a cloud-based service give you more protection?
p Better defense against zero-day threats and spam servers
p Real-time threat detection and immediate deployment
p More comprehensive signature and URL databases
p Better performance
p Support for remote and roaming employees
p Fault tolerance
Of course, not all cloud-based secure web security solutions are created equal. In looking for a solution, SMBs should focus on certain key characteristics. Does your provider offer service-level agreements (SLAs)? Does the service enable users to authenti-cate directly to the service from any location, sup-porting policy enforcement for roaming users while ensuring that users can’t bypass company policy? Does the solution take advantage of a comprehen-sive, cloud-based malware detection service to enable real-time protection against threats as they are discovered? Does it utilize a small client plug-in that makes it simple to deploy on all devices, without having any impact on the user experience or network performance?
In weighing all of the features an SMB should be looking for in a secure web gateway, the logical first-choice solution is the cloud-based Webroot Web Security Service. Among the key benefits of the Webroot service are:
p 100% protection against known viruses as part of the SLA
p The only cloud-based solution that provides separate antivirus and antispyware engines
p Industry-leading URL filtering and IP protection through the Webroot Intelligence Network
p Simplified management and deployment through a centralized web-based management console
p Advanced Desktop Web Proxy Plug-In Agent, which is a small client plug-in that enables a wide range of management features, including the ability to control which sites will not be filtered and the flexibility to transparently handle hot spots accessed by roaming users
p Rapid deployment and guaranteed service availability
p Option to extend protection with Webroot SecureAnywhere Business Mobile to smartphones and tablets, including Android and Apple iOS devices, and to manage everything via the same management portal as the web service
ConclusionThe major trends that are driving businesses and information technology today — mobility, social networking, BYOD and cloud computing — are also making organizations more vulnerable to security threats. More than ever, cybercriminals are on the prowl to take advantage of these vulnerabilities, making the threat landscape more challenging. Threats are evolving quickly and increasingly targeted at web-based vulnerabilities.
Organizations need solutions that are effective in this new environment, as well as easy to deploy, quick to respond and flexible as threats change. Cloud-based secure web gateways such as Webroot Web Security Service are the best way to address this changing landscape. Webroot provides a comprehen-sive, feature-rich and innovative cloud-based secure web gateway that addresses all of the web security requirements of any small or midsize business.
For more information, please visit: http://www.webroot.com/En_US/business/web-security/.
For a free trial of the Webroot Web Security Service, go to: http://www.webroot.com/En_US/business/land/security-risk.html
