Two things that all orgs need for effective web security

As someone who has worked in the security industry over the past 10 years, it has not escaped me that there are 2 things that all organisations need with regards to Web Security:

1. A method to protect their users from the nasty stuff online
2. Visibility and control over potential risks to the organization

I’ve spoken to countless organizations and I’m always surprised when I find that, unless driven by other parts of the business “web security” is not at the top of mind for XSOs. That said,we do find most organisations have deployed a level of filtering, normally based around a database solution that categorises websites, this in my opinion is not security. Security doesn’t mean blocking access to social networking and webmail sites, security means protecting the transit and content of information flowing to and from these sites.

I evangelize the web 2.0 world and am a huge advocate for access for all, however, that said; when I browse a site I expect the propeller heads within my organization to ensure that I am protected from potentially hacked/cracked/exploited sites.

Limiting my access to News & Media to lunch time and/or afterhours is not a security decision but rather one that is driven by my manager or HR, and I feel that this would only be done should I prove to be abusing my otherwise open access and that the powers that be show me to what level I am abusing this. I don’t expect that the propeller heads in my IT department will have access to the usage reports and be able to inspect what sites I’ve visited, I do however expect that they will be alerted to the fact that I may have or tried to download malware to my PC, either intentionally or by through some cleverly crafted email, tweet, post, ad, etc.

I’ve worked with multiple products in this space and while most are very good at categorising websites so that my HR department can view most browsing history and ensure I’m being a good productive employee, I find that most of them lack the ability to protect me from legitimate websites that may contain malware. How is a URL categorisation engine supposed to protect me from a site that by all accounts is “Legitimate” if this legitimate site has succumbed to a cross site scripting or SQL injection attack?

I know these views are controversial and potentially against “Corporate IT policy” but the threat from “Legitimate” sites is very real, a conservative approach to security, while has it’s place, just doesn’t cut it in a web 2.x world. If these are blocked for staff productivity reasons, then how do we ensure that our staff isn’t utilizing their smartphone for the same activity, if it’s personal then how can we? In fact I hear from many of the old school that they deploy BlackBerry Smartphones for their employees to ensure this type of activity doesn’t take place; a quick look on http://statistics.allfacebook.com/applications is normally a real eye-opener for customers.

In the past year we’ve seen a massive increase in the number of fortune500 and government data breaches in both Ireland, Across Europe and around the world.

We’ve seen the vector move to a multifaceted approach. An example of this was an Irish recruitment website being the subject of a SQL injection attack, this allowed the criminal to liberate over 400,000 names and email addresses from a backend database. The crook or one of his associates was then able to use these details to send a crafted email to the unsuspecting individuals who were subscribed to this site requesting them to post their banking details.

There have been countless iterations of Apple Store and LinkedIn spam messages that are leveraging people’s mailboxes in order to “tempt” them to click on a link, upon following these links malware has been installed. This malware often has different vectors in terms of it’s infection and has led to massive profits for the unscrupulous.

However the purpose this blog is not to talk about what is right and how to do it, the purpose of this blog is to inform you how Cisco are positioned to help your organisation, Cisco’s security architecture is such that no matter what type of network you have, where your users reside, the type of Corporate Policy you have, the device that your community uses Cisco can ensure that your user community is protected and that your applications are accessible is a safe, secure efficient fashion.

ScanSafe as a cloud solution, meaning no hardware, software, maintenance, or hidden costs freeing up your time for other IT projects. ScanSafe is the current leader in this field, with more than 42 percent market share, according to IDC.

“The opinions expressed in this blog are my own views and not those of Cisco.”

Save