Protecting the MidSized Business

8/7/2019 Protecting the MidSized Business

http://slidepdf.com/reader/full/protecting-the-midsized-business 1/12

Protecting the Mid-sized Business >New security requirements and possibilities

White Paper



1 < >

Protecting the Mid-sized Business: New security requirements and possibilities

Introduction

Malware is one of the biggest threats facing mid-sized businesses today.

Every day, a highly organized, nancially motivated cybercriminal community

generates an unprecedented volume of dynamic and sophisticated malware

aimed at stealing information from your business and selling it for a prot. To

protect your business data, you have to understand the nature of these threats

and know how to protect your company from them.

This white paper outlines this new threat environment and explores the

unique requirements for mid-sized businesses. The bottom line: You need

more than rewall and antivirus protection to stop the latest threats. Today’s

security infrastructure must be always on and instantly updated to match the

speed, volume, dynamism and sophistication of today’s malware. To help you

get started, this white paper provides practical guidance on layered defense

systems that provide strength in numbers through cloud communities, all in a

cost-effective way that meets your security and business needs.

Key characteristics of malware today

Criminal motivation combined with sophisticated tactics drive today’s threat

environment. The scale and dynamic nature of these threats presents morecomplex security challenges than traditional security models can adequately

manage. Let’s start by looking at these characteristics in detail, and explore

why they challenge conventional security wisdom and traditional defenses.

Malware is now driven by organized crime.

Viruses and other malware are increasingly written by professional hackers

working on contract from organized crime syndicates. Their main objective

is to steal data that can intercept funds or enable criminals to prot illegally

from individuals or businesses like yours. Even the lowest threat range, such

as phishing scams, attempts to extort, trick or con people and companies

out of money. Without an effective protection system, malware will hurt yourbusiness at some point – whether it’s lost productivity, revenue or unforeseen

legal costs. Research estimates that between information theft and cleanup

expenses, cybercrime cost rms one trillion dollars in 2009.

Malware is growing in both volume and speed.

In addition to the costs of malware, the volume and rate of attacks has

skyrocketed in the past few years. Two-thirds of all the known malware that

has ever existed was launched in 2008. In 2009, that number doubled. Phishing

attacks increased 585 percent in just the rst half of 2009.



2 < >


So hackers today are no longer defacing web sites for the thrill of it. In fact,

quite the opposite – they want to remain undetected for as long as possible.

In 2007, the average lifespan of malware was seven hours. By 2008, it was

estimated at ve hours. And in 2009, many threats relocated themselves

after just two hours to avoid detection.

Social networks are great hiding places for covert malware types.

As end users become more conscious of malware scams, cybercriminals

have upped the stakes, nding increasingly devious ways to lure or trap

their targets. They leverage popular trends like social networking, takingadvantage of the trust web users have in reputable sites and their network

of “friends.” If a social networking site has 500 million regular users, each

of whom trusts a few hundred friends, it stands to reason that criminals will

view it as a vast source of potential targets. Poisoned search engine results,

where infected blogs have led to highly ranked web pages with malicious

content, are also used to lure people to malware hosts at the end of an

orchestrated link chain. But most web threats – over 90 percent – actually

come from infected popular sites. By far, the greatest risk of attack comes

from everyday browsing behavior like searching, chatting with online friends

or even visiting trusted sites.

There is a connection between how users browse and search on the web today and

current mechanisms or inection by malware. For example, the most prolifc recent

malware attacks leverage social networking – and the trust people have in their

riends and connections – to spread malware as well as poisoned search results.



3 < >


Today’s malware requires new thinking about security

Not long ago, machines were infected when users opened email attachments

containing viruses and worms, or visited “red-light” districts on the web,

such as pornography or gambling sites. Conventional security wisdom told

us to protect against threats by building a hard shell around the network

to protect entry and exit points, and stop users from going to bad places.

Desktop AV, rewalls and more recently Unied Threat Management (UTM)

solutions are the components we used to create this hard shell. While these

technologies are effective against static, network-based threats, they are

less effective against dynamic, web-based threats because they narrowly

dene safe vs. unsafe web sites and then deny or allow access based on

that limited characterization. As a result, they cannot adequately protect

against real-time malware attacks that can change or disappear in as little

as two hours.

Here’s why: The web is simply too big and complex to rate every destination,

and it’s no longer dominated by static pages. Today’s Internet is interactive

and changes in real time, which makes it much easier for cybercriminals

to exploit. For instance, when a single request to a web site easily results

in dozens of requests for content, all frequently changing and sourcedfrom many locations, static web ratings simply cannot lter every source

of malware.

In addition, new web-based threats exploit human behavior on a whole new

level by tapping into trusted web activities, sites and applications. Today,

users often encounter malware through poisoned search results in popular

search engines. Or they receive spam from “friends” on social networks.

They download fake offers that actually infect their machines with malware

or spyware “phone-home” capabilities. And sometimes, malware is simply

downloaded onto the machine without the user taking any action other than

visiting a trusted destination, such as a news or banking web site.

Not only has the threat landscape changed, so has the concept of a

network, which has expanded to accommodate roaming and telecommuting

employees. Competitive business demands have driven IT to adopt and

support new technologies to connect workers with applications and

information at any time, from anywhere. While a decentralized work

environment is critical to business agility, it also creates new security

requirements to address the new wave of web threats.



4 < >


To meet these new requirements, companies need more than the average

security portfolio. They need a proactive, layered security strategy at the

web gateway – one that combines a hybrid of technologies that complement

traditional rewall and desktop AV solutions.

This illustration shows how innocent web browsing can be exploited by cybercrime.For example, a user attempting to view a video online at work may be tricked into

downloading a ake video codec containing malware. A compromised contact list in a

social networking site may betray a user’s trust in their riends by linking them to a

scam via a phishing site.

Targets are not just big business

Like any organized crime, cybercrime is focused on organizations or people

who are easy targets with something worth stealing. Increasingly, that means

individuals and smaller companies who lack the security infrastructure and

budget of big businesses. Therefore, mid-sized businesses must not only

understand the severity of the risk, but also the security capabilities they need

to protect their data.

Smaller companies are now the target

As larger enterprises have become more secure, cybercriminals are moving

down the business chain to smaller businesses that have less formal policies

and systems in place. For example, the FBI is investigating several hundred

cases of Automated Clearing House (ACH) network fraud. Cybercriminals,



6 < >


->Understand and protect against online user habits that put the business

at risk

->Dynamically protect against malware and deliver on-demand ratings that go

beyond the traditional reputation-based protection model

->Protect users no matter where they work, even on unsecured networks such

as airports and coffee shops

->Fit the tight budgetary and resource needs of smaller businesses

New security requirements and possibilities

Blue Coat addresses the need for affordable, enterprise-class security in

mid-size businesses. Our comprehensive, layered defense system includes

real-time web intelligence-based ltering, data loss prevention, gateway

antivirus and extensive support for mobile users.

Protection beyond rewalls, UTMs and antivirus software

The rewall, or what it became – a Unied Threat Management (UTM)

appliance – provides rewall, spam ltering, gateway antivirus protection

and intrusion detection. The UTM opens and closes doors based on

web address or Internet “port” number, hides internal addresses and

resources from external sites and provides secure, encrypted tunnels and

authentication. However, it does not offer any awareness of active content

or real-time updates, which means that dynamic, short-lived threats remain

undetected between updates. In addition, rewalls and UTMs neglect remote

users entirely, leaving huge security gaps in your roaming workforce.

While AV software can classify web content as safe or dangerous, it relies

too heavily on signature matching for “known” threats. Antivirus software

relies on constantly changing denitions, and introduces an update cycle

that can’t stay ahead of dynamic threats. So again, these fall far short of the

best protection against the new threat reality. Traditional web ltering can

categorize URLs to control or block objectionable content, but it also relies

on static databases of known websites. Without the ability to address the

dynamic nature of malware, these solutions will always be at least one step

behind the latest attack.



7 < >


Blue Coat ProxyOne delivers greater web visibility and control

Only Blue Coat provides all the required capabilities to give mid-sized

businesses the best protection against today’s threat environment. For more

than a decade, Blue Coat has been trusted by the largest, most security-

conscious organizations in the world. As part of our ongoing commitment

to delivering the most innovative security solutions, we have combined our

market-leading technologies into a single product: Blue Coat ProxyOne.

ProxyOne is installed at the threshold of your private network and the web,

so all users behind the ProxyOne are protected. And, for greater visibility intothe sources of malicious or dangerous web threats, all web activity is logged

and controlled by ProxyOne. In addition to offering protection from malware,

ProxyOne provides visibility into all users’ web activity and tighter control

over what they do online. Managing user behavior is critical to mitigating

security risks, as even innocent browsing can lead to poisoned search

results, compromised social networks and infected web sites.

ProxyOne is architected on a web proxy platform. The web proxy terminates

all web trafc – whatever web protocol is being used, including static and

active content, rich media and standard web content. In addition, to help IT

track all potentially dangerous web activity, ProxyOne offers a set of powerful

pre-dened reports and straightforward custom reports that highlight all

web activity information and links it to each user via their login. ProxyOne

administrators can also measure and report on web trafc performance,

trends, errors, bandwidth impact, streaming trafc levels and more.

ProxyOne delivers an intuitive, graphical interface to dene and manage

policy settings. This allows IT to protect the network and their computers

from malware, but also implements safeguards to help prevent employees

from being exposed to inappropriate or illegal areas of the web. Unlike

rewalls or traditional web ltering solutions, Blue Coat’s policy controlsextend the functionality of standalone URL ltering products by adding

content inspection and native proxy functionality for all popular web

protocols. And, because it leverages the WebPulse on-demand rating

service, ProxyOne has unmatched coverage of all potential requested sites in

customer deployments, providing an extremely low rate of false-positives.



8 < >


Always on and always current

A protection system is only as effective as its web ratings. WebPulse, Blue

Coat’s collaborative cloud defense, ensures ProxyOne always has the latest

web ratings from its global community of more than 70 million people.

WebPulse comes standard with all ProxyOne appliances.

WebPulse leverages the worldwide Blue Coat user base in a community-

based, collaborative defense system. While other web security solutions

seek threats by crawling the web or rely on reports of new threats, Blue

Coat users automatically and anonymously send relevant details of their webactivity into the WebPulse cloud and receive real-time feedback. Seeking

threats or crawling the web to nd trouble typically takes too long, and

risks missing the hidden, dynamic links and malware that characterize

today’s threat environment. Safety in numbers is a well-known maxim, and

the greater the number, the more effective the defense. With 70 million

users generating 45 billion requests a week, they are much more likely to

encounter new threats – even attacks that exist for just a few hours.

Inside the WebPulse cloud, sophisticated technologies identify and analyze

threats and share this intelligence with the Blue Coat user community

on demand. As a cloud service, WebPulse produces the best delivery

mechanism for this intelligence, and ensures Blue Coat ProxyOne is always

up to date with the latest security. All without the need for manual updates

or software downloads.

The best protection, no matter where your users are

ProxyOne supports ProxyClient, which can be installed on remote machines,

to offer protection to remote workers who may log in on unsecured

networks, whether at home or on the road. ProxyClient is managed centrally

by the ProxyOne appliance and enforces the appliance policy that extends

the Acceptable Internet Use policy to remote users. Just like ofce-basedusers, all browsing and web activity through ProxyClient is controlled via the

ProxyOne appliance.

ProxyClient works directly with Blue Coat WebPulse cloud service to

eliminate the need for downloads or update cycles. Instead, web ratings and

threat protection are delivered on demand directly to the remote worker’s

computer – even when it’s disconnected from the ProxyOne appliance.



9 < >


Enterprise-class protection in a mid-market package

ProxyOne has been specically designed to address the operational

requirements of the mid-market IT department. Set up and use of

ProxyOne’s user interface is graphical, simple and task-oriented.

Once you plug in and connect ProxyOne to the network, simply answer six

questions to complete the set up and switch to the browser-based graphical

user interface. ProxyOne comes pre-congured to block malware, but you

can congure and ne-tune any of the pre-dened policies using simple,

task-oriented menus to control the URL categorization features of theappliance. Once installed, ProxyOne is automatically connected to the

Blue Coat WebPulse service to provide real-time web ratings and enforce

network policies.

Simple setup and easy operation, on-demand security and automatic sotware

updates combine to satisy the operational needs o mid-sized IT.

In addition to providing greater web visibility, ProxyOne software updates are

continuously delivered as a service from Blue Coat.



10 < >


Conclusion

Driven by a highly organized cybercriminal community, today’s web threats

are stealthy, short-lived and protable. The volume and sophistication of

malware and the methods used by cybercriminals now target businesses

of all sizes. However, small and mid-sized businesses are at particular

risk of attack because they typically have fewer resources to devote to a

comprehensive security strategy. To address the need for an affordable,

real-time security solution, Blue Coat has introduced the ProxyOne

hybrid appliance.

ProxyOne, which includes Blue Coat’s innovative WebPulse cloud service and

ProxyClient software for remote workers, delivers enterprise-class security

to mid-sized companies. With ProxyOne, smaller companies can now protect

their critical data with real-time web ratings, instant security updates and

protection for remote workers. All in a package that is affordable, easy to

install and maintain.

To learn more about Blue Coat ProxyOne, please visit us at www.bluecoat.com

or contact your Blue Coat sales representative.



Blue Coat Systems, Inc. • 1.866.30.BCOAT • +1.408.220.2200 Direct

+1.408.220.2250 Fax • www.bluecoat.com

Copyright © 2010 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be

reproduced by any means nor translated to any electronic medium without the written consent of Blue Coat

Systems, Inc. Specications are subject to change without notice. Information contained in this document is

believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use. Blue

Coat, ProxySG, PacketShaper, CacheFlow, IntelligenceCenter and BlueTouch are registered trademarks of BlueCoat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property

of their respective owners.

v.WP-PROTECTING-MSB-V1-1110

Protecting the MidSized Business

Documents

Transcript of Protecting the MidSized Business