In the modern landscape, IT security is no longer the concern of organisations in isolation, but has become a global issue.
Key technology trends including virtualisation, cloud computing, Software as a Service (SaaS), mobile devices, and most particularly Web 2.0, are changing the business world and making the security landscape far more complex than ever.
Cybercrime has become a more lucrative business than the global drug trade, and the threat of cyber terrorism and industrial espionage is now a reality.
At the recent IDC IT Security Roadshow, held at the Sandton Convention Centre in Johannesburg, Dominique Honnay, Director of Emerging Markets and EMEA Distribution at SonicWALL delivered a presentation on the threats facing the modern enterprise and the technology that can be used to effectively counter these threats while still maintaining business productivity and allowing access to new tools.
“Network security remains a key concern for businesses. However, the challenge is that network attacks have evolved to the application layer, driven by the growing Web 2.0 trend. Web-based applications offer great communication and productivity benefits, but unfortunately expose the network to a greater level of vulnerabilities and exploitation, Securing and managing applications in this new threat landscape is vital to protect users and businesses from the proliferation of these malicious and targeted attacks,” said Honnay.
One increasingly common method of delivery for malware is web searches.
Legitimate websites are hacked to insert parasite pages peppered with search terms, including current events pulled from the Google Trends system, along with minor typos such as Gogle or Obbama. These hacked pages lead users to enter sites they may consider safe, but which actually contain malware that can compromise networks and devices.
Fake antivirus warnings are also being used in conjunction with web searches to compromise machines. Clicking on a link from one of the “bad” sites will display a warning from a fake antivirus application, which mimics the look and feel of a legitimate antivirus, claiming to detect a large number of nonexistent threats and urging user to pay large sums of money to remove them.
Downloaded content too presents a high risk, since applets containing malware can easily be attached to the files for download, including music and videos. When these downloaded files are run, the applet can then install itself on the user’s machine, again leading to compromise and potential danger.
“The increased adoption of new technologies such as cloud computing, virtualisation and mobile and wireless solutions along with the spread of Web 2.0 and ever increasing global connectivity, have introduced a variety of new threats to the network,” said Martin Tassev, Managing Director of LOOPHOLD Security Distribution, local distributors of the SonicWALL brand.
“As a result, old network security solutions are fast becoming outdated, and blocking applications at port level is no longer sufficient since many web-based applications can enter at the same port.”
“(NGFW) technology can help organisations sort through traffic to ensure that legitimate content and applications can be accessed by the users that need them, while still maintaining the appropriate levels of control needed for security and management of bandwidth usage,” said Tassev.
Using next-generation firewalls, organisations can identify traffic by application, not by port and protocol and by the user or user group rather than the IP address. This technology also enables traffic to be deeply inspected based on content rather than file names, which prevents hidden applets from being unintentionally installed.
“Once traffic has been adequately identified, it can be categorised by application, application category, destination, content, user or user group and then controlled. Policy ensures that apps are prioritised, managed and blocked if necessary, malware can be efficiently detected and blocked and intrusion attempts can be detected and prevented. Bandwidth can be prioritised for critical apps and managed for acceptable apps, and unacceptable apps can be blocked,” said Honnay.
With next-generation firewall technology it is possible to manage and control video streaming bandwidth, ensure mission critical applications have priority to get the network bandwidth they need to operate can improve business productivity and keep peer to peer applications under control, amongst other things. This technology also enables real-time monitoring of applications as well as incoming and outgoing bandwidth usage, tracking of suspicious applications and visualisation in various forms of application work flow.
“As the threat landscape continues to change with the evolution of technology, relying on outdated and expensive security solutions to protect the network becomes an increasingly dangerous practice,” Tassev concluded.