Web filtering really got its start as way to implement Acceptable Use Policy (AUP) in organizations that wanted to make sure their employees were spending their time on the Internet at websites that met corporate acceptable use guidelines. With the growth of the web and the spread of malware from email to websites, the focus for web filtering has really moved from implementing AUP to protecting the casual web user from malware and drive-by downloads they might get from good or bad sites.
The malware isn't exactly new, as much of what's prevalent today depends on techniques that have been in effect for years, but rather the subtlety with which they are released has changed. Rather than an anonymous email asking you to watch their video, it's a close friend's hijacked Facebook account that sends you a message asking you to watch their kid's latest accomplishment video. Click on the video and of course you'll be prompted to update your video codec, which actually downloads malware onto your computer.
An unsuspecting user will naturally trust the person they know rather than the one they don't, making the hijacked Facebook account much more malicious than a spam email asking you to watch some sexy video.
So with this evolution to targeted attacks, protecting the everyday user from malware and drive-by downloads is increasingly important for organizations, and the role the secure web gateway plays in the organization. That's why it's more important than ever to make sure your web filtering software and subscriptions are up to date, and using an accompanying anti-malware program that scans everything. Reputation based exceptions don't really work anymore, since even reputable sites can get hacked and host malware links.
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment