The new Gartner Secure Web Gateway Magic Quadrant is out for 2011. As most of you know, the Magic Quadrant is used by many large and medium enterprises as a guideline for deciding which IT products to purchase. The Secure Web Gateway report outlines those products which are typically Web Proxies (forward proxies), also known as secure web gateways.
For companies competing to be in the Magic Quadrant, the desirable corner to be in, is the upper right hand corner, also known as the "leaders" quadrant. This year, the usual suspects are in the "leaders" quadrant. Blue Coat, Cisco, McAfee and Websense are all in the "leaders" quadrant as expected, but this year, there's one additional name that's there, and it's a bit of a surprise. Zscaler was added to the leaders quadrant, and it's the only vendor on the list that isn't an on premises or appliance vendor. Instead Zscaler offers a solution that's a SaaS (Security as a Service), also known as a cloud solution. The other vendors on the list, while they offer on-premises solutions, have also started branching to the cloud as well, and offer their own SaaS based solutions as alternatives to the on-premises equipment.
For anyone considering a cloud solution, there are well-known limitations to cloud computing (control over the environment/maintenance windows, bandwidth constraints to the data centers, latency, and other issues). So it'll be interesting to see if these cloud based solutions start to take hold, and if they become the dominant solutions in recommendations like Gartner's.
Tuesday, May 31, 2011
Thursday, May 26, 2011
Malware for smartphones up 46%
Zdnet just reported on a study that showed malware targeting smartphones is up 46% this year over previous years. According to the report run by McAfee, Symbian remains the most targeted mobile platform, but vulnerabilities are also targeted in the Android and Apple IOS.
This new report is a bit of concern given the other news this week on organizations having more of an issue with smartphone loss than with smartphone malware. With malware up, the prudent IT administrator would make sure they deal with both smartphone loss (using policy and other tools), as well as malware (using secure web proxies and gateways).
This new report is a bit of concern given the other news this week on organizations having more of an issue with smartphone loss than with smartphone malware. With malware up, the prudent IT administrator would make sure they deal with both smartphone loss (using policy and other tools), as well as malware (using secure web proxies and gateways).
Apple to Issue MacOS Update to Combat Malware
Apple says it will issue a software update in coming days for Macs to combat a recent surge of malware attacks. I reported on these attacks a few weeks ago.
When using a Web browser, the phishing scheme redirects users to fake websites and claims their computer has a virus. Apple's response to the latest malware attacks, shows that the threat to MacOS devices is serious, and that Macs may not be as secure as many previously believed.
It's still a good reminder that any web browsing should be done through a secure web gateway or web proxy, since many operating systems (especially ones like MacOS, smartphone OS, and tablet OS) may not yet have good anti-malware options.
When using a Web browser, the phishing scheme redirects users to fake websites and claims their computer has a virus. Apple's response to the latest malware attacks, shows that the threat to MacOS devices is serious, and that Macs may not be as secure as many previously believed.
It's still a good reminder that any web browsing should be done through a secure web gateway or web proxy, since many operating systems (especially ones like MacOS, smartphone OS, and tablet OS) may not yet have good anti-malware options.
Wednesday, May 25, 2011
Smartphone loss outweighs malware risk
A new study by McAfee finds that the risk of losing a smartphone (and the associated confidential and proprietary data on the phone) is greater than the risk of losing data through malware. The study found that 4 in 10 organizations had already lost data due to smartphone theft or loss.
This study may help explain why there's less concern with malware picked up from browsing the web, and why many organizations have yet to implement web security for mobile devices like smartphones. With greater risk coming from the physical loss of the device, many IT departments are already struggling with ways to keep the physical device safe and secure, and securing the web browsing on a smartphone has fallen to second place in the realm of security issues.
Part of the problem is many organizations do not have policies around smartphones, like they do around PCs and laptops, and that may be the first step to addressing this problem, and one that can help move them towards looking at securing the web access as well.
This study may help explain why there's less concern with malware picked up from browsing the web, and why many organizations have yet to implement web security for mobile devices like smartphones. With greater risk coming from the physical loss of the device, many IT departments are already struggling with ways to keep the physical device safe and secure, and securing the web browsing on a smartphone has fallen to second place in the realm of security issues.
Part of the problem is many organizations do not have policies around smartphones, like they do around PCs and laptops, and that may be the first step to addressing this problem, and one that can help move them towards looking at securing the web access as well.
Tuesday, May 24, 2011
1 in 14 downloads is malicious
According to Microsoft, 1 in 14 downloads is malicious. That number isn't too big of a surprise for anyone already dealing with web security. With the prevalence of fake A/V and fake codec malware out of the web, it's not surprising users are getting prompted to download malware more and more often.
In today's world, hackers find it easier to trick end-users into downloading malware, rather than finding holes in browsers or hacking into websites. While the evolution of browsers has led to many newer browsers being able to detect and warn end-users about threats like these, they don't always catch these threats, and of course it's unlikely end-users are running the latest browsers with the latest safeguards.
That's why it's still important to have an extra layer of security in place like a web proxy, or secure web gateway. News articles on the prevalence of malicious downloads, are just a good reminder we need this extra layer of security, and to make sure this extra layer of security is doing in-depth analysis and scanning of downloads to make sure they are malware-free.
In today's world, hackers find it easier to trick end-users into downloading malware, rather than finding holes in browsers or hacking into websites. While the evolution of browsers has led to many newer browsers being able to detect and warn end-users about threats like these, they don't always catch these threats, and of course it's unlikely end-users are running the latest browsers with the latest safeguards.
That's why it's still important to have an extra layer of security in place like a web proxy, or secure web gateway. News articles on the prevalence of malicious downloads, are just a good reminder we need this extra layer of security, and to make sure this extra layer of security is doing in-depth analysis and scanning of downloads to make sure they are malware-free.
Thursday, May 19, 2011
Canada, new hub for cybercrime?
A new report from Websense shows that due to the increased scrutiny of IP addresses and hostnames from China and Eastern Europe, cybercriminals are increasingly relocating to Canada. Apparently there's been a 319% increase in phishing sites in Canada in the last 12 months and a 53% increase in bot networks. Canada also jumped from number 13 to number 6 from 2010 to 2011 in rank of countries that host cybercrime.
This latest report just continues to show the importance of applying security across the board on all web requests regardless of where the request is headed and regardless of the reputation of the site being visited.
All sites should be rated, and any objects coming from those sites should be scanned for malware. Anti-malware and anti-virus software on gateway is mandatory in today's malware infested web.
This latest report just continues to show the importance of applying security across the board on all web requests regardless of where the request is headed and regardless of the reputation of the site being visited.
All sites should be rated, and any objects coming from those sites should be scanned for malware. Anti-malware and anti-virus software on gateway is mandatory in today's malware infested web.
Tuesday, May 17, 2011
Webpulse in a PacketShaper
I'm a little late getting to this, but Blue Coat announced a few months ago the inclusion of their Webpulse technology in the PacketShaper (the traffic shaping device that Blue Coat acquired when they acquired Packeteer a few years ago).
If you're not familiar with Webpulse, it's the cloud service behind Blue Coat Web Filter (BCWF), the URL filtering database that's an option on Blue Coat's ProxySG platform. Basically when you visit a URL that's not in the local URL database, it checks Webpulse to see if there's a rating for that URL already cached in the cloud, and if so brings down that rating to the local ProxySG and caches that information locally. If it's not been rated in the past (because no one else in their 75 million user community has visited the page yet), then they'll use an automated rating system that goes out and scans the page and tries to rate the page real-time, and then adds the real-time rating to their cache, so that any other ProxySG (or other devices that use Webpulse), will get the rating if they ask for it for the same URL.
PacketShaper on the other hand is a device that offers visibility, classifies network traffic, and allows you put in constraints (essentially QoS) on each of the different "buckets" of classified network traffic. For example, if you want to allow P2P on your network, but you only want it to take up 1% of the available network bandwidth you can set up a rule to enforce that.
Before adding Webpulse to PacketShaper, it basically considered Web traffic to be one large category. By adding Webpulse, PacketShaper now recognizes different categories being browsed and can automatically use Webpulse to add unknown URLs to a specific category within Web traffic. The big benefit here is being able to control specific types of web traffic (say traffic going to porn sites), by using either bandwidth controls, or even blocking that traffic (although it allows you to block traffic, it's not as secure as a security device like ProxySG, because the default to PacketShaper is to allow traffic that it doesn't know, until it's able to classify it, so you may allow some "bad" traffic to go out or come into your network, before the block takes effect based on your rules.
Webpulse adds great additional visibility to PacketShaper, but it doesn't replace the web proxy, unless you're willing to let some "bad" traffic in before it's blocked, which I don't think any IT admin would allow. But PacketShaper does serve an interesting purpose as a network monitoring device, and reporting tool, especially if you don't have secure web gateway yet. By putting in a PacketShaper, you can see if it's worthwhile to get secure web gateway, and at the same time you can restrict certain types of traffic from going through your network (or at least slowing it down enough to discourage users from even trying it).
If you're not familiar with Webpulse, it's the cloud service behind Blue Coat Web Filter (BCWF), the URL filtering database that's an option on Blue Coat's ProxySG platform. Basically when you visit a URL that's not in the local URL database, it checks Webpulse to see if there's a rating for that URL already cached in the cloud, and if so brings down that rating to the local ProxySG and caches that information locally. If it's not been rated in the past (because no one else in their 75 million user community has visited the page yet), then they'll use an automated rating system that goes out and scans the page and tries to rate the page real-time, and then adds the real-time rating to their cache, so that any other ProxySG (or other devices that use Webpulse), will get the rating if they ask for it for the same URL.
PacketShaper on the other hand is a device that offers visibility, classifies network traffic, and allows you put in constraints (essentially QoS) on each of the different "buckets" of classified network traffic. For example, if you want to allow P2P on your network, but you only want it to take up 1% of the available network bandwidth you can set up a rule to enforce that.
Before adding Webpulse to PacketShaper, it basically considered Web traffic to be one large category. By adding Webpulse, PacketShaper now recognizes different categories being browsed and can automatically use Webpulse to add unknown URLs to a specific category within Web traffic. The big benefit here is being able to control specific types of web traffic (say traffic going to porn sites), by using either bandwidth controls, or even blocking that traffic (although it allows you to block traffic, it's not as secure as a security device like ProxySG, because the default to PacketShaper is to allow traffic that it doesn't know, until it's able to classify it, so you may allow some "bad" traffic to go out or come into your network, before the block takes effect based on your rules.
Webpulse adds great additional visibility to PacketShaper, but it doesn't replace the web proxy, unless you're willing to let some "bad" traffic in before it's blocked, which I don't think any IT admin would allow. But PacketShaper does serve an interesting purpose as a network monitoring device, and reporting tool, especially if you don't have secure web gateway yet. By putting in a PacketShaper, you can see if it's worthwhile to get secure web gateway, and at the same time you can restrict certain types of traffic from going through your network (or at least slowing it down enough to discourage users from even trying it).
Monday, May 16, 2011
More Reports on Mac Malware
As Apple continues to gain marketshare (around 15% of the desktop market in the latest numbers), it's no surprise that there's more malware targeting Mac OS. While many Mac users feel innoculated from the widespread attacks of malware because of the OS they run, they should feel less safe now, with the introduction of the MacDefender virus and the Weyland-Yutani bot, both of which specifically target Mac users.
It's an inevitable outcome of the popularity of Apple, and probably only a small foreshadowing of the attacks to come on iOS, the operating system of the popular iPhone, iPod and iPad.
With fewer choices for security for Apple devices, it makes sense to have a organization wide web proxy or secure web gateway to block any threats coming from the web, specifically for those users on the organization's network. Unfortunately when those users are off the organization's network, they're generally on their own when it comes to web defense (unless you've installed a client based web protection application, like those offered by Blue Coat, Websense and others).
Web security for Macs is inevitable, and one aspect of your organization's security you'll probably want to investigate sooner rather than later.
It's an inevitable outcome of the popularity of Apple, and probably only a small foreshadowing of the attacks to come on iOS, the operating system of the popular iPhone, iPod and iPad.
With fewer choices for security for Apple devices, it makes sense to have a organization wide web proxy or secure web gateway to block any threats coming from the web, specifically for those users on the organization's network. Unfortunately when those users are off the organization's network, they're generally on their own when it comes to web defense (unless you've installed a client based web protection application, like those offered by Blue Coat, Websense and others).
Web security for Macs is inevitable, and one aspect of your organization's security you'll probably want to investigate sooner rather than later.
Wednesday, May 4, 2011
Bin Laden's Death Leads to More Malware
In what shouldn't be any surprise to IT Admins, Osama Bin Laden's death this week led to an immediate surge in malware, with many scams posted using the lure of stories, videos and photos of his death. Almost all the major security firms reported a tremendous uptick in malicious websites with fake info this week based on the news story.
In what is new news, ZDnet reported this week that unlike most malware, this weeks attacks included ones specifically targeted at Macs, rather than PCs. These attacks apparently are targeted specifically at MacOS X.
This is especially dangerous for IT admins, since many Mac users think they're immune to malware, and generally don't have anti-malware programs running on their local desktops. That's why it's especially important to have a web proxy or secure web gateway protecting your Mac users, if you have them in your organization.
In what is new news, ZDnet reported this week that unlike most malware, this weeks attacks included ones specifically targeted at Macs, rather than PCs. These attacks apparently are targeted specifically at MacOS X.
This is especially dangerous for IT admins, since many Mac users think they're immune to malware, and generally don't have anti-malware programs running on their local desktops. That's why it's especially important to have a web proxy or secure web gateway protecting your Mac users, if you have them in your organization.
Tuesday, May 3, 2011
71% Increase in New Zombies
Commtouch is reporting an increase in the number of zombies (compromised computers) on the Internet. Their numbers indicate a 71% increase since the start of a new malware outbreak based on fake advertising pretending to be from shippers like DHL, UPS, USPS, and Fedex.
It appears that the this new attack has been relatively successful, convincing large numbers of users to click on malware getting themselves infected. It's sad that despite common sense, and warnings from administrators, end-users continue to click on malicious links and emails attachments.
It's a good reminder on why you need to have a protection in place like a web proxy in addition to scanning all your incoming email for spam and malware. A web proxy helps protect users who click on malicious links from downloading malware to their PCs. If you don't have a secure web gateway or a proxy, here's another reminder why you need one.
It appears that the this new attack has been relatively successful, convincing large numbers of users to click on malware getting themselves infected. It's sad that despite common sense, and warnings from administrators, end-users continue to click on malicious links and emails attachments.
It's a good reminder on why you need to have a protection in place like a web proxy in addition to scanning all your incoming email for spam and malware. A web proxy helps protect users who click on malicious links from downloading malware to their PCs. If you don't have a secure web gateway or a proxy, here's another reminder why you need one.
Subscribe to:
Posts (Atom)
Posts
