BYOD seems to be the latest buzz word in security. In case you aren't completely caught up with the news, BYOD stands for "Bring Your Own Device". It refers to the proliferation of smartphones and tablets that employees are bringing into work and attaching on to the organization's network. It's estimated the average employee owns 2.4 devices that they bring into work and connect to the network.
This brings its own challenges, including how to enforce corporate policy on those devices. While policy may be enforced by the secure web gateway or proxy when the device is on the organization's network, what about policy when it's off the network and on some public network? That's important to make sure the device doesn't get infected or suffers data loss due to a malware attack. Plus there's the issue that the device uses applications that sometimes use different URLs, protocols, and ports than the web version of that application. It's possible your secure web gateway may not understand the mobile app, while it's happily blocking or controlling the web application.
The other challenge these devices bring is around performance and bandwidth. While the secure web gateway may have enough performance and bandwidth for one device per employee, what happens when there's three and all three are checking and updating webmail and Facebook at the same time? These devices also have a bandwidth challenge when they download updates to their operating system. iOS updates have been rather large lately, and if every iOS device downloads their updates during work hours, is your secure web gateway prepared? BYOD only promises to increase as the tablet and smartphone market continues to grow.
It's time to make sure your secure web gateway has up to date technology to handle mobile, as well as enough capacity to handle the coming increase in bandwidth requirements. This may be a good time to look at bandwidth saving technologies as well, including caching and stream splitting for video, one of the biggest hogs of network bandwidth.
Wednesday, May 16, 2012
Friday, May 11, 2012
Is InterOp Even Relevant Anymore?
This week was InterOp in Las Vegas. If you've been in the industry as long as I have, you still have memories of InterOp as the premier networking event. I've been going to InterOp since 1992, before it merged with NetWorld. As I walked down the aisles this year, the event just seemed like it was only a shadow of its former self. While the economy has certainly taken some of the toll in the number of companies and attendees, it seems like it's more than that. Networking has broken off into a number of niche plays, and a general interoperability show doesn't seem as relevant today, when working together is just assumed, and expected.
Instead of going to a general purpose show like InterOp, I think IT admins are going to cloud, identity, security, mobility and other "themed" events. So you have to wonder, just how many years InterOp has left.
Instead of going to a general purpose show like InterOp, I think IT admins are going to cloud, identity, security, mobility and other "themed" events. So you have to wonder, just how many years InterOp has left.
Friday, May 4, 2012
Drive-by Malware Targets Android
PCWorld is reporting the first instance of drive-by malware for the Android operating system. Drive-by malware is malware that installs itself just by visiting a website, without having to click on anything on the webpage and without having to download or install anything. It's the most dangerous type of malware because it requires no action by the end-user to get infected. This is the first reported case of drive-by malware targeting the Android operating system. Drive-by malware for windows has been around for a while.
This specific malware is called "NotCompatible" and is a trojan that can be used by hackers to use the Android device as a relay point to break into secure networks or uses the device as a proxy.
This latest form of malware is a good reminder that all devices need to be protected, and coincides with Blue Coat's announcement this week of K9 for Android. K9 is Blue Coat's free, home-use web filtering software. Blue Coat already offers K9 for iOS, Windows and MacOS.
This specific malware is called "NotCompatible" and is a trojan that can be used by hackers to use the Android device as a relay point to break into secure networks or uses the device as a proxy.
This latest form of malware is a good reminder that all devices need to be protected, and coincides with Blue Coat's announcement this week of K9 for Android. K9 is Blue Coat's free, home-use web filtering software. Blue Coat already offers K9 for iOS, Windows and MacOS.
Thursday, May 3, 2012
Nine percent of websites malicious
A new report from Zscaler suggests that 9.5 percent of websites are malicious. Another 9.5 percent rated as suspicious in their study. It's no surprise that the web is an increasingly dangerous place to visit. One of the key drivers for this threat, is the fact that end-users aren't updating their plug-ins, leaving them vulnerable to a lot of older malware. An example of this is with Adobe Reader, which the report showed over 60% of users were running an outdated version of this software.
The report also noted that Apple devices are becoming more prevalent in the workplace as Android and Blackberry devices are becoming less prevalent. If anti-malware isn't part of your web security, this report is a good reminder, why it should be in your plans for this year.
The report also noted that Apple devices are becoming more prevalent in the workplace as Android and Blackberry devices are becoming less prevalent. If anti-malware isn't part of your web security, this report is a good reminder, why it should be in your plans for this year.
Monday, April 30, 2012
Conficker Malware Remains A Threat
Information Week published an article this week talking about why the Conficker Malware won't die. It's been 3 years since Conficker was discovered. Information week reports that Conficker launched 59 million attacks in the fourth quarter of 2011 against 1.7 million PCs. An impressive number for malware that should have already been eradicated.
The article on Information Week caught my eye, because I recently attended a talk where Conficker was discussed, but not in terms of the malware itself, but how it was discovered. It was important because the talk was actually about APTs (Advanced Persistent Threats), and how to keep an organization protected from APTs. Because APTs can come from anywhere and target almost anyone in the organization, it's tough for a single security solution to detect an APT when the threat happens. So how does one protect against an APT? The answer is of course, multi-layered defense. An organization needs to defend not only the web gateway/proxy, but also the router, the workstation, and other network devices.
That leads to the next question, which is how do you detect an APT when it's happening. And that's where Conficker comes in. Conficker was discovered by an IT administrator who knew what a normal log looked like and immediately recognized an anomaly in his DNS logs, which led to the discovery of Conficker. Specifically the administrator saw a spike in DNS requests for hostnames that did not map to IP addresses (Conficker automatically generates hostnames using an algorithm to look for payload servers).
The key here is familiarity with the logs on all your networking devices. Understand what's a normal day, and recognize when your network devices are producing anomalies, and investigate when these anomalies happen. Familiarity with your own logs may be the difference between early detection of an APT, and significant data loss.
So even though Conficker continues to haunt corporate networks, it does remind us we need to remain vigilent in security and become familiar enough with our environments that we recognize when something is out of the ordinary.
The article on Information Week caught my eye, because I recently attended a talk where Conficker was discussed, but not in terms of the malware itself, but how it was discovered. It was important because the talk was actually about APTs (Advanced Persistent Threats), and how to keep an organization protected from APTs. Because APTs can come from anywhere and target almost anyone in the organization, it's tough for a single security solution to detect an APT when the threat happens. So how does one protect against an APT? The answer is of course, multi-layered defense. An organization needs to defend not only the web gateway/proxy, but also the router, the workstation, and other network devices.
That leads to the next question, which is how do you detect an APT when it's happening. And that's where Conficker comes in. Conficker was discovered by an IT administrator who knew what a normal log looked like and immediately recognized an anomaly in his DNS logs, which led to the discovery of Conficker. Specifically the administrator saw a spike in DNS requests for hostnames that did not map to IP addresses (Conficker automatically generates hostnames using an algorithm to look for payload servers).
The key here is familiarity with the logs on all your networking devices. Understand what's a normal day, and recognize when your network devices are producing anomalies, and investigate when these anomalies happen. Familiarity with your own logs may be the difference between early detection of an APT, and significant data loss.
So even though Conficker continues to haunt corporate networks, it does remind us we need to remain vigilent in security and become familiar enough with our environments that we recognize when something is out of the ordinary.
Friday, April 27, 2012
Flashback attack and MacOS vulnerability
I know I've been remiss in keeping up with this blog and the latest news out in the security and proxy industry, but sometimes life happens. With that in mind, I'm going to recap probably the most important bit of news that happened over the last couple of months, and that was the reminder to everyone that Macs and specifically MacOS isn't completely protected from malware. The Flashback virus was widely reported on and was estimated to have infected over 600,000 Mac computers. Bigger news was of course that Apple first ignored the news reports and then slowly came around and said they would fix the flaw that caused the vulnerability.
But the big question for many of course, is whether any of the devices on their network helped to prevent the attack from happening, and this wasn't something that any vendor had an answer to. But Blue Coat Systems while they didn't claim to protect you from Flashback, they did claim they helped prevent an infected system from reporting back to the botnet systems collecting data from compromised Macs. You can read about how they did this on their security blog.
But the big question for many of course, is whether any of the devices on their network helped to prevent the attack from happening, and this wasn't something that any vendor had an answer to. But Blue Coat Systems while they didn't claim to protect you from Flashback, they did claim they helped prevent an infected system from reporting back to the botnet systems collecting data from compromised Macs. You can read about how they did this on their security blog.
Monday, February 13, 2012
Blue Coat Acquisition Approved By Shareholders
The Blue Coat Systems acquisition by the private equity firm Thoma Bravo was approved today, February 13, 2012 during the shareholder meeting in Sunnyvale, CA. The result of this is that Blue Coat has now been taken private, and will no longer be a publicly traded company. What effect this has on the product and roadmap remains to be seen, but the company claims this will help them focus on the product without having to worry about shareholders.
Subscribe to:
Posts (Atom)
Posts
