The Web Has Shifted. Is Your Network Ready?

Related Articles

• DNS Made Easy Review
• Real World Solutions from People in the Trenches Featuring Send Word Now and the National Institutes of Health
• IBM’s IOD Conference

Subscription Options

Subscribe Magazine

Subscribe Newswire

Widgets & RSS Feeds

The Web has come a long way in the last few years. However, many of these advancements have disrupted traditional approaches to Web security. Given the fundamental shifts in the Web, there is a need to revisit how we secure users online today.

The traditional approach to Web security was simply Web filtering—a solution that could control users: preventing them from going to unproductive places such as pornography, job searches, or sports pages. In today’s Web 2.0 environment, that’s no longer enough.

The Web is growing at a rapid pace; one new domain name is registered a second. Traditional Web filtering databases can’t react quickly enough to provide sufficient coverage. While new AJAX-based applications enrich the browsing experience, they are a blind spot for traditional file-based anti-virus and anti-malware scanning. Millions of end users are posting user-generated content that creates many of today’s most popular Web sites. However, the move from several hundred large content providers to several million individual content providers creates a question of how to establish trust online and sort out legitimate users from fake or malicious ones.

Securing Users

Today’s Web security needs to be about securing users, rather than simply controlling them. Securing users takes traditional Web security beyond URL filtering. It includes the compliance-focused features such as URL filtering, but also integrates application control to ensure users are only accessing approved applications, and data leak prevention to protect sensitive information. Securing users also incorporates strong threat prevention functionality such as URL reputation to make real-time classification of Web sites as the user is visiting it. Anti-virus and anti-malware must be supplemented with browser attack prevention to understand how scripts and Web apps are trying to interact with and possibly exploit the user’s browser.

Traditional Web security solutions focus on protecting users while inside the corporate perimeter, but leave users vulnerable while using laptops or smartphones outside the office to access the Web. The ideal Web security solution should establish a policy once and enforce it everywhere.

SaaS-based Web security protects a user from the workplace, to a coffee shop across the street, to a hotel across the country, or even on a mobile device. Sitting between the Internet and the end user is exactly where the security controls need to be in order to be effective in today’s environment. SaaS-based Web security solutions make sense in today’s economy, where some 85 percent of organizations already have some sort of Web filtering in place. Web security SaaS supplements Web filtering with other compliance and threat prevention features while providing further benefits including bandwidth, hardware, and administration reduction that typically introduces about one-third cost savings. And that is a shift that every organization should be able to handle.

About Dr. Paul Q. Judge

Dr. Paul Q. Judge serves as co-founder & CTO for Purewire, Inc., a SaaS-based Secure Web Gateway company. Prior to starting Purewire, Dr. Judge joined the original management team of CipherTrust in 2000, where he served as CTO until Secure Computing Corp.’s acquisition of the company in 2006. Dr. Judge is an internationally recognized authority on Internet security, having spoken at industry-leading events, won numerous awards, and was awarded six U.S. patents and 24 other U.S. patents pending.