Web Security Still Matters

Related Articles

• New Action Guide Aimed at Cyber Attacks
• Privacy, Large Dataset Research, and the Netflix Prize
• Botnets Capture MAAWG Attention

Subscription Options

Subscribe Magazine

Subscribe Newswire

Widgets & RSS Feeds

“I think the reason you continue to see that sign in front of your face is because the behavior of the user has changed over the past 10 years,” observes Samantha Madrid, Cisco IronPort product manager. “When I started in Web security eleven years ago, the whole message was ‘don’t give access to the users, you need to be cognizant of productivity loss, of potential legal liabilities, etc.’ Today that behavior has changed dramatically. We are now encouraging our users to communicate online, to collaborate, and to introduce a global voice. By sharing that data online and making it accessible to a mobile workforce it’s important that we make sure the content they’re accessing is safe and clean.”

Dr. Paul Judge, co-founder and chief technology officer of Purewire, Inc., details five fundamental shifts taking place on the Web that leave corporate networks and users vulnerable and make Web security an increasingly vital issue. The most important shift is the growth of the Web, which, Judge notes, is expanding at approximately one domain per second. Secondly, he points to the increase in AJAX-based applications that essentially turn the browser into the new operating system as another key issue. In this instance, Judge explains, “Applications simply run in the browser and users can become infected without having to click on a link to download a file or an executable. Traditional anti-virus (AV) solutions can’t help because there’s no file for them to download and nothing to scan.”

The dramatic increase in user-generated content is the third shift in the top three that Judge believes lead to increased vulnerability. “In the past there were a handful of content providers,” says Judge. “Today there are millions of consumers posting comments, feedback, links, etc. online—it becomes a question of what and whose information you can trust.” The increased mobility of the workforce ranks fourth in contributing to a vulnerable environment while an overall increase in the creativity and intelligence of criminals rounds out his list. “Rogue applications and botnets are more frequently disguising themselves as HTTP traffic in order to bypass traditional security defenses such as firewalls, which renders those traditional security approaches useless.”

Blended Threats

Shawn Eldridge, chief marketing officer at BorderWare Technologies, feels that the big change over the past few years in regards to the Web and Web security isn’t related to the threats themselves, as they have long existed. Rather, organizations need to look at how people are arriving at compromised sites that expose them to threats in the first place. “With email threats decreasing, [notwithstanding spam], and Web security getting better, a paradigm has occurred where email has become the invitation to the threat.” Eldridge cites the Web as the actual infection point. “People are sending out spam whether it’s through botnets or phishing attacks—or whatever label you want to place on it—in order to get people to visit Web sites that they have purposely infected or that have areas within them with exploited vulnerabilities. The blended threat of email as the invitation and the Web as the delivery device and infection point is the kind of the world that we live in today.”

Eldridge also believes that the same mechanisms that make Web 2.0 so powerful—collaboration, ease of use, 24/7 anywhere access—has led to an increased exposure to threats. “The reality is that when it comes to Web security the issues today still reside around protecting users against malware, worms, Trojans, and spyware.” The other side of the coin that’s not being addressed, he says, is Web content. “This is the part that isn’t being discussed as much. The reason being that it’s a much harder problem to solve and it’s the new threat area. Fortunate enough for BorderWare we have the answers along these lines because we’ve been looking at [Web security] for quite some time.”