End-To-End Web Security

Protecting Users and Servers Against the Latest Web Threats

A REPORT FROM

IRONPORT SYSTEMS
WITH A FOREWORD BY MIcHAEl OsTERMAn

A MESSAGING MEDIA PUBLICATION

E ND -T O -E ND WE B S E C Ur I T y

table of contents
Foreword by Michael Osterman . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 The Threat Landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Trouble on the Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Trouble for Web Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Securing the Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Start with URL Filtering, But Dont Stop There . . . . . . . . . . . . . . . . 17 Monitor the Network Perimeter to Guard Against Infection . . . . . . 18 Reputation Tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Effective Malware and Spyware Scanning . . . . . . . . . . . . . . . . . . . . . 18 All-In-One Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Securing the Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 The Foolproof Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Deep Web Analysis for Complete Compliance . . . . . . . . . . . . . . . . . 22 Standards for Success . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Special Section: All-In-One Solutions to Protect Against the Latest, Most Sophisticated Web Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

DISCLAIMER: The law in this area changes rapidly and is subject to differing interpretations. It is up to the reader to review the current state of the law with a qualified attorney and other professionals before relying on it. Neither the authors nor IronPort make any guarantees or warranties regarding the outcome of the uses to which this material is put. This paper is provided with the understanding that the authors and IronPort are not engaged in rendering legal or professional services to the reader. copyright 2000-2008 cisco systems, inc. All rights reserved. ironPort, the ironPort logo and senderbase are registered trademarks of cisco systems, inc. All other trademarks are the property of cisco systems, inc. or their respective owners. While every effort is made to ensure the information given is accurate, cisco does not accept liability for any errors or mistakes which may arise. specifications and other information in this document may be subject to change without notice.

A MessAging MediA PublicAtion

E ND -T O -E ND WE B S E C Ur I T y

Foreword
by Michael Osterman Gone are the good old days, when getting infected with a virus or worm required you to do something such as clicking on a link in an email or opening a file you received as an email attachment . Today, simply visiting a website can infect your computer and your companys entire network with any of a growing number of very nasty malware variants . Increasingly, the dangerous locations arent offensive or otherwise questionable Web venues: sites operated by reputable and mainstream organizations as diverse as the Miami Dolphins, the United Nations, Audi, Harvard University and Business Week have all been hacked and infected with malware through a variety of techniques that allow them to operate for hours, or even days automatically infecting hundreds of thousands of users with malicious content before the problems are discovered and addressed . The impact of infections caused by these incursions varies widely, from the placement of images or messages on hacked sites to the release of sensitive personal information . Many exploited websites are used to distribute more malware, while others are reprogrammed to infect visitors computers with keystroke loggers that will intercept bank account information, credit card numbers, corporate login credentials and other sensitive data . Moreover, we are seeing increased use of blended threats whereby spam is used to deliver nothing more than links to seemingly valid websites that, when visited, infect within moments . The problem is not a theoretical one: a recent, extensive Osterman Research survey of decision-makers in mid-sized and large organizations in North America found that 39 percent of organizations had experienced a virus, worm or Trojan entering their network through the Web during the previous 12 months . Additionally, 51 percent of decision makers believe that their users visiting websites (and thereby introducing malware into the corporate network) is a serious or very serious risk for their organizations . Fortunately, most corporate decision makers are beginning to take note of these problems and are addressing them . The survey mentioned above found that (by early 2009) 72 percent of organizations are likely to, or
4
A MessAging MediA PublicAtion

organizations of all sizes must take Web threats seriously and deploy the right technologies to address them.
President and Founder, osterman Research, inc.
MIChAEL OSTErMAN

E ND -T O -E ND WE B S E C Ur I T y

definitely will, invest in capabilities to protect against Web-borne threats, while 42 percent will likely or definitely invest in enhanced gateway security to protect against Web 2 .0-related threats . Further, 79 percent of organizations currently have a budget or will have one to address adware and spyware infections by early 2009 . Organizations of all sizes must take Web threats seriously and deploy the right technologies to address them . These solutions must deal with Web threats using a layered defense strategy from a reputable vendor that can continually analyze threats, provide real-time protection to their customers and update on-premise components in the infrastructure as frequently as necessary . Addressing Web-based threats is now just as critical as addressing viruses and spam, if not more so . To ignore these threats is to do so at your own peril .

Recent studies have shown that an unprotected computer, connected to the internet, can become infected with malicious code in less than five minutes.

Michael D. Osterman President and Founder Osterman Research, Inc .

A MessAging MediA PublicAtion

E ND -T O -E ND WE B S E C Ur I T y

introduction
The Web . It has become a criminals paradise . Virtually infinite in scope, heavily traveled and loosely regulated with dangerous applications that are misunderstood and inadequately defended against, the World Wide Web has evolved into a medium as perilous as it is productive for businesses around the globe . Driven by greed, cyber-criminals are prospering off of the Webs fertile ground for nefarious activity eager to exploit its many vulnerabilities and the navet of those who rely on it for legitimate commerce . Indeed, todays Web landscape is fraught with peril for enterprises that have incorporated its global reach, convenience and immediacy as a plank in their business platforms . Many businesses, however, remain unaware of (or at least far behind) the rapidly evolving strategies that promise to disrupt their commercial activities and steal their vital assets . The range of threats is mutating rapidly and attacking in such unsuspecting ways as simply opening a webpage . At risk is a loss of identity, brand reputation, confidential information, consumer confidence and money . For years, IT managers grappled with email-borne spam and associated malware aimed at their inboxes . Public attention and industry security technology appeared to be gaining the upper hand, promising an effective wall of defense against Internet malware at the network perimeter . Today, the Web stands as an increasingly dangerous threat vector, demanding a new level of vigilance from administrators charged with keeping their networks free from danger and disruption . Port 80, which networks use to browse the Internet using the HTTP protocol, remains highly vulnerable . Unlike email, which can be stored, inspected and forwarded, HTTP traffic comes in at real time, posing an exploitable point of access for threat purveyors .

We expect to see steady growth in the corporate Web security Market over the next four years, as the market is forecasted to grow from 73 million seats in 2008, to 195 million in 2012. this represents an average annual growth rate of nearly 28 percent.
corporate Web security Market, 2008-2012
ThE rADICATI GrOUP, INC.

A MessAging MediA PublicAtion

E ND -T O -E ND WE B S E C Ur I T y

the threat landscape

Trouble on the Desktop Web threats have put traditional gateway defenses to the test, and many are failing . Industry analysts estimate that over 80 percent of all corporate PCs are infected with some sort of Web-implanted spyware, while just 10 percent of the enterprises that own these PCs have deployed a defense against spam, phishing, viruses and related malware . This lack of effective defense burdens network resources, diminishes assets, slows productivity and worse .

As a growing number of Web 2.0 applications make their way into the enterprise, they bring with them even more security concerns and attack vectors.
security Products Program director, idc
BrIAN BUrkE

The speed with which Web threats travel, and their increasing complexity, highlight the unique challenges of stopping them at the gateway . In the not-too-distant past, gateways sought to prevent the infestation of malware by signature- and list-based filtering on the receiving end . However, security filters can be easily overwhelmed by increased traffic volume and complex traffic, carrying dangerous payloads . Today, we see an increase in imagebased malware as well as URL-based viruses that spread via email (whose legitimate appearance makes them difficult to stop) as well as macro-based viruses that reside within Microsoft Office products and capitalize on a users familiarity with them for higher open and infection rates . The power of profit continues to propel Web-based threats at rates faster than corresponding defense technology can be deployed . Simply providing traditional filtration can no longer keep pace with the ability of malware to mutate and compromise an enterprises defenses . The challenges pose not only the risk of surreptitous monitoring and control over the users interaction with their computers, but also jeopardize their compliance with usage policy and productivity . Botnets are among todays most pervasive forms of malware . Only a few years ago, malware authors easily circumvented industry blacklists by taking advantage of SMTPs open relays, enabling them to pass their malicious content through messages that could only be traced back to the legitimate IP addresses of the relaying MTA . By focusing on the vulnerability of open relays, security solution providers have since been able to mount a reasonable defense . Botnets, however, give hackers a new means to spread their bad traffic across the Internet . These threats come in a variety of shapes and sizes
A MessAging MediA PublicAtion

11

E ND -T O -E ND WE B S E C Ur I T y

with hundreds of variations in existence . The botnet, also known as a robot network, is defined as a network of zombie computers that have been hijacked by furtive software to run select applications . Once converted into zombies, these remotely manipulated computers are impervious to the demands of the bot controller . Their dangers include: Spam and Spying. Botnets are ideal for marshalling their infected zombies to collect email addresses, and transmit enormous amounts of spam and phishing emails . They can also be used to collect proprietary information passing through an infected computer, including passwords and user names . Denial of Service (DoS) Attacks. These assaults disrupt service by consuming a victims network bandwidth, overflowing their computing systems capacity, or disrupting their Internet connection . The end results can be a massive loss of productivity, or the crash of an enterprises website . Keylogging and Identity Theft. Utilizing techniques to capture and record user keystrokes, todays botnets have become adept at overriding encryption software to gather critical data . They are also highly-skilled phishers and imposters, committed to stealing unsuspecting users identities . Botnet Breeders. Botnet handlers have also become masters at expanding their networks, luring credulous users with downloads that instantaneously spread their illicit programs through email correspondence, file transfers and standard HTTP . Automated Click Response. Many botnets instruct their zombies to click on specific sites, making them a prime weapon to illegitimately inflate online advertising traffic counts . While botnets continue to flourish, network administrators must also guard against the infection of legitimate sites which draw on hosting servers and thousands of actual domains to attack site visitors systems . The sites implanted toolkits then endanger visitors with a variety of malicious code that can steal critical information (such as login information for personal banking) .

A single Botnet can spawn thousands of malware-laden Botsites in just a few hours.

Today, there are more than 10 billion active webpages on the Internet . Analysts concur that up to 10 percent of these sites are malicious a dangerously high number for businesses . It is also estimated that exploited websites account for nearly 90 percent of todays Web-based threats, reflecting the fact that malware purveyors are targeting trusted websites as the prime space for their attacks . In recent example, a major Japanese video game producers website was hit with an SQL injection attack (see details below) . A chunk of malicious JavaScript was embedded in parts of the site, causing a pop-up message to appear, warning users that their computers were infected with malware . The pop-up then led users to a site where they could acquire supposed anti-virus software . This software actually contained a malicious Trojan . The bottom line is that traditional URL filters are not adequate to protect against these threats . Many earlier security solutions relied heavily on blacklists to identify sites containing malware . These sites were then added to a list of dangerous IP addresses for future blocking . While good in theory, the approach in practice is too reactive and overly dependent on human experience and input to identify the threats . Today, poisoned or pirated sites come and go, with attackers constantly shifting their launch sites to obscure detection and foil response .
A MessAging MediA PublicAtion

A single Botnet can spawn thousands of malwareladen Botsites in just a few hours.

12

13

E ND -T O -E ND WE B S E C Ur I T y

To be truly effective in the face of such threats, reputation systems must gather more information on a sites domain reputation, its country of origin, server configuration and IP range . Compiled for advanced algorithmic analysis, this information, combined with enhanced security measures at the Web servers application level, provide enterprises with a far greater chance of thwarting inbound threats . Sophisticated reputation tracking also provides the best hope for coping with botnet zombies, provided they are equipped to identify new senders originating from a dynamic IP range . This capability, at the very least, notifies recipients that the inbound traffic may be suspicious and should be treated with caution . The ability for enterprises to throttle, or eliminate the delivery of suspicious mail also provides an effective mechanism to determine the legitimacy of inbound traffic . This tactic relies on the networks ability to monitor reputation and scan content at the application level . Just as end-users and endpoints are targeted for increasingly sophisticated Web based threats, so are Web servers . They are potentially just as vulnerable and can be even more detrimental if compromised . In this next section, the impact and spread of this problem is examined . Trouble for Web Servers Todays Web environment, with its multitude of evolving Web 2 .0 applications, offers a wondrous range of productivity enhancements for enterprises and a concurrent slate of risks . Web hackers have become highly adept at creating new tools to take advantage of these cutting-edge services with an array of devastating attacks . Their criminal activity paves the way for financial fraud, identity and data theft, denial of service attacks, as well as the spread of malware and botnet zombies . An estimated 250 million records have been breached through such activity in the last three years . This heightens awareness of the need for better access, transmission and storage of sensitive information to protect individuals and corporations, and also ensure compliance with such regulations as the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act (SOX) and more .
14

This illegal activity has become so prevalent that its given rise to a new collaboration among credit card companies, the Payment Card Industry Data Security Standard (PCI DSS), aimed at standardizing how businesses store and access sensitive credit card information According to the Open Web Application Security Project (OWASP), todays top ten threats and vulnerabilities include: Cross Site Scripting (XSS). This technique enables attackers to execute script in victims browsers that can highjack their sessions, deface websites, and introduce malware . SQL Injection Flaws. Through such injections, attackers send hostile data to an interpreter, tricking it into executing unintended commands or modifying data . Malicious File Execution. In this type of attack, criminals take advantage of code that is vulnerable to remote file inclusion to deliver hostile code and data that can totally compromise a server . Such attacks target PHP, XML and any framework that accepts files or filenames from servers . Insecure Direct Object Reference. Direct object references occur when a developer exposes such references as a URL to an internal file, directory, database record or key enabling the attacker to manipulate these references to access other internal objects without authorization . Cross Site Request Forgery. This attack forces a logged-on browser to send a pre-authenticated request to a vulnerable Web application, which then causes the victims browser to perform a hostile action that benefits the attacker . Information Leakage and Improper Handling. Attackers routinely capitalize on applications unintentional leakage of information related to their configuration or internal workings to steal sensitive data or execute attacks . Broken Authentication and Session Management. By compromising passwords, keys or authentication tokens, attackers assume unsuspecting users identities . Insecure Cryptographic Storage. Drawing on weakly protected data allows attackers to steal identities and commit such crimes as credit card fraud .
A MessAging MediA PublicAtion

15

E ND -T O -E ND WE B S E C Ur I T y

Insecure Communications. Attackers capitalize on the frequent failure of applications to encrypt sensitive traffic moving through a network . Failure to Restrict URL Access. When applications fail to prevent the display of links or URLs to unauthorized users, attackers access these links and URLs to perform illicit actions . Many of these threats can be linked to vulnerabilities inherent in todays Web 2 .0 technologies . By offering a new realm of functionality, sophistication, social-networking and community-building that that appeals to both individuals and corporations, Web 2 .0 applications have laid the foundation for such phenomena as You Tube and MySpace . This empowering technology invites a more interactive user interface, enabling users to participate with a site (rather than simply download information) . While its advantages and possibilities are extraordinary, so are the opportunities for harm and fraud by hackers and malicious code writers . Vulnerabilities in AJAX, the new technology that is at the heart of Web 2 .0s tremendous advances, provide criminals with unprecedented power to attack .
30.00% 25.00% 20.00% 15.00% 10.00% 5.00% 0.00%
pt ing

securing the gateway

The threatening Web landscape poses serious dangers at the gateways of enterprises around the world . The mediums menace demands close attention and response to ensure secure networks, maintain productivity and comply with regulations . The following paragraphs offer some best practices for defense . Start with URL Filtering, But Dont Stop There URL filters can be valuable tools in the fight against spyware, Malware and Trojans . In addition to allowing you to control access to sites harboring harmful code, they can help you eliminate the use of Web-based applications, file sharing sites and other resources that allow files into your network without the proper virus scanning . In other words, adhering to acceptable use policies maximizes the amount of time employees spend productively and legally pursuing their employers business interests, while minimizing the vast amounts of time, risk and bandwidth associated with workers surfing the Web . But this is just a small start to securing the gateway you need to do more .

ali c Ex ious ec F ut ile ion Ob Ins jec ec t R ure ef Di er re Cr en ct os ce s-s Fo ite rg R er e In y ( qu f Im orm CS es pr at RF t op io ) er n L er ea ro ka rh g an an e a d B dl nd se ro in ss ke g io n a n u m th an en ag tic In em tio se en n cu t re cr yp to gr st ap In or hi se ag c cu e co re m cr y m to un gr ica ap tio hic ns Fa ilu re UR to L res ac tr ce ict ss

os s-s i

organizations are still relying solely on uRl filtering and think that is sufficient to protect their internal infrastructure. in todays internet world, that is a nave assumption.
Chenxi Wang P Rin c i PAl An Aly s t, F o R R e s t e R R e s e AR ch i n c.

sc ri

te

jec

tio In

Fla ws

Data on the top Web application vulnerabilities. (Source: Open Web Application Security Project)

16

Cr

A MessAging MediA PublicAtion

17

E ND -T O -E ND WE B S E C Ur I T y

Monitor the Network Perimeter to Guard Against Infection Given that an estimated three-quarters of all corporate PCs are infected by some form of malware, an inordinate amount of time and manpower is spent managing these compromised machines to prevent leaks of sensitive information and costly downtime . By addressing such threats at the perimeter of the network, administrators can cut costs and reduce the instances of phone-home attempts, phishing, pharming, keylogging and more . Reputation Tracking The best solutions apply more than one layer of defense against these attacks . The first layer should provide effective URL filtering to monitor users Web traffic requests against a comprehensive set of defined and customizable categories . The second layer should measure the reputation of the requested URL . Is it trustworthy based on traffic and network parameters? Bad traffic must be blocked, good traffic allowed to proceed, and grey or questionable traffic passed on for deeper malware scanning . Effective Malware and Spyware Scanning With threats ranging from adware, browser hijackers, phishing, rootkits, Trojans, worms, system monitors and more, enterprises must be vigilant at the gateway to prevent todays expanding range of dangers from compromising their networks . That means incorporating todays latest technologies to scan on both the request and the response side . Organizations must be able to identify existing and evolving sites by scanning millions of sites on a daily basis . The best defenses draw on comprehensive databases of virus and malware signatures, and should be configured to perform Exploit Filtering offers protection against the transparsignature and heuristic scanning . ent passing of malware through legitimate websites.
18

All-In-One Service While modern Web threats pose a complex array of dangers to enterprises, this doesnt necessarily mean that they require a complex series of ad hoc solutions from multiple vendors . Todays security market offers competitive, all-in-one solutions that can provide a complete range of reputation filtering, fully-integrated malware scanning, parsing, streaming and traffic monitoring techniques . These solutions deliver maximum throughput, low cost of ownership, easy management, efficient service (without comprising system speed) and invaluable piece of mind for IT administrators . The security risk is real, with Web-based malware posing a rapidly growing threat that is responsible for significant corporate downtime, productivity loss and resource strain on IT infrastructure . These dangers highlight the importance of a robust, secure platform to protect the enterprise network perimeter . The most effective Web security solutions provide multiple layers of defense to help organizations address the growing challenges of both securing and controlling Web traffic . The protection of end points and users can be accomplished with an all-in-one Web security gateway . Similarly, Web server defense can benefit from the aid of an all-in-one Web application firewall .

heed the voice of experience if you want to know exactly whats going on with your Web servers, a Web application firewall (WAF) is worth every penny.
Jeffrey h. rubin and ravind budhiraJa n e t Wo R k co MPu t i n g

A MessAging MediA PublicAtion

19

E ND -T O -E ND WE B S E C Ur I T y

securing the Web server

Protecting Web servers and applications in the modern multi-threat environment is as challenging as it is essential . Todays attackers deploy a range of tactics to access servers . Once inside, they can alter critical information on a site, view and steal sensitive personal information, and launch dangerous attacks by secretly installing malware . Enterprises require a comprehensive threat defense, beginning with a powerful Web application firewall . The Foolproof Firewall Effective Web application firewalls deliver scalability and maximum throughput, while securing Web-facing HTML and XML applications

delivered to client browsers or the Internet via HTTP or HTTPS . Until recently, traditional Web application firewalls were unable to inspect XML and Web services to shield against denial of service attacks and malicious code injections . Todays leading firewalls counter these attacks by protecting privacy, preventing identity and data theft, and ensuring compliance with corporate and government policy standards . The most useful firewalls are those which enable administrators to easily customize rule and signature parameters, while providing preconfigured standards to meet industry expectations and mandates . They give administrators a tool to clearly monitor applications and accurately detect problems, without compromising speed or agility .

online criminal ecosystem

legitimate users

legitimate users visiting subverted sites, invisibly downloading malware

criminals creating malware and hacking legitimate websites

20 21

A MessAging MediA PublicAtion

E ND -T O -E ND WE B S E C Ur I T y

Deep Web Analysis for Complete Compliance Compliance with industry and government regulations for data handling and storage is a priority for enterprises seeking to maintain credibility and longevity in the marketplace . Enterprises must translate legal requirements and applicable regulations into corporate policies and practices, and then into decisions about technology requirements . A full proxy security solution that provides deep message-level inspections for both request and response traffic enables organizations to not only block attacks but also to cloak their Web applications from hackers . This type of solution can also enforce privacy policies by filtering outbound traffic to prevent the loss of sensitive data such as credit card, personal identification, passport and social security information . Standards for Success A robust Web application firewall conducts deep-layer Web application analysis, while extending protection from attacks against traditional HTML-based applications to the XML-enabled services of the modern Web 2 .0 environment . The best firewalls also deploy encryption techniques to guard against tampering with cookies stored in the browser, which provide the Web server with small bits of confidential information about the user . Finally, by safeguarding the private keys that are used to decrypt data passed through a secure socket layer (SSL) connection, top solutions also prevent key hijacking . Whether showing proof of concept, securing a small set of Web-enabled applications, or deploying a broad set of Web-enabled applications enterprise wide, companies of all sizes need an effective and scalable solution . Industry-leading Web application firewalls are those that offer powerful security processing and high performance to accommodate organizations development and deployment requirements .

According to the ibM Internet Security Systems X-Force 2008 Mid-Year Trend Statistics report, Web application vulnerabilities comprised 51% of all disclosed vulnerabilities between 2006 and July 2008.

22

A MessAging MediA PublicAtion

23

E ND -T O -E ND WE B S E C Ur I T y

conclusion
Just a few short years ago, who could have imagined the threats that would be inherent in todays Web environment? While the Web offers unprecedented, instantaneous access to clients, customers and consumers, it also contains a growing number of pitfalls that can seriously compromise enterprises through stealthy attacks designed to steal information, compromise assets and erode an organizations hard-earned credibility in the marketplace .

using and participating in these online services and communities forces enterprises to relinquish a level of control that they historically would not tolerate. it is forcing enterprises to rethink their security strategies.
Vice President and Research Fellow, gartner, inc.
JOSEPh FEIMAN

Web criminals abound and the dangers they pose have become increasingly serious . The attacks come in a variety of forms, and their success depends on a victims lack of knowledge and preparedness to meet them head-on . From spyware to malicious injections of hostile data that unwittingly prompt users to commit unintended commands, the threats posed by malware writers have become increasingly sophisticated . Todays proliferating Web threats place enterprises under greater pressure than ever before to protect their vital interest, including their reputations and brands, by installing feature-rich security at the perimeter of their networks . That means securing their applications at the server level by deploying a capable firewall, and at the desktop with a solution that delivers thorough scanning and reputation tracking . While Web-based malware and attacks continue to escalate, enterprises also have the ability to rise to this challenge by responding to and stopping threats in their tracks . For many businesses, the task of defending themselves may seem overwhelming . But even as nefarious Web behavior increases, the availability of capable solutions to shield enterprises from attack has kept pace . Still, the battle will continue to rage over control of Web traffic, making it imperative that enterprises act now to ensure their long-term success .

A MessAging MediA PublicAtion

25

E ND -T O -E ND WE B S E C Ur I T y

speCial seCtion:

All-in-one solutions to Protect Against the latest, Most sophisticated Web threats
The number of security threats introduced by Web traffic has reached epidemic proportions . Traditional gateway defenses are proving to be inadequate against a variety of Web-based malware, leaving corporate networks exposed to the inherent danger posed by these threats . In addition to the security risks, Web traffic also exposes an organization to compliance and productivity risks introduced by inappropriate usage of the Web within an organization . Spyware has quickly evolved to become one of the most significant corporate security issues . The speed, variety and maliciousness of spyware and Web-based malware attacks have highlighted the importance of a robust, secure platform to protect the enterprise network perimeter from such threats . Gateway Security for Web Traffic Control IronPort Systems, now part of Cisco, developed the IronPort S-Series to combat Web threats and protect network infrastructures . As the industrys fastest Web security appliance, the IronPort S-Series combines a high-performance security platform with IronPorts exclusive Web Reputation technology and breakthrough Dynamic Vectoring and Streaming (DVS) engine a new scanning technology that enables signature-based spyware filtering . Securing and controlling enterprise Web traffic is a continually evolving challenge . The security risk is real, with Web-based malware posing a rapidlygrowing threat that is responsible for significant corporate downtime, productivity loss and resource strain on IT infrastructure . Enterprises need to understand when, where and how their employees are using the Web . Additionally, an enterprise runs the risk of violating compliance and data privacy regulations if their networks become compromised . The legal exposure as a result of these violations comes at a significant cost . Malware infections also have the potential to expose an organizations business-critical data and intellectual property assets .
A MessAging MediA PublicAtion

security incidents are getting worse. you cant predict when and where things will happen, so youll have to understand the how.
chairman and ceo, cisco systems
JOhN ChAMBErS

27

E ND -T O -E ND WE B S E C Ur I T y

The best place to control and protect against the risks posed by Web traffic is right at the gateway . The IronPort S-Series provides multiple layers of defense, both horizontally (at the application layer) and vertically (up the protocol stack) . IronPort URL Filters enforce acceptable use policy, while IronPort Web Reputation Filters and the IronPort Anti-Malware System with simultaneous scanning by Webroot and McAfee for greater efficacy provide protection against Web-based malware . HTTPS decryption enables the IronPort S-Series to apply these same access and security policies to HTTPS-encrypted traffic as well . Finally, IronPorts Layer 4 (L4) Traffic Monitor detects and blocks phone-home malware activity that attempts to circumvent Port 80 security features . With threats becoming more complex and sophisticated, the IronPort S-Series offers the industrys most comprehensive Web security solution, while also ensuring enterprise-class performance . While todays savvy IT security managers see an immediate need to protect their users from Web-based threats and enforce acceptable use policies, they are not as quick to defend their corporate Web servers from compromises that not only fuel these broader targeted attacks, but can cripple their brand if used as a platform for distributing malware or viruses . A complete, end-to-end solution includes protection for Web servers as well . Firewall Protection for Web Applications Many organizations are looking to increase efficiency and profitability through the implementation of new Web-based applications, Web 2 .0 and service-oriented architecture (SOA) solutions . These new Web-based services provide greater flexibility and interactivity to customers, employees and partners . At the same time, criminals have seized on exploiting these new, and often poorly-secured services for such things as financial fraud, identity and data theft, denial of service attacks, and the spread of malware and remote-controlled agent software . According to privacyrights .org, nearly a quarter of a billion records have been breached since 2005 in the US alone . In response, new and emerging regulatory requirements in virtually every country and region in the world, place a special emphasis on protecting the access to, transmission of, and storage of sensitive information (such as the personal and financial
28

information of customers zand employees) . Of special interest is the protection of consumer financial and personal information . In response to increased identity theft incidents and security breaches, major credit card companies have collaborated to create a series of requirements to streamline and standardize how companies store and access credit card information . The Cisco ACE Web Application Firewall combines deep Web application analysis with high-performance Extensible Markup Language (XML) inspection and management to address the full range of these threats . It secures and protects Web applications from common attacks such as identity theft, data theft, application disruption, fraud and targeted attacks . The Cisco ACE Web Application Firewall is especially designed to help organizations that store, process, and transmit credit card data comply with the current Payment Card Industry Data Security Standard (PCI DSS) requirements . Because of its unique blend of HTML and XML security, the Cisco ACE Web Application Firewall provides a full compliance solution for the PCI DSS sections 6 .5 and 6 .6 which mandate the implementation of a Web application firewall by June 30, 2008 . The Cisco ACE Web Application Firewall offers industry-leading security processing on a high-performance network appliance providing the industry-leading solution that scales to meet your application security, availability and performance requirements . Comprehensive Web Security Yesterdays defenses are no longer effective in the fight against todays sophisticated Web threats . The shift from viruses and worms to exploited legitimate sites, more unique pieces of malware and the growth of social networking sites are forcing businesses to put up new defenses . These types of attacks do not discriminate and even the smallest organization needs to protect its users . Future-proof your Web security solution today with the most effective end-to-end solutions from IronPort and Cisco .

More information about IronPort and Cisco Web security technologies can be found at: www.cisco.com/go/security.
A MessAging MediA PublicAtion

29

Protecting the gateway

IronPort Next-Generation Web Security Appliances Provide: Powerful Malware and Spyware Defense Innovative Exploit Filtering Unique Botsite Protection The Worlds First and Most Effective Web Reputation Technology Industry-Leading Web Security ironPort systems, now part of cisco, is a leading provider of Web security appliances for organizations ranging from small businesses to the global 2000. ironPort appliances utilize senderbase, the worlds largest email and Web threat detection network. by providing Web security solutions deployed at the network gateway, ironPort enables a perimeter defense so powerful that internet threats of all types never even make it to employees desktops. ironPort Web security products can support and protect your infrastructure not only from todays threats, but from those certain to evolve in the future.
IronPort S-Series Web Security Appliance

www.ironport.com/web

MIChAEL D. OSTErMAN is the founder and principal of Osterman Research, Inc. Osterman has more than 20 years experience in the market research industry, conducting research for a wide variety of technology-based clients, including Microsoft, Lotus, Hewlett Packard, Sun Microsystems, Nokia, USinternetworking and Qwest, among many others. Mr. Osterman has written numerous articles for a variety of trade publications, and is currently author of a twice-weekly, online column on messaging issues published by Network World. He is a panelist and speaker at various industry and vendor-sponsored events. IrONPOrT SySTEMS, now part of Cisco, is a leading provider of anti-spam, anti-virus and anti-spyware appliances for organizations ranging from small businesses to the Global 2000. IronPort appliances utilize SenderBase, the worlds largest email and Web threat detection network and database. IronPort products are innovative and easy-to-use providing breakthrough performance and playing a mission-critical role in a companys network infrastructure.

P/N 451-0311-1 12/08

MMP

MESSAGING MEDIA PUBLISHING