Web Security - The Problem

By Roger on October 9, 2009 12:26 AM | No Comments | No TrackBacks

Web security has changed a lot in the past few years. It is no longer good enough to take a desktop antivirus scan engine and scan web content. URL filtering isn't enough. It is not enough to put HTTP security on your corporate gateway.

The reason its not good enough to have a HTTP security gateway should be rather obvious. People go home. People travel. People work at client sites. People work at the Starbucks. An increasingly mobile workforce necessitates a mobile security solution.

URL filtering isn't enough. URL filtering is reactionary and there are many new sites each day. When a legitimate site is compromised, URL filtering can categorize it as a malware serving site and block it. But how quickly will the site be rechecked after the virus is clean? Viruses are showing up on otherwise legitimate sites. Sites can be compromised through lack of patching, through SQL Infection. In several cases advertising networks have inadvertently included malicious content. Some sites are potentially insecure by design. Web 2.0 sites accept user provided content with little controls in place. While some URL filtering solutions are better than others, it is an incomplete solution at best.

Some web security solutions are merely URL filtering combined with a desktop antivirus engine. I don't think I need to rehash the failure of the antivirus engine. But there is better technology. The best web security solutions include zero day protection as more than a marketing term. A web malware scanner is looking at the context of the file. The site its on. The number of requests for the file. The history. Its then running it through heuristics in a way much more accurate than any desktop heuristic.
The web is a ready avenue of attack. Strengthened defenses against email and network attacks have left http the prime target for attackers.

Its a good time to be looking at alternative solutions. I think that SaaS web security has hit the sweet spot in what Gartner would call the hype cycle. Its at that point where you're still on the leading edge but not on the bleeding edge. I'll be trying to get a "why SaaS" post out.

Categories:

Tags:

No TrackBacks

TrackBack URL: http://www.infosecblog.org/mt-tb20071121.pl/941

Leave a comment

Categories

Archives

Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Follow me on Twitter
Got Backups? Get Safe Online Remember Rick Rescorla
Powered by Movable Type 4.31-en

Search

About this Entry

This page contains a single entry by Roger published on October 9, 2009 12:26 AM.

Local Admin Rights was the previous entry in this blog.

Now that is strong is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.