sb-au logo
Story image

Why cybersecurity must address ICT staff efficiency

07 Sep 2017

A perfect storm affecting ICT departments hit home in May as members of the UK National Health Service (NHS) quickly learned about the direct impact of particularly virulent malware: ransomware. Many NHS hospitals and trusts went offline and routine doctor appointments had to be cancelled. Importantly, the situation shows how ICT staff are overwhelmed due to having limited budgets and security approaches that simply do not keep up with Web-borne threats.

Traditional security systems sound alarms and require human interaction to investigate but staff time is always in short supply. Thus, security administrators, who are also serving as the ICT staff in smaller organisations, find themselves in a no-win situation as they work to implement and enforce web security policies with Secure Web Gateway (SWG) appliances and cloud-based services.

These security systems were not designed for staff efficiency, and due to their nature, will not catch new malware threats, be it through phishing campaigns or ransomware outbreaks. SWG policies are largely based on website categories, such as news, entertainment, weather, social media, etc and reputation feeds to assess good from bad. But what if a site is unknown to the SWG, and does not fall into a known category?

Administrators can either be lenient in allowing access to these uncategorized sites, consequently increasing malware risk, or deny access to such sites and deprive employees of information and data they need. The threat of contracting malware from the web is not only real, but happens very quickly and will impact employees and critical enterprise systems all at once.

The web – a big problem

Today there are more than 500 million malware variants in existence and can even be found on the world’s most popular web sites, through background sites serving ads. Due to the speed and ease at which it spreads, malware has taken centre stage in most of the high-profile security breaches of 2017.

The costs of these breaches is in the hundreds of millions, and thus businesses have been forced to adopt increasingly strict web security policies which rely primarily on traditional Secure Web Gateways legacy architectures. Secure Web Gateways sit between attacks and vulnerable targets, but they can only protect against what they know. These devices rely largely on two data points: site reputation and site category, such as news, entertainment, weather, social media, etc.

As such, there is a gap in security when the device fails to recognize a site or its category. In these situations, administrators are faced with two decisions: either to allow access to uncategorized sites and face a high malware risk, or to deny access and deprive employees of information and data they may need. There can be negative ramifications for either policy.

An end to the guessing game

Isolation technology, featuring the use of virtual containers and a rendering technology, eliminates the possibility of malware reaching user devices via compromised or malicious websites and email. This is not detection or classification, rather the user’s Web session and all active content (e.g., Flash, Javascript etc.) whether good or bad, is fully executed and contained in the isolation platform. Only safe, malware-free rendering information is delivered to the user’s endpoint. No active content, including Javascript or any potential malware, leaves the platform. As such, malware has no path to reach an endpoint, so websites and legitimate content needn’t be blocked in the interest of security.

Administrators can open more of the Internet to their users while simultaneously eliminating the risk of attacks. With isolation, administrators can safely allow access to uncategorized and any other blocked sites and eliminate the frustrating security vs. productivity compromise of the past.

The benefits of Isolation are clear. As no active web content reaches the endpoint, uncategorized sites present zero risk. The cost of sanitizing infected machines has always been high. Fortunately, Isolation eliminates the web as a malware threat vector, drastically reducing number of machines to be reimaged.

And what about those Windows XP systems from ten years ago? Isolation greatly reduces the urgency around patching machines for every browser and plug-in vulnerability, because threats are kept away from these machines.

Concerning SOC costs –Isolation stops threats before they are detected by traditional solutions, eliminating erroneous or inaccurate malware alerts. With Isolation, the number of trouble tickets decreases as employees are now free to safely explore the web without submitting re-categorization requests. Lastly, by eliminating re-categorization requests, the need for expensive experts is eliminated.

The case is clear for transitioning away from a traditional secure gateway approach to a fully new approach leveraging Isolation technology in the fight against malware.

Article by Jason Steer, Solutions Architect EMEA at Menlo Security.

Story image
Is cyber deception the latest SOC 'game changer'?
Cyber deception reduces data breach costs by more than 51% and Security Operations Centre (SOC) inefficiencies by 32%, according to a new research report by Attivo Networks and Kevin Fiscus of Deceptive Defense.More
Story image
Shlayer malware proves Apple devices aren't as secure as you think
"Apple never talks about malware publicly, and loves to give the impression that its systems are secure. Unfortunately, the opposite has been proven to be the case with great regularity."More
Link image
Webinar: Best practices for managing disparate security solutions
As budgets get more constrained, the emphasis shifts from merely finding threats to increased efficiency in managing security operations. Learn how to juggle a crowded field of solutions.More
Story image
Gartner: Security leaders must balance risk, trust and opportunity
Security and risk leaders must focus on balancing risk, trust and opportunity to help maintain the ability of their organisations to function.More
Story image
Ping named identity solution Leader by ISG
Recognised for Identity & Access Management in the 2020 Provider Lens Cyber Security – Solutions & Services Quadrant Report Australia.More
Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More