Web 2.0: New risks, new rewards

Commentary--Web 2.0 shifts online control to active participants but it also creates a fertile ground for hackers and malware, says Secure Computing's Paul Henry.
Written by Paul Henry, Contributor
Commentary--Widely referred to as Web 2.0, much of today's Internet transforms users into active participants and content contributors. This creates significant security challenges for enterprises.

There's no doubting the power of Web 2.0 applications. Millions of users are embracing online calendars, spreadsheets, social networks and other interactive sites. But all of these new destinations provide fertile ground for hackers and malware. Plus, online applications and social networks provide new pipelines for information leakage and corporate compliance violations.

These security issues exist for all IP-based traffic, whether email, VoIP, instant messaging, Web access, file transfers, or other enterprise applications communicating over Internet Protocol. In short, Web 2.0 applications expose organizations to both inbound and outbound security threats that transcend the legacy security measures needed for Web 1.0.

Traditionally, security administrators worried about incoming file attachments with malware and Trojan horses. Now, seemingly legitimate Web pages can introduce malware or spyware into a network. Organizations can train employees to refrain from clicking on suspicious email attachments, but there’s no way to show them—definitively—how a malicious Web site differs from a legitimate one. For better--and sometimes for worse--Web 2.0 applications like blogs, wiki’s and social networking sites allow users to post code in chat sessions and other areas.

In some cases, hackers are corrupting legitimate technologies for their own gain. For example, encrypted HTTP (known as HTTPS) was supposed to ensure sensitive data wasn’t transferred "in the clear" over the Internet. However, attackers can also use secure connections to transmit malware. Because most security products cannot scan encrypted traffic, we refer to this portion of network traffic as the "SSL blind spot."

Keep an eye on inbound and outbound threats
Meanwhile, outbound "data leakage" is a growing concern in the Web 2.0 world.

Data leakage refers to sensitive information or IP that makes its way out of the company, either accidentally or by theft or espionage. The point here: Attackers aren't always outsiders in faraway countries; frequently they are employee insiders with access to sensitive data assets. Data thieves, industrial spies, cyber-vandals, and disgruntled employees can sometimes be big problems within a company’s own walls.

But outbound threats such as these aren’t always intentional; sometimes they are purely accidental. For example, an employee might unintentionally open or allow a back door to be opened after downloading a rogue application that has not been approved by IT.

If left unchecked, data leakage can cause intellectual property loss or it can cause an organization to violate compliance regulations like Sarbanes-Oxley and the Health Insurance Portability and Accountability Act (HIPAA).

Many organizations think that filtering their email provides sufficient protection. That’s a reasonable first step. But a far wiser approach involves multi-protocol data leakage prevention, where network security administrators also pay attention to Web protocols. This includes encrypted email traffic (HTTPS), instant messaging (HTTP), and file transfers (FTP). All of these protocols can be used to convey proprietary information out of the enterprise.

Reputation technology provides leap-ahead
Web 2.0, targeted malware, spyware, adware, and outbound data leakage present many challenges. To meet those challenges, a new paradigm of proactive, reputation-based security needs to be applied to Internet traffic entering and leaving the enterprise. This breakthrough approach delivers proactive, advanced detection of both known (signature-based) and unknown (behavior based) attacks before threats can pose a risk or penetrate the network.

In addition, Web Gateway Security appliances can protect enterprises from malware, data leaks and Internet misuse, while ensuring policy enforcement, regulatory compliance and a productive application environment.

Solutions should analyze traffic bi-directionally. Inbound, the solution should isolate and eliminate threats from all types of malware—zero-day threats, viruses, Trojans, spam, phishing, spyware and more. Sophisticated behavioral and signature-based techniques can block malware and zero-day attacks, as well as provide content analysis to enable regulatory compliance and stop data leaks on outbound traffic. Solutions should leverage deep knowledge of underlying protocols and application behavior combined with global intelligence to make security decisions.

Other benefits include lower support, subscription, and employee training costs. And, users get a unified administrative interface with common policy management and enterprise class reporting on all functionalities along with an executive dashboard providing "at a glance" status on network security and system health.

Only with this total solution in place can enterprises protect their assets in the Web 2.0 world.

Secure Computing's Vice President of Technology Evangelism, Paul Henry, has more than 20 years experience managing security initiatives for Global 2000 enterprises and government organizations worldwide. Paul can be reached at Paul_Henry@securecomputing.com

Editorial standards