Story image

Why cybersecurity must address ICT staff efficiency

07 Sep 17

A perfect storm affecting ICT departments hit home in May as members of the UK National Health Service (NHS) quickly learned about the direct impact of particularly virulent malware: ransomware. Many NHS hospitals and trusts went offline and routine doctor appointments had to be cancelled. Importantly, the situation shows how ICT staff are overwhelmed due to having limited budgets and security approaches that simply do not keep up with Web-borne threats.

Traditional security systems sound alarms and require human interaction to investigate but staff time is always in short supply. Thus, security administrators, who are also serving as the ICT staff in smaller organisations, find themselves in a no-win situation as they work to implement and enforce web security policies with Secure Web Gateway (SWG) appliances and cloud-based services.

These security systems were not designed for staff efficiency, and due to their nature, will not catch new malware threats, be it through phishing campaigns or ransomware outbreaks. SWG policies are largely based on website categories, such as news, entertainment, weather, social media, etc and reputation feeds to assess good from bad. But what if a site is unknown to the SWG, and does not fall into a known category?

Administrators can either be lenient in allowing access to these uncategorized sites, consequently increasing malware risk, or deny access to such sites and deprive employees of information and data they need. The threat of contracting malware from the web is not only real, but happens very quickly and will impact employees and critical enterprise systems all at once.

The web – a big problem

Today there are more than 500 million malware variants in existence and can even be found on the world’s most popular web sites, through background sites serving ads. Due to the speed and ease at which it spreads, malware has taken centre stage in most of the high-profile security breaches of 2017.

The costs of these breaches is in the hundreds of millions, and thus businesses have been forced to adopt increasingly strict web security policies which rely primarily on traditional Secure Web Gateways legacy architectures. Secure Web Gateways sit between attacks and vulnerable targets, but they can only protect against what they know. These devices rely largely on two data points: site reputation and site category, such as news, entertainment, weather, social media, etc.

As such, there is a gap in security when the device fails to recognize a site or its category. In these situations, administrators are faced with two decisions: either to allow access to uncategorized sites and face a high malware risk, or to deny access and deprive employees of information and data they may need. There can be negative ramifications for either policy.

An end to the guessing game

Isolation technology, featuring the use of virtual containers and a rendering technology, eliminates the possibility of malware reaching user devices via compromised or malicious websites and email. This is not detection or classification, rather the user’s Web session and all active content (e.g., Flash, Javascript etc.) whether good or bad, is fully executed and contained in the isolation platform. Only safe, malware-free rendering information is delivered to the user’s endpoint. No active content, including Javascript or any potential malware, leaves the platform. As such, malware has no path to reach an endpoint, so websites and legitimate content needn’t be blocked in the interest of security.

Administrators can open more of the Internet to their users while simultaneously eliminating the risk of attacks. With isolation, administrators can safely allow access to uncategorized and any other blocked sites and eliminate the frustrating security vs. productivity compromise of the past.

The benefits of Isolation are clear. As no active web content reaches the endpoint, uncategorized sites present zero risk. The cost of sanitizing infected machines has always been high. Fortunately, Isolation eliminates the web as a malware threat vector, drastically reducing number of machines to be reimaged.

And what about those Windows XP systems from ten years ago? Isolation greatly reduces the urgency around patching machines for every browser and plug-in vulnerability, because threats are kept away from these machines.

Concerning SOC costs –Isolation stops threats before they are detected by traditional solutions, eliminating erroneous or inaccurate malware alerts. With Isolation, the number of trouble tickets decreases as employees are now free to safely explore the web without submitting re-categorization requests. Lastly, by eliminating re-categorization requests, the need for expensive experts is eliminated.

The case is clear for transitioning away from a traditional secure gateway approach to a fully new approach leveraging Isolation technology in the fight against malware.

Article by Jason Steer, Solutions Architect EMEA at Menlo Security.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Verifi takes spot in Deloitte Asia Pacific Fast 500
"An increasing amount of companies captured by New Zealand’s Anti-Money laundering legislation are realising that an electronic identity verification solution can streamline their customer onboarding."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.