sb-nz logo
Story image

Why cybersecurity must address ICT staff efficiency

07 Sep 2017

A perfect storm affecting ICT departments hit home in May as members of the UK National Health Service (NHS) quickly learned about the direct impact of particularly virulent malware: ransomware. Many NHS hospitals and trusts went offline and routine doctor appointments had to be cancelled. Importantly, the situation shows how ICT staff are overwhelmed due to having limited budgets and security approaches that simply do not keep up with Web-borne threats.

Traditional security systems sound alarms and require human interaction to investigate but staff time is always in short supply. Thus, security administrators, who are also serving as the ICT staff in smaller organisations, find themselves in a no-win situation as they work to implement and enforce web security policies with Secure Web Gateway (SWG) appliances and cloud-based services.

These security systems were not designed for staff efficiency, and due to their nature, will not catch new malware threats, be it through phishing campaigns or ransomware outbreaks. SWG policies are largely based on website categories, such as news, entertainment, weather, social media, etc and reputation feeds to assess good from bad. But what if a site is unknown to the SWG, and does not fall into a known category?

Administrators can either be lenient in allowing access to these uncategorized sites, consequently increasing malware risk, or deny access to such sites and deprive employees of information and data they need. The threat of contracting malware from the web is not only real, but happens very quickly and will impact employees and critical enterprise systems all at once.

The web – a big problem

Today there are more than 500 million malware variants in existence and can even be found on the world’s most popular web sites, through background sites serving ads. Due to the speed and ease at which it spreads, malware has taken centre stage in most of the high-profile security breaches of 2017.

The costs of these breaches is in the hundreds of millions, and thus businesses have been forced to adopt increasingly strict web security policies which rely primarily on traditional Secure Web Gateways legacy architectures. Secure Web Gateways sit between attacks and vulnerable targets, but they can only protect against what they know. These devices rely largely on two data points: site reputation and site category, such as news, entertainment, weather, social media, etc.

As such, there is a gap in security when the device fails to recognize a site or its category. In these situations, administrators are faced with two decisions: either to allow access to uncategorized sites and face a high malware risk, or to deny access and deprive employees of information and data they may need. There can be negative ramifications for either policy.

An end to the guessing game

Isolation technology, featuring the use of virtual containers and a rendering technology, eliminates the possibility of malware reaching user devices via compromised or malicious websites and email. This is not detection or classification, rather the user’s Web session and all active content (e.g., Flash, Javascript etc.) whether good or bad, is fully executed and contained in the isolation platform. Only safe, malware-free rendering information is delivered to the user’s endpoint. No active content, including Javascript or any potential malware, leaves the platform. As such, malware has no path to reach an endpoint, so websites and legitimate content needn’t be blocked in the interest of security.

Administrators can open more of the Internet to their users while simultaneously eliminating the risk of attacks. With isolation, administrators can safely allow access to uncategorized and any other blocked sites and eliminate the frustrating security vs. productivity compromise of the past.

The benefits of Isolation are clear. As no active web content reaches the endpoint, uncategorized sites present zero risk. The cost of sanitizing infected machines has always been high. Fortunately, Isolation eliminates the web as a malware threat vector, drastically reducing number of machines to be reimaged.

And what about those Windows XP systems from ten years ago? Isolation greatly reduces the urgency around patching machines for every browser and plug-in vulnerability, because threats are kept away from these machines.

Concerning SOC costs –Isolation stops threats before they are detected by traditional solutions, eliminating erroneous or inaccurate malware alerts. With Isolation, the number of trouble tickets decreases as employees are now free to safely explore the web without submitting re-categorization requests. Lastly, by eliminating re-categorization requests, the need for expensive experts is eliminated.

The case is clear for transitioning away from a traditional secure gateway approach to a fully new approach leveraging Isolation technology in the fight against malware.

Article by Jason Steer, Solutions Architect EMEA at Menlo Security.

Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
Video: 10 Minute IT Jams - Who is CrowdStrike?
Today, Techday speaks to CrowdStrike ANZ channel director Luke Francis about the company's key products and offerings, its upcoming annual security conference, and the infrastructure it leverages in the A/NZ region.More
Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More
Story image
Evolving threat landscape top priority for security and risk leaders
"COVID-19 has proved how rapidly and how drastically such risks can change."More
Story image
The importance of selecting a secure SD-WAN solution
It’s essential to adopt a secure SD-WAN solution to avoid the risks that an unsecured SD-WAN solution can introduce, writes Wavelink managing director Ilan Rubin.More
Story image
Revealed: The behaviours exhibited by the most effective CISOs
As cyber-threats pile up, more is being asked of CISOs - and according to Gartner, only a precious few are 'excelling' by the standards of their CISO Effectiveness Index.More