Plugging Holes

Leak prevention technology helps stem rising tide of Web criminals

• By Dan Hubbard
• Apr 02, 2007

IN the global economy, it’s imperative that organizations are able to provide secure access to information for employees, citizens and suppliers around the world. This presents a monumental challenge considering today’s range of Internet security threats. Attacks are increasingly driven by financial gain—hackers are no longer motivated by notoriety. With mountains of personal and private data stored, organizations of all shapes and sizes are targets. Companies have literally everything to lose and must understand and protect against emerging threats. There are numerous security challenges facing organizations, CSOs and CISOs into 2007.

Down the Drain
Information leakage is a serious emerging threat. The attacks—occurring both accidentally and maliciously—are on the rise. A noteworthy example includes TJX Companies Inc., which recently announced an unauthorized intruder accessed its computer systems that process and store information related to customer transactions for retail stores in the United States, Puerto Rico and Canada. In another recent example, about 800,000 names, Social Security numbers, birth dates, home addresses and contact information were leaked during a targeted attack on a UCLA database containing personal information on the university's current and former students, faculty and staff members. In both cases, consequences of personal information in the wrong hands could be devastating.

The amount of information-stealing malicious code attacks also is rising dramatically and posing significant challenges for security professionals.

From confidential business information and trade secrets to Social Security numbers, businesses must prevent employees from accidentally or maliciously sending data to a non-trusted or unknown location. Increasingly, CSOs and CISOs need to implement information leak prevention technologies to thwart critical information loss.

Friend or Foe?
Comprising an estimated 80 percent of the top 20 most visited Web sites, such as MySpace, Web 2.0 sites are a growing phenomenon. Web 2.0 sites, including social networking hubs, are particularly vulnerable to attack because of the constantly changing nature of the content, which is difficult to monitor and secure. With millions of potential victims, criminals, spammers and adware companies are already seeking to prosper.

In fact, according to the Gartner November 2006 report “Web 2.0 Needs Security 101” by John Pescatore, the author notes that “Web 2.0 mashups that are not done securely will lead to huge openings for new forms of phishing and other attacks.”

Unfortunately, many Web 2.0 applications are loosely thrown together and lack a real blueprint, so there is no way to go back and fix problems. These applications are an opportunity for hackers because they don’t have to compromise the server. Criminals just find weaknesses in the Web implementation to steal personal information. Specific areas of concern include:

User-created content. By empowering end users with creative, dynamic and content control, increased security problems will result.

Social networks. The large population of users and the ability to link through profiles and networks will lead to more security issues within the communities. Entertainment social networks are not the only targets. There are several business networks of users linking for employment recruiting, business development and other business-related reasons that face the same threats.

Service oriented architecture and web services. The Web as a platform is finally here. The advent of ‘mashing’ Web services and linking several properties together will lead to increased security concerns, as cross-domain security issues can affect all links in the chain.

Criminals on the Web
Organized criminals are realizing the Internet has been a largely untapped resource in terms of generating real profit. With financial gain on the table, attack methods are improving and the number of people involved is escalating.

Underground cybercriminals are becoming better organized and are running a better economy, including buying and selling of hacker toolkits and zero-day vulnerabilities that can be exploited. The market for zero-day attack code is becoming more competitive, resulting in an increase in the frequency and sophistication of attacks on the client and server side.

In 2006, several high-profile companies released anti-phishing toolbars embedded within a Web browser. However, it is expected that some anti-phishing toolbars will become targets of exploit code designed to disable or avoid the prevention mechanisms.

Also, as information stealing attacks become more prevalent, the industry will see increased use of encryption and other sophisticated matters to conceal data in transit.

And BOT evolution will continue and evolve again with countermeasures. Distributed command-and-control and use of protocols other than Internet relay chat or HTTP will be used to control BOT networks. Increased use of encryption and custom packing of BOTs also will occur.

This year, in particular, it’s highly important for organizations to have preventative measures in place to protect from the next wave of increasingly covert and targeted attacks.

Protecting Today
The best approach to security threats starts with proactive technology that protects against internal and Web-based threats. Traditional approaches that focus on anti-virus and intrusion prevention are only identifying attacks after the network is compromised. While the basics, like anti-virus and firewalls, are still a critical part of any security strategy, the technology is not equipped to deal with today’s quickly evolving threats, especially emerging and unknown threats. CSOs and CISOs need to implement technology that finds, blocks and protects from Web-based threats before systems are effected.

Look for technology that acts as a “digital data guardian” to help control how sensitive data can leave the organization and under what circumstances. Information leak prevention solutions can help control where users go, how they get there and what information they can send or use.

With deep knowledge of Internet destinations, protocols and applications, along with detailed fingerprints of internal data, leak prevention technology helps protect information flowing through the network, including outbound, internal and Web-based e-mail, Web postings, instant messaging, file transfers and network printing. Additionally, the technology uses an integrated policy engine to give organizations the ability to manage and protect information by individual user rather than by device or Internet protocol address.