Plugging Holes

Leak prevention technology helps stem rising tide of Web criminals

IN the global economy, it’s imperative that organizations are able to provide secure access to information for employees, citizens and suppliers around the world. This presents a monumental challenge considering today’s range of Internet security threats. Attacks are increasingly driven by financial gain—hackers are no longer motivated by notoriety. With mountains of personal and private data stored, organizations of all shapes and sizes are targets. Companies have literally everything to lose and must understand and protect against emerging threats. There are numerous security challenges facing organizations, CSOs and CISOs into 2007.

Down the Drain
Information leakage is a serious emerging threat. The attacks—occurring both accidentally and maliciously—are on the rise. A noteworthy example includes TJX Companies Inc., which recently announced an unauthorized intruder accessed its computer systems that process and store information related to customer transactions for retail stores in the United States, Puerto Rico and Canada. In another recent example, about 800,000 names, Social Security numbers, birth dates, home addresses and contact information were leaked during a targeted attack on a UCLA database containing personal information on the university's current and former students, faculty and staff members. In both cases, consequences of personal information in the wrong hands could be devastating.

The amount of information-stealing malicious code attacks also is rising dramatically and posing significant challenges for security professionals.

From confidential business information and trade secrets to Social Security numbers, businesses must prevent employees from accidentally or maliciously sending data to a non-trusted or unknown location. Increasingly, CSOs and CISOs need to implement information leak prevention technologies to thwart critical information loss.

Friend or Foe?
Comprising an estimated 80 percent of the top 20 most visited Web sites, such as MySpace, Web 2.0 sites are a growing phenomenon. Web 2.0 sites, including social networking hubs, are particularly vulnerable to attack because of the constantly changing nature of the content, which is difficult to monitor and secure. With millions of potential victims, criminals, spammers and adware companies are already seeking to prosper.

In fact, according to the Gartner November 2006 report “Web 2.0 Needs Security 101” by John Pescatore, the author notes that “Web 2.0 mashups that are not done securely will lead to huge openings for new forms of phishing and other attacks.”

Unfortunately, many Web 2.0 applications are loosely thrown together and lack a real blueprint, so there is no way to go back and fix problems. These applications are an opportunity for hackers because they don’t have to compromise the server. Criminals just find weaknesses in the Web implementation to steal personal information. Specific areas of concern include:

User-created content. By empowering end users with creative, dynamic and content control, increased security problems will result.

Social networks. The large population of users and the ability to link through profiles and networks will lead to more security issues within the communities. Entertainment social networks are not the only targets. There are several business networks of users linking for employment recruiting, business development and other business-related reasons that face the same threats.

Service oriented architecture and web services. The Web as a platform is finally here. The advent of ‘mashing’ Web services and linking several properties together will lead to increased security concerns, as cross-domain security issues can affect all links in the chain.

Criminals on the Web
Organized criminals are realizing the Internet has been a largely untapped resource in terms of generating real profit. With financial gain on the table, attack methods are improving and the number of people involved is escalating.

Underground cybercriminals are becoming better organized and are running a better economy, including buying and selling of hacker toolkits and zero-day vulnerabilities that can be exploited. The market for zero-day attack code is becoming more competitive, resulting in an increase in the frequency and sophistication of attacks on the client and server side.

In 2006, several high-profile companies released anti-phishing toolbars embedded within a Web browser. However, it is expected that some anti-phishing toolbars will become targets of exploit code designed to disable or avoid the prevention mechanisms.

Also, as information stealing attacks become more prevalent, the industry will see increased use of encryption and other sophisticated matters to conceal data in transit.

And BOT evolution will continue and evolve again with countermeasures. Distributed command-and-control and use of protocols other than Internet relay chat or HTTP will be used to control BOT networks. Increased use of encryption and custom packing of BOTs also will occur.

This year, in particular, it’s highly important for organizations to have preventative measures in place to protect from the next wave of increasingly covert and targeted attacks.

Protecting Today

The best approach to security threats starts with proactive technology that protects against internal and Web-based threats. Traditional approaches that focus on anti-virus and intrusion prevention are only identifying attacks after the network is compromised. While the basics, like anti-virus and firewalls, are still a critical part of any security strategy, the technology is not equipped to deal with today’s quickly evolving threats, especially emerging and unknown threats. CSOs and CISOs need to implement technology that finds, blocks and protects from Web-based threats before systems are effected.

Look for technology that acts as a “digital data guardian” to help control how sensitive data can leave the organization and under what circumstances. Information leak prevention solutions can help control where users go, how they get there and what information they can send or use.

With deep knowledge of Internet destinations, protocols and applications, along with detailed fingerprints of internal data, leak prevention technology helps protect information flowing through the network, including outbound, internal and Web-based e-mail, Web postings, instant messaging, file transfers and network printing. Additionally, the technology uses an integrated policy engine to give organizations the ability to manage and protect information by individual user rather than by device or Internet protocol address.

About the Author

Dan Hubbard is vice president of security research for Websense Inc.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3