Plugging Holes

Leak prevention technology helps stem rising tide of Web criminals

  • By Dan Hubbard
  • Apr 02, 2007

IN the global economy, it’s imperative that organizations are able to provide secure access to information for employees, citizens and suppliers around the world. This presents a monumental challenge considering today’s range of Internet security threats. Attacks are increasingly driven by financial gain—hackers are no longer motivated by notoriety. With mountains of personal and private data stored, organizations of all shapes and sizes are targets. Companies have literally everything to lose and must understand and protect against emerging threats. There are numerous security challenges facing organizations, CSOs and CISOs into 2007.

Down the Drain
Information leakage is a serious emerging threat. The attacks—occurring both accidentally and maliciously—are on the rise. A noteworthy example includes TJX Companies Inc., which recently announced an unauthorized intruder accessed its computer systems that process and store information related to customer transactions for retail stores in the United States, Puerto Rico and Canada. In another recent example, about 800,000 names, Social Security numbers, birth dates, home addresses and contact information were leaked during a targeted attack on a UCLA database containing personal information on the university's current and former students, faculty and staff members. In both cases, consequences of personal information in the wrong hands could be devastating.

The amount of information-stealing malicious code attacks also is rising dramatically and posing significant challenges for security professionals.

From confidential business information and trade secrets to Social Security numbers, businesses must prevent employees from accidentally or maliciously sending data to a non-trusted or unknown location. Increasingly, CSOs and CISOs need to implement information leak prevention technologies to thwart critical information loss.

Friend or Foe?
Comprising an estimated 80 percent of the top 20 most visited Web sites, such as MySpace, Web 2.0 sites are a growing phenomenon. Web 2.0 sites, including social networking hubs, are particularly vulnerable to attack because of the constantly changing nature of the content, which is difficult to monitor and secure. With millions of potential victims, criminals, spammers and adware companies are already seeking to prosper.

In fact, according to the Gartner November 2006 report “Web 2.0 Needs Security 101” by John Pescatore, the author notes that “Web 2.0 mashups that are not done securely will lead to huge openings for new forms of phishing and other attacks.”

Unfortunately, many Web 2.0 applications are loosely thrown together and lack a real blueprint, so there is no way to go back and fix problems. These applications are an opportunity for hackers because they don’t have to compromise the server. Criminals just find weaknesses in the Web implementation to steal personal information. Specific areas of concern include:

User-created content. By empowering end users with creative, dynamic and content control, increased security problems will result.

Social networks. The large population of users and the ability to link through profiles and networks will lead to more security issues within the communities. Entertainment social networks are not the only targets. There are several business networks of users linking for employment recruiting, business development and other business-related reasons that face the same threats.

Service oriented architecture and web services. The Web as a platform is finally here. The advent of ‘mashing’ Web services and linking several properties together will lead to increased security concerns, as cross-domain security issues can affect all links in the chain.

Criminals on the Web
Organized criminals are realizing the Internet has been a largely untapped resource in terms of generating real profit. With financial gain on the table, attack methods are improving and the number of people involved is escalating.

Underground cybercriminals are becoming better organized and are running a better economy, including buying and selling of hacker toolkits and zero-day vulnerabilities that can be exploited. The market for zero-day attack code is becoming more competitive, resulting in an increase in the frequency and sophistication of attacks on the client and server side.

In 2006, several high-profile companies released anti-phishing toolbars embedded within a Web browser. However, it is expected that some anti-phishing toolbars will become targets of exploit code designed to disable or avoid the prevention mechanisms.

Also, as information stealing attacks become more prevalent, the industry will see increased use of encryption and other sophisticated matters to conceal data in transit.

And BOT evolution will continue and evolve again with countermeasures. Distributed command-and-control and use of protocols other than Internet relay chat or HTTP will be used to control BOT networks. Increased use of encryption and custom packing of BOTs also will occur.

This year, in particular, it’s highly important for organizations to have preventative measures in place to protect from the next wave of increasingly covert and targeted attacks.

Protecting Today
The best approach to security threats starts with proactive technology that protects against internal and Web-based threats. Traditional approaches that focus on anti-virus and intrusion prevention are only identifying attacks after the network is compromised. While the basics, like anti-virus and firewalls, are still a critical part of any security strategy, the technology is not equipped to deal with today’s quickly evolving threats, especially emerging and unknown threats. CSOs and CISOs need to implement technology that finds, blocks and protects from Web-based threats before systems are effected.

Look for technology that acts as a “digital data guardian” to help control how sensitive data can leave the organization and under what circumstances. Information leak prevention solutions can help control where users go, how they get there and what information they can send or use.

With deep knowledge of Internet destinations, protocols and applications, along with detailed fingerprints of internal data, leak prevention technology helps protect information flowing through the network, including outbound, internal and Web-based e-mail, Web postings, instant messaging, file transfers and network printing. Additionally, the technology uses an integrated policy engine to give organizations the ability to manage and protect information by individual user rather than by device or Internet protocol address.

About the Author

Dan Hubbard is vice president of security research for Websense Inc.

Featured

  • It's Show Time

    I am one of those people that likes to see things get bigger and better. As advertised, ISC West is going to be bigger (more exhibitors) and better (more attendees). It’s show time in Las Vegas. Read Now

    • Industry Events
    • ISC West

  • SIA Releases New Report on Operational Security Technology

    The Security Industry Association (SIA) has released an impactful new resource – Operational Security Technology: Principles, Challenges and Achieving Mission-Critical Outcomes Leveraging OST. Read Now

  • Cyber Overconfidence Is Leaving Your Organization Vulnerable

    The increased sophistication of cyber threats pumped by the relentless use of AI and machine learning brings forth record-breaking statistics. Cyberattacks grew 44% YoY in 2024, with a weekly average of 1,673 cyberattacks per organization. While organizations up their security game to help thwart these attacks, a critical question remains: Can employees identify a threat when they come across one? A Confidence Gap survey reveals that 86% of employees feel confident in their ability to identify phishing attempts. But things are not as rosy as they appear; the more significant part of the report finds this confidence misplaced. Read Now

  • Mission 500 Debuts Refreshed Identity Ahead of Security 5K/2K at ISC West

    Mission 500, the security industry’s nonprofit charity dedicated to supporting children in need across the US, Canada, and Puerto Rico, has unveiled a refreshed brand identity ahead of ISC West. The charity’s new look includes a modernized logo with refined messaging to reinforce Mission 500’s nearly decade-long commitment to serving the needs of children and families in crisis. Read Now

    • Industry Events
Most   Popular

New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.