/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsScott Robertson
IN the fast-evolving era of blended threats and new spheres of work and technologies, UTM (Unified Threat Management) has emerged as the obvious choice for enterprises of all sizes – large or medium. Businesses are increasingly turning to these multilayered security solutions that combine firewalling with other vital security features in a single device.
Now, even with the UTM being in place, the threats persist. Traditional firewall gateways and anti-virus systems update signatures on a daily or hourly basis. But the threats to a network can be anytime. Network threats can come from anywhere, at any time, and they can take you down before you even know they're there. The web is the vector through which malware propagates in most networks. As we trend towards additional applications running in the cloud, even more network traffic will pass beyond the trusted LAN and outside the firewall. Assault vectors shift and new threats spring up hourly from spyware, spam, viruses, Trojans, web exploits and blended threats.
According to a research done by WatchGuard, 38 per cent of the web contains malicious code, and this number is growing exponentially. Additionally, 77 per cent of websites with malicious code are legitimate sites that have been hijacked by hackers, which is directly attributable to why 57 per cent of data theft occurs over the web.
As per the IDC research vice president, Security Products, Charles Kolodgy, "Safe Internet practices are no longer limited to avoiding high-risk websites or utilizing black and white lists. Criminals are becoming cleverer at injecting malware into innocuous websites, which forces businesses to scan every packet of network traffic, thus degrading network performance. An ideal solution to address this problem is the utilization of reputation services, which leverages the cloud to mitigate web- based threats before they can bog down the network”.
As web technologies and the web itself have grown more sophisticated, early generation reputation services have become less effective in identifying and blocking threats. That is why there is a need for improved methods for proactive, real-time and cloud-based security, taking into account the critical balance that must be maintained between security and performance.
The ideal solution combines processing and analysis in the cloud with data provided by local devices and real-time monitoring intelligence from multiple global systems. Organisations need a cloud-based web security service that provides an additional layer of defense for the UTM appliance that ensures a fast, secure web browsing experience through a reputation lookup that scores URLs as good, bad, or unknown. This unique gateway solution that organizations must seek should rely on the industry’s most comprehensive reputation scoring database that aggregates data from multiple feeds, including industry-leading anti-virus engines - finding and blocking more malicious domains, IP addresses, and URLs than competing services. URLs with malicious content should be rejected at the connection level to keep the network safe.
Because URLs with good reputation scores can be passed along without further AV scanning, throughput performance will be boosted. Reputation enabled defense makes your security solution more efficient and faster and make your web surfing more productive because it eliminates the need to scan all web traffic for threats. URLs with a good reputation score can safely bypass AV scanning.
With Reputation enabled defense, the typical savings in web processing overhead can be 30 per cent to 50 per cent. Reputation scanning of a URL happens before your UTM box does any AV scanning. If the URL’s reputation is bad, the connection is dropped immediately. Likewise, if the URL’s reputation is good, no AV scan is required, allowing your UTM to focus on other important things. And because Reputation enabled defense is integrated with the UTM appliance, you’ll have another powerful layer of defense in a single cost-effective solution – with no additional hardware to buy.
(The views have been authored by Scott Robertson,Vice President – APAC, WatchGuard. Cybermedia does not necessarily subscribe to or endorse the opinions mentioned above.)