Web security gateways keep Web-based malware at bay


This article can also be found in the Premium Editorial Download "Information Security magazine: Security Readers' Choice Awards 2008."

Download it now to read this article plus other related content.

A Web security gateway is a multifunction solution that filters unwanted software and malware from user-initiated Internet traffic while enforcing corporate policy compliance. To accomplish this, Web security gateways use URL filtering, malicious code detection and filtering, and controls for Web-based applications such as IM and Skype.

It's important to clarify the purpose of a Web security gateway: to protect clients on the internal network and their users from infection while surfing the Web and enforce company policies. This is different from a Web application firewall, which is designed to protect Web sites and Web applications from attack. Web application firewalls aim to prevent attackers from directly exploiting vulnerabilities within a Web application to upload their malware code, while Web security gateways provide an additional layer of defense for clients using vulnerable browsers open to malware exploits. Three main technologies provide an extra layer of defense:

  1. URL Filtering This has long been the most common method of controlling surfing activity. According to Gartner, URL filtering is deployed in 75 percent to 95 percent of enterprise networks while malware filtering is deployed in less than 15 percent. URL filtering uses content scanning, artificial intelligence and blacklists

    Requires Free Membership to View

  1. to control Web access. Its big advantage is that it's scalable, and provides granular usage reporting. The big players in this field include Websense and Surf-Control. However, the sophistication of Web 2.0 attacks and the speed with which their launch base and actual code can change means that URL filtering is no longer enough. It's still going to be a critical element within a WSG but needs to be combined with other technologies.

  2. Malware Filtering The aim of malware filtering is to catch malware entering and leaving the network. As with URL filtering, a database is used; in this case known malware signatures. The industry trend, though, is to employ similar techniques to antivirus engines, which use non-signature based methods such as heuristic scanning. For malware filtering to be truly effective, traffic on all ports and over all protocols must be analyzed from Layer 4 to Layer 7 as it enters or leaves the network. This delivers a proactive defense that can catch attempts to "phone home" since some malicious software invariably will get through. It also reduces the criticality of ensuring desktops and applications are patched and antivirus is up to date.

  3. Application Control Controlling the use of often unmanaged applications, such as IM, P2P and Skype, is becoming a critical part of network security. Interestingly, it is the one area where no one Web security gateway vendor really has a clear lead. Most devices can block or allow access only to specific groups or users. This is partly because new applications are emerging and adopted so quickly. IM and Skype are examples of how new applications can quickly become ingrained in work practices. To be truly effective, Web security gateways need to enforce a company's acceptable usage policies, selectively managing features of an application and blocking them where necessary.

Obviously, there are solutions available that offer these technologies individually. They're all necessary to properly secure the Web environment and using a combination of these point products can solve specific needs. However, deploying and managing them individually is complex and expensive and they are inadequate when operated in isolation. Most enterprise network administrators feel that they have too many security devices plugged in to their network already; all require staff to understand and maintain them, plus time to analyze the reams of data they produce By bringing protective functions together within one device, Web security gateways streamline management. Administrators can set policy rules and parameters on one device, a far easier task than trying to enforce each policy across several different devices. This greatly reduces administrative overhead, particularly as there is only one device and one interface to grapple with. Managed Web security gateway services reduce the management burden even more.

Another big advantage with an integrated solution is that information can be pooled. The Web security gateways can cross-compare information to make a more informed decision as to whether traffic is potentially malicious. This makes traffic control, analysis and reporting far more effective.

This was first published in April 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: