Home > Information Security Magazine > Features > Web security gateways keep Web-based malware at bay
EMAIL THIS LICENSING & REPRINTS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Web security gateways keep Web-based malware at bay
by Michael Cobb
Issue: Apr 2008
printer-friendly
licensing & reprints
< PREV PAGE   |   1  |   2  |   3  |   4  |   NEXT PAGE  >

CAN THEY DELIVER?
So how viable are Web security gateways as a catch-all security solution? It's a tricky mix of services to get right, in terms of security, performance and ease of use. The challenge with deploying any Web gateway is that unlike email, which is asynchronous, the HTTP protocol is real-time and thus processing for a Web gateway must scale well. The analysis processes sit in the way of traffic and directly impact the end user's Web experience.

To be scalable, policy synchronization between devices and multiple network deployment options are necessary. Given the wide-ranging tasks of a Web security gateway, reliability will be a key factor too. At present, none of the products has been around long enough for there to be any reliable data to help with this decision. Certainly due to the volume of traffic on an enterprise network, only hardware or service-based models are real contenders.

Controlling applications such as IM, VoIP and P2P remains a challenge for Web security gateways. Proxy servers, long seen as the most secure solution to application control, just can't handle the all-ports and all-protocols requirement of a true Web gateway. The latency is too high, particularly when it comes to handling Web pages. There is also the overhead of configuring every client and every protocol to go through a proxy. The processing speed required to handle this type of deep-packet inspection is enormous, but many Web security gateway devices claim to handle enterprise-level volumes without a visible impact on network performance.

One of the big problems that Web security gateways must overcome in trying to provide blanket protection to network users is the issue of semantic interpretation: how to put the traffic it is analyzing into some sort of context. This problem is called "impedance mismatch." For example, the word "present" can have different meanings, depending on context. Regular expression matching, which most solutions use, is prone to impedance mismatch. Consequently, it's not completely effective when inspecting data for common signs of malicious code; it is both easy to evade and very prone to false positives.

Somehow, Web security gateways need to be able to interpret inbound data in the same way as the browser it is protecting. What is needed is a script engine so that the device will view the final executed code after any obfuscation is removed and in the same form that the browser would execute it. Hopefully, we will see this form of dynamic analysis in the next generation of security devices.

< PREV PAGE   |   1  |   2  |   3  |   4  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts