Analysts all agree that using a Secure Web Gateway (SWG) as part of your network protection is now crucial. However, the SWG needs to provide more than the traditional reactive security controls - like anti-virus scanning and reputation and URL filtering - all of which rely on a database that must be updated before it can protect you. With reactive security controls, you gamble that your security vendor will find the attack before your users do. Proactive security controls that are able to detect completely new and targeted attacks, without having already seen the attack, are critical for providing protection from modern cyber crime. Technology solutions built around real-time code scanning and analysis lead the field in protecting against this increasingly sophisticated threat landscape.
Recent attacks on a number of UK banks using the Zeus v3 Trojan (identified by M86 Security in 2010), and revelations that at least one large bank was the victim of Chinese hackers (Project Aurora), highlight how cyber criminals are targeting the global financial-services industry as a lucrative source of income.
Proactive real-time versus traditional reactive security
Earlier this year, M86 Security ran a benchmark test at a Fortune 5 bank in the US. In head-to-head testing against two reputable security vendors, the M86 Secure Web Gateway (SWG) solution caught 106 malicious URLs that the competing solutions did not. To put things into perspective, we are looking at 106 versus four and two here. Interestingly, M86 did not catch the URLs from the other two vendors because at the time of the M86 Security test, they were no longer infected (legitimate sites are typically only infected for hours at a time), so the competing solutions were actually over-blocking.
In another test of a selected 10,000 URLs, the M86 SWG found two malicious URLs, while the other two vendors detected none. Using two catches per 10,000 URLs as an average - and propagating that with over 100,000 users - means that about 504 PCs are infected every day, based on only two hours of daily Web use.
This proactive, real-time analysis technology can save an enterprise around US$234,000 for each major network-security attack, plus around US$3 million annually in PC re-imaging.
John Vigouroux has more than 25 years experience in the IT industry and is CEO for US-based M86 Security, an independent provider of real-time Web and e-mail content security.
Sign up for Computerworld eNewsletters.