[BreachExchange] Why cybersecurity must address ICT staff efficiency

[Audrey McNeil]

https://securitybrief.co.nz/story/why-cybersecurity-must-
address-ict-staff-efficiency/

A perfect storm affecting ICT departments hit home in May as members of the
UK National Health Service (NHS) quickly learned about the direct impact of
particularly virulent malware: ransomware. Many NHS hospitals and trusts
went offline and routine doctor appointments had to be cancelled.
Importantly, the situation shows how ICT staff are overwhelmed due to
having limited budgets and security approaches that simply do not keep up
with Web-borne threats.

Traditional security systems sound alarms and require human interaction to
investigate but staff time is always in short supply. Thus, security
administrators, who are also serving as the ICT staff in smaller
organisations, find themselves in a no-win situation as they work to
implement and enforce web security policies with Secure Web Gateway (SWG)
appliances and cloud-based services.

These security systems were not designed for staff efficiency, and due to
their nature, will not catch new malware threats, be it through phishing
campaigns or ransomware outbreaks. SWG policies are largely based on
website categories, such as news, entertainment, weather, social media, etc
and reputation feeds to assess good from bad. But what if a site is unknown
to the SWG, and does not fall into a known category?

Administrators can either be lenient in allowing access to these
uncategorized sites, consequently increasing malware risk, or deny access
to such sites and deprive employees of information and data they need. The
threat of contracting malware from the web is not only real, but happens
very quickly and will impact employees and critical enterprise systems all
at once.

The web – a big problem

Today there are more than 500 million malware variants in existence and can
even be found on the world’s most popular web sites, through background
sites serving ads. Due to the speed and ease at which it spreads, malware
has taken centre stage in most of the high-profile security breaches of
2017.

The costs of these breaches is in the hundreds of millions, and thus
businesses have been forced to adopt increasingly strict web security
policies which rely primarily on traditional Secure Web Gateways legacy
architectures. Secure Web Gateways sit between attacks and vulnerable
targets, but they can only protect against what they know. These devices
rely largely on two data points: site reputation and site category, such as
news, entertainment, weather, social media, etc.

As such, there is a gap in security when the device fails to recognize a
site or its category. In these situations, administrators are faced with
two decisions: either to allow access to uncategorized sites and face a
high malware risk, or to deny access and deprive employees of information
and data they may need. There can be negative ramifications for either
policy.

An end to the guessing game

Isolation technology, featuring the use of virtual containers and a
rendering technology, eliminates the possibility of malware reaching user
devices via compromised or malicious websites and email. This is not
detection or classification, rather the user’s Web session and all active
content (e.g., Flash, Javascript etc.) whether good or bad, is fully
executed and contained in the isolation platform. Only safe, malware-free
rendering information is delivered to the user’s endpoint. No active
content, including Javascript or any potential malware, leaves the
platform. As such, malware has no path to reach an endpoint, so websites
and legitimate content needn’t be blocked in the interest of security.

Administrators can open more of the Internet to their users while
simultaneously eliminating the risk of attacks. With isolation,
administrators can safely allow access to uncategorized and any other
blocked sites and eliminate the frustrating security vs. productivity
compromise of the past.

The benefits of Isolation are clear. As no active web content reaches the
endpoint, uncategorized sites present zero risk. The cost of sanitizing
infected machines has always been high. Fortunately, Isolation eliminates
the web as a malware threat vector, drastically reducing number of machines
to be reimaged.

And what about those Windows XP systems from ten years ago? Isolation
greatly reduces the urgency around patching machines for every browser and
plug-in vulnerability, because threats are kept away from these machines.

Concerning SOC costs –Isolation stops threats before they are detected by
traditional solutions, eliminating erroneous or inaccurate malware alerts.
With Isolation, the number of trouble tickets decreases as employees are
now free to safely explore the web without submitting re-categorization
requests. Lastly, by eliminating re-categorization requests, the need for
expensive experts is eliminated.

The case is clear for transitioning away from a traditional secure gateway
approach to a fully new approach leveraging Isolation technology in the
fight against malware.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170908/7706813f/attachment.html>