For starters, security professionals no longer defend a defined perimeter. We now live in an era in which employees increasingly work remotely while more network traffic than ever is going over cloud apps, like Office 365. Cyber criminals have taken notice and have pivoted their focus. While Internet use is spiking, the web has become the biggest threat vector that companies now face.
All this presents cyber security professionals with a host of acute challenges, as anyone can see by glancing at the headlines. Cyber criminals are getting more aggressive and increasingly skilled at launching attacks from the web. For example, they are deploying an assortment of new, advanced threats that target employees’ web browsing. They are also taking advantage of “blind spots” created by encrypted web and application traffic, hiding malware inside of it to increase chances of penetrating a network’s defenses.
The elevated threat environment is not going to slow the corporate world’s embrace of cloud computing. But even as the cloud’s attractiveness as a great delivery platform continues to gain adherents, IT needs to ensure that their organizations aren’t leaving themselves vulnerable to any new security or compliance threats.
From a big picture perspective, practitioners must ensure that their cloud security service is equipped with all of the advanced capabilities necessary to protect your organization in today’s elevated threat environment. And here is another way that cloud can help: It can make it very simple to consume advanced capabilities. What’s more, advanced capabilities do not have to equate to complicated usage models, and well-designed cloud security services take this to heart.
Let’s examine more closely how some modern threats can put new stresses on a company’s existing security architecture.
Symantec: Cloud Network Generation
The Challenge to Traditional Security Thinking
Firewalls still remain at the core of so many network security stacks. But firewalls were created with a very different design in mind. The goal was to make sure that only certain people had access to certain locations via certain ports. Firewalls were not meant to deeply scan passing traffic coming in from the web. It’s not possible to fix this by retrofitting an architecture to do something that it wasn’t designed to do.
The problem is that attackers are becoming adept at finding ways to slip under a firewall’s limited radar. For example, they break their malware into pieces that are missed by a firewall’s traffic streaming approach, and re-assemble them once they are inside of your network. From there, they are off to the races.
Encryption presents another big security challenge. More traffic than ever before now gets encrypted. On the surface, that ought to be a good thing. But organizations that rely on cloud and web applications also need to be able to inspect encrypted traffic because malicious actors are taking advantage of encryption to proliferate malware.
The problem is that if you can’t view encrypted traffic, you’re left effectively blind to modern threats. Increasingly, many of these threats are hiding in encrypted traffic and so advanced malware winds up overwhelming traditional network defenses that are unable to properly scan it. This is shaping up to be a popular mode of attack; Gartner expects that about half of the malware campaigns this year will use some type of encryption to conceal malware delivery. So, it’s all the more urgent that security teams find to a way to see what’s inside those encrypted files to protect their networks.
What’s more, your employees’ web browsers themselves have now become a popular attack surface. Attackers are exploiting vulnerabilities in popular browsers to deliver malware to endpoints via the web page rendering resources that are downloaded to the browsers themselves when the page is loading. Traditional security approaches do not protect you from this critically important attack vector.
It’s not good enough to get a security alarm after the fact. By then, the malware has already infiltrated the network and your incident response teams are scrambling just to keep up. The focus needs to be on preventing the malware in the first place.
Finally, as you are considering cloud-delivered security, you need to include the “on-ramp” to the cloud in your solution design process. Specifically, think about selecting SD-WAN connectivity for your branches that is tested and certified to work with your preferred cloud security solution – better yet if it is from the same vendor. Also, if you are implementing a defense-in-depth strategy, putting protection on your endpoints as well as having network-based security, select a solution that is designed to work well together. For example, if you already have an agent on your mobile devices giving you endpoint security, try to use that very same agent as the means to redirect web traffic to your network security service in the cloud. Everyone can agree – one less agent to manage and update is a good thing.
Call to Action
That’s why having a web and cloud security gateway with advanced capabilities is vital. Symantec’s Web Security Service—a full security stack in the cloud – has the advanced capabilities required to solve the security challenges of the Cloud Generation. And instead of needing to integrate yet another new point product to defend against the latest attack, Symantec’s cloud platform is designed to work in-concert to simplify the task of protecting your organization.
We start with a Proxy (Secure Web Gateway) Core, the most powerful way to secure the world of Web and Cloud. We’ve added security services like Malware Analysis Sandboxing, Web Isolation, and Data Loss Prevention, and make it easy to integrate with our endpoint protection products (SEP and SEP Mobile), our own SD-Cloud Connector SD-WAN solution for branch offices, or multiple other certified SD-WAN connection partners.
Unlike firewalls, our proxies inspect files and web content completely before letting information in or out, even if encrypted. Every web and cloud transaction is inspected and logged, feeding security infrastructure for threat and compliance scanning. And the proxy makes sure that anything is reassembled before it gets inspected so as to catch any dangerous stuff that might otherwise slip past a traditional firewall. That means compliance-sensitive information stays in while malware stays out.
What you need is the ability to deal with that danger – something that Symantec’s threat isolation technology provides by creating a secure execution environment between users and the web, sending only a safe visual stream of the web page to users’ devices. In this way, isolation eliminates entirely any web-borne threats that might be hidden in the web pages your user is visiting. (Indeed, Gartner recommends that enterprises evaluate and pilot remote browser solutions, commenting that the technology is one of the most significant ways an enterprise can reduce the odds that web-based attacks will inflict damage.) Symantec’s Web Security Service is the only cloud-delivered security web gateway service in the industry to offer this innovative threat prevention capability.
We’ve built all of this on top of a high-availability, accelerated cloud backbone that improves the secure performance of cloud applications like Office 365. As a customer recently told me, Symantec’s Web Security Service offers best-in-class security, simplified. I could not agree more so check it out as you plan your move to the cloud.