Balancing Social Networking with Network Security Objectives

Transcription

Balancing Social Networking with Network Security Objectives >
October, 2010
Balancing Social Networking with Network Security Objectives in a Government Environment
Social Networking is Here to Stay
With the explosion of other options for social networking, interaction and
collaboration, email has lost its position as the primary Internet-based
communication tool. In fact, The Wall Street Journal reported that there
were more social networking accounts than Webmail accounts in 2009.i
Today, users rely more on blogs, tweets, social networking posts and
even video clip communications to enrich both personal and professional
information exchange.
Even businesses are leveraging social networking
Email vs Social Networking Users
and other Web 2.0 services to communicate with
customers, employees and partners. A recent survey
found that 65 percent of the largest 100 international
companies have active accounts on Twitter, 54 percent
have a Facebook fan page, 50 percent have a YouTube
channel and one-third have corporate blogs.ii One in
230.2
229.2
2008
five of major international businesses are actually
using all four of these technologies.
Email
While these sites and services offer tremendous
Social Networking
business benefits, they also present serious risks that
have to be managed. For instance, they are often the
target of malicious attacks due to their popularity.
Video sites like YouTube consume tremendous
276.9
301.5
2009
amounts of bandwidth if they are not properly
managed on the corporate network. And employees
may intentionally or accidentally leak sensitive
company data onto a social networking site, breaches
Source: Wall Street Journal3
that can result in lost competitive information, public
relations headaches, fines, legal action and more. The good news is, with the
right security approach, these consequences can be successfully avoided.
1
< >
Managing the risks
The benefits of social networking also come with significant risks, including:
Security: Threats such as malware, phishing and data loss are increasingly
targeting social networking because the wide range of communication
features makes it easier to spread untrustworthy messages or hazardous
malware. By exploiting the trust factor inherent in social networking,
malware can more easily bypass traditional security approaches by
manipulating users to download malicious content that appears to come
from a trusted source, such as a friend or familiar organization.
Bandwidth management: The rich media inherent in much of social
networking’s interactions, including pictures, music, and video, consume
vast amounts of bandwidth. If left uncontrolled, streaming video to hundreds
of systems at the same time can shut down critical applications.
Inappropriate Internet use:
Recreational surfing and posting on
personal blogs or social networking
accounts not only diminish employee
productivity, they can have other costs
as well. If not properly managed,
recreational network use can impact
business application performance,
create liability risks, and potentially
introduce malware into the
organization. Enforcing network usage
policies and maintaining a secure
web gateway are critical to ensuring
optimum business performance.
Responses to these challenges are equally broad. Luckily, the best practices
for securing social networking are similar to those used for web threats in
general. The task facing today’s businesses, therefore, is to understand their
organizations’ priorities around effective and appropriate social networking
use, and the strengths and limitations of the various security options. The
ultimate goal is to find the balance between achieving the productivity
benefits of social networking while protecting the organization from
dangerous threats.
2
< >
The usual suspects
Practically every web threat against email or web browsing has found new
life in the world of social networking. Sites and services like Facebook and
Twitter provide new ways for cybercriminals to hide malware, set up fake
sites, compromise legitimate sites and spread an attack from one member
of a social network to another. They simply bypass most traditional defenses
along the way. Here’s how these different types of attacks work:
Malware
Malware remains the number one threat to anyone using the Internet,
and these threats often combine botnets, spyware, viruses, Trojans,
worms and other techniques into complex attacks. Malware can also be
part of a targeted attack on an organization with potentially catastrophic
consequences. For example, between January and March 2010, the
computers of 13 South Korean Army officers became infected with
malware that resulted in the theft of war operation plans.iii
In a recent survey, antivirus solution vendor Sophos reported that 36%
of users revealed that they had been sent malware via social networking
sites.iv Blue Coat Security Labs reported that two-thirds of all malware
attacks in 2009 were spread when users were offered a video clip
which, when clicked, would report that the user needed to update their
Flash player or install new software to view the video.v This malwarespreading mechanism depends on a user behavior that is almost
automatic among social networking users where video content sharing
is so common. In addition, many threats often capitalize on highly
publicized events and catastrophes such as natural disasters, massive
power outages, civil disturbances and more. These attacks may pose
as charitable organizations to solicit donations or offer fake video of
dramatic events to manipulate users into downloading malware.
Phishing
Phishing attacks – attempts to trick users into revealing confidential
information – are on the rise within social networking environments.
Some are designed to simply collect hundreds of thousands of email
addresses that can then be used for spam, email virus attacks and so
forth. Other phishing attempts can be complex, targeted attacks intended
to dupe smaller numbers of select individuals into revealing more valuable
details such as financial or personal data.
In 2009, blended threats evolved
into much more complex
structures, adapting to the current
environment of technology, users
and vulnerabilities.
3
< >
Phishing attacks use social engineering techniques to deceive people into
divulging confidential information. Just like malware, these attacks have been
extremely successful within social networking sites because they exploit the
high level of trust users place in their network of “friends.” Unlike suspiciouslooking URLs sent anonymously via email, users are far more likely to trust
content, such as a video link, that comes from a familiar source. The success
of these attacks is perhaps why Facebook is the fourth most popular online
phishing target.vi
The sheer popularity of these sites makes them attractive targets for
cybercriminals. In fact, Blue Coat Security Labs found that social networking
sites account for 25% of the top 10 most active URL categories.vii So, as their
popularity has grown, so have the attacks. And while personal information
loss is typically the first victim of these attacks, corporate assets may also be
compromised as a result.
Data Loss
Industry analyst Forrester Research has reported that Web 2.0 applications
such as blogs, wikis and social networking sites provide an easy way for data
to escape from an organization.viii An individual who wants to steal corporate
data is highly unlikely to use the company’s email system because it’s almost
impossible to do quickly or anonymously. As a result, social networking
services have become a highly attractive way to steal information because they
provide several ways to post documents, video or plain text.
However, nearly 80 percent of data loss is unintentional, and accidental
information leakage through social networking sites may present a greater risk
than criminal activity.ix This may be the result of the casual and open nature
in which users approach social networking, or the atmosphere of trust that
weakens a user’s judgment. Things that they would never discuss openly in a
public setting are often shared freely within social networking sites – including
confidential data.
Bandwidth Abuse
Social networking encourages frequent communication. It often involves
visiting pages that contain dozens or even hundreds of comments and links.
Every time a user visits a page to see what is new, their browser is also
presented with mostly old content as well. And the user dynamically moves
4
< >
from one page to another as they follow different trains of
thought or simply visit the pages of key members of their
40M
social network. The total gateway bandwidth hit can be
staggering for many organizations.
Combine this with the extensive sharing of multimedia
on social networks and it’s easy to see that bandwidth
consumption can quickly become a problem, and could
cause more mission-critical applications to fall below
30M
20M
10M
their necessary performance levels. Critical tasks such as
Jan 09
retrieving database records or electronically submitting
important information frequently hits performance
bottlenecks. Bandwidth abuse is even more detrimental
to organizations who rely on Software-as-a-Service (SaaS)
solutions, or who manage virtual desktops for remote or
Jul 09
Dec 09
Source: Twitter
The number of “tweets” per day grew from just 2.5
million in January 2009 to over 30 million by the
end of the year, with no indication of slowing down.
mobile users.
Layered defenses optimize security and bandwidth
Just as cybercriminals have applied innovative techniques to leverage social
networking, IT must find equally innovative ways to apply their security
knowledge, expertise and available technologies to a new environment.
A layered defense helps protect against malware, phishing, data loss and
bandwidth abuse with a comprehensive security approach that includes
real-time web filtering, antivirus software,
data loss prevention, mobile security and
user education components. Each of these is
described in detail below:
Web filtering
Web filtering provides a front line to neutralize
links, scripts and other techniques used to
either trick a user or automatically cause the
computer to connect to a malware infection
source. Next-generation web filtering solutions
can preserve and support legitimate social
networking activities while preventing the victim’s browser from accessing
potentially dangerous content and phishing scams. However, many solutions
5
< >
tend to block legitimate pages or even entire domains because they lack
more granular response capabilities. So it’s important to have a solution that
can filter URLs using multiple categories, real-time ratings and a deep level
of visibility.
Today’s web threats move quickly, with an average lifespan of less than two
hours in any one location. Even a web filtering solution that provides hourly
updates is statistically going to miss half of all active, fast-moving threats.
Therefore, an effective web filtering solution must be paired with cloudbased services that increase awareness of web activity and provide access
to constantly evolving defense technologies – all without requiring frequent
downloads and updates to on-premise solutions.
Blue Coat WebFilter includes full access to the Blue Coat WebPulse™ cloud
service with over 70 million users and a 100% uptime record since 2004. As
a result, it is the largest, most reliable and most respected security cloud
service in the industry. Increased web awareness, provided by WebPulse,
helps direct and prioritize research efforts to concentrate where users are
surfing. WebPulse also includes many automated technologies and can
provide real-time category ratings for never-before-seen URLs from around
the world in 50 languages. Rather than depending on a single technology,
such as reputation analysis, WebPulse accurately categorizes URLs by
applying reputation, heuristics, sandboxing, content analysis, deep link
inspection and other technologies to web requests.
Also, WebFilter is one of the few solutions that can differentiate URLs that
are sources of potential malware infection from those used by systems
already infected with spyware that attempts to send stolen information
back to its creator. First, this ability provides another layer of defense using
a single technology. Second, it can immediately alert IT about potentially
compromised systems so they can evaluate and clean the system if
necessary and ensure nothing else has been compromised on the end point.
Antivirus
There is little truth to the rumors that antivirus has become a commodity.
Indeed, the fast-moving, rapidly evolving nature of today’s malware has
put even greater demands on antivirus vendors. Yet while the best practice
of “multi-vendor” antivirus has not changed, the reasons behind this
practice have.
6
< >
In the 1990’s, multi-vendor antivirus usage evolved because it was never
clear which vendor would be the first to respond to a new threat at a time
when response times were measured in days. Having two vendors increased
the chance of at least one vendor catching the threat. But today’s vendors
can typically respond in just a few hours to a totally new threat.
However, most “new” threats are simply variants of previously identified
malware. In a single day, hundreds or even thousands of variants of a single
virus may be released onto the web. So each antivirus vendor has developed
their own approach to identify and block a variant of known malware.
However, few can claim even a 40-50% detection rate. Therefore, using
one AV vendor on the end point, and another at the gateway, increases the
likelihood of blocking a recently introduced malware variant.
Since the first FTP/HTTP antivirus scanners were introduced in the mid´90s, performance was the primary obstacle to fully implementing a gateway
antivirus security layer. So Blue Coat introduced the ICAP protocol and the
ProxyAV™ platform, which works in conjunction with Blue Coat ProxySG
to help leading AV vendors deliver web security solutions that optimize
performance as well.
Data Loss Prevention (DLP)
DLP must protect against both intentional data theft
and accidental data loss. And while email has been the
traditional area of focus for DLP deployments, it is clear
that email is no longer the dominant form of electronic
communication. Organizations must ensure their DLP
strategies include the ability to inspect all SSL traffic as
well as that used by social networking offerings.
Forrester Research has reported that “deep content
analysis and data-centric control is on many users’ wish
lists, yet web filtering products that offer good DLP
functionality are few and far between.”x Other research has shown DLP
buyers and users to be frustrated with solutions that are either too complex
to be usable or too simplistic to be effective. An effective DLP strategy
must include data registration features for accurate content identification,
offer multi-function capabilities (for email, web and network DLP), include
proactive discovery DLP capabilities and still be easy to use and maintain.
7
< >
The Blue Coat Data Loss Prevention appliance was created to deliver on
those requirements. With a typical one-day deployment, companies can
quickly begin to detect and block potential data leaks. Pre-defined policies
can be used as-is or customized to monitor and control information
traveling across the network, in email, or to the web, including posts to
social networks. Support for full data registration capabilities help ensure
accurate, proactive discovery and real-time leak detection while minimizing
false positives.
Bandwidth Management
Managing bandwidth is a complicated responsibility. While it’s easy to
completely block malicious or inappropriate sites, managing connections
to other URLs can be more complex. Web filtering is the most effective
way to control malicious or recreational web traffic, but require granular
capabilities that enable more than just the ability to allow or deny access.
Controlling bandwidth requires visibility into current traffic patterns. IT must
identify which applications are in use, their performance requirements,
peak usage times and their importance to the business. Mission-critical
applications should be given priority to ensure quality of service, and
some applications or types of network traffic may be restricted to a fixed
percentage of available bandwidth.
The impact from video clips and streaming
media may be constant or IT may find
spikes in activity at certain times of the
day or around certain events. Personnel
conducting research, or just staying on top
of the news as part of their morning ritual,
are now watching video clips as well as
reading articles. For instance, many U.S.
businesses found their networks saturated
and mission-critical applications failing on
the day their employees tried to watch the
presidential inauguration of Barack Obama
online. Sports events often pose another
performance threat to network bandwidth as online broadcasting expands.
The most effective way to manage peak demand is to grant various levels of
8
< >
access based on a user’s role, time of day and the content type. For example,
Facebook access may be permissible during certain hours but not the games
offered through the site.
By limiting bandwidth consumption and setting application priorities, it’s
possible to provide access to social networking and multimedia content and
still ensure mission-critical applications operate at acceptable levels. For
example, employees can view YouTube, but only with 8% bandwidth. And if
a mission-critical application periodically requires additional bandwidth,
lower priority applications and traffic can be further restricted. Thus,
employees can access bandwidth-consuming applications without impacting
key agency functions.
Blue Coat PacketShaper provides these granular features with integrated
visibility and control capabilities in a single appliance. With PacketShaper’s
application performance monitoring capabilities, IT can identify all the
applications on the network and monitor response times and utilization at
the application level. Web traffic can be correlated with URL categories to
ensure mission-critical application bandwidth requirements are met before
social networking, for example. Social networking access would remain
available during these times, although with reduced performance due to its
lower priority.
Mobile Security
Mobile and remote workers also require web filtering for front-line
protection against malware and phishing attacks. Mobile workers have
a far greater need for effective security because they typically operate in
unsecured environments such as airports, hotels or on their home networks.
Because these systems frequently operate outside of the corporate network,
they face threats that go beyond social networking.
Blue Coat ProxyClient™ provides a critical way to protect mobile and remote
workers on any network. ProxyClient is centrally managed and enforces the
organization’s policies on web access, and works with the WebPulse cloud
service to gather the latest categorization intelligence. But ProxyClient also
delivers WAN optimization to help deliver a headquarters work experience
to all employees wherever they are. With ProxyClient, you can define
which applications to accelerate and which to block based on security and
9
< >
bandwidth requirements. As a result, web filtering is the perfect
complement to the end-point antivirus solution, which has become
standard on end points.
User Education
In addition to addressing technology gaps, you also have to educate users
about social networking security problems that stem from simple human
error. And while the end user will likely remain the number one security
risk for any organization, dramatic results can be achieved with just general
security training.
Education should begin
with the basics, but can
be placed in the context of
social networking to make
them fresh and interesting.
For example, good login
and password practices
are a common problem
within social networking.
Routinely changing login
credentials and protecting the confidentiality of passwords are basic security
requirements – or should be. While this may sound like common sense,
the recent “Climategate” fiasco may have been caused by one scientist
who actually included his password in his email signature.xi So even highly
educated users need to be reminded about basic security measures.
Cybercriminals also know that many users use the same login ID and
password on multiple sites, which enables attackers to easily gain access
to social networking accounts. In one instance, many Twitter accounts were
hacked when users were tricked into creating an account on a fake torrent
site.xii Other examples that are much less dramatic, but occur much more
frequently, take place when users try to share something to a select group
in an appropriate way, but do not realize that the way they shared it made it
available to a broader group.
Some applications may be popular enough to reasonably provide in-depth
application training for users. A great example of an easily avoidable issue
recently occurred when over 100 million Facebook pages were compromised
simply because most users did not understand some of the security settings
10
< >
available.xiii It may be worthwhile to start surveying users to identify their
needs, applications of choice and perhaps even their own list of concerns.
Then prepare a plan to ensure users are aware of how to use those
applications safely.
Also, users need to be reminded that there are no safe zones on the web
– including social networking sites. Assume that everything revealed on a
social networking site will be visible on the Internet forever. Once it has been
searched, indexed and cached, it may later turn up online no matter what
steps are taken to delete it.
Finally, most users are no different than IT – no one reads the manual. So
many users won’t really understand security guidelines until they violate
them once or twice. “Coaching screens” are informational pop-ups or
browser redirects that would appear at the instant a violation occurs to
inform the user they have violated a policy, someone else knows about
it, and explains how to prevent it from happening again. From a product
standpoint, IT should look for solutions that not only provide security, but can
also support education efforts.
Conclusion
Social networking has achieved a level of popularity that
requires reasonable access at work, but it is also sufficiently
mature to bring value to many businesses. But safe social
networking requires an aggressive and layered security
strategy at the web gateway, as well as the definition of new
usage policies and priorities from management and IT. Better
end-user education will also be required to ensure workers
use social networking applications safely and appropriately.
The combination of layered security and education can help
organizations dramatically reduce the risks from malware,
phishing, data loss and bandwidth abuse.
Why is all this necessary? As Jon Otsik of the Enterprise Strategy Group
said, “Clearly, cybercriminals are taking advantage of social networking’s
fundamental model of familiarity, trust, sharing and open communications
to dupe users and steal valuable data.”xiv To close these security gaps, IT
and business leaders must ensure they have the right security strategies
in place to identify and protect against the rapid evolution of social
networking threats.
11
< >
The Wall Street Journal, October 12, 2009: “Why email no longer rules…”
http://online.wsj.com/article/SB10001424052970203803904574431151489408372.html
i
Burson-Marsteller, February 23, 2010: “The Global Social Media Check-up.”
http://www.burson-marsteller.com/Innovation_and_insights/blogs_and_podcasts/BM_
Blog/Lists/Posts/Post.aspx?ID=160
ii
Softpedia, August 21, 2010: “Malware Used to Steal South Korean Military Secrets”
http://news.softpedia.com/news/Malware-Used-to-Steal-South-Korean-MilitarySecrets-153153.shtml
iii
Sophos, February 2010: “Security Threat Report: 2010”
http://www.sophos.com/pressoffice/news/articles/2010/02/security-report-2010.html
iv
Blue Coat Security Labs: “Web Security Report for 2009”
http://dc.bluecoat.com/content/SecurityReport2010?refer=securitylab
v
Mashable, May 12, 2010: “Facebook Attracts More Phishing Attacks Than Google and IRS”
http://mashable.com/2010/05/12/facebook-phishing-target/
vi
Blue Coat Security Labs, 2009
vii
Forrester Research, April 16, 2009: “The Forrester Wave™: Web Filtering, Q2 2009”
viii
eWeek, April 29, 2010: “How to Integrate Data Loss Protection in Web 2.0 Security
Strategies” http://www.eweek.com/c/a/Web-Services-Web-20-and-SOA/How-toIntegrate-Data-Loss-Protection-in-Web-20-Security-Strategies/
ix
Forrester Research, April 16, 2009
x
TechWorld, November 26, 2009
xi
SC Magazine, February 4, 2010: “Twitter accounts compromised in torrent site scam”
http://www.securecomputing.net.au/News/166357,twitter-accounts-compromised-intorrent-site-scam.aspx
xii
SC Magazine, July 30, 2010: “100 million Facebook accounts exposed”
http://www.securecomputing.net.au/News/221419,100-million-facebook-accountsexposed.aspx
xiii
Enterprise Strategy Group, July 2010: “Cloud-based Community Security”
http://dc.bluecoat.com/content/ESG
xiv
12
< >
Blue Coat Systems, Inc. • 1.866.30.BCOAT • +1.408.220.2200 Direct
+1.408.220.2250 Fax • www.bluecoat.com
Copyright © 2010 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be
reproduced by any means nor translated to any electronic medium without the written consent of Blue Coat
Systems, Inc. Specifications are subject to change without notice. Information contained in this document is
believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use. Blue
Coat, ProxySG, PacketShaper, CacheFlow, IntelligenceCenter and BlueTouch are registered trademarks of Blue
Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property
of their respective owners.
v.WP-BALANCE-SOCIALNETWORKS-NETWORK-SECURITY-OBJECTIVES-V1-1110

Balancing Social Networking with Network Security Objectives

Transcription

Similar documents

New England`s leading provider of benefits education

Performance Groups

Julien Descurieux

PCMM_Broch_MASTER_NETWORKING copy.indd

titan times - TITAN Business Development Group, LLC

Networking

CROP PRODUCTION SEED TECHNOLOGY

CS 268: Computing Networking People

Crime Prevention in the Virtual Community

PDF, 3006 KB