Content

Monitoring your information zoo

Email systems and the web are arguably the most widely utilized technological tools to conduct many business activities today. So it is no surprise that their use in organizations makes them the ideal conduits for malware outbreaks. Also, the inappropriate ways in which these tools are being used has inspired more and more civil litigation, as well as both federal and state privacy legislation.

"Obviously, the number one concern is still viruses and malicious code, and there is no let-up in the onslaught of email-borne viruses," says Tim Smithson, solution marketing manager for McAfee Security's GroupShield and PortalShield offerings. "Spam continues to grow at a staggering rate and we are beginning to see spam used as a technique to spread malicious code, such as Swen, as well as worms, such as MyDoom..."

Adding to these problems are instances of racism, sexism and profanity in emails circulated in an organization, or improper URLs accessed during work hours by employees. Not only does such abuse use bandwidth, but it also increases threats of legal liabilities for companies, he says. Mobs of legislative mandates are requiring organizations to comply with privacy and security rules when using email or the internet.

According to IDC's Market Analysis, Worldwide Secure Content Management Forecast Update and Competitive Vendor Shares, 2002-2007, the amalgamation of all these factors, along with growing concerns surrounding the use of instant messaging (IM), hybrid threats such as Code Red, potential leaks of confidential company information, and more, are pressuring enterprises to establish secure content management (SCM) solutions. Ideally, these will help companies to better control the information that flows in and out of their organizations, primarily through email and web traffic.

"Almost all the leading vendors in this space are offering a complete secure content-management solution, where they're integrating their anti-virus with some proactive types of scanning, like heuristics or behavior analysis. They're also integrating content filtering, so they can filter out certain file types or... spam," says Brian Burke, research manager for IDC's security product services, who wrote the market analysis report with IDC's David Roy.

And when it comes to web filtering, Burke means all types, from filtering for "malicious code coming via the web, which a lot of the anti-virus vendors are doing," to filtering offered by vendors like WebSense, SurfContol, and Secure Computing that "focuses more on the productivity issue" of ensuring that employees do not go to inappropriate sites.

Such surfing often ends in litigation or causes networks to be infected by malicious code that is downloaded, often unknowingly, by end-users.

Steve Purdham, CEO of SurfControl, clarifies the problem: "Company executives have no choice but to take a stronger stance in controlling, filtering and managing the content electronically jetting in and out of their organizations. There's just too much at stake if they choose to ignore their network traffic."

If companies fail to take control, they risk a variety of dangers, he says. "Employees get paid to fulfill their job duties. Leisurely web surfing and email writing can detract from these tasks, but secure content management solutions can aid in ensuring that people are doing what they're paid to be doing."

Also, users downloading music or movie files on the corporate network can use up valuable bandwidth. "Without the proper infosec measures in place throughout the network," he adds, "just one little worm that enters a corporate system through email or web content can take a company down."

Companies also need to ensure no illegal traffic occurs on their networks. "To avoid litigation and a tarnished reputation (perhaps even loss of revenue because of a soiled brand) companies need to make sure that discriminatory messages are not going out under the company banner," he warns.

A need for secure content management

Companies do not have a strong understanding of what threats will look like or how they may invade their systems, so they want to cover all the vulnerabilities cited by IDC, says eSoft's Reid Hislop, vice-president of marketing. The number of threats that exist today, as well as the urgency to comply with a growing list of legislation, is prompting organizations to ensure that SCM products can integrate seamlessly with one another or that they arrive in a bundled solution or appliance-based tool that protects them once it's installed or plugged in.

"We see the growth as a result of the need to have a security solution to address as many of the threats out there as possible," he notes. "A firewall just doesn't cut it anymore."

Greg Dyer, network systems manager at Tropicana Casino and Resort in Atlantic City, NJ., views email as the most critical application to control, but he believes that many organizations like his want to safeguard all email and web traffic. He uses SurfControl products to help.

"I'd assume most companies that are similar to Tropicana are seeking a product that maximizes its ability to protect both email and content filtering at a reasonable expense," he says. "Internally, we do our due diligence and then some to protect our network. Leaving content and email filters to the client alone is not a practical solution."

For Brad Hillebrand, manager of enterprise technology for Fellowes, a manufacturer of business tools, viruses entering the network through backdoor web channels and web content is most concerning: "We secure our email communications, desktops and file service, but have avoided deploying web-based virus scanning because of the enormous impact on performance to end-users and the reliability of the technology itself."

But after a year of searching, he says the company chose a proxy appliance from Blue Coat Systems. "We were determined to find [a suitable product] because we felt the time was right for this technology to exist. It only made sense that the next level of security virus scan is brought to http traffic," he explains.

These kinds of initiatives are exactly why the SCM market is slated for bullish growth. According to IDC's Burke, the SCM market hit $2.7 billion in 2002, which proved "an even more impressive year than IDC had originally forecast." He predicts that the market will reach $6.4 billion in 2007.

To Steve Mullaney, vice-president of marketing at Blue Coat, one of the main drivers for such leaps stems from the widespread adoption of web-based applications across enterprises. "Ten years ago, we had to make sure email was locked down with good anti-virus software and that employees did not transport viruses via floppy disks," he says. "Today, ubiquitous internet connectivity and plentiful bandwidth has provided employees access to numerous web communications tools and distractions that are putting companies at risk – everything from IM and peer-to-peer file sharing to video streaming and email that can be accessed from a web browser."

Email is firmly established as the killer application for doing business now, adds McAfee's Smithson, but IM and web portals are being used more frequently to help boost productivity. "With portals, information is being shared with customers and partners via web portals and internal content needs to be protected from external access. And the same problems of viruses and inappropriate content that affect email will affect portals. In addition, external customers and partners can use portals to post information. So organizations need to be protected from the introduction of malicious malware."

Products solve part of the problem

It is plain that most organizations are looking for products that act as sentinels at the gateway. However, they also want protection of email and web applications supported by backend databases. This equates to products for the mail or portal servers too, explains Smithson. "Organizations are also looking to report on their protection to answer questions such as 'Who is sending inappropriate information?' or 'How effective [is the solution] at preventing threats?',"he says.

But finding the right technology in a single product, bundled solution or appliance-based tool, is only part of the equation. According to Finjan's CEO Shlomo Touboul, confronting problems associated with SCM has three sides, like a pyramid – productivity, security and legal liability. Tackling these sides successfully requires many departments to spearhead plans and implement the right solutions, as well as having the best policies and training programs.

"The first half of the solution is to know what the problem is," he says. "But I don't think many of the corporate IT [departments] know what the problem is yet because they don't know what's coming into their companies."

Initially, managers must educate themselves by obtaining an analysis of what is entering and leaving the network. Next is to discover what these active elements of the network traffic are doing, to decide whether or not it is possible to build profiles of good, dangerous or higher risk behavior.

From here it should be straightforward enough to construct and automate policies that decide what is done with all that compartmentalized traffic, he says. People policies will also help to educate and train end-users on how to behave in the workplace when using the enterprise's technological tools.

There are other basic steps involved in getting a handle on what needs to be controlled and filtered, says Toby Weiss, senior vice-president with Computer Associates eTrust Security Solutions.

"I would say the first step is really understanding what legislation you need to be able to comply with. Compliance is going to drive any business decision. If you are in health care, HIPAA is obviously going to come foremost to mind.If you're a public company on the web, you've got Sarbanes-Oxley. If you're doing business in the state of California, then there's SB 1386," he explains. "I think compliance is always the first place to look, because that's what will really enable you to be in business or not."

After that, he says, define the "choke points" of the network, such as gateways where information is coming in and going out of organizations. "And then you might need to determine certain segments of your network or user population... and look at where your intellectual property [is] and where constant communications [are] happening."

Putting it all together

The "trifecta" of SCM currently covers anti-virus, more generic content filtering/email usage policy control, and anti-spam, according to Chris Miller, Symantec's director of product management. In the future, applications such as IM, along with wireless LANs or mobile devices will be added to the list of areas to protect. The problem is that there is no silver bullet solution that will knock all these issues out.

"It's really, I think, a blend of technologies. If you look at it from the web perspective, from an email perspective, either anti-virus or anti-spam, there is no single engine or capability that is going to solve your problems. It tends to be a blend of technologies," he says.

It is because of this that Brad Johnson, vice-president of consulting at SystemExperts, views integration as one of the key issues of SCM. After all, the lack of integrating security solutions (or any IT solutions) will drive up deployment, management and scalability costs.

"The reality is that the heterogeneity of most organizations' network environments is so dramatic [that] getting it all to work together is really where most of the cost is. You have hardware solutions, you have software solutions, you have firmware solutions – in terms of content management, [vendors] that are going to take that philosophy of trying to have [necessary components] integrated are going to have a better chance," he says. "In the very short run it may be attractive to say 'Ooh, here's this widget I can put on that is going to help me with my anti-spam filtering.' But in reality, when you're trying to put this all together on a pretty large scale network... it's the integration issues that are really going to bite you."

Many companies are trying to tackle these issues with individual products for viruses, spam and web filtering. Therefore, enterprises looking to augment what they already have will need to find a vendor whose solutions will enable them to leverage current investments.

"Organizations face the problem of struggling to implement different technologies on various platforms and are faced with issues of interoperability, deployment and management concerns," says McAfee's Smithson. "Hence, organizations will demand best-of-breed solutions that can be centrally deployed, managed and reported on."

Therefore, the SCM market will continue to see consolidation, he says, and the threat landscape for the corporate world will grow worse. "Other vectors of attack will probably begin to appear as the popularity of technologies such as IM increases," he warns. "Spam, inappropriate content and viruses will continue to blend together, making 'complete' protection a necessity." 

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.