Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

2/19/2016
01:30 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Web Gateways Need Backstops

New report emphasizes the importance of layered defense.

A new report out this week showed how permeable network gateway protections can be on their own. In a 10-month study of 200 billion communications over one million client devices, Securlert took a deep dive look into the types of malicious activities that initially got past eight leading web gateway products. While some performed better than others, the conclusion was that there were still plenty of threats getting through this layer of defense.

The study looked at whether the gateways were allowing infected, internal devices to communicate outside of the organization to their perpetrators. According to the researchers, almost all of the environments studied were running sophisticated perimeter defense systems that included a secure web gateway and/or next generation firewall, an IPS/IDS, plus fully functioning endpoint protection and SIEM correlation.

According to the report, more than half of the gateways studied allowed more than 40% of the attempted malicious outbound communications to successfully reach C&C servers. And overall, 40% of all attempted malicious communication managed to beat the web gateways in question.

"Today’s enterprises are unknowingly allowing malicious outbound communication to be transmitted through their web gateways on a daily basis,” said Richard Greene, Seculert CEO.

According to the recent IWK Strategic Security Survey, while firewalls remain the security product most valued by security professionals -- 62% of them put them in their top three -- gateway antivirus or anti-malware is only similarly valued by about 12% of security professionals.

Seculert didn't name and shame specific vendors for their performance, but did show through anonymized data that there was definitely a range of performance levels across the technologies. For example, one particular gateway let 50 percent of connected and infected devices communicate with C&C servers, and allowed an average of 350 communications per incident. Whereas another only allowed about 5% of devices to communicate outbound and only had an average of 50 communications in those rare incidents let through. Across all products, the average number of successful outbound communications per incident was over 100.

Interestingly, the report noted that almost all of the gateways showed uneven performance. For example, what might have been seen as good blocking for weeks or months changed after some attack technique enabled adversaries to beat the technology during a different period of time.

The lessons are likely two-fold. One that the drumbeat for layered security should continue to be heeded. And two, that careful vetting is necessary for even the most commoditized of products and categories. 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0565
PUBLISHED: 2020-02-25
NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible.
CVE-2020-9393
PUBLISHED: 2020-02-25
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows XSS.
CVE-2020-9394
PUBLISHED: 2020-02-25
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF.
CVE-2019-3999
PUBLISHED: 2020-02-25
Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
CVE-2020-8809
PUBLISHED: 2020-02-25
Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attacker ...