Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

2/19/2016
01:30 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Web Gateways Need Backstops

New report emphasizes the importance of layered defense.

A new report out this week showed how permeable network gateway protections can be on their own. In a 10-month study of 200 billion communications over one million client devices, Securlert took a deep dive look into the types of malicious activities that initially got past eight leading web gateway products. While some performed better than others, the conclusion was that there were still plenty of threats getting through this layer of defense.

The study looked at whether the gateways were allowing infected, internal devices to communicate outside of the organization to their perpetrators. According to the researchers, almost all of the environments studied were running sophisticated perimeter defense systems that included a secure web gateway and/or next generation firewall, an IPS/IDS, plus fully functioning endpoint protection and SIEM correlation.

According to the report, more than half of the gateways studied allowed more than 40% of the attempted malicious outbound communications to successfully reach C&C servers. And overall, 40% of all attempted malicious communication managed to beat the web gateways in question.

"Today’s enterprises are unknowingly allowing malicious outbound communication to be transmitted through their web gateways on a daily basis,” said Richard Greene, Seculert CEO.

According to the recent IWK Strategic Security Survey, while firewalls remain the security product most valued by security professionals -- 62% of them put them in their top three -- gateway antivirus or anti-malware is only similarly valued by about 12% of security professionals.

Seculert didn't name and shame specific vendors for their performance, but did show through anonymized data that there was definitely a range of performance levels across the technologies. For example, one particular gateway let 50 percent of connected and infected devices communicate with C&C servers, and allowed an average of 350 communications per incident. Whereas another only allowed about 5% of devices to communicate outbound and only had an average of 50 communications in those rare incidents let through. Across all products, the average number of successful outbound communications per incident was over 100.

Interestingly, the report noted that almost all of the gateways showed uneven performance. For example, what might have been seen as good blocking for weeks or months changed after some attack technique enabled adversaries to beat the technology during a different period of time.

The lessons are likely two-fold. One that the drumbeat for layered security should continue to be heeded. And two, that careful vetting is necessary for even the most commoditized of products and categories. 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.