Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

2/19/2016
01:30 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Web Gateways Need Backstops

New report emphasizes the importance of layered defense.

A new report out this week showed how permeable network gateway protections can be on their own. In a 10-month study of 200 billion communications over one million client devices, Securlert took a deep dive look into the types of malicious activities that initially got past eight leading web gateway products. While some performed better than others, the conclusion was that there were still plenty of threats getting through this layer of defense.

The study looked at whether the gateways were allowing infected, internal devices to communicate outside of the organization to their perpetrators. According to the researchers, almost all of the environments studied were running sophisticated perimeter defense systems that included a secure web gateway and/or next generation firewall, an IPS/IDS, plus fully functioning endpoint protection and SIEM correlation.

According to the report, more than half of the gateways studied allowed more than 40% of the attempted malicious outbound communications to successfully reach C&C servers. And overall, 40% of all attempted malicious communication managed to beat the web gateways in question.

"Today’s enterprises are unknowingly allowing malicious outbound communication to be transmitted through their web gateways on a daily basis,” said Richard Greene, Seculert CEO.

According to the recent IWK Strategic Security Survey, while firewalls remain the security product most valued by security professionals -- 62% of them put them in their top three -- gateway antivirus or anti-malware is only similarly valued by about 12% of security professionals.

Seculert didn't name and shame specific vendors for their performance, but did show through anonymized data that there was definitely a range of performance levels across the technologies. For example, one particular gateway let 50 percent of connected and infected devices communicate with C&C servers, and allowed an average of 350 communications per incident. Whereas another only allowed about 5% of devices to communicate outbound and only had an average of 50 communications in those rare incidents let through. Across all products, the average number of successful outbound communications per incident was over 100.

Interestingly, the report noted that almost all of the gateways showed uneven performance. For example, what might have been seen as good blocking for weeks or months changed after some attack technique enabled adversaries to beat the technology during a different period of time.

The lessons are likely two-fold. One that the drumbeat for layered security should continue to be heeded. And two, that careful vetting is necessary for even the most commoditized of products and categories. 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: "The truth behind Stonehenge...."
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27886
PUBLISHED: 2021-03-02
rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. NOTE: this is NOT a Docker, Inc. product.
CVE-2016-8153
PUBLISHED: 2021-03-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
CVE-2016-8154
PUBLISHED: 2021-03-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
CVE-2016-8155
PUBLISHED: 2021-03-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
CVE-2016-8156
PUBLISHED: 2021-03-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.