Security Issues

Web-based Malware:

Malware Protection is No Longer an Option—It's a Necessity

• Cybercrime has escalated more than 400% since 2007¹
• A typical organization experiences a malware attack every 73 days²
• 92% of attacks originate from the Web³
• 84% of all infected websites are legitimate, trusted sites⁴
• Six in 10 malicious URLs pass undetected through most Web security solutions

Organizations worldwide face significant challenges in protecting their networks, users and data from today's organized cybercrime. Shifting the way they target organizations, cybercriminals are abandoning large-scale, generalized attacks in favor of more targeted, evasive techniques with lucrative payoffs. Because reputation- and signature-based solutions cannot adequately detect these types of malware, organizations now require high-level, proactive Web security to truly protect from these complex threats.

Why Has Modern Malware Become Such a Problem?

Web-based malware attacks have escalated, primarily because:

1. Cybercriminals find new ways to exploit new technologies. Dynamic and interactive in nature, Web 2.0 and social networking sites are used increasingly to scam users and spread malware via social engineering and other techniques. More recently, mobile devices have opened even more avenues for cyber-attacks.
2. New, stealthy malware is purposely designed to fly under the radar of security technologies that have been used for many years such as antivirus, firewalls, filtering and IDS/IPS.
3. Cybercrime is extremely profitable and relatively easy to perpetrate.

Why Are these Attacks So Dangerous?

Organized cybercriminals have been known to target businesses for their trade secrets and intellectual property, as was the case with the infamous Operation Aurora. Now, attackers have upped the ante by pursuing government agencies and contractors, prominent media outlets, financial institutions and other high-profile organizations. Losing money and trade secrets is bad enough. Compromising classified military information or infrastructure details is much worse and could significantly impact a country's national security.

How and Why Are these Attacks So Successful?

The sophisticated methods used enable the attacks to remain undetected while the payload executes. Many modern malware attacks are targeted attacks which have a specific purpose and intended victims. Cybercriminals research their victims and design authentic-looking Web communications that trick them into clicking an infected link or opening a document with embedded malware. The goal is to quietly infiltrate a system or network, remain there undetected for a long time, and steal information or monitor user activities. Another reason such attacks have high success rates is because they exploit previously unknown security holes or zero-day vulnerabilities.

Why Are Most Solutions Incapable of Preventing Modern Malware Attacks?

Common malware protection technologies rely on reactive methods that detect known malware, such as malicious URLs, bad IP addresses or malware signatures. This approach is flawed because by definition, vendors of these technologies can only protect customers AFTER someone has been attacked—once the malicious code makes it onto the "database list" (i.e. "unknown" malware becomes "known"). URL filtering, antivirus, firewalls and other reputation- and database-driven solutions block less than 40% of malware, leaving organizations unprotected from the 60% that evades detection. This malware gap gives cybercriminals easy entry into organizations' networks and data.

What DOES Work?

M86 technology is able to detect new and targeted attacks without having already seen the attack. This is because it does not rely on signatures or databases; instead it analyzes code on a Web page and determines its intent in milliseconds, so malware gets blocked proactively—before it can reach a user.

The M86 Secure Web Gateway (SWG) uses adaptive, layered technologies to not only determine intent of code, but to correlate individual Web page components and scan for known threats. Together, these technologies provide the most accurate protection from known and unknown attacks that are dynamic and increasingly targeted.

¹ Detica Report, February, 2011; FBI Reports, 2007; 2010
² Osterman Research White Paper: The Global Malware Problem: Complacency Can Be Costly
³ M86 Labs, 2010
⁴ M86 Labs, 2010

Email-based Malware:

Detect and Mitigate Blended Threats Proactively

Cybercriminals know that most users are too savvy to open an email from an unknown source or click on a suspicious URL, so they've gone to great lengths to develop less obvious ways to spread malware. They try to influence user behavior by using credit card alerts, customer service surveys from well-known retailers, links to friends' videos or other seemingly legitimate messages.

What are blended threats?

These stealth attacks appear innocuous to users but spread malware to their systems through a combination of vehicles. Most blended threats use email to initiate an attack, although no virus is attached to the message. Instead, cybercriminals include a seemingly legitimate URL to entice users to click through, which triggers malware to download automatically — without detection. Often, users spread these attacks unknowingly by forwarding emails with links to popular websites that are infected with malware.

Blended threats have become a popular means of distributing malware. They evade typical signature-based anti-virus products by drawing users to websites where new variants of malware are downloaded, often without being initiated by the user. Plus, these threats are changed frequently to elude the traditional signature-based malware detection used on many Web gateways.

Blended threats are effective because they:

• Evade anti-virus engines by sending users to a malware-infected website instead of attaching a virus directly to the email
• Use well-designed, socially-engineered emails that pose no obvious risk
• Elude most Web filters because they use legitimate websites to host malicious code
• Require little or no user interaction for deployment and infection

How Can Blended Threats Be Prevented?

M86 MailMarshal is a versatile, powerful and scalable email security system that integrates email threat protection, anti-spam, inbound/outbound content analysis, policy/compliance enforcement, data leakage prevention and reporting into a single, flexible and easy-to-manage solution. Its Blended Threats Module is an optional security service that detects known malicious URLs in email messages using M86's behavioral analysis technology. The URLs are added to a dynamically updated database, greatly improving zero-day threat prevention.

Web 2.0/Social Media:

Minimize Risks and Maximize Access

• Barely 1/5 of all Twitter user accounts are legitimate.
• In April 2010, 110 billion minutes were spent on blog and social networking sites.*
• More than 92% of new threats occur through the Web, predominantly through vulnerabilities in Web 2.0-enabled sites and applications.

Today's workforce has completely integrated Web 2.0 applications and technologies into their personal and professional lives. By some estimates, more than 80 percent of employees use social applications such as Facebook, MySpace and YouTube at the office or on their laptops. The popularity of instant messaging, video-calling (Skype) and peer-to-peer (including multi-player gaming) is growing daily and with it, increasing risks for organizations' reputations, information security and network performance.

Web 2.0 is certainly beneficial. These tools help users access information quickly, allow organizations to engage their customers and partners, and enable collaboration for training, recruiting and other projects. However, as evidenced by the data above, Web 2.0 can negatively impact productivity and security. The dynamic, interactive content on Web 2.0 sites can be distracting. Organizations are also concerned about the potential disclosure of sensitive information by employees when they post messages, leave comments or write blogs.

Cybercriminals have benefited from Web 2.0's popularity. Malicious content on legitimate Web 2.0 sites is difficult to combat, since most users are constantly engaged in the content.

Flexible Control Allows Greater Access

The M86 Secure Web Gateway enables users to benefit from the latest Web 2.0 technologies and applications in a secure environment. Its Granular Social Media Control feature enables organizations to control the way employees use Web 2.0 applications without the blocking them completely. Collaborative applications such as IM, Skype, and P2P can also be controlled and restricted to work-related uses.

Using M86 Web security solutions, organizations can enforce specific policies that suit their organizational needs, such as allowing employees to access Facebook, while preventing them from posting comments or attachments, eliminating the risk of sensitive or confidential data leakage. Policies for each worker remain the same, regardless of location.

* Source: Nielsen April 2010 Data

Data Loss Prevention:

Control Your Content to Protect Your Data

One email sent to the wrong person. An inappropriate upload. One ill-advised blog post. That's all it takes to damage an organization's reputation. Whether accidental or intentional, the loss of sensitive information such as financial records, credit card numbers and patient data exposes organizations and executives to costly regulatory compliance and legal liability risks.

This makes it essential that organizations identify their sensitive information and protect access to it. Whether it's intellectual property, personal information or data subject to regulatory requirements, IT administrators need to know what it is, where it's going and how to protect it.

What's the best way to accomplish this? Deploy content-aware security products that reinforce corporate or agency Acceptable Use Policies, and clearly explain what constitutes confidential information and which precautions should be taken when sharing it.

Choose the Right Solution for Your Requirements

M86 Security offers email and Web solutions that help organizations control their content and protect their data easily. The M86 Secure Web Gateway uses Granular Social Media Control and powerful reporting to enforce flexible policies and prevent outbound data loss through Web 2.0 sites.

Using deep content inspection, M86 MailMarshal SMTP and M86 WebMarshal help eliminate data leakage through the Web and email by inspecting all content, including within email attachments.

When it comes to data loss, there's no such thing as "acceptable risk". M86 Security has the intelligent solutions organizations need to control their outbound content and minimize data loss risks.

Remote/Mobile Users:

Extend the Same On-premises Protection to Offsite Users

Although beneficial and necessary for most organizations, an increasingly mobile workforce has compounded IT security risks. Often, mobile workers aren't sufficiently knowledgeable or diligent about securing their systems or adhering to corporate security policies. And mobile laptop users, in particular, create an immediate vulnerability as they connect to the Web via Wi-Fi hotspots in airports, coffee shops and other less secure locations.

Without covering these mobile laptops and remote PCs, organizations leave their networks exposed to malware attacks and vulnerable to costly data loss. Despite this, they still haven't adequately protected their networks and users because many mobile solutions either don't offer complete protection or lack true integration and manageability.

M86 Security changed that. The M86 Secure Web Service Hybrid is the first Web security system to integrate Real-time Code Analysis, on-premises appliance technology and cloud-based services within a single management interface. This solution enables organizations to ensure consistent policy and robust security for all users, whether onsite, roaming or at a branch office.

Regulatory Compliance:

Minimize Risks and Enforce Acceptable Use Policies

Regulatory compliance and legal obligations are now key motivators for securing confidential information. Since the Internet and digital technologies have become primary means of storing and distributing information, legislation has been passed to keep up, whether to protect private health information, secure customer financial data, safeguard government intelligence or ensure student safety.

Web and email monitoring and reporting solutions help organizations prove they're in compliance with regulations. They also reveal problems so they can be rectified before auditors discover them—avoiding fines, loss of contracts, damage to reputation, and even a drop in stock prices.

Flexible Policy Control

Technical enforcement of Acceptable Use Policies (AUPs) removes the burden from users and administrators, enabling organizations to set flexible policy controls and automatically preempt activities that could lead to noncompliance.

M86 Security offers several solutions that help ensure regulatory and industry compliance for a variety of markets, including healthcare, education, finance and government. The M86 Secure Web Gateway, M86 Web Filtering and Reporting Suite, M86 WebMarshal and M86 MailMarshal SMTP solutions each include powerful technologies that back up AUPs and reduce the data loss risks associated with Web and email technologies.