I speak to customers regularly about security, and one of the first questions I always ask them is, “What are the two most popular applications you use on a daily basis?” And the majority of the time, the answer I get is web and email. That’s not surprising. Because web applications and email are the two primary vehicles people use to communicate in their everyday lives, either for business or personal reasons. We post comments on Facebook and LinkedIn, check our bank accounts, send notes to our friends and colleagues, and share information and documents every day via email and web applications.
So with those being the two primary applications people are in front of all day long every day, it’s no surprise then that those are the two most popular threat vectors cyber adversaries are trying to exploit. Hackers and identity thieves use those avenues to tempt users to click on links or open documents that either lead to the installation of malware, steal personal information, or allow a user’s system to be taken over and used for malicious activity, such as becoming part of a botnet. Have you ever received an email asking you to click on a link and then input your bank account information, because the financial institution needs to “verify” their records? If so, then likely you’ve been the recipient of a spear phishing email.
Many of the breaches we hear about these days start with some sort of spear phishing email, because it is so successful. It’s not uncommon for attackers to do reconnaissance through social media sites, such as Facebook and LinkedIn, to find specific individuals within companies to target with spear phishing attacks. These systems make it easy to find people and their responsibilities within a company. And, figuring out their corporate email address isn’t too difficult. So if a hacker finds a mid-level manager in a corporation on LinkedIn and then finds the same person on Facebook, they can quickly build a profile about that person—their passions, their interests, and the causes they care about. Armed with that information, they easily can craft emails targeted toward that individual’s likes and interests, resulting in a higher level of success of that person clicking on a link to a false web site and sharing information.
As I mentioned in my earlier example, impersonation—where the email may look like it’s from the IRS, a banking site, PayPal or some social media site—is a big part of spear phishing attacks. These emails are crafted to appear valid to the eye, but if you look at the message headers associated with it, you can tell it’s not actually from the organization that it says it is. My recommendation is to briefly review the content in the email program’s preview pane and if you’re tech savvy, right click and “view source.” Otherwise don’t open and delete. Legitimate companies will never ask you to click through to their site and will most often attempt to reach you via phone or postal mail for important information regarding your account.
Given the fact that email and the Internet are two major threat vectors used by cyber villains to steal information, it makes sense to protect that traffic by using content security gateways.
Web gateways have been around for a long time. By using site categorization, these gateways have been used effectively by businesses for years to prevent employees from accessing sites the company deemed inappropriate—such as gambling or pornographic sites—while at work. But today’s threats have evolved and so have web gateway capabilities. Today’s products not only block undesired sites from being accessed, but also have the technology to scan sites for such things as imbedded viruses or pieces of malware, so that only clean traffic is being allowed to be sent back to the browser for viewing. This is often the case when users see banners blocked or not fully populated. Many times, the reason that happens is because the web gateway scanned the content being presented in that banner, flagged it as being potentially malicious, and stopped it from being presented in the browser. Web gateways are important not only to stop users from visiting questionable sites, but also to sniff out malicious content from sites that are visited and prevent it from being passed to the user.
Similarly, email gateways have evolved to provide additional protection. While originally put in place to block spam, today’s email gateway products can not only identify junk email—based on the address of the sender and/or a heuristic examination of the message content—but can also scan attachments for viruses and malware.
And lastly, while content security gateways help identify incoming threats by detecting malicious traffic, many also help to protect data being sent out. Many of these products include elements of data loss prevention (DLP)—not full blown suites that would be found with dedicated DLP solutions—but definitely powerful enough to take some standard action. For example, these products could be used to perform simple protective measures, such as screening email subject lines and message content for words like “confidential” or “internal use only” and preventing those messages from being sent out. Similarly, content with expressions identifying credit card or social security number strings can also be stopped before being sent. And, some of these solutions even have the capability to force an email to be encrypted before being transmitted, if it’s determined to contain sensitive information.
Maybe it’s time to take another lookThe use of email and the web is not going away anytime soon, and because of that, these two threat vectors likely will continue to be used by cyber adversaries. And, while content security gateway products have been around for a long time, things have changed. If you’re not using content security gateway products today, you’re missing a valuable layer of protection. And if you are using them, it’s worth taking a look at your business needs and the solutions you have deployed. Has your business or environment changed? Is your workforce more mobile than it was three years ago? Is the solution you’re using still meeting your needs? Are there more features and capabilities available you could be using?
Depending on the answers to those questions, you may want to make a change. The good news is that the disruption for these technologies is not high, so moving from one solution to another is not too difficult. And many gateway products today are available both in the traditional on-premise versions as well as cloud-based as-a-service offerings, enabling you to implement the model best suited for your workforce.