WhitepaperCyren

How to Overcome Web Security Challenges (and Sleep Well at Night)VCWSECURITY

How to Overcome Web Security Challenges(and Sleep Well at Night)

Attempts to Secure the Modern Workplace 

Security has always been a priority for IT professionals, but unfortunately, efforts to effectively protect the environment have failed time and again.

When IT departments are faced with new technologies such as mobile devices or cloud services, their initial reaction is to prohibit them. Without proper security controls and technologies in place, this is the only way IT knows how to protect corporate assets. But, prohibiting technology works for only a short time - if at all. Executives tell IT to make it work (in the case of, for example, smartphones), or users go around IT altogether, resulting in shadow IT. Even when tools do become available, first-generation security controls are often rejected by users, as with mobile device management (MDM) solutions in bring-your-own-device (BYOD) environments.

When prohibiting a technology fails, the security team will do the best it can by using the tools it has; most often these are old security technologies. But the evidence suggests that that doesn’t work either. The study by IDG Research Services is proof. Participating IT professionals said their No. 1 challenge in delivering web security is multiple devices’ creation of numerous entry points into the corporate network - the worst of all worlds. Among the respondents, 45% cited a lack of the continuous visibility needed to detect advanced attacks and 38% said existing blocking and prevention solutions are insufficient to protect against advanced attacks. These are scary numbers.

Obviously, taking a quick-fix approach to security doesn’t work and it never will. Legacy solutions were not built to protect a dynamic multi-platform, multi-device, multi-infrastructure world from advanced threats. It’s time for IT organisations to evolve their security strategy to address the needs of today’s computing environment.

Requirements for a Modern Web Security Solution 

To determine what is needed for a modern web security solution, we have only to look at how existing web security solutions are lacking. The IT professionals were asked to rate the performance of their existing solutions in the following areas: continuous monitoring, attack prevention, attack detection and protection speed (how quickly new threats, or “zero-hour vulnerabilities,” are blocked). In any given area, fewer than half of the respondents rated their solution as being highly effective.

When it comes to protection speed, one-third of the respondents rated their solution as either not very or not at all effective, yet protection speed is crucial. The longer a vulnerability remains exposed, the greater the risk that it will be exploited. This reflects directly back to the need for continuous monitoring. As today’s threats evolve in a matter of minutes, continuous, real-time updates are critical to keep protection current.

Likewise, the ability of a web security solution to detect and prevent an attack is limited by its ability to recognise the threat. Given the short lifespan of many modern threats, a vulnerability can be exploited and the malware can morph before a legacy web security solution is even updated with the original threat information.

If nothing else, the poor performance ratings IT professionals gave their legacy web security solutions make it clear that it’s time for a new approach.

The Last—and Only—Option

Fortunately, there is another way - and it addresses all these challenges. The best model for delivering security is one in sync with how the business uses technology today, because it’s based on and delivered in the very same way. Cloud-based business applications make functionality available to users - wherever they are, on whatever device they use. The cloud can do exactly the same for security. A cloud-based web security solution also meets IT’s need for continuous monitoring, attack prevention/detection and protection speed, because the protection is always up to the moment.

CYREN WebSecurity is a cloud-based secure web gateway replacement that provides continuous, comprehensive internet security for users on any device, on any network, in any place. To ensure the best protection against modern threats, CYREN uses a unique combination of automated engines and human analysts to continuously classify the current status of the web against a real-time database of more than 150 million URLs. Users are always protected against new threats as they emerge, without time-consuming updates. In addition, IT organisations can define, apply and enforce acceptable use policies for the web. In a matter of minutes, policies can be set by user, group, location, time of day and/or device type.

CYREN WebSecurity also provides complete visibility into web use across all devices, wherever users might be and however they connect to the internet. All web access is consolidated and logged, providing a detailed picture of how the web is used across the organisation and an advanced dashboard provides instant insight into current threats and overall web traffic.

As a cloud-based solution, CYREN WebSecurity reduces the complexity of the security infrastructure and minimises the total cost of ownership. There’s no hardware or software to deploy or maintain or costly backhaul routing to bring remote users’ traffic to central appliances. Traffic is simply routed to the cloud

No one would deny that business use of technology has changed dramatically in light of mobile and the cloud. Behind the scenes, however, lurks a different story - the IT department frantically works to maintain an effective level of protection with the same technologies and strategies it’s used for the past 10 to 15 years. The result: IT is struggling to prevent and detect attacks. 

Security professionals know that the risk of malware infection is high. They also know that their efforts to mitigate this risk are falling short and it’s keeping them up at night. The challenges they face, as identified via a survey by IDG Research Services, are a good indicator that it’s time to catch up with the rest of the business and address security with a solution built for the twenty-first century. This paper explains how IT organisations can improve security more quickly, easily and effectively with a cloud-based web security solution, than by continuing with appliance-based solutions.

for industry-leading threat protection. System setup can be accomplished in just a few clicks and the process of enrolling users in the system can be fully automated, so the time and resources required to switch your security to the cloud are minimised.

Conclusion

Any job is more difficult without the proper tools. The challenges associated with securing today’s computing environment come from using static legacy technologies that were never intended to do the job they’re being made to do now. These technologies were designed to protect places and things, but today’s computing environment demands protection for users. When IT organisations switch their security approach from securing fixed computing assets to protecting users on whatever device they use, these challenges not only go away but you also immediately create a more secure environment.

Source: IDG Research, August 2015

Top Challenges in Delivering Web Security

Multiple devices creating numerous“entry points” (laptops,

tablets, smartphones)

Lack of the continuous visibility needed to detect

advanced attacks

Lack of resources to implement new security solutions

Difficulty assessing your organisation’slevel of risk/threat profile

No clear or uniform strategy for “incident response” (response

is ad-hoc/reactive)

Existing blocking and prevention solutions are insufficient to protect

against advanced attackers

48%

45%

43%

39%

39%

38%

Attempts to Secure the Modern Workplace 

Security has always been a priority for IT professionals, but unfortunately, efforts to effectively protect the environment have failed time and again.

When IT departments are faced with new technologies such as mobile devices or cloud services, their initial reaction is to prohibit them. Without proper security controls and technologies in place, this is the only way IT knows how to protect corporate assets. But, prohibiting technology works for only a short time - if at all. Executives tell IT to make it work (in the case of, for example, smartphones), or users go around IT altogether, resulting in shadow IT. Even when tools do become available, first-generation security controls are often rejected by users, as with mobile device management (MDM) solutions in bring-your-own-device (BYOD) environments.

When prohibiting a technology fails, the security team will do the best it can by using the tools it has; most often these are old security technologies. But the evidence suggests that that doesn’t work either. The study by IDG Research Services is proof. Participating IT professionals said their No. 1 challenge in delivering web security is multiple devices’ creation of numerous entry points into the corporate network - the worst of all worlds. Among the respondents, 45% cited a lack of the continuous visibility needed to detect advanced attacks and 38% said existing blocking and prevention solutions are insufficient to protect against advanced attacks. These are scary numbers.

Obviously, taking a quick-fix approach to security doesn’t work and it never will. Legacy solutions were not built to protect a dynamic multi-platform, multi-device, multi-infrastructure world from advanced threats. It’s time for IT organisations to evolve their security strategy to address the needs of today’s computing environment.

Requirements for a Modern Web Security Solution 

To determine what is needed for a modern web security solution, we have only to look at how existing web security solutions are lacking. The IT professionals were asked to rate the performance of their existing solutions in the following areas: continuous monitoring, attack prevention, attack detection and protection speed (how quickly new threats, or “zero-hour vulnerabilities,” are blocked). In any given area, fewer than half of the respondents rated their solution as being highly effective.

When it comes to protection speed, one-third of the respondents rated their solution as either not very or not at all effective, yet protection speed is crucial. The longer a vulnerability remains exposed, the greater the risk that it will be exploited. This reflects directly back to the need for continuous monitoring. As today’s threats evolve in a matter of minutes, continuous, real-time updates are critical to keep protection current.

Likewise, the ability of a web security solution to detect and prevent an attack is limited by its ability to recognise the threat. Given the short lifespan of many modern threats, a vulnerability can be exploited and the malware can morph before a legacy web security solution is even updated with the original threat information.

If nothing else, the poor performance ratings IT professionals gave their legacy web security solutions make it clear that it’s time for a new approach.

The Last—and Only—Option

Fortunately, there is another way - and it addresses all these challenges. The best model for delivering security is one in sync with how the business uses technology today, because it’s based on and delivered in the very same way. Cloud-based business applications make functionality available to users - wherever they are, on whatever device they use. The cloud can do exactly the same for security. A cloud-based web security solution also meets IT’s need for continuous monitoring, attack prevention/detection and protection speed, because the protection is always up to the moment.

CYREN WebSecurity is a cloud-based secure web gateway replacement that provides continuous, comprehensive internet security for users on any device, on any network, in any place. To ensure the best protection against modern threats, CYREN uses a unique combination of automated engines and human analysts to continuously classify the current status of the web against a real-time database of more than 150 million URLs. Users are always protected against new threats as they emerge, without time-consuming updates. In addition, IT organisations can define, apply and enforce acceptable use policies for the web. In a matter of minutes, policies can be set by user, group, location, time of day and/or device type.

CYREN WebSecurity also provides complete visibility into web use across all devices, wherever users might be and however they connect to the internet. All web access is consolidated and logged, providing a detailed picture of how the web is used across the organisation and an advanced dashboard provides instant insight into current threats and overall web traffic.

As a cloud-based solution, CYREN WebSecurity reduces the complexity of the security infrastructure and minimises the total cost of ownership. There’s no hardware or software to deploy or maintain or costly backhaul routing to bring remote users’ traffic to central appliances. Traffic is simply routed to the cloud

for industry-leading threat protection. System setup can be accomplished in just a few clicks and the process of enrolling users in the system can be fully automated, so the time and resources required to switch your security to the cloud are minimised.

Conclusion

Any job is more difficult without the proper tools. The challenges associated with securing today’s computing environment come from using static legacy technologies that were never intended to do the job they’re being made to do now. These technologies were designed to protect places and things, but today’s computing environment demands protection for users. When IT organisations switch their security approach from securing fixed computing assets to protecting users on whatever device they use, these challenges not only go away but you also immediately create a more secure environment.

VCWSECURITY

About VCW Security

VCW Security specialises in the distribution and marketing of IT security solutions and services to end-user companies via the reseller channel. VCW Security is different to other companies. Instead of simply replicating existing products at a lower cost, the company has successfully pioneered many new and innovative technologies and challenged the market dominance of established vendors.

A wide range of products and services are offered from leading edge, non-competing vendors that help define the market and ensure higher margins for channel partners, all of which are recognised for the delivery of next generation security management solutions. VCW Security only works with a select group of channel partners that have a proven track record in the markets in which they operate. This ensures limited competition, a cleaner more qualified channel and no erosion of margin.

Address: Hollis House, Maesbury Road, Oswestry, Shropshire, SY10 8NR Tel: 01691 663000 | Fax: 01691 680214 | Email: enquiries@vcwsecurity.com | Web: www.vcwsecurity.com

Source: IDG Research, August 2015

How is Your Web Security Performance?

Continuous monitoring

Attack prevention

Attack detection

Protection speed (how fast zero-hour vulner -

abilities are blocked

11%

16%

13%

7%

11%

11%

14%

18%

5%

4%

5%

13%

34%

27%

21%

27%

39%

43%

46%

36%

45%

43%

34%

34%

Extremely e�ective Very e�ective Somewhat e�ective

Not very e�ective Not at all e�ective

% Extremely/Very E�ective