How to Create a toolset to avoid Web 2.0 security problems

Web 2.0 technology with collaboration and interaction features is very attractive to businesses and companies of all sizes. At the same time, vertical integration product verticals is also making full use of social networking sites, free online services, and other collaborative Web 2.0 platforms.

Although this interaction is exciting and encouraging, the loss of productivity, the risk of data leakage, and the inherent security risks of Web 2.0 are a triple threat to enterprises. CISO, Chief Information Security Officer) needs to find a subtle balance between security and commercial needs for these tools and use them to reduce the risk of data loss and reputational damage.

However, due to the rapid development of Web 2.0 technology, time-tested security methods may not be the best defense against malicious attacks and data loss. Because AJAX, SAML, XML, and other protocols cause some trouble in threat detection, many enterprises take the main defense measures against network threats-traditional Web page filtering Web filtering ), for Web 2.0 security issues, it is an inadequate defense. In addition, RSS and rich Internet applications directly access the network, while non-static Web content makes identification more difficult. Finally, user-generated content is hard to contain.

In addition to traditional defense methods such as standard images, IDS/IPS, bandwidth-controlled bandwidth-shaping, anti-virus/anti-malware, and firewall rule sets, many Chief Information Security Officers also use data loss Protection (DLP) technology to reduce the threat of data loss. But they also found that these emerging technologies are not immediately effective in plug-and-play ). Whether deploying a network-based, host-based, or data-aware DLP product, we must remember the importance of balancing speed, accuracy, and adequate scope.

DLP content analysis products provide various Web 2.0 security options. The similarities and differences between them must be understood correctly so that a product can better meet business needs. DLP analysis technologies include: regular Expression-Based Pattern Search, fingerprint identification of basic elements in the actual database, exact file matching, and statistical analysis to search for content that may contain similar sensitive data and complete documents matching and vocabulary analysis, such as employment opportunities, insider trading, and harassment) type and processing control commands provided by suppliers, such as HIPAA and GLBA ). This is not a one-size-fits-all solution. The technology you choose depends on the data you are responsible for protecting.

From a macro perspective, how should security experts prevent Web 2.0 security? There is no problem using Web 2.0 technology, but it also requires proactive identification of risks and a Web 2.0 security tool set to maximize its benefits. This Toolkit should have a document policy based on business goals, clearly indicating what content is allowed, what is blocked, and when people can access it. New policies should be established or existing policies should be updated, which should be clearer and more effective.

After your policy is in place, you should prevent information from being transmitted from your network. Your toolkit must contain quarantine technologies that can be monitored, prevented, warned, encrypted, and required for each policy. Deploy a product that prevents sensitive data from being transmitted from your out-of-site email system and enables it to work in real time to avoid affecting productivity of employees or enterprises.

Finally, even with these control measures, data and information will inevitably find the path to the Internet. Enterprises must be vigilant when using any sensitive information on the network. When company information is available through social groups, whether intentionally or unintentionally, reputation protection services and internal monitoring programs, or it is necessary to search for keywords and key phrases to deal with this situation.

Like all emerging technologies, the progress of Web 2.0 and its related components is changing with each passing day. Professional security personnel need to pay attention to risks and take corresponding defense measures. Policies, technologies, and architectures that defend against risks must proactively resolve problems and be used by the Chief Information Security Officer to further consolidate their business value.

1. Search Results Web 2.0 widgets: enterprises need to protect the security of Web plug-ins
2. Web security devices make up for UTM Content Security Vulnerabilities