Cloud computing has become a viable model for many it needs. In some cases, large enterprises will buy cloud CPU cycles on demand, using "infrastructure as a Service" (IaaS) provided by vendors such as Amazon, Rackspace, and Terremark for testing, development, and batch processing. In other cases they outsource the entire application, such as handing the email to Google,crm to Salesforce.com, or handing the payroll to ADP.
Although it is indeed valuable, it experts are still keen on a philosophical debate about the value of cloud computing. They want to know whether cloud computing and SaaS, designed for the masses, are truly an option for the Enterprise data center onsite IT equipment. After all, built-in it devices provide wire-speed performance and can be adapted to meet the specific needs of an enterprise.
Recently, chief information security officers convened similar meetings to discuss information security requirements, particularly those related to network security threat management. Security experts have considered a similar question: should large enterprises choose to build their own security gateways or give the management of network security threats to cloud services? The conclusions of this paper are as follows:
• Resolve Web threat management issues as quickly as possible, regardless of the solution you choose. While the theoretical thinking on the comparison of internal and cloud services is continuing, the complexity of Web site threat management is growing. As a result, ESG research shows that large enterprises are investing more and more in Web site threat management solutions.
• Enterprise internal and cloud deployment has its advantages and disadvantages. Web site threat Management gateways apply to large, centralized facilities, while SaaS applies to telecommuting and often outgoing employees. Unfortunately, large, globalized enterprises have needs in these areas, so neither security gateways nor SaaS can meet their needs alone. Chief information security officers want to know whether they should choose a solution or implement multiple solutions for multiple vendors.
• Large-scale global enterprises need a tightly integrated hybrid solution. Typically, multinational companies have a large pool of concentrated and dispersed employees. These businesses need consistent policy management, implementation, and oversight, and they have strong security for employees regardless of where they connect from the network. In fact, this is the main reason for implementing a unified hybrid network security solution that combines the flexibility of control and cloud within an enterprise. With a hybrid architecture, large global enterprises can not only centralize management, distribute implementation, but also leverage the "crowdsourcing" advantages of mobile, remote and centralized staff cloud computing communities. This architecture, which combines the best of the two areas, will evolve into a standard enterprise deployment.
Web threats are becoming more dangerous
While the defenses of viruses, worms and Trojans have always been a problem, many chief information security officers believe that today's threat management is a day of trickier. This is because large enterprises not only face the traditional attack vectors, but also face the increasingly dangerous web threats. The situation is getting worse for the following reasons:
• Unprecedented amount of malicious code. According to the latest Blue Coat Web site report, the number of web threats has increased by more than 500% over last year. In addition, the number of malicious code variants increased by more than 300%, while phishing attacks increased by more than 600%.
• Dangerous web content. Nearly half of all malicious code's threats target Web browsers because many Web applications are vulnerable and susceptible to infection. Users also tend to believe in websites of high-traffic sites such as Google, Yahoo and Bing, which have been attacked and used to spread malicious code. WEB 2.0 is driven by dynamic content, a new and elusive intrusion vector. Finally, web threats can target specific businesses or individuals, making detection and prevention extremely difficult.
• Social network carrier. Social networking sites have quickly become a crime-prone place. For example, the Zeus botnet has spread more than 1.5 million of its phishing information over the past few years through Facebook. So it's no wonder that more than Two-thirds (77%) of security professionals working in corporate institutions (more than 1000 employees) believe that employees ' access to social networks increases the likelihood of complex attacks (see Figure 1)
Figure 1. Believe that social networking sites increase the chances of being apt to attack
Source: Enterprise Strategy group,2011 Year
Increased mobility. Employees often use laptops, smartphones and tablets to access various corporate and consumer Web applications. While this liquidity promotes productivity, it also makes it more difficult to manage device configurations, update security signatures, or monitor suspicious and/or abnormal behavior.
Large enterprises are investing in Web site threat management
Wikipedia's definition of "cyber threat" is as follows:
"Web threats are any threat to use the Internet to promote cybercrime." Web threats use a variety of malware and scams, all of which use HTTP or HTTPS protocols, but may also take advantage of other protocols and components, such as links in e-mail or instant messages, or attachments to malicious software or servers that access the network. They help cyber criminals sell after stealing information and suck up infected computers into botnet networks.
Web threats pose a range of risks, including economic loss, identity theft, loss of confidential information/data, theft of network resources, damaging brand/personal reputation, and undermining consumer trust in e-commerce and online banking.
Given the ubiquity, volume and growth of web threats, CIOs are constantly investing in specific network security. This is illustrated in recent ESG research. Nearly one-third of companies said they would invest in 2011 to invest in Web security (see chart 2)
Figure 2. Large enterprises will invest in Web page security
Source: Enterprise Strategy group,2011 Year
Which web threat management model is best?
Chief information security officers are often confronted with a number of difficult choices when looking for Web site threat management technology guarantees. In the vendor hype, many security executives are faced with a new choice: should they buy and implement traditional gateway security solutions, or should they opt for SaaS cloud services by abandoning their own in-house solutions?
Web site threat Management gateway ideal for large and centralized enterprises
Web site threat Management gateway is located in the network access point, can filter and block malicious Web content, such as fishing vulnerabilities, viruses, worms, Trojans and botnets. To maintain protection, security vendors often need to regularly update the rules and signatures of the Web site threat Management Gateway when new malware threats occur.
In the past, large enterprises often chose to build their own web site threat management gateways. These traditional "barrier servers" have the following advantages:
Performance。 The gateway application is run with "wire speed", the delay time is shortest, and the influence on network performance is minimal. Large enterprises with enterprise-class it, network, and security technologies can easily implement and adjust gateway security devices to provide strong security protection for thousands of employees who need the network without any negative impact.
• Customizable policy management and implementation. There are a variety of security requirements for the company in terms of regulation, industry-specific threats and internal governance. To meet these different requirements, many gateway Web site threat Management devices provide detailed settings for policy management and security precautions. This allows the enterprise to enforce security policy rules by setting a Web page threat management gateway based on specific requirements for a particular user, group, location, or period of time of day.
• Central Command and control. Large enterprises with multiple network access points may require multiple Web site threat management gateways because of multiple agencies or stations. To meet this demand, advanced Web site threat management gateways can centralize command and control over multiple devices. In this way, the chief information security officer can implement a unified strategy for multiple Web page threat Management gateway devices, or set up a device based on specific requirements.
• Integrate other security features. In many cases, Web site threat management can also be combined with other security applications, such as DLP, anti-virus, or URL filtering, at the high performance security gateway. This enables large enterprises to use standardized, single security devices to reduce costs, simplify day-to-day maintenance, and centralize maintenance and support. Integrated security devices can also improve overall security by associating events and merging reports.
Cloud Technology Web page Threat management for distributed enterprise
The Web site threat Management Gateway is best suited for a large centralized enterprise with thousands of employees visiting the network at several institutions in the same location. But in today's global business environment, many companies are highly fragmented and often have mobile employees in branch offices, remote locations, and even on the road. Over the past few years, more and more security providers have adopted SaaS or cloud technology delivery models as a complement to traditional gateway devices. Distributed enterprises can leverage Web page threat management using the cloud technology delivery model, which has the following advantages:
• Simple deployment and operation. SaaS is a "turnkey" solution that eliminates the need to purchase, test, deploy, or manage new devices. Through web site threat Management Services, you simply route all network traffic to the cloud IP address, and then all web threat management strategies are implemented remotely.
• Effective and efficient protection. Because cloud vendors are the solution designed for the masses, SaaS solutions provide adequate protection against the most common types of attacks. In the case of web-site threat management, this means that cloud services can block malicious URLs and content, phishing sites, and known malware distributors. Cloud Web threat Management services can be considered as a manifestation of the 80/20 rule. They may not provide custom settings or security integrations that are built into the enterprise's built-in gateways, but they can provide effective and efficient protection against common page threats.
• Support for remote offices and mobile workers. According to recent research, ESG believes that employees who work remotely and in a division have a greater security risk than those who work centrally, especially in Computer Configuration management, end-user training, and monitoring of the use of sensitive data by remote employees 3. These remote offices, which have dozens of of employees, require web site threat management, but cloud services are particularly appealing because it is not economically or technically feasible to deploy gateway devices in every remote organization. The mobile worker is rarely behind the firewall. As a result, gateway applications cannot provide any protection in this area, and SaaS is an ideal choice.
• Because of the "network effect" and "crowdsourcing" role, cloud security services also have a potential security advantage. In this mode, all cloud customers are an intelligence agent, and they report to the cloud when they discover new ways of attack, such as malicious code or an attack URL that was not previously discovered. Once new attacks are identified, all others in the cloud security community can be protected.
Figure 3. Security issues that meet the needs of remote office/branch offices
Source: Enterprise Strategy group,2011 Year
Large global enterprises need hybrid security architecture
Some enterprises tend to choose a web-based web threat Management Gateway or SaaS solution based on a single decision point-whether the enterprise is a centralized enterprise or a distributed enterprise. But many global enterprises have decentralized centralized stations and many remote offices and mobile workers. So should they choose to build their own equipment or cloud services, or are there two solutions?
It is clear that large global enterprises need web site threat management solutions that provide protection for all employees and IT assets, whether they are in a data center or a remote office, or access to an application through a public network. Unfortunately, this means implementing multiple solutions from several vendors, building an enterprise internal solution for the corporate network, and providing cloud services for remote offices and mobile employees. Yes, multiple solutions do provide coverage and protection, but this can also lead to costly and redundant operations.
So what's needed here is a hybrid architecture that combines the performance and management advantages of a field device with the flexibility and coverage of cloud services (see Figure 4).
Figure 4. Hybrid security Architecture
Source: Enterprise Strategy group,2011 Year
To meet the needs of large global enterprises the hybrid Web threat management architecture must include:
• Centralized management and distributed implementation. The hybrid Web site threat management architecture provides consistent policy management and security, regardless of whether these activities occur within enterprise devices or in the cloud. Devices and cloud services can be managed through a unified graphical user interface, and reports can be customized to provide a view of the entire enterprise, such as a consolidated view of the enterprise's built-in devices and cloud services, or to provide a unified view of each branch location.
• Cloud-centric intelligence. Threat intelligence is a solid foundation for cloud technology, while user and enterprise internal self-built devices contribute through the crowdsourcing role described above. New threats can be addressed immediately by real-time updates to the enterprise's internal self-built devices.
• Tight integration. Enterprise internal and cloud management and implementation can be applied flexibly according to the situation. In addition, the hybrid threat management architecture can be extended at any time in the light of future requirements. For example, through DLP capabilities to enhance Web site threat management, to prevent network access point of malicious code attacks and network exports of data leakage.
Hybrid web-site threat management with flexible and immediate security benefits
ESG believes that a hybrid architecture can provide both short-and long-term benefits and almost immediately. The reason the hybrid Network security architecture can provide these advantages is:
• Improved security for remote workers. Based on ESG Research, IT support for remote offices faces many security issues, including Web site threat management (see Figure 3). And mobile workers also have these security issues. The hybrid Web site threat Management architecture provides a concise and effective solution because it reduces the need to deploy new devices or one-time SaaS security services. Furthermore, CIOs can use centralized IT security technology and best-of-breed network security tools to achieve carpet coverage, regardless of geographic or network location of employees. Results? Immediate security improvements directly address some of the issues identified in the ESG Research report.
• Provide global visibility and control capabilities to quickly identify and resolve problems. Due to the current network attacks such as apt are very mature, a device attack can cause serious data leakage. To address this risk, all devices and activities are monitored. Because the hybrid Web threat management architecture provides centralized command and control, policy management, and reporting, CIOs can understand and oversee all devices and security activities throughout the network. This visibility and control capability can speed up problem discovery and resolution.
• Create a cloud migration path. The hybrid Web Threat management architecture combines the advantages of in-house self-built devices and clouds. This can provide a full range of coverage. But some companies may want to slowly hand over network and other threat management to the cloud, especially after cloud security services mature. The hybrid Web site threat management architecture provides a flexible, secure migration path. Chief information Security officers can easily adjust network settings, replace network devices with cloud services, and exploit this advantage when the cloud economy and security technologies mature.
More important facts
Cloud computing and SaaS typically represent a pair of options that are antithetical to traditional IT solutions-either you do it yourself or you completely let go. This is a regrettable idea that completely ignores the whole concept of the "mixed cloud". While few companies are now handing over applications to cloud services, this will be a standard way of capacity planning, business continuity, and disaster recovery in the future.
The same concept should be applied to finer it requirements, such as Web site threat management. There are many advantages to in-house and cloud solutions within an enterprise, but none of them provides complete coverage. Smart chief information Security officers will not only choose between the two options, but look for a hybrid solution that can provide both advantages. The best mix should be a tightly integrated architecture combining centralized management with distributed implementations. This is blue coat, a web-threat management architecture that combines the security of Proxysg/webfilter devices and network security clouds-is supported by Webpulse Collaborative defense.