Secure Cloud Gateway: Using the Internet to combat cyber attacks

Cyber attacks are in the same way as the Internet, using Domain Name System (DNS) to distribute malware, control botnets, and collect login information. With the increase in cloud computing services, BYOD and telecommuting, the attack surface has gone beyond the traditional corporate network boundaries.

This diversity of devices and networks creates an environment in which businesses must accommodate any device roaming anywhere. However, the current security platform cannot cope with this situation. This spawned a new network security platform: secure Cloud GATEWAY,SCG, a secure cloud gateway that leverages a DNS based base to provide broader security, increased coverage, and deeper visibility.

Legitimate web browsing occurs only in two protocol (port) pairs: HTTP (80) and HTTPS (443). While malware occasionally infects devices through non-standard ports, botnets often use non-web protocols to attack networks and steal data. Secure cloud gateways Use DNS to protect all ports, protocols, and applications.

Now, threats are targeted, but targets are everywhere. Personal devices are increasingly connected to corporate networks, and employees often take enterprise devices that contain sensitive data out of the security perimeter. By leveraging DNS, secure cloud gateways can provide security for devices regardless of where they are located.

The appearance and behavior of network threats are volatile, but they usually originate from a limited number of Internet hosts, and some network attacks often share the same criminal infrastructure. To obtain accurate security information, secure cloud gateways Use the DNS infrastructure and Anycast routing technology to map each connection request across the Internet.

Although the vast majority of web domain names can be classified as safe or malicious, some Internet hosts are difficult to classify. This is because they contain both secure and malicious web content, or their internet origins are suspicious. However, a deep check of each Web connection can significantly degrade performance. In addition, redirecting each Web connection reduces manageability. Security cloud gateways can identify high-risk or suspicious domain names and use DNS redirection to route them for more in-depth inspection.

Unlike a secure Web Gateway (SWG) device or a service that sends a Web connection through a proxy, a secure cloud gateway routes only suspicious Web connections for depth checking. This concept is called an intelligent agent, and here's how it works.

Scenario 1: An employee tries to access the site #, and the security cloud Gateway has determined that the site is malicious, based on the risk rating for that host. Perhaps this domain name is related to the infrastructure known to be used for criminal attacks, or the domain name is always requested by other malicious hosts. The security cloud Gateway returns the IP address to its blocked page, rather than the malicious domain name, thereby protecting the enterprise's network and data.

Scenario 2: An employee tries to access the site, and the security Cloud Gateway continues to analyze the internet source of the site's content host-from space (such as geography, network) and time (such as request volume, common occurrence rate). Based on the known data and algorithm risk prediction, the security cloud Gateway determines that the risk of the site is very low, and then the IP address is directly connected to the host of the site. Employees do not encounter any delays or disturbances when accessing the site.

Scenario 3: When an employee attempts to access the site #3, the security cloud Gateway has determined that the site's content host is high-risk and returns the IP address to its proxy server. The proxy server provides deeper checks, including checking internet sources, domain names, and IP addresses. After these checks, if the content is considered safe, it will be sent to the browser to connect the employee to the domain name. If the content is malicious, the security cloud Gateway sends back blocked access pages, and employees are prevented from accessing the malicious domain name.

Integrated Intelligence and execution

Effective security also requires intelligence and enforcement against advanced threats and targeted attacks. No immediate execution of intelligence will prevent malware or protect against botnets. At the same time, no predictive intelligence enforcement can prevent the most complex attacks. Security Cloud gateways integrate intelligence and execution in new ways.

Operational intelligence requires maximum coverage and visibility. The security cloud Gateway uses the DNS infrastructure to collect huge amounts of data, which is enough to predict the internet source of the emerging Internet, even if binary files or exploits are unknown. These collected data can reflect the usage model of all devices, regardless of their location, owner type, whatever port or protocol they pass through.

At the same time, implementation requires the greatest breadth and depth of security technology. With recursive DNS, secure cloud gateways can implement security policies for traffic across 65,535 network ports and wireless number of protocols and applications. To provide advanced threat protection, secure cloud gateways redirect high-risk Web requests to their smart proxies (intelligent proxy) to perform deeper checks to detect and block malicious content that is hidden in a Web session.

The

does not use a traditional proxy server or an inside architecture. The Security Cloud Gateway incorporates a cloud-based infrastructure that consolidates multiple security execution technologies and Internet-scale threat intelligence-gathering capabilities, enabling secure cloud gateways to respond to changing attacks and emerging threats without sacrificing performance and manageability.