Secure Web gateways: slamming the door on malware

The Web has become the new security battle front, surpassing even e-mail as the leading source of malware infections. In a recent study, Google found that one in 10 Web sites that it crawled contained a malicious payload. And Gartner Group estimates that 75% of enterprises will be infected this year with targeted malware that evades their traditional defenses.

Why? While more than 80% of enterprises have some form of URL filtering in place, less than 15% have any form of deep inspection on Web payloads, resulting in a Web security gap.

Click to see: How secure Web gateways protect

To make matters worse, this new class of threats — known by many names, including spyware, adware, crimeware and botnets — doesn’t make itself visible the way viruses or spam do. Instead, like a parasite that attaches and feeds silently, they do everything they can to infect a PC and avoid detection. Because the threats fly beneath the radar of detection, many enterprises can be lulled into a false sense of security.

Enter the secure Web gateway

Although organizations need tools that can block Web malware at the edge to supplement desktop defenses, adding another single-function point product and one more management console is not the answer. What’s required is a single platform that consolidates Web security functions without slowing down the network. Gartner has defined this new class of products as secure Web gateways, which combine URL filtering, Web malware protection and application control (and will no doubt combine other Web security functions in the future).

This market is evolving in a similar way to the secure e-mail gateway market of a few years ago, when enterprises transitioned from single-function antivirus gateways to multifunction gateways that handled antivirus, antispam, archiving, encryption and other functions on a single platform.

Like the leaders in the secure e-mail gateway market, the visionaries in the secure Web gateway market started with a blank sheet of paper. As a result, they have built solutions that combine high-performance engines; well-integrated, best-of-breed, third-party signature libraries; and their own “special sauce” to provide solutions that go well beyond what retrofits of legacy URL-filtering solutions can achieve.

A typical secure Web gateway will perform, at a minimum, the following protection functions:

URL filtering: Enforces acceptable-use policies by blocking access to objectionable Web sites, content and applications. This capability gives organizations the ability to design Internet-use policies to maintain employee productivity, manage network bandwidth usage, lessen legal liability and prevent exposure to Web-based malware.

Antivirus: Performs deep inspection of files coming into the organization from the Web using a variety of detection methods, including pattern matching, emulation technology and heuristic techniques, without adding separate file-scanning appliances or slowing browsing performance.

Antispyware: Performs deep inspection of files and active content coming in from the Web to prevent spyware from getting inside the network, blocks “phone home” traffic from infected PCs that may contain sensitive data, and pinpoints which machines are infected with what malware to aid in prioritization and cleanup.