Neighbourhood watch strategy may fight Web 2.0 threats

Hawthorn: A multi-layered architecture can best tackle multi-layer threats

In a few months, we have seen two attacks using rogue Facebook applications, including the re-emergence of last year’s Koobface threat.

It is not just Web 2.0 applications that are targeted. Spotify, the up-and-coming online music service, has also been compromised by hackers, leaking user data such as email addresses, birth dates, postcodes and billing details.

The problem for IT directors is that the boundaries between home and work are blurring. Millions of people download music from the web or visit other legal, yet recreational, sites on their work PCs and they are potentially a scammer’s dream.

Organisations must protect themselves from unmonitored and unmanaged employee activities.

Companies should deploy a multi-layered architecture to monitor, manage and control the growing variety of applications in the workplace. Defences should include an integrated community database to consolidate user experiences.

As threats are constantly changing, the system must also review new web pages or links quickly. A layered defence should gather reputation, web text inspection, malware scanning and threat information from organisations that understand spam and web content.

Deploying a neighbourhood watch-type approach has distinct advantages over conventional centralised web spiders. Daily crawls from one location leaves websites unprotected, except at the instant the crawler inspects them.

A large group of users can access tens or hundreds of millions of web pages daily, providing a constant stream of fresh information about websites and web pages.

A system in which members of a large community are visiting a page regularly is far more likely to detect an attack.

Organisations may today need certain Web 2.0 applications as they can provide some business benefits. For example, they can be good for developing business contacts. But companies also need to protect their users from the myriad thre ats that can be delivered through these sites, as well as new threats from file downloads.

Granular policies can allow text and graphics content while blocking applications. Anti-virus gateways can inspect traffic on the fly and neighbourhood watch services can deliver broader knowledge than individual systems working on their own.

The key is to be able to monitor and control access to critical technologies, while protecting users and networks from malware.

Nigel Hawthorn is EMEA marketing vice president at Blue Coat Systems