Defining the Boundaries

Dave Ewart director of product marketing, EMEA at Blue Coat says enterprises must embrace BYOD and social networking, develop a comprehensive security policy and an implement an in-depth security solution to prevent cyber-attacks.

Tags: Blue Coat Systems Incorporated
  • E-Mail
Defining the Boundaries Dave Ewart says enterprises must implement security policies around BYOD.
By  Georgina Enzer Published  May 20, 2012

Dave Ewart director of product marketing, EMEA at Blue Coat says enterprises must embrace BYOD and social networking, develop a comprehensive security policy and an implement an in-depth security solution to prevent cyber-attacks.

Enterprises can no longer get away with blocking social networking or stopping employees from using their own devices at work says Dave Ewart director of product marketing, EMEA at Blue Coat.

“You wont get away with just disallowing it [social networking and BYOD] these days, especially if you want to recruit and maintain talent – they are not going to go to work in places where you can’t use your flash phone, so I think that a company that is even considering such a black and white approach should think again,” he says.

Not only does BYOD make employees more efficient, they can check their emails and respond both before and after work and at the weekends, but it also makes sure that they are always available without the company having to pay overtime, definitely a bonus for the enterprise.

The challenge that companies have however, is how to embrace these trends, without compromising the corporate network and opening it up to malware, viruses and threats.

According to Ewart, with the right technology and processes in place, companies can protect themselves from most attacks.

“As long as your security solution has a deep awareness to control it there is really no reason why companies should block social networking, and the same with BYOD. If you have the right kind of awareness of who has [a connected device] and what they are doing with it, then there is really no reason why you should not get ahead of BYOD instead of letting it run away with you,” he suggests.

One of the first steps to successfully implementing BYOD, or allowing social networking within the workplace is to carefully plan and define a corporate BYOD and social networking use policy.

The second step is to get a contextually aware, deep security system that can not only recognise that a user is logging onto the network using their own device, or logging onto a social network, but can recognise safe and unsafe apps within that social network or device.

But even with steps such as this in place, there is always the chance that something can get through the net.

“Clicking an email is, two years ago, the way that most people got infected. The cybercriminal community is now so advanced that you don’t need to even click anything. You can be doing a search and the results are poisoned and they look fine. I think the best we can do is, as well as educating people not to click dumb stuff, is to break the connection between the click and the malware,” states Ewart.

Blue Coat has recently launched its Unified Security solution that is designed to enable the extended enterprise to expand its secure perimeter to include all users on devices across any network.

The solution  leverages the same patented technologies and infrastructure across appliances and a cloud-based security service to deliver consistent policies and protection to all users.

“Often because the solutions are different, you have different access methods and that is what leaves that security gap, because obviously if I am coming into my Outlook through a device that has not been secured using a particular access method, that is a huge, huge gap. If I am walking into the office with a device that is not supported, that is a problem. That is the problem with BYOD, that lack of control, whereas if I have a system of secure-and-control security technology that understands these, and uses the connection method that can help the Blue Coat system understand me, then all the policies that I have signed up to applies, no matter what device I use,” says Ewart.

The Unified Security solution is all about giving customers a framework for deploying a consistent set of security and control devices no matter what device they are using, or where they are accessing it from.

Historically the perceived security thinking was to build a hard shell around the exterior of the network, with the precious resources inside. However, this approach no longer works.

“What we are now saying is that we are now in a position to move from just securing a network which does not actually work anymore, to securing a user and that is the paradigm shift that we are presenting here. What the Unified Security solution does, is unite the same consistent set of security and control technologies as we have always had in our appliances with a relatively new security as a cloud service and deliver that as a hybrid,” according to Ewart.

There are three legs to the Blue Coat approach, one being global threat defence, the other ones being universal policy – the way of affecting that protection, and thirdly reporting on it.

“One of the things we do is combine the power of the community by uniting all the 75 million Blue Coat users around the world to keep us ahead of the game - to keep us ahead of what is happening on the web. So any new web property or threat, one of these 75 million users will probably be the first to encounter it, so that sample is fed into the system. With that huge sample size it is important to make sense of it. We have a bunch of technologies that are constantly analysing this looking for trouble and categorising new web properties,” says Ewart.

The sample is analysed in real time and then combined with Blue Coat’s knowledge of the infrastructure use to deliver malware.

“We have to start looking at the malware infrastructure and over the years we have done a lot of research into malware networks and given them a name – Malnets.

There are about 500 of those worldwide with 10 big ones; we have given some nicknames because they are so familiar to us. By tracking these live, you can immediately see when a new little piece of infrastructure pops up, typically in advance of an attack happening and can block the attack before it happens,” he states.

Blue Coat calls this advance knowledge of threats ‘negative day defence’.

What normally happens in a classic attack is that the cybercriminals make available a software development kit and sell it for a few thousand dollars, and then in the lead up to the attack they create malware infrastructure.

“So for example last year the My SQL attack – the website was compromised and as soon as the attack happened anyone clicking on that site or visiting it was taken down into a relay and taken to the malware host. That first leg between the site and the relay had been set up a couple of weeks before in preparation for the attack. Because Blue Coat knows and understands the infrastructure, we saw that popping up, a bit of infrastructure grew on the side of the malware delivery network.

“So of course because it was linked to bad stuff, we were blocking that before it was even launched. We were getting support calls and saying to customers, you have been protected for a couple of days now,” says Ewart. “We have estimated that about two thirds of attacks come from the malnets that we know about.”

Ewart has predicted that one of the biggest threats in 2012 will be malware through social networking. Something like 1 in 16 malware attacks have come through social networks in 2011.

“It is no surprise for two reasons; one, cybercriminals are not stupid, where the most people are is going to be the richest pickings – it is like a busy market square and also inside a social network, psychologically it seems a bit safer, so if a friend suggests something, you are more likely to click it than an email from someone you don’t know. Social networking allows you to let your guard down a little bit, so I think that is a reason why we are seeing such an increase in that,” he states.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code