5 reasons why Web gateways aren’t bulletproof

Over reliance on Web gateways is putting data, users, customers, organizations and reputations at risk.

Web gateways
Credit: Thinkstock
Bullet proof?

Like the threat landscape itself, web gateways have changed over the years. Today, web gateways do much more than enforce regulatory compliance and HR policies – organizations rely on web gateways to thwart internet-borne threats. However, although web gateways have been around for decades and continue to evolve, they are not bulletproof, and over-reliance on them is putting data, users, customers, organizations and reputations at risk.

Guy Guzner, CEO & Co-Founder of Fireglass explains the why Web gateways aren’t bulletproof.

Web gateways
Credit: Thinkstock
URL filtering is always behind the curve

571 new websites are created every second, which generates a high volume of domains and increases the chance that some will be missed by security controls. Adding to this is the fact that many URLs used by attackers are triggered only by their targets, are short lived (less than 24 hours), and use dynamic domains which are harder to thwart than static ones.

Web gateways
Credit: Thinkstock
Blocking uncategorized Websites isn’t the answer

Blocking uncategorized sites dramatically reduces end user productivity. Not only is this intolerable for end users -- security teams are forced to deal with an onslaught of support tickets for users who legitimately need to access information which web gateways are unable to classify. This setup leads to “policy rule hell,” which is where security teams find themselves when they must maintain a growing – and indeed painful – number of policies and rules.

Web gateways
Credit: Thinkstock
Even “safe” Websites infect visitors

The belief that infections occur only through websites that are categorized as suspicious or malicious is false. On the contrary, Forcepoint (formerly Websense) estimates that 85 percent of infections occur through legitimate and “safe websites.” So-called safe websites are often used to serve up malicious content from other sources which they have little or no control over. A good example is malvertizing, which injects malicious ads into legitimate online advertising networks later served by publishers that do not know if ads are malicious.

Another example is when attackers leverage vulnerabilities in the sites themselves to get them to serve malicious content. This happened when the Forbes Thought of the Day widget was breached by Chinese threat actors targeting US based defense contractors.

Web gateways
Credit: Thinkstock
Malicious files blow past Web gateways

While some web gateways integrate antivirus engines and other file scanning services, these are less effective in detecting malware. Antivirus scanners detect only 20 percent to 30 percent of malware. Leveraging sandboxes is also ineffective, as they require time to run and analyze files. To avoid impacting user experience, web gateways often pass files to users while sandboxes complete their analysis in the background, a practice called 2nd time prevention -- which essentially means users are exposed to attacks.

Web gateways
Credit: Thinkstock
Web gateways cannot neutralize malware on infected machines

Gateways have a very hard time differentiating between legitimate and malicious traffic, or detecting and neutralizing malware on infected machines. In fact, it is now well known that once reaching endpoint, advanced threats can be go undetected for weeks or even months. Indeed, recent research has found that 80 percent of web gateways failed to block malicious outbound traffic. Remote Access Trojans (RAT) represent another clear example of how web gateways fail to detect and stop malicious traffic.

To comment on this story, head over to Facebook.