Secure Web Gateways Fail to Prevent Malicious Attacks

Eighty percent of secure Web gateways installed by Fortune 1000 companies miss the vast majority of malicious outbound communications, according to a report from attack detection and analytics specialist Seculert.

The study examined a subset of its 1.5 million user base that included more than 1 million client devices that had generated more than 200 billion total communications from Fortune 1000 companies in North America.

Nearly all the environments studied were running sophisticated perimeter defense systems, including a secure Web gateway and/or next-generation firewall, an intrusion prevention system (IPS) and security information and event management (SIEM) software, in addition to fully functioning endpoint protection.

“The alarming part of this research is the sheer number of malicious threats that were able to make it through the companies’ secure Web gateways time after time,” Richard Greene, CEO of Seculert, told eWEEK. “The research found that 80 percent of secure Web gateways blocked zero to two of the 12 latest and most dangerous threats. These are real tests conducted with Fortune 1000 companies, and even they are ill-prepared for the increasing complexity of cybercriminals’ attacks.”

Of the 200 billion total communications observed, nearly 5 million attempted malicious outbound communications were from infected devices, and 40 percent of all attempted malicious communication succeeded in defeating their associated secure Web gateway.

“Many enterprises rely on only prevention-focused perimeter security tools, like next-generation firewalls, IPS and secure Web gateways,” Greene said. “This positions them directly in the crosshairs of cyber-criminals and other adversaries capable of penetrating modern perimeter security defenses with startling ease. While useful, these prevention solutions alone cannot protect organizations in the current threat landscape.”

The report also found nearly 2 percent of all examined devices were infected, and all companies included in the research exhibited evidence of infection.

“Understanding the cyber threat landscape is a constant game of trying to stay ahead of the latest threats,” Greene said. “Common cyber-criminals will no longer be the most common threat as sophisticated criminal gangs with modern organizational models and tools emerge as the primary threat.”

Greene noted that besides being well-funded, “these attackers have the luxury of time on their side, so they’re able to develop more advanced techniques not yet anticipated by the cyber-defense community.”

Also, there will be a growing number of state-versus-state reconnaissance attacks as cyber- “armies” research the strengths and weaknesses of their opponents, he said.

Measured over time, nearly all of the gateways observed exhibited uneven performance, and the report noted that while most performed well for weeks or months, eventually all showed evidence of being “defeated” by the adversary.