Posted by Geraldine Hunt on Tue, Oct 13th, 2020
Web Content Filtering is a method used to prevent web-borne threats from entering the enterprise IT ecosystem. Cybersecurity threats come in all shapes and sizes. Traditionally, the modern enterprise has taken steps to mitigate these threats using endpoint protection tools such as anti-malware. However, the cybercriminal is a master of disguise. In a chameleon-like manner, a hacker changes the way they operate to evade detection. The techniques that result in malware and/or stolen login credentials and data, often enter the network as web-borne threats, hidden in websites, and even online ads.
Tricks of the trade and threats that impact the modern enterprise
A report from McAfee found that during Q1 2020, threats from external hackers targeting cloud services increased by 630%; much of the attacker focus was on collaboration platforms such as Microsoft Office 365.
Cyber-threats are a 360-degree problem. As such, an enterprise needs to tackle them across all entry points, including web-based attack points. To look at what the enterprise is up against, we need to understand how cybercriminals take advantage of the internet and websites.
Points of attack: How cybercriminals circumvent security protection
Web connectivity is the perfect connection point for employees to work and collaborate. It is also, therefore, the perfect place for a cyber-attack.
Phishing
This is a major cause of credential theft and/or data breaches and the cybercriminal’s weapon of choice. Phishing relies on social engineering and/or vulnerabilities in software. Phishing comes in many forms but the most common is email phishing. An email typically contains a link to a malicious website. If the user clicks on the link and opens the website, they may be automatically infected with malware. Alternatively, or in addition, the URL can take the user to a spoof site that looks exactly like a legitimate site, such as an Office 365 login page. If the user enters their login credentials they will be stolen. If a user has unpatched software that contains flaws, an infected website will use these vulnerabilities to insert malware: Phishing can be a double-whammy, stolen credentials, and an infected device.
Malvertising
A technique where an online ad is infected with malicious code. These ads are often on trusted websites. The malware in the ad automatically installs, via a software flaw on the user’s device (usually in the browser); this is known as a ‘drive-by-download’. Alternatively, the ad can redirect the user to an infected website. Malvertising is a major issue with an estimated 1 in every 100 online ads being infected.
Exploit kits
Cybercriminals can hide malicious software in websites using an exploit kit. If a user navigates or is redirected (as happens with some forms of malvertising) to a website that contains an exploit kit, the user's device can become infected with malware if the software on the device contains vulnerabilities. The exploit kit is typically designed to look for these vulnerabilities in browser software or similar. If a flaw is found, the exploit code can execute malicious software.
How does web content filtering protect corporate data?
Web Content Filtering software has been developed to tackle the complex pattern of modern web-borne cyber-threats. It does so by applying several techniques:
HTTPS Content Filter
The ‘S’ in HTTPS is supposed to be an indicator that you are on a secure site. To display an HTTPS as opposed to HTTP, a website must use digital certificates and implement the security protocol “SSL” or “TLS”. However, obtaining an SSL certificate is easy, and so, cybercriminals now use these secure systems to trick users into a false sense of security. The Anti-Phishing Working Group (APWG) found that in 2020, 78% of phishing sites used SSL displaying an HTTPS prefix in the URL.
An HTTPS content filter performs checks on a website to ensure that the site does not contain malware and is not a phishing site, so is safe for users to visit. The HTTPS content filter uses an SSL inspection process which involves decrypting, reading, scanning, and re-encrypting the content of (HTTPS) encrypted websites.
Preventing software vulnerabilities and web-borne threats
One of the reasons why malware is so successful is because software vulnerabilities leave the door open to infection. Web content filters perform automatic software updates to ensure that patches are promptly carried out, reducing the risk of malware infection if an employee does end up on an infected website.
Protecting against social media as a conduit for web-borne threats
Social media is increasingly seen as the ‘go to’ medium by cybercriminals. A report by Bromium, entitled, “Social Media Platforms and the Cybercrime Economy” concludes that social media is a:
“a global distribution center for malware.”
The report found that social posts and messages are used as a conduit for malware installation, facilitated by vulnerabilities in unpatched software. The Bromium report goes on to say that:
“70% of ransomware attacks that were successful in 2017 originated from phishing attacks via emails or social media platforms.”
Some enterprise web filtering software can be configured to block chat programs, including Facebook Messenger which can be blocked without blocking access to Facebook.
Reducing the Risk of Web-Borne Threats Using Smart Content Filtering Software
The digital transformation of the modern enterprise has resulted in fluid, connected, working processes. Coupled with the flexible and remote working patterns that Covid-19 has enforced, this alignment of planets has created the perfect conditions for increased web-borne threats. In 2020, AV-Test identified more malware strains than ever before. Malware is a serious threat to our data security, entering our IT systems via phishing and infected websites. By using a web content filtering solution, an enterprise can place a smart filter on employee access of dangerous websites, even when working remotely, without interrupting normal working patterns. By applying content filtering the web-borne threat can be controlled.
Content Filtering With WebTitan Cloud
WebTitan Cloud is a DNS based web content filtering solution that provides complete protection from online threats such as viruses, malware, ransomware, phishing and comprehensive content filtering. WebTitan Cloud is a low maintenance solution that can be set up in five minutes to stop your users from accessing inappropriate content online.
Our intelligent AI driven real time content categorization engine combines industry leading anti-virus and cloud based architecture. This makes the WebTitan Cloud content filter an ideal solution for organizations needing maximum protection and minimal maintenance. Webtitan customer testimonials speak for themselves.
WebTitan Cloud is an ideal alternative to OpenDNS Cisco Umbrella. We also have a detailed Cisco Umbrella pricing comparison for prospective new customers.