Cisco Cisco Web Security Appliance S170 白皮書
IDC 1985
I D C T E C H N O L O G Y S P O T L I G H T
W e b S e c u r i t y : E s s e n t i a l C o m p o n e n t o f
T h r e a t - C e n t r i c D e f e n s e S t r a t e g y
T h r e a t - C e n t r i c D e f e n s e S t r a t e g y
September 2015
Adapted from Security in the 3rd Platform: Marching Toward Proactive Defense by Christian A. Christiansen and
Robert Westervelt, IDC #255791
Sponsored by Cisco Systems
Web-borne attacks remain the prevailing pathway criminals take to gain access to sensitive corporate
resources. Attackers are getting smarter about covering their tracks, carrying out multidimensional attacks
that combine time-tested techniques with evasion mechanisms and encrypted communication to thwart
traditional security solutions, according to forensics investigators who have taken part in many of the latest
breach investigations. The transition to SaaS-based services and an ever-increasing mobile workforce
that demands unrestrained access to corporate resources have resulted in the excruciatingly difficult task
of mitigating the increased risks. Attackers are seizing on system complexity and the continued expansion
of the network, which has eroded IT security's ability to maintain situational awareness
resources. Attackers are getting smarter about covering their tracks, carrying out multidimensional attacks
that combine time-tested techniques with evasion mechanisms and encrypted communication to thwart
traditional security solutions, according to forensics investigators who have taken part in many of the latest
breach investigations. The transition to SaaS-based services and an ever-increasing mobile workforce
that demands unrestrained access to corporate resources have resulted in the excruciatingly difficult task
of mitigating the increased risks. Attackers are seizing on system complexity and the continued expansion
of the network, which has eroded IT security's ability to maintain situational awareness
— something that
is central to identifying and containing threats before data is stolen. It's clear that organizations must
increase their security effectiveness given the continued sophistication of malware designed to evade
traditional security defenses and well-funded targeted attacks designed to maintain persistent presence on
corporate networks. Most organizations have already invested heavily in building out and maintaining their
security infrastructure; the good news is that there is room to gain more value out of existing security
investments by creating more cohesiveness. Organizations can get more value out of their Web security
defenses when combined with a unified security architecture that bridges the communication gaps that
have long existed between endpoint and networking security solutions. Leveraging the threat intelligence
gleaned from Web security platforms, a network security backbone, combined with security technologies
that conduct threat analysis and automated response, can help boost the effectiveness of security
operations and significantly reduce risk where it matters most. This paper explores how Web security
plays a key role in defending against evolving threats and highlights how Web security fits into a unified
security architecture and how Cisco Systems' threat-centric approach can be applied to address
dangerous Web threats.
increase their security effectiveness given the continued sophistication of malware designed to evade
traditional security defenses and well-funded targeted attacks designed to maintain persistent presence on
corporate networks. Most organizations have already invested heavily in building out and maintaining their
security infrastructure; the good news is that there is room to gain more value out of existing security
investments by creating more cohesiveness. Organizations can get more value out of their Web security
defenses when combined with a unified security architecture that bridges the communication gaps that
have long existed between endpoint and networking security solutions. Leveraging the threat intelligence
gleaned from Web security platforms, a network security backbone, combined with security technologies
that conduct threat analysis and automated response, can help boost the effectiveness of security
operations and significantly reduce risk where it matters most. This paper explores how Web security
plays a key role in defending against evolving threats and highlights how Web security fits into a unified
security architecture and how Cisco Systems' threat-centric approach can be applied to address
dangerous Web threats.
Introduction
Endpoint security and the Web security defenses protecting the endpoint are on the front lines in the
battle against malware and targeted attacks attempting to gain access to corporate resources.
Web security technologies are adapting to the growing use of cloud services and the explosion of
mobile devices, which together have created a perimeter that is becoming more malleable every day.
That digital fluidity is under attack by organized criminals in Eastern Europe, Russia, and China who
are taking advantage of the growing complexity and strained security defenses.
battle against malware and targeted attacks attempting to gain access to corporate resources.
Web security technologies are adapting to the growing use of cloud services and the explosion of
mobile devices, which together have created a perimeter that is becoming more malleable every day.
That digital fluidity is under attack by organized criminals in Eastern Europe, Russia, and China who
are taking advantage of the growing complexity and strained security defenses.
These attackers seek account credentials, credit card data, healthcare information, and intellectual
property. The stolen data enters the backbone of their operation, a place where organized
cybercriminals have spared no expense to modernize their business operations. Criminal enterprises
use integrated systems to support business intelligence and analytics to quickly examine, sort, and
bundle the data. The goal is to fetch the highest price in underground hacking markets.
property. The stolen data enters the backbone of their operation, a place where organized
cybercriminals have spared no expense to modernize their business operations. Criminal enterprises
use integrated systems to support business intelligence and analytics to quickly examine, sort, and
bundle the data. The goal is to fetch the highest price in underground hacking markets.