Critical security gaps found in secure web gateways
Attack detection and analytics specialist Seculert has released a new report identifying critical security gaps in popular web gateway solutions.
During the first 10 months of 2015, Seculert observed the web gateway performance of Barracuda, BlueCoat, Fortigate, Ironport, McAfee Web Gateway, Palo Alto Networks, Websense and Zscaler to determine whether existing gateway solutions were allowing infected internal devices to communicate traffic outside the organization.
It found that of the 200 billion total communications observed, there were nearly 5 million attempted malicious outbound communications from infected devices. More importantly 40 percent of all attempted malicious communications succeeded in defeating the security of their web gateway.
Most of the gateways observed didn't provide protection from the effects of the two most dangerous new attacks seen during the summer of 2015 (Dyre and Trojan.Agent.145). One large consumer goods company in the study had at least 271 gigabytes of uncompressed data expropriated within the 10 month period.
Nearly two percent of all examined devices were infected and all companies included in the research exhibited some evidence of infection. Measured over time, nearly all of the gateways observed showed uneven performance. While most performed well for weeks or months, eventually all showed evidence of being 'defeated' by the adversary.
"Seculert's research continues to show that current prevention solutions are not enough to defend against attacks. Today's enterprises are simply sitting ducks to the barrage of cyber threats, and as our report shows, are unknowingly allowing malicious outbound communication to be transmitted through their web gateways on a daily basis," says Richard Greene, Seculert CEO. "Organizations need to arm themselves with a solution that can detect when, where and how much they've been attacked, so they can quickly remediate these threats. Seculert uses a unique combination of aggregated behavior intelligence and supervised machine learning to accurately uncover attackers’ activity. These results are shared for the benefit of others in the community".
The full report is available to download from the Seculert website.