Manage new web threats with a proactive security paradigm to help you secure Web 2.0 applications and protect your enterprise and the employees that use these applications on a daily basis.
White Paper
Seven Design Requirements for
Web 2.0 Threat PreventionWhite Paper Seven Design Requirements for Web 2.0 Threat Prevention
Table of ContentsExecutive Summary 3Introduction 3Web 2.0 Defined 4Web 2.0 Delivers Business Value 5Web 2.0 Security Concerns 5Inbound threats 5"But we are spending billions worldwide on security!!!" 6
Outbound Threats 8Solving the Web 2.0 Security Dilemma 8Recommendations 8
The Solution: Seven Design Requirements for Web 2.0 Threat Prevention 9Requirement #1: Deploy real-time reputation-based URL and message filtering for all domains-even those not yet categorized 9Requirement #2: Deploy anti-malware protection utilizing real-time, local "intent-based" analysis of code to protect against unknown threats, as well as signature-based, anti-malware protection for known threats 10Requirement #3: implement bi-directional filtering and application control at the gateway for all web traffic, including web protocols from HTTP to IM and encrypted traffic 10Requirement #4: Data leakage protection on all key and web messaging protocols 10Requirement #5: Ensure that all caches and proxies are "security-aware" for safety and efficiency gains 11Requirement #6: Design security infrastructure for layering of defenses with minimal number of secure devices 11Requirement #7: Use comprehensive access, management, and reporting tools 12
McAfee Products and Technologies for Web 2.0 Protection 12Integrated Gateway Appliances 13McAfee Web Gateway 13McAfee Email Gateway 14Data loss prevention 15Data loss prevention products and services 15
McAfee Security Technologies 15TrustedSource 15Anti-malware module 16
Conclusion 17Next Steps 17About McAfee 18White Paper Seven Design Requirements for Web 2.0 Threat Prevention
Executive SummaryToday's web is helping change how and where we work. Is Web 2.0 technology used in your business? Do you know if your web gateway, applications and confidential data are at risk?The aging web and messaging security solutions that most enterprises currently have in place are simply not providing the protection that's needed in today's dynamic environment. To both enable Web 2.0 use and address Web 2.0 threats effectively, companies need to build on traditional security protocols with a new generation of multi-layered security that includes both inbound and outbound protection, reputation-based filtering, and multi-function security appliances at the network gateway. A new Forrester Consulting study titled Next-Generation Secure Web Gateway Trends and Requirements finds that while use of Web 2.0 is enabling business and growing, a majority of organizations continue to lose the battle against the non-relenting Web 2.0 threats-losing in terms of infections, data loss, 1 2and costs to the business. Compared to a similar study conducted in 2007 , the new research shows rapid adoption of Web 2.0 technologies, associated malware threats and an increasingly mobile and 1distributed workforce are driving requirements for next generation web security gateways. Drawing on customer experience; data gathered from McAfee's global web and messaging reputation Tsystem, TrustedSource technology; and the findings of Forrester Consulting and other third-party sources, we'll outline in this paper the new Web 2.0 threats and explain why most security solutions in place today can't adequately protect against these threats. We'll then propose a set of Seven Design Requirements for Web 2.0 Threat Prevention, and give an overview of McAfee product and technology offerings that address these requirements.
Introduction The Internet today is a different place than it once was. Widely referred to as "Web 2.0," today's more interconnected and interactive Internet will continue to evolve as innovators use new web technologies to implement new applications. Too often, however, Web 2.0 innovations are designed with security as an afterthought, while end-user adoption of Web 2.0 far outpaces the implementation of adequate security solutions.Applications are now Internet-enabled, and corporate intranets and extranets are supporting critical business processes. Entire businesses are being built on web infrastructures, with many mainstream organizations already using sophisticated Web 2.0 technologies both internally and externally. Today's business model relies on the web to provide inbound access for rem... [download for more]
