Leading gateways allowed more than 40 percent of attempted malicious communication to succeed
Seculert, a leader in attack detection and analytics, released its “Secure Web Gateway Performance Report,” identifying critical security gaps in companies’ gateway solutions in 2015. Seculert examined a subset of its 1.5 million user base that included more than 1 million client devices that had generated over 200 billion total communications from Fortune 1000 companies in North America.
During the first 10 months of 2015, Seculert observed the performance of web gateway solutions from Barracuda, BlueCoat, Fortigate, Ironport, McAfee, Palo Alto Networks, Websense and Zscaler. Seculert’s research determined whether existing gateway solutions were allowing infected, internal devices to communicate outside of the organization to their perpetrators. Nearly all the environments studied were running sophisticated perimeter defense systems, which included a secure web gateway and/or next generation firewall, an IPS, as well as a SIEM in addition to fully functioning endpoint protection.
Key findings include:
- Of the 200 billion total communications observed, nearly 5 million attempted malicious outbound communications were from infected devices.
- 40 percent of all attempted malicious communication succeeded in defeating their associated secure web gateway.
- Most of the web gateways observed did not provide protection from the effects of the two most dangerous new attacks seen during the summer of 2015 (Dyre and Trojan.Agent.145).
- One large consumer goods company had at least 271 Gbytes uncompressed data expropriated within the 10-month period.
- Nearly 2 percent of all examined devices were infected and all companies included in the research exhibited evidence of infection.
- Measured over time, nearly all of the gateways observed exhibited uneven performance. While most performed well for weeks or months, eventually all showed evidence of being “defeated” by the adversary.
“Seculert’s research continues to show that current prevention solutions are not enough to defend against attacks. Today’s enterprises are simply sitting ducks to the barrage of cyber threats, and as our report shows, are unknowingly allowing malicious outbound communication to be transmitted through their web gateways on a daily basis,” said Richard Greene, Seculert CEO. “Organizations need to arm themselves with a solution that can detect when, where and how much they’ve been attacked, so they can quickly remediate these threats. Seculert uses a unique combination of aggregated behavior intelligence and supervised machine learning to accurately uncover attackers’ activity. These results are shared for the benefit of others in the community.”
Seculert’s Attack Detection & Analytics Platform, delivered as a service, identifies attacks that have defeated perimeter prevention systems based on the evidence the attacker inevitably leaves behind as they execute their malicious activities.
About Seculert
Seculert is a leader in automated attack detection and analytics. Delivered via the cloud, the Seculert Attack Detection Platform combines machine-learning based analytics and threat intelligence to automatically detect cyber attacks inside the network, revealing exactly which devices and users are compromised. For the first time, CISOs can measure and prove the effectiveness of their existing threat prevention systems, all without deploying additional staff, hardware or software. Organizations worldwide use Seculert to identify known and unknown security threats, while enhancing the effectiveness of their IT security investments. Founded in 2010, Seculert has offices in the U.S., the U.K., and Israel.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.