Protecting users from web-based threats anytime, anywhere

Most cybersecurity news discusses email and web application attacks, ransomware, advanced threats, etc. Web security is discussed less often, even though most business users recognize it in action. There aren’t many strangers to messages like ‘access restricted’ or ‘download blocked’ among those who use company computers. One of the reasons for this is that web security has been around for decades. It seems like old news.

Although the web is an older threat vector, it offers a cutting-edge world of opportunity for today’s threat actors. Tens of millions of websites are infected at any given moment with malware that attacks vulnerable endpoints. These attacks usually begin with an attempt to install malware on the endpoint, which is the starting point for a significant attack such as ransomware or an advanced persistent threat (APT). This is almost always done without alerting the end user. Corporate web security adds layers of protection between the user and the website so that these attacks are prevented or rapidly discovered and blocked.

Malicious software installations are just one piece of a more significant threat. Phishing websites are designed to trick users into entering sensitive data into a web form. The data goes directly to the attackers, and the users might never realize the website is a fraud. The Anti-Phishing Working Group (APWG) detected 1.3 million unique phishing websites in Q4 2022, which is the most it has ever recorded. The APWG regularly observes hundreds of thousands of these sites online at any time.

There are also sites with harmful content that are not allowed in schools and other safe computing environments. Legitimate websites are also blocked in some environments because the sites are not work-related. Shopping and streaming sites might not pose a cyberthreat, but they can interfere with productivity and bandwidth during work hours.

Corporate web security solutions address these risks, often as a component of a Secure Access Service Edge (SASE) deployment. There are benefits to delivering web security through SASE, but traditional SASE deployments add some complications to this configuration.

Web security as delivered by traditional SASE solutions

SASE solutions typically deliver web security by backhauling all traffic to the cloud services of the SASE provider, regardless of user or resource location. This is where the SASE components apply and enforce the corporate security policies. The traffic then leaves the SASE provider cloud and heads to its destination.

This method is convenient for the provider but adds a potential choke point for company web traffic. Because SASE providers want to deliver a fast and seamless customer experience by backhauling traffic to their data centers, end customers typically pay a hefty premium to cover the provider’s infrastructure and bandwidth costs. This often results in outrageous bandwidth fees by some big established services while providing only mediocre performance. Some providers offer lower costs but use less capable solutions, such as providing DNS filtering only for remote users and mixing it with Zero Trust Network Access (ZTNA) to call it SASE.

Barracuda SecureEdge: Smart protection from web-based threats anywhere and anytime

Barracuda SecureEdge is the only SASE solution that intelligently integrates site devices for office protection and optimized public cloud connectivity. Barracuda SecureEdge Access Agent operates at the endpoint and works with the SASE cloud deployment to protect and intelligently optimize work-from-anywhere use cases. The underlying SASE service, powered by our global threat intelligence network, ingests vast amounts of diverse, real-time threat information from millions of collection points worldwide to provide always-up-to-date security classifications for every device, IP, domain, and billions of potentially malicious malware artifacts.

The tight integration of this global threat intelligence allows the remote SecureEdge Access Agent on the endpoint to identify the applications and websites that are known to be safe. This allows the agent to send only the potentially malicious or customer-defined traffic back to the SASE service for inspection.

To illustrate the differences between a typical SASE provider and Barracuda SecureEdge, let’s use Microsoft 365 as an example. A typical SASE provider might backhaul Microsoft 365 traffic to their cloud, where they normally inspect traffic and apply security policies. This is true even if Microsoft 365 traffic is trusted and there are no threat-like behaviors on the endpoint. The Microsoft 365 traffic is then passed through their servers without inspection because inspection will break the traffic. There’s no reason to send this traffic to the SASE provider’s cloud, but there’s also no way to avoid it.

Barracuda SecureEdge handles this differently. The SecureEdge Access Agent and real-time threat information allow the traffic to be reviewed at the endpoint. Trusted traffic goes directly to the destination, which is Microsoft 365 in this example. Anything that cannot be trusted on the endpoint will go to the SASE service for thorough inspection. Managing traffic this way is secure, reliable, faster, and less costly.

Advanced web security delivered with the latest SecureEdge update

Many cloud-delivered web security solutions lack advanced configuration and convenience functions such as ad-blocking or detailed custom user-defined block lists. Barracuda SecureEdge makes web access more convenient and secure regardless of user device or location.

  • Customizable dashboards: Customers can now easily create their security and web filtering dashboards from the home page.
  • Seamless ad-blocking provides the ability to transparently remove online advertising without displaying a block message or attention-grabbing notifications.
  • Safe-Search enforcement at the network level prevents access to inappropriate content through popular search engines and YouTube.
  • Extended action types: Besides the available “block”/ “allow” action, the new release adds “warn” and “alert” actions. Warn displays a warning message reminding users that the site they want to access is not sanctioned, but it gives them the opportunity to proceed. The “alert” action does not display any warning but records the web access silently without notifying the user.
  • Customizable “block” and “warn” pages: Customers can edit the block and warning pages to align with corporate branding or other designs.
  • Custom category definitions reference one of the more than 200 predefined categories and an unlimited number of custom domains.
  • Web monitoring includes pre-written dictionaries of keywords and phrases related to harassment, weapons, terrorism, and pornography. SecureEdge monitors keyword searches across all major search engines for these categories and notifies administrators for further action as defined by company policy. Alerts are tagged with real network user identities, timestamps, IP addresses, and search terms so that the source can be easily identified independently of online profiles.
  • Reporting: The new release is compatible with the Barracuda Report Creator tool, and customers can create unlimited reports across all sites and services.

With the new Barracuda SecureEdge release, customers enjoy comprehensive web security across all sites and remote users. This lets organizations benefit from online applications and tools without exposure to web-borne malware and viruses, lost user productivity, and misused bandwidth.

Our experts can answer your questions and demo these solutions or help you deploy a free trial in your own environment. Visit our website to get started.

Photo: Gorodenkoff / Shutterstock

This post originally appeared on Smarter MSP.

Leave a Reply

Your email address will not be published. Required fields are marked *