Over the last several years, the following have created a fundamental change in how organizations networks are used:

• Many thick 'client-based' applications have transitioned their transport protocol to utilize standard web communication such as HTTP and HTTPS, and thin 'web browsers' as the client
• The common user has become adept at accessing data on the internet.  It is expected that users are versed in leveraging the internet for items such as: e-mail, news, and business applications
• Social networking sites (Facebook, myspace, etc) and Information sharing services (Twitter, Blogs, etc.), combined with the massive expansion of internet connected devices such as cost effective PC's, Smart-phones, and other web-enabled systems, have created a new type of user that expects and demands connectivity to all corners of the internet
• Increasingly powerful web browsers and plug-ins capable of leveraging techologies such as Java, JavaScript, Flash, and various other scripting and media leveraging applications and being added to our systems at an alarming rate

These changes have brought with them an exponential number of attack vectors both outbound (as our users access external services) and inbound (as remote users access our services). Beyond attack vector and exposure to risk, you should also not overlook the potential loss of productivity related to users accessing social networking, shopping, and other time-consuming online informational outlets. Monitoring and placing security controls on this access is no trivial task but must not be overlooked.

Inbound Web Access:

Access to inbound services you are hosting such as SOAP-based services, websites, blogs, portals, and e-commerce sites need to be both regularly audited and protected from various web-based attack vectors such as Cross-Site Scripting and injection attacks.

Outbound Web Access:

Clients requests for web-services from the internet (which is inherently untrusted), should be inspected and controlled. One of the most common attack vectors facing today's computing resources is system compromise via accessing a malicious website or web-service. This inspection and control mechanisms placed on these flows should be capable of both destination-based access control (By website category and website destination trust level) and content inspection (for malicious content retrieved from allowed destinations).

More Information:

For more information on Web Security & Content Filtering Products, Solutions and Priveon Implementation Services, please contact us.