- Category: March 2011
According to a survey conducted by managed security firm Network Box Corporation, over 92 per cent of companies feel that it is important to deploy data-leakage prevention and to pay more attention to the importance of data security.Due to this established fact, the specialist in Unified Threat Management (UTM) has just released a new feature – Data Leakage Prevention (DLP) – in addition to continuously defending customer’s networks by using PUSH technology to instantaneously update protection from 12 Security Operations Centres spread across the globe.
Network Box receives numerous customer requests to enforce policy blocks on outbound content and has been working on this solution for quite some time now.
“The reason for developing Data Leakage Protection (DLP) was that many companies and banks around the world require this due to government and security regulations. The more businesses focus on data security, the more requests for DLP have emerged. As with all additions to our technology, we looked at the many ways to do this and after much testing and analysis, we have come up with what we think is a terrific solution that will be very well received by our customers.” said Mark Webb-Johnson, CTO of Network Box Corporation.
Implemented in two parts, called ‘DLP_Rules’ engine and ‘Policy_DLP’ engine, the same award-winning Network Box anti-spam technology to police outbound SMTP mail is applied and allows complex rules to be defined and policy blocks to be enforced.
The DLP_Rules engine runs at the policy scanning stage, after anti-virus and anti-spam, and can be configured to run on outbound data, inbound data, or bi-directionally. It can be used to block sensitive information such as credit card numbers, a validated US Social Security card number, etc.
The Policy_DLP engine is configured with a list of directions, named DLP tests and thresholds, which permits sophisticated policy enforcement rules to be configured. With this engine, you can block outbound emails containing specific attachments, encrypted ZIP files, etc.
The company noticed in the past few days increased email-based malware activity on a global level that has not emerged in such a way for several years.
“The malware is coming in from hundreds of thousands of sources in emails of varying subjects. So far, our heuristics such as NBH-BGTRACK and zero-day Z-scan protection systems are holding it back, but the increase is more than four times baseline and all the samples we are seeing are emerging as never-before-seen zero-day threats. We expect that this increased activity is caused by botnet herders attempting to increase the size of their botnets and this will probably be followed by a corresponding increase in spam levels,” said Mark Webb-Johnson, CTO of Network Box Corporation. Network Box’s alert condition, therefore, has been raised to 3 and the company continues to monitor the situation closely.
In just the last year, more than three million new threats were identified, which means approximately one every 10.2 seconds, according to analysis by Network Box. 3,083,018 threat signatures were released through the year to protect against new or variant threats, which is an increase of 6.1 per cent.
In 2010, zero day viruses became more and more commonplace. They are so named because there is zero time between a virus coming out and the vulnerability used by that virus being commonly known. Standard anti-virus technologies are simply not able to cope, especially as virus writers are starting to use Internet-based anti-virus sites to test their viruses prior to launch. This means, a new virus can be released by its creator, just after being tested as not detected by any of the world's major anti-virus providers. Network Box is protecting their customers with next generation protection 'Z-Scan'.
Network Box Managing Director, Michael Gazeley said last year was quite different from previous years: “2010 saw the number of signatures per-update fall, while the number of signatures released increased; reflecting the continued move to cloud-based signature systems such as the Network Box Z-Scan, and NBCP content categorisation systems. We expect this trend to continue, as traditional signatures continue to be the most effective against the depth and breadth of malware, whilst cloud-based signatures are emerging as the most effective solution for zero-day outbreaks,” he said.
The reduction in overall spam volume continues, as large-scale takedown operations are effective in controlling botnet-based spam, which is the most prolific source of spam. 2010 saw the spammers continued migration away from traditional Viagra-type spam to more sophisticated phishing and hoax attacks. The increase in malware over the year has continued, and reflects this greater level of sophistication on the part of the spammers.
During 2010, the average Network Box blocked a spam or malware once every 63 seconds and all in all 8,129,674 attacks using firewall technology, and 1,738,576 attacks using IDP technology (up 38.9% and 10.6% respectively when compared with 2009).
“During 2011, Network Box will launch a Network Vulnerability Scanning service that will also improve the protection we can offer to our customers, pro-actively scanning networks for unauthorised servers/services.” Gazeley said.
By Daniela La Marca