Reactive versus Proactive Web Security

By Yuval Ben-Itzhak

TMCnet Web Security Columnist

 

Corporations today face an epidemic of web-based threats that can damage machines and data, violate privacy, and compromise intellectual property. While web-based threats including malware and browser-based attacks have long been a concern, today they are among the most serious security risks faced by corporations, and business leaders need to take immediate action to counteract them.

 

One reason that web-based attacks have become a focus of executive attention is that their frequency is rising dramatically. Malicious code is not only more pervasive, it is also increasingly complex, and this is driving a new approach to protecting businesses.

 

 

Corporate executives are realizing that signature-based, reactive approaches used by anti-virus, intrusion detection and prevention solutions are not providing the blanket of protection that is needed to safeguard networks from new and unknown types of malicious code.

 

With reactive security methods, a Window-of-Vulnerability remains open until patches are installed or updates completed, leaving company processes and assets dangerously exposed.

 

 

 

In today’s network-connected business world with real-time online needs, malicious applications often reach corporate PCs before they arrive at the security vendor’s lab for inspection, and this is where proactive security technology is needed urgently. For companies to safeguard themselves from web-based threats, they need to incorporate proactive, behavior-based security technology that will work with traditional anti-virus, anti-spyware, and other technologies to provide a comprehensive, layered defense.

 

In general terms, behavior-based analysis is a method to ascertain how code is going to execute and whether or not it will do something on the PC that it was not authorized to do such as accessing a directory. Smart algorithms are used in behavior-based security products to inspect applications and to review their respective execution/behavior profiles.

 

Using application profiles, security engines can decide whether a given code is acceptable or malicious before enabling it to execute on a computer. Security products that incorporate proactive behavior profiling generate on-the-fly profiles and enforce defined security policies. Unauthorized behaviors are blocked instantly before execution and prior to reaching targeted machines.

 

With today’s influx of increasingly complex and varied malicious code, real-time capabilities are essential for security, and application behavior-based analysis profiling and blocking technology is the only security solution that provides this protection. Behavior-based analysis and blocking technology is in use by corporations around the world, enabling them to remain connected and confidently receive data with the assurance that proactive security measures will block malicious content from entering the corporate network and systems environment.