Devices that screen out malware are still having to fight insidious intrusions such as the “drive-by download”, says Niall King, Asia–Pacific MD for firewall vendor Barracuda.
King says such downloads can be triggered by something as trivial as moving a scrollbar on a website. But alongside these are vectors like instant messaging (IM) which allow employees to initiate dangerous downloads or even uploads.
A staffer might unthinkingly use the IM channel to show off their work to a someone in another company.
“They might just want to say ‘look at this great PowerPoint I made’,” without thinking that company-confidential information may lurk in the document.
With the current state of firewall implementation, IM traffic is often not filtered or logged, King says. Organisations will increasingly need to pay attention to this traffic, and establish and enforce policies to regulate what kinds of files go in or out of the premises through whatever channel.
As an additional precaution it might be wise to limit the rights of individual users, ie to say, “This employee may only send messages to this limited group of people, or that he may only use IM between 9am and 5pm.”Barracuda has the capability to filter IM traffic in beta testing in the US and is readying it for release in the first quarter of next year.
Logging may not simply be a wise way of stopping individual missteps on the network. In an increasing number of countries such data will be required as regulations increase to encompass all communications.
Spyware is a more widespread threat and is something firewall customers — whether end-users or service providers — are increasingly asking to be protected against, King says.
Barracuda’s firewall applicances are physically separate devices that can filter spyware as well as detecting spyware already on the network. The company is working on tools to help users remove the more stubborn breeds of spyware.
The options are to deal with malware on the PC, posing the risk that measures are taken too late and the menace has already spread; placing a filter over the point at which the network communicates with outside or equipping the ISP with a box to make sure nothing damaging passes from its machines to the user.
Barracuda has a number of end-user appliances filtering out spyware in New Zealand and two in local ISPs, King says.
King was in New Zealand earlier this month to review distribution arrangements for Barracuda product following the sale of its distributor LAN 1 to MPA.