Global
| SecureWorks - On the Radar Newsletter - March 2008 | |
|---|---|
 |
|
Forrester Total Economic Impact™ of SecureWorks’ SIEM Service
The purpose of this study is to provide readers with a framework for evaluating the potential financial impact of SecureWorks’ SIEM Service on client organizations. Forrester’s aim is to clearly show all calculations and assumptions used in the analysis. Readers should use this study to better understand and communicate a business case for investing in SecureWorks' SIEM Service.
Featured Gartner Report: The Creative and Insecure World of Web 2.0
With Web 2.0, the nature of application development changes, breaking the secure development processes that many enterprises are just now implementing. Application development managers and security managers need to understand these changes and plan for dealing with the new security issues.
View this complimentary Gartner research report
Security 101: Web Hosted Content Providers
Description
As web sites compete for market share they differentiate themselves by being a one stop shop for the entire information a user would want. For example instead of just providing an address it is easy to incorporate a map using Google maps. Additionally popular websites can sell portions of a web page to advertisers. In this architecture websites are dependent upon content providers to enrich the information on the website. Content providers often get the content from other sources such as advertisements from advertisers. Criminals are able to use these services to get their malicious code hosted in many places by simply being the provider of content.
Sample Instances
- Advertising
Objectives
The objective of the attack is to steal information from the client as well as take control of the clients machine.
Trust Model
The content providers trust the content provided by the sources the web sites trust the content provided by the content providers and the clients trust the content provided by the web servers.
Strengths
- Ability to detect: 5 (High)
- Ease: 1 (Easy) It is trivial for a criminal to provide content to the content provider such as buying advertisements.
Weaknesses
Because of the multiple parties involved there are many places to detect the malicious content.
Detection Points
Detection of this can be in the logs in the client. Network intrusion detection systems can also detect malicious content being downloaded from the server to the client.
Prevention Points
The same prevention points as Web Hosted Malicious Code are applicable. Additionally content and web server providers can inspect the content from the respective providers for malicious code before serving it downstream to the web server or the client. URL content filtering generally does not work in this case because the content is being sourced from a website that is white listed.
References
None
All third-party brands and trademarks referenced in the text above belong to their respective owners. SecureWorks' On the Radar Newsletter is not authorized by, associated with or sponsored by the respective trademark owners.
