We are observing a shift in the web security market. The shift is a continuation from year 2000 URL Filtering + AV approach over the current web 2.0 controls towards an application centric security model.

In the application centric security model, we are no longer talking about URLs, URL categories and the like but are about applications and their features.

For example - today, admins are blocking URL categories such as chat to avoid people chatting on Facebook chat, but might also affect other 'tools' on that page or in other web pages. The application centric approach will block just that as a feature of a specific application.

 

While of course control is an aspect to that, the other aspect is visibility:

  • What are my users doing?
  • Do I need to be concerned about anything?
  • Is there a security issues with an application?
  • Is there a Shadow IT problem that I am not aware of but should be?

 

Shadow IT

Employees around the world are taking advantage of the cost-saving and productivity-building benefits that Software-as-a-Service (SaaS) cloud applications bring to their working environment, but many don’t realize that using these applications without IT security policies applied can lead to a negative impact on their business as a whole. The use of non-approved applications, often known as shadow IT, can lead to data being put at risk through unauthorized access or theft, increased opportunities for malware infection, and failed compliance in highly regulated industries.

Please make sure to visit our micro-site on shadow IT here and learn about the Shadow IT Problem: http://www.mcafee.com/in/products/email-and-web-security/shadow-it.aspx

 

Solution

In case you have ever asked yourselves one of the question above and have not found an answer to the problem, let me try to illustrate how you can already today very well gather answers to your questions!

With the assistance of Content Security Reporter, the Common Catalog and McAfee Web Protection, I will illustrate a possible solution scenario that will help you to get more visibility into application usage in your organizations.

 

For that I am assuming that Web Protection is logging the application name, which the default in the log settings. These logs are then fed to CSR, so that we can report about the data therein. In CSR, I have created new application specific dashboard based on the default queries that ship in the product.

CSR.jpg

(Screenshot of CSR Dashboards, the XML of this is also attached for ePO 5.1.0 and CSR 2.1)

 

Within that Dashboard you can get all information that is needed:

  • Top applications by bandwidth
  • Top applications by
    • User
    • IP Address
  • Malware Detections on Applications
  • Top Applications by Usage in Hits
  • And TOP blocked Applications

 

From the Dashboard you can use CSR's functionality based on the Common Catalog to simply move application names into lists, which will then be reflected on Web Protection on premise and can be synched into the cloud using McAfee's Full Web Hybrid. With this you can just get the application name into a list which is used to apply a policy enforcement, such as block, to the listed applications and their features.

 

With this model you have the ability to create a solution for the main 3 pillars of a web application centric policy, which are:

  • Application Discovery
  • Application Reporting
  • Application Control

 

all from a single pane of glass through CSR.

 

If you have further questions and comments, please send a PM through our community system.