To protect employees, the telecommunication and cellular service provider has deployed a secure web gateway from a leading vendor (not Symantec). The gateway’s policies and URL filtering capabilities blocked access to uncategorized and risky sites. However, this common practice introduced friction between the security team and the business, which required broader web
access, and resulted in significant overhead to security operations.
The telco provider blocked uncategorized sites that lacked sufficient reputational information for classification. These sites present considerable risk as they often include new and relaunched malware sites. Preventing access to uncategorized sites helped protect the organization, but it also blocked legitimate, uncategorized business sites, irritating users and reducing business productivity.
Moreover, employees were not allowed to access file sharing and webmail sites, such as Google Drive and Gmail, which were considered risky because they can be used to deliver malware into organizations. By blacklisting these sites, the company blocked an attack vector, but at the expense of inconveniencing executives relying on these services.
Support tickets increased as frustrated users requested access to blocked sites. Furthermore, access policies generated significant complexities. “Maintaining policies was exhausting and hard to track,” says the company’s chief information security officer (CISO). “You block sites, then open them for some users, block them again or add them to a whitelist.” Security was quickly becoming a barrier to business.
Not only was more friction introduced, but the company was still vulnerable to attacks. URL filtering made it possible to manage and minimize risk, but did not eliminate it completely. Malware could still be delivered from whitelisted unclassified websites. In addition, the company was very concerned with attacks delivered via downloaded documents using zero-day exploits in Microsoft Office files and PDFs.