Risks and Consequences of Legacy Web Security Solutions

Shopping, researching, downloading, gaming, finding new friends and seeing what’s happening in the world: these are just some of the ways we use the web every day. Unfortunately, threat actors also love and use the web every day, using it to steal our credentials, drop malware on our machines, lock and steal our data, and much more.

Amazingly, by some measures one in every 13 web requests would lead to malware1, a sobering thought. The need for effective web security is undeniable, especially with employees working from just about anywhere on a range of devices. Yet, according to recent research by Mimecast, 69%2 of organizations still rely on legacy on-premises web security systems that may no longer be effective.

Here are the top four challenges organizations face when using on-premises web security systems:

Complexity & Cost

Traditional on-premises systems can be costly to purchase and maintain and generally require more specialized skills to manage. At the time of initial purchase, they were likely the best (or only) option organizations had for web security. But a lot has changed in terms of the capability and flexibility of web security systems. The cloud has become the de-facto deployment option for most new security systems, due to ease of management, cost effectiveness, scalability, adaptability, and for ease of supporting cloud-based applications.

Protecting Roaming Users

Employees are massively more mobile than even a few years ago. On-premises web security systems can protect employees when they’re on the corporate network, but often are found to be lacking when employees are roaming. With more people working remotely and accessing a larger pool of cloud-based apps, the volume of web traffic this generates can cause performance delays (as well as drive networking costs) if it is backhauled through a centralized office and web security system.

Difficulty Keeping Up-to-Date

On-premises systems are inherently more difficult to keep up-to-date then their cloud cousins. On-premises web security systems often sit apart from other security tools, meaning they see little or no benefit from threat intelligence or management economies-of-scale. Specialist admins must carefully review and plan for upgrades (hardware and software), some even requiring spells of web downtime to complete – unless a full high-availability setup is in place. The result can be a lower level of protection without the very latest capabilities and intelligence compared with a cloud-based deployment.

DNS Layer is Often Underleveraged

With 91% of malware using the web, specifically the Domain Name System (DNS), to complete its mission3, protection targeted at this central infrastructure of the web is important. Yet, the DNS layer is often underleveraged. Being able to detect and block malicious and inappropriate web activity at this core level of the web means stopping a potential attack before it comes anywhere near your network.

The Bottom Line

The consequences of not having the best web security protection can be costly. They include:

• Stolen credentials
• Theft of corporate data
• Lost revenue and customers following a breach
• Reputation damage
• Less productive employees
• Compliance fines, legal fees, clean-up costs

While on-premises web security systems may have historically delivered effective protection, do they still? With the transition of IT strategies to a “cloud first” approach, existing web security systems should be considered using the same lens.

Read more about Mimecast Web Security.

Are you an existing Mimecast customer? If so why not try Mimecast Web Security for yourself by starting a free trial?

1Symantec 2018 Internet Security Threat Report (ISTR)

2TechValidate survey to Mimecast customers, March 2019

3Cisco Annual Cybersecurity Report 2018