Symantec Web Security Service (WSS)

Anywhere & Any Device web security.

Comprehensive cloud service to enforce consistent web security and compliance policies for all users, regardless of location or device. Built on an advanced proxy architecture that authenticates every user, to support granular policy delivery, avoiding the need for the users to connect back to the Company network. WSS ships with an agent to achieve seamless authentication to the cloud and apply policy and controls accordingly. Additionally, WSS has inbuilt support SEP or SEP for Mobile to act as the proxy agent, the advantage being single agent simplicity and management. Lastly, for site access, WSS can support your firewall/s or your onsite existing proxy architecture.

Security defence.

The Services are designed to deal with all current and more importantly emerging web threats. This is accomplished by a series of defences that do not depend on one another, rather Symantec accept that no single control should be relied on, and instead offer multiple controls in a series of defensive barriers, this can be thought of as a “Security in-depth” approach, consisting of:

1. Website threat categorization. The principle here is to prevent staff accessing a website or web resources that is known to be malicious. This is achieved via Symantec constantly researching the internet for such web sites using its Global Intelligence Network (GIN), currently the largest non-military global Cyber defence research group.
   
   
2. Malware detection. The Service employs two anti-virus engines to scan web traffic for malware threats, again Symantec accept it is better to be safe than sorry, which is why they use their own AV engine, and another separate engine to scan all traffic to avoid single point of detection failures.
   
   
3. In-depth encrypted inspection. As most web access uses some form of encryption such as TLS and HTTPS, it is important to scan these traffic routes for threats. The Service decrypts these protocols to ensure the content is not malicious and repackages for onward delivery to the user. A key point to stress here is that as the actions are undertaken in the cloud, the resource-intensive activity of: Decrypting, Scanning and Re-encrypting the traffic is seamless to the user.
   
   
4. Sandbox. Where a file has passed the above controls, and the file is an executable (those that potentially are malicious), the file is automatically passed to the cloud sandbox (safe area). Within the sandbox, the file is subject to a comprehensive set of actions to mimic genuine user activity, and various OS and App interactions; this is to tempt the file to ‘detonate’, and allow for positive detection and prevention of advanced, novel or targeted attacks.
   
   
5. Web Isolation. This feature is indebted to the Symantec acquisition of a FireGlass. The feature provides the User with a transparent virtual type view of the web page they are visiting, rather than the actual site itself. Think of it of as watching a TV replay of a striking snake, rather than being in the venomous cage yourself. This separation of the User from Active session prevents automated threats. This is ideal for zero- day threat defence and targeted attacks, where an attacker is attempting to tempt a user to visit a forged web page in order to deliver a dangerous payload or harvest valuable data (user ID and passwords for example).

User Productivity & Usage policy.

As well as protecting users from internet threats and risks, WSS enforces comprehensive and granular policies about how and when staff can access web resources. Includes a comprehensive list of topics, over 80 web categories and support for over 50 languages to simplify how policy is applied; Syncing with AD to simplify what policies should be applied to user groups. A useful feature is around how a policy should be enforced; there is of course the blunt instrument of blocking access, however there are more subtle options such as:

• Coaching - presenting the user with a message explaining they are about to access a restricted site and that their actions will be logged.
  
  
• Override - blocked accessing to a site and presenting the option to proceed by entering a password.

Speed & Resilience

WSS is global operation to provide the best connectivity access no matter where or how the user access the web, built with multiple and active redundancy capacity to deal with spikes or localized failover offering availability SLA of 99.999%.

A useful consideration for Customers who have adopted other Cloud services is that Symantec are actively creating enhanced connectivity with these providers to reduce latency. Example: Symantec have designed improved links with O365, so that 0365 users accessing a web site via email link experience superior speed.