Avoid Blind Spots in Your Web Application Security Stack

In our recent webinar, we gathered some of our OPSWAT experts to share the latest trends in web application security and protecting organizations from file-borne malware. The speakers discussed the key concerns about web applications and securing file uploads, unveiled the implications of cybercriminals bypassing security defenses, and closed with the current solutions and approaches that address these security challenges.

The panelists included:

  • Chip Epps, Vice President of Product Marketing, OPSWAT
  • George Prichici, Director of Product Management, OPSWAT
  • Adam Rocker, Product Manager, OPSWAT
  • Nav Gill, Product Marketing Manager, OPSWAT

Watch the webinar on-demand or read on to explore the key takeaways.

WATCH WEBINAR

More Data, More Threats

What’s the most valuable resource of any organization? Regardless of the industry—whether it’s finance, healthcare, technology, or manufacturing—chances are that it’s the information collected from the customers. Especially since the COVID-19 pandemic, most tech and non-tech organizations have employed some form of digital online presence such as moving to the cloud or offering collaborative workspaces. Digital migration means a lot of data needs to be secured.

The increase in online information comes hand in hand with the increase in cybercrime that targets to steal it. This affects every industry vertical, but those in the critical infrastructure sector such as finance, technology, energy, government, education, etc. face the most risks.

Not only did the number of attacks increase, but threat actors have also become smarter. Most malware now has some evasive technique where it’s possible to bypass the traditional anti-virus engines: 98 percent of malware used at least one evasive tactic; and 32 percent of malware was “hyper-evasive” (six evasive tactics or more).

Almost every organization we surveyed was concerned about securing file uploads in their web applications. And the concern has increased over the past year for an overwhelming majority (82%) of them.

Nav Gill, OPSWAT Product Marketing Manager

The Costs of Insecurity Outweigh the Costs of Security

What propels industries toward reinforcing cyber defenses? It’s the costs of not securing information—the costs of remediating the repercussions after a data breach or a cyberattack.

Average ransomware payouts have steeply increased from last year, making it a multi-billion-dollar industry. The average ransomware fine in the second half of 2021 was $570,000—an increase of 82 percent from the first half and 171 percent from the year prior [1]. The average ransom demand rose to around $5.3 million in 2021—a striking increase of 518 percent from the 2020 average of $847,000 [2].

Data privacy fines run into millions globally. It is imperative that organizations secure their customers’ data not only in the country or sector that the organization is operating, but also across every sector and outside of the country to avoid compliance violations.

Security Blind Spots are Everywhere

In the OPSWAT Web Application Security Report 2021, we identified 10 best practices for securing file uploads in web applications, but only 8 percent of organizations have fully implemented all ten.

We also found that one-third (32%) of organizations with a web application for file uploads do not scan all file uploads to detect malicious files.​ 1/5 of these organizations scan with just one anti-virus engine.​ And 2/3 of organizations with a file upload web portal do not sanitize file uploads with Content Disarm and Reconstruction (CDR) to prevent unknown malware and zero-day attacks.​

file-upload-security-best-practices

In our research, CDR remains a practice with the lowest adoption rate: fully implemented by only 30 percent of the surveyed organizations, 32 percent partially implemented, 27 percent not implemented, and 10 percent unknown.

Nearly 100 percent of OPSWAT’s customers apply our Deep CDR technology for file uploads, but other organizations need to realize that there’s more than just using anti-virus scanning. “People are trying to do the right thing. They are concerned, they understand their needs, but they need a little more education on that [topic],” said George Prichici. “Once they have understood the value of CDR, they put CDR in place and multiscanning becomes the complementary solution.”

There are people who are already implementing CDR—a little bit over a third, which is not enough. Once organizations have understood the value of CDR, they put CDR in place and multiscanning becomes the complementary solution.

George Prichici, OPSWAT Director of Product Management

Overcoming Blind Spots

The best method to overcome these blind spots is to increase the security coverage for any data being transferred within and between organizations. Prichici recommended CDR, Multiscanning (using multiple anti-malware engines simultaneously), and Data Loss Prevention (DLP) as three capabilities defining detection best practices.

Adding multiple anti-virus and anti-malware engines can increase the threat detection rates to nearly 100 percent and reduce the Mean Time to Detect (MTTD) by 25 percent. In other words, the more anti-virus and anti-malware engines added, the faster organizations can respond to outbreaks and the better the detection ratio.

Detection-of-top-10000-threats
Source: https://metadefender.opswat.com, September 2021


Protection through OPSWAT Proactive DLP can detect and redact sensitive information such as credit card numbers, social security numbers, IPv4 addresses, etc. to prevent data breaches and compliance violations. Finally, using OPSWAT Deep CDR can disarm potentially malicious content and reconstruct the file with only legitimate components before usage.

Current Trends: Growing Cloud Presence and Virtual Machines

It’s no secret that COVID-19 accelerated the push of people and technology outside of the typical on-premises deployments. Gartner predicts that the worldwide public cloud spending will grow about 18 percent this year; and 70 percent of organizations will also be increasing their cloud spending over the next year [3].

Companies employ various approaches to host web applications that accept file uploads. Our findings revealed a lot of deployments that are in the cloud—with Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP) being in the top three. Some companies use hybrid deployment; but on-premises deployment is an outlier from our research, used by 50 percent of the surveyed organizations.

web-application-accept-file-uploads-hosted

Virtual Machines (VMs) are still heavily favored over containers across multiple environments, possibly due to the already established environment in the organization. "There is still plenty of need in the market for innovative cloud technology, but companies are still looking for ways to get their cloud security on par with what is implemented or available on-premise,” said Adam Rocker, Product Manager.

The Future is in the Cloud and Containers

Cloud migration will still play a vital part, at least in the near future. The move to the cloud in some form or fashion is expected to accelerate rapidly, especially with the top three providers: Microsoft Azure, AWS, and GCP. Surprisingly, on-premises deployment is projected to grow as well. Another surprise is the apparent reduction in deployments with SaaS offerings in the next 12 months.

vm-containers-web-application-file-uploads-future

As for VMs and containers, the growth in containers will continue to outpace that of VMs. "Right now, many companies are delaying moving to containers because of security concerns. However, as organizations implement the proper technology and processes to secure these emerging platforms, containers will continue to grow much faster than what we have seen with VMs," according to Rocker.

In terms of the type of devices that organizations use to manage file upload traffic through their environment, VMware still holds the top spot with 75 percent. Citrix is slightly behind with 48 percent, followed by F5 and Nginx. A crucial point to note here is that these are great products for managing and securing traffic, but organizations still need the added layer of protection to secure the content to ensure comprehensive security coverage.

As organizations implement the proper technology and processes to secure these emerging platforms, containers will continue to grow much faster than what we have seen with virtual machines.

Adam Rocker, OPSWAT Product Manager

Closing Thoughts

When faced with the rising and increasingly sophisticated cybersecurity threats (both known and unknown), it boils down to following the best practices. Think of the low-hanging fruit: What are the easy-to-implement, easy-to-integrate, and high-value security methods to implement? Organizations can use the OWASP Top Ten Web Application Security Risks and the 10 Best Practices for File Upload Protection by OPSWAT to assess their security posture and implement the most appropriate layers of defense within their web application environment.

Our team at OPSWAT is familiar with our customers’ security pain points and can provide the cybersecurity solutions needed in the market. To learn more, talk to one of our critical infrastructure cybersecurity experts.

Related Articles

References

[1] “Ransomware Price Tags Skyrocket along with Extortion Techniques,” Dark Reading, August 9, 2021, https://www.darkreading.com/attacks-breaches/average-ransomware-payment-hits-570000-in-h1-2021.
[2] “Ransomware attacks up by 518% in the last year,” Today’s Conveyancer, September 9, 2021, https://www.todaysconveyancer.co.uk/main-news/ransomware-attacks-518-last-year.
[3] “Gartner Forecasts Worldwide Public Cloud End-User Spending to Grow 18% in 2021,” Gartner, November 17, 2020, https://www.gartner.com/en/newsroom/press-releases/2020-11-17-gartner-forecasts-worldwide-public-cloud-end-user-spending-to-grow-18-percent-in-2021.

Sign up for Blog updates
Get information and insight from the leaders in advanced threat prevention.