Cloud Web Security for Healthcare Organizations

Cloud web security, commonly called secure web or secure Internet gateways, is a cybersecurity service that is used to block web-based cyber threats. It is an important security service to implement as part of a defense-in-depth strategy for improving protection against increasingly sophisticated cyberattacks.

Healthcare Cyberattacks Continue to Increase

The 2022 Verizon Data Breach Investigations Report confirmed that ransomware attacks are continuing to increase. Between 2020 and 2021, attacks increased by 13%, which is greater than the combined increase over the previous 5 years.

Web application attacks are up and are now the leading cause of healthcare data breaches caused by external threat actors, and social engineering attacks are commonplace, accounting for 25% of all breaches. Overall, the human element was involved in 82% of data breaches in 2021. There were 714 healthcare data breaches reported to the HHS’ Office for Civil Rights in 2021 – An 11% increase from 2020.

Cyberattacks are increasing in sophistication as well as in number, and defending against attacks and the changing tactics, techniques, and procedures of cybercriminals and nation-state threat actors requires a defense-in-depth approach to security. There is no single security solution that can block all attacks. Healthcare organizations need to implement security solutions that provide overlapping layers of protection, especially against the web-based component of cyberattacks, which is a common weak point in security defenses.

What is Cloud Web Security?

Cloud web security is concerned with preventing individuals from accessing malicious online content and exercising control over the types of content that users of wired and wireless networks can access. Cybersecurity vendors offer cloud web security as software-as-a-service (SaaS) to block access to web pages that contain malicious scripts or malware, web pages hosting exploit kits that probe for exploitable vulnerabilities, and site hosting phishing pages.

Instead of accessing the Internet directly, all Internet activity is channeled through the service provider where certain controls are applied. Most cloud web security services use the Domain Name System for filtering during the process of requesting the IP address of a particular web resource. If the requested resource is benign and doesn’t violate pre-set policies, the IP address will be returned and a connection to the web resource will be made. If the content is malicious or violates the organization’s policies, the IP address will not be returned, and the user will be directed to a local block page without any content being downloaded.

These cloud services incorporate URL filtering to block access to specific URLs that are known to be malicious or otherwise violate company policies and domain filtering is used to block entire websites that have a poor reputation. Web pages also undergo dynamic content analysis, often using machine learning/artificial intelligence algorithms to determine the likelihood of the content being malicious and to check for the presence of certain keywords.

All websites are assigned to categories based on their content, allowing administrators to block certain categories of websites that are inappropriate, such as pornography, gambling, gaming, weapons, dating, and social media websites to enforce acceptable Internet usage policies.

Cloud-based Web Security Services vs. Web Filtering Appliances

Cloud web security services perform similar functions to web filtering appliances but are more popular as they do not have the disadvantages of physical appliances. Web filtering appliances need to be purchased, which involves a significant up-front cost. The hardware must be maintained and kept fully patched, and hardware needs to be periodically upgraded. Web filtering appliances also have limited capacity, so as an organization grows, additional appliances must be purchased. Further, for organizations with a remote workforce, all traffic must be backhauled to the appliance which can slow down Internet access.

Cloud web security services solve these issues. Being DNS-based, there is no latency, so Internet speed is unaffected. There is no need to purchase and maintain any hardware and the solution does not need to be updated. All software updates, hardware maintenance, and upgrades are performed by the service provider. Since these solutions are cloud-based, they benefit from the scalability of the cloud, so capacity will increase to meet the organization’s needs.

Further, most websites now encrypt the connection between the browser and the website. To analyze and filter out encrypted content, SSL inspection is required. SSL inspection involves decrypting the connection, inspecting the content, then re-encrypting, and that process is CPU intensive. Performing SSL inspection in the cloud on the service provider’s servers avoids any performance issues.

Improve Phishing Defenses with Cloud Web Security

Email is the most common vector used in cyberattacks for gaining initial access to internal networks, with phishing attacks in healthcare one of the most common threats. Email security gateways will block most email threats, but some phishing emails will arrive in inboxes where they can be clicked. Cloud web security services improve protection against phishing attacks by providing time-of-click protection. If a user clicks a link in a phishing email, the content of the destination URL will be analyzed, and threats will be blocked.

A Cloud Web Security Service Improves Protection Against Malware and Ransomware

Malware, botnets, and ransomware are often delivered via the Internet. New malware variants are not detected by traditional signature-based antivirus solutions, so malware downloads may go undetected. Cloud-based web security services block malware threats by preventing users from visiting malicious websites. They can also be configured to block the downloading of certain file types from the Internet, such as files often associated with malware – executable files for example.

Block Malicious Communications

Cloud-based web security services can detect attempts by malware to communicate their command-and-control servers for receiving instructions and exfiltrating data. Many of these communications take advantage of the DNS. DNS-based cloud web security services can detect and block these communications and alert security teams to malware-infected devices.

Gain Insights into Internet Traffic

Cloud-based web security services provide IT teams with insights into the online behavior of employees and guest users. Information about web traffic can be used to improve performance. Administrators can see the traffic that is hogging bandwidth, and restrictions can be placed on certain sites such as YouTube and other streaming services to ensure sufficient bandwidth is available. Potential threats can also be identified by analyzing logs, such as if Russian webmail services are being accessed, and other potential security risks.

Summary

Cloud-based web security is concerned with blocking known online threats, gaining insights into threats, and restricting access to certain types of web content. These services work in conjunction with other security solutions and services to provide defense-in-depth protection against ever-increasingly sophisticated cyber threats.