Haworth Inc., a maker and designer of office furniture had a problem. While the $1.65 billion manufacturer wanted its employees to embrace social networking sites such as Facebook, LinkedIn, Twitter and others, the company didn't want to accept unnecessarily the security risks that go with them.
In addition, Chad Clement, manager of information security at Haworth, realized how Web-based attacks were steadily rising -- a user that simply visits an infected Web site could jeopardize applications and data from the PC back to the data center.
According to a study conducted by the social media security watch group the Secure Enterprise 2.0 Forum, "Web 2.0 Hacking Incidents - 2009 Q1" found that Web 2.0 sites are a prime target, making up 21 percent of all reported attacks. The attacks used well-known tactics such as SQL injection, authentication abuse, Cross Site Request Forgery (CSRF), among others. The types of sites being targeted include social networks, wikis, and community blogging services.
"Traditional 'port-blocking' firewalls don't do anything to protect you against these classes of attacks," says Clement.
Yet, with more employees not only wanting to use networks such as Facebook and LinkedIn, but also applications that run on top of those platforms, Clement needed a way to control access to these sites and applications, as well as protect network traffic from more conventional network-based threats. "Our designers use Facebook for their work and to collaborate. Human resources uses social networks for finding and vetting potential employees," he says. "Because traditional firewalls just look at the port and the protocol running, they can't see what these Web applications are doing."