Hackers are a scary. Whether working as part of a criminal syndicate or an idealist with a political agenda, they’ve got the knowledge and the power to access your most precious data. If hackers want to target a particular company, for example, they can find vast amounts of information on that company just by searching the web. They can then use that info to exploit weaknesses in the company’s security, which in turn puts the data you’ve entrusted to that company in jeopardy.
In general, data is simply another word for information. But in computing and business (most of what you read about in the news when it comes to data – especially if it’s about Big Data), data refers to information that is machine-readable as opposed to human-readable.
SharePoint Content Sources and the Risks They Pose
Microsoft SharePoint has greatly increased our ability to collaborate and share content, both within our organization and outside of the business. As a result, we see content from many sources being stored in SharePoint and shared with wider and more diverse audiences, for example:
- Content coming from within our organization, from internal information workers who are creating content
- Content coming from the web, when internal employees download content and store it for future reference
- Content coming from partners, when SharePoint is used as an extranet to facilitate inter-organization collaboration
- Content coming from end customers, such as comments, blog feedback or news feed items when SharePoint is used as a public web site
SharePoint makes it extremely easy for individuals to create and collect information, which in turn drives people to spend more time searching, organizing and managing information. As well, it makes it very easy to create new web portals (public facing web sites, extranets, team sites, etc.) in which people can easily share that information with a wide audience. These great benefits also mean that we lose some control over where content is coming from. As a result, this creates risks for the organization that must be managed, especially when the organization stores sensitive information in SharePoint.
In particular, when content comes from varied sources there are risks that this content can contain information that does not comply with regulations that are important to the business. As well, there are risks that incoming content can contain malware – viruses, trojans or worms that can either steal sensitive information like credentials or intellectual property, or that can corrupt information.
Microsoft SharePoint 2013 out of the box does not provide features that are designed to protect against such risks. As well, Microsoft has stopped shipping “Forefront for SharePoint” which had provided some measure of protection in past versions. As a result, we must look to third party solutions to ensure that sensitive information in SharePoint both complies with regulatory standards and is free of malware.
Trend Micro PortalProtect for SharePoint – Benefits
PortalProtect version 2.1 provides some great new benefits over previous versions including support for SharePoint 2013 (both standard and enterprise server, as well as Foundation) and 5 new data loss prevention policy templates for compliance with industry standard regulations. Other benefits include:
- According to the Trend Micro web site PortalProtect delivers 206% better performance over Microsoft Forefront. These are some impressive numbers and there is a commissioned independent report which details the test results.
- Everyone should of course verify these results in your own SharePoint environment.
- PortalProtect keeps malicious URLs out of SharePoint
- PortalProtect content filtering protects web pages (blogs, wikis, discussions) as well as list items and documents
- PortalProtect integrates security policies with Active Directory (AD), SharePoint Users/Groups, and SharePoint sites
Deploying Portal Protect
Deploying PortalProtect to my SharePoint farm was extremely easy. It includes an easy to use setup wizard and installs as a full-trust farm solution. As such you do need farm administrator access to install the solution. In total, the installation took about 15 minutes and didn’t run into any issues in a simple farm configuration (1 WFE and a separate SQL Server database VM).
You will be asked for a license key during the install. If you do not have a valid key at the time of deployment it will install in trial mode and allow a trial to be run for 1 month.
How It Works
Its main function is to scan and block content and, it can be configured to take various actions when a file is blocked or if a virus is detected. As well, PortalProtect can send notifications of these events to administrators or other recipients when they occur. PortalProtect protects content within SharePoint in a number of ways including:
- Scanning files or web content to determine whether content violates pre-configured policies. When a policy violation is detected PortalProtect will apply an action to either quarantine or delete content depending on how the policy is configured.
- PortalProtect can scan files for malware and viruses, according to pre-configured policies. If a file is found to be infected with malware Portal Protect will apply an action to either clean, delete, quarantine or ignore content depending on how the policy is configured.
- PortalProtect can scan URLs in Web content to detect malicious URLs, and if found it will take actions such as blocking access to a URL.
- PortalProtect can block files based on their file extension, file name, or actual file type. When it detects a file type that violates a policy it will take an action such as quarantine or delete.
Scanning SharePoint Content for Regulatory Compliance
When it comes to ensuring that SharePoint content complies with industry regulations, this product is quite impressive! It will scan documents, list items and web content on site pages for policy compliance. It will scan existing content in SharePoint as well as when new content is added to or retrieved from SharePoint. It allows administrators to create new policies, and it includes several important pre-configured policy templates for SharePoint administrators to choose from. As well, it allows policies to be configured with a robust set of conditions, exceptions, policy actions and notification options.
Adding a new policy allows administrators to select the keywords or patterns (regular expressions) that a policy will scan for. These patterns can include social security numbers, credit card numbers, identity card numbers, phone numbers, etc. You can configure the number of occurrences of a pattern in order to trigger a policy violation. PortalProtect provides a synonym checking feature that enables you to extend the reach of your policies. As well, administrators can configure policy exceptions. Policy exceptions work with real-time policy scanning only and they allow specific Active Directory users/groups or SharePoint users/groups to be excluded from policy enforcement.
Scanning SharePoint Content for Malware
This latest release of PortalProtect includes the most recent version of Trend Micro’s robust scanning engine. At the root of any antivirus program sits 2 components: a scanning engine and a database of virus signatures. Together, these two components work to identify and clean infected files. Whenever PortalProtect detects a file type that it has been configured to scan it copies the file to a temporary location and opens the copy for virus scanning. If the file is clean, PortalProtect deletes the copy and releases the original for access through typical SharePoint methods. However, if a virus is detected PortalProtect applies a pre-configured action: clean, delete, quarantine, or ignore. Deleted and quarantined files are not delivered to the intended recipient. Files set to be cleaned are opened, and any viruses are removed. Not all viruses however can be cleaned. For example, some viruses corrupt the host file, making it unusable – trojans, worms, and mass mailers do not infect a host file and therefore cannot be cleaned. Whatever the configured action, all detections are written to a virus log and administrators can receive automatic notifications of such incidents.
PortalProtect includes a great feature called IntelliScan™ which helps it to minimize usage of system resources and scan files more efficiently. This feature examines files to assess their true file type (relying not only on file extension) and ensures that it is only scanning files types that are actually susceptible to viruses.
PortalProtect will scan an extensive number of compressed file formats. However it will not scan files that are encrypted or password protected. For these file types administrators can specify which action should be taken: block, quarantine, pass, delete, or rename.
The Trend Micro scanning engine can be configured to perform the following types of scans:
- Real-time Scan – This feature will scan files when they are checked in, checked out, saved or opened/downloaded. All incoming or outgoing files are scanned for viruses or other malicious code.
- Manual Scan (Scan Now) – This feature provides an immediate way to scan existing content in SharePoint. It can be used to scan all or a portion of the content within a site immediately, depending on the configuration.
- Scheduled Scan – Scans can also be scheduled to occur at pre-configured times or frequencies. A scheduled scan can be used to automate routine security tasks, to improve antivirus management efficiency, and to give you more control over your antivirus policy.
PortalProtect can process multiple requests simultaneously and requests can be prioritized. However, it is recommended that manual scans and scheduled scans are not performed during peak SharePoint usage periods.
It is also recommended that organizations use a combination of these scanning types to better ensure the security and compliance of content within Microsoft SharePoint environments. A manual scan can help protect existing content already stored in SharePoint. Real-time scanning protects against new threats as new content comes into SharePoint. Finally, scheduled scans can ensure that security and compliance are automated, helping to continually maintain a strong security posture.
HostForLIFE.eu revolutionized hosting with Plesk Control Panel, a Web-based interface that provides customers with 24×7 access to their server and site configuration tools. Plesk completes requests in seconds. It is included free with each hosting account. Renowned for its comprehensive functionality – beyond other hosting control panels – and ease of use, Plesk Control Panel is available only to HostForLIFE’s customers. They offer a highly redundant, carrier-class architecture, designed around the needs of shared hosting customers.