Presentation on theme: "Websense: Protecting Your Internet Users"— Presentation transcript:
1 Websense: Protecting Your Internet Users Italics – Notes to the speaker, not necessarily speaking points.Bold – Points to emphasis
2 The Problems With Web Surfing Bandwidth Consumption18% downloaded media (Source: Websense 2006 Survey)Productivity LossStudies show employees spend over 10 hours per week surfing non-business related websites (Source: Websense 2006 Survey)Legal LiabilityMore than 12% of web traffic visit pornography and other offensive sites (Source: Websense 2006 Survey)Security RiskMore than 75% of all organizations are infected with spyware (Source: IDC’s Enterprise Security Survey, 2005)Internet use continues to increase at a dramatic rate. And with that, the potential for problems with internet use in the workplace:With all of the bandwidth-rich content available, has become easy for end users to consume bandwidth without even realizing it…In a recent Websense survey, 18 percent of employees admitted to downloading and storing non-work-related mp3s, personal photos, video clips, or movie clips on their work computer or network.Non-business use of the internet is rampant. Websense found that the average time employees are spending per week accessing the internet at work is 10.2 hours. Or over 25% of a typical work-week.The internet can cause legal issues as well. Consider that twelve percent of employees have either by accident or on purpose, visited a pornography website while at work and twelve percent of employees said that they have had a co-worker, friend, or acquaintance send a link to their work address that they considered offensive.Finally, the internet poses security risk. Survey results indicate that 84% of organizations have implemented anti-spyware solutions and yet, IDC believes more than three-quarters of all corporate machines are infected with various forms of spyware.
3 Improve Your Network Bandwidth Utilization Prioritize network activitiesEnsures sensitive information is always availableManage access to bandwidth-intensive websitesInternet TV and Radio, Streaming MediaManage access to bandwidth-intensive protocolsEx. P2P file sharing, SkypeLet’s take a look now at how Websense solves these problems. First, it helps improve bandwidth utilization by prioritizing network activities by business criticality.For example, if you are having a critical Videoconference at noon and you don’t want any chance of interference because of low bandwidth availability, then you can restrict other network activities such as Streaming Media use when the available bandwidth exceeds a certain threshold 50%, 70%, or whatever you define.Websense web filtering can also help you manage access to bandwidth intensive web sites such as download sites.Also, the web filtering adds an additional dimension in allowing easy management of protocols. Network traffic such as P2P file sharing and Skype can be easily filtered simple by selecting ‘Block’ on the intuitive GUI.
4 More Productive Computing Environment Make your policies specificOver 90 URL categoriesOver 80 protocolsUse flexible enforcementAllowBlockContinueQuotaBlock by Bandwidth, File Type, Time of DayRight people receive the right policyPolicies by user or groupEmployees often visit non-business related sites intentionally or unintentionally. To ensure that their web use is in accordance with your organization’s values and policies, Websense provides a very flexible and easy to use solution.You can make your policies very specific. With over 90 URL categories and over 60 protocol categories it is easy to ensure that only the websites that you wish you manage are selected.You have flexible enforcement options. With many different enforcement options, you can select one that works best for your organization. For example, you may wish to restrict shopping sites to 30 minutes per day between 9am-5pm but make them available at all other times. This can be easily done with Websense.Make sure that the right people have the right policy. Your marketing department may have different website viewing needs then your HR department. The ability to define policies by user or group allows this to happen.
5 Proactively Manage Legal Liability Risks Reduce your organization’s legal liability exposure:Manage access to inappropriate sites, as deemed by corporate policy (E.G. Porn, Music Downloads, etc)Manage access to IM and P2P, frequent sources of inappropriate file and information sharingInappropriate internet use can also lead to legal problems. In particular pornography, hate websites, and illegal music downloads have been known to cause legal troubles for companies around the world.To help prevent an undesirable situation, Websense makes it easy to monitor and enforce activity that can be considered legal liability.
6 Protection from Web-Based Threats Stop web-based threats before they infect your organization’s endpoints:Security Filtering will block access to websites with web-based threats including:SpywareKeyloggersPhishingMalicious CodeBot websitesPotentially Unwanted SoftwareThere are many known sources of web based threats out there today. Websense effectively manages access to websites that are infected with malicious threat including spyware, keyloggers, phishing, malicious code, bot website, and website that contain potentially unwanted software.By blocking access to these websites before a threat ever reaches your desktop, the web filtering provides a proactive security measure. This differs from traditional solutions such as antivirus software, that requires your system to become infected before it is identified cleaned and removed.With Websense’s patent-pending technology called ThreatSeeker that helps mine the internet and discover malicous threats, Websense is continually the first to detect and protect against web-based threats.The basic filtering for security URLs is available as an additional feature to Websense Enterprise called Security Filtering. It is also included in Websense Web Security Suite.A proactive approach to web security
7 Websense Web Filtering Protect user and network resourcesControl bandwidth consumptionPro-active ProtectionManage access to non-business critical websitesConserve BandwidthBlock traffic to offensive websitesIncrease ProductivityThe Websense Web Filtering solution tackles the problems with web surfing described earlier. ItOptimizes the use of bandwidthImproves productivityReduces legal liabilityProvides URL level protection against web-based threatsIt does that while protecting employees both inside and outside of the network,Integrating seamlessly into your organization and provide a powerful set of reporting tools to allow for monitoring and reporting of employee internet use.Mitigate Legal Liability
8 Master Database Construction 30 milliones de URLsAgentes Webpropietarios y Robots inteligentes investigan sitios webAnalistasRevisan los sitiosServidores de actualización desde San Diego, Londres y TokyoINTERNET
10 The Traditional Approach to Security Signature- BasedBehavior-BasedAdvantagesDefinitive action once signature is availableNo specialized skill set required for ongoing managementDrawbacksReactive – relies on incidents within customer baseSlow – requires post-facto reverse engineering and signature updatesAdvantagesFast – instant reaction to known behaviorsDrawbacksRequires specialized skill set for tuning and ongoing managementEducated guesswork – prone to false positivesTraditional Security generally takes one of two paths to mitigate threats:1) Signature based.Anti-VirusDefinitive Action: Once a signature is available – this takes time and requires that customers get infectedEase of Management: Doesn’t require a lot of administrative overheadReactive not proactive: they are effective only against very specific or known threatsSlow to react: provide even this limited protection only after an attack has already occurred.**Side on FirewallsDetect but can’t monitor: Firewalls have no means of monitoring the specific information being transferred.2) Behavior based.IDS/IPSFast: Instant reaction to known behaviorsAdministration Required: Specialized skill needed for tuning, managementOverblocking: because they are behavior based they are prone to false positivesNew challenges make the traditional security approaches even weaker:The network perimeter is rapidly disappearing:-- abundance of laptops, home networks, hotspots, wireless-- gateway security solutions are becoming ineffectiveComplex malicious code threatens the IT infrastructure:-- Gateway firewalls, IDS/IPS, and antivirus software alone cannot protect against these threatsOrganizations need a solution that complements firewalls and antivirus solutions with content-level protection.The Websense solution complements traditional Firewall/IDS and AV security.
11 Traditional Solutions vs. Today’s Web Security Threats OutbreakOutbreakMore sophisticatedIRC botICMP Trojan horsesReverse engineeringPatch releasedPatch deployedCostTIMETIMEToday’s Threat-- Strikes quickly-- Complex—difficult to reverse engineer-- Costly: Averages $740,000/yr/US businessExample: February 2°, 2007: Super Bowl spoilerOfficial Web site of Miami’s Dolphin Stadium has been compromised with malicious code.Websense ThreatSeeker technology discovered a link to a malicious file in the header of the site’s front page.Visitors to the site automatically execute the file’s script, which attempts to exploit two known Microsoft® vulnerabilities.Both vulnerability exploits attempt to download and execute a malicious file providing the attacker with full access to the compromised computer.Websense Web Security Suite customers were protected due to ThreatSeeker real-time security updates.Traditional Solutions can’t keep up-- Reacting to threat-- Then, need to reverse engineer-- Takes time to deploy patch-- Can take days, even weeks before a solution is put into placeIn 2006, e-crime cost an average U.S. business a staggering $740,000 a year.Source: CSO Magazine, “2006 E-Crime Watch Survey,” September 2006.
12 Framing The Threats Threat Matrix Information Protection Threats Exposed DataStolen DataUnclassified / Undiscovered DataNext Generation Web Security ThreatsRSS WormsCrimewareCustom TrojansEmergingNewProductivity & Liability ThreatsPorn, Shopping, SportsStreaming MediaIM, P2P, BlogsWeb Security ThreatsSpywareAdwarePhishingSo here is how Websense looks at threats.Websense protects an organization against the threats that occur inside your organization and outside your organization.Against known (traditional) types of threats and new and emerging types of threats.And while Websense has solutions to address these areas, we are focusing on the Web Security Threats.KnownInternalExternal
13 Research Partnerships ThreatSeeker™ ProcessesActive HoneyClientsPatent-pending processes for collecting, mining and analyzingData mining of more than 600 million sites a weekImporting and monitoring millions of domain name records, registrars and fluxesAutomated algorithmic checks for suspicious URLs and applications1 TB+ collected and analyzed daily, 24 X 7Passive HoneyClientsLurkingURL SharingActive HoneyPotsPassive HoneyPotsSearch Engines / DNSAppCatcher™ThreatSeeker uses many sophisticated methods to find security threats:Programs that crawl websites, peer-to-peer networks, and other systems looking for malicious content and applications.Mine over 600 million sites/weekHoneypots and honeynets – computers and networks deliberately set up to get infected.Expert staff from all over the world, skilled in multiple languages and international cultures to look at these sites, applications, and protocols.The WebCatcher and AppCatcher feedback loops that give us the uncategorized URLs and applications from our customers so our database adapts to customers’ needs.And, once items are in the database they don’t just stay there – they are reviewed on a regular basis to ensure accuracy.Over 1 terra byte of data is collected and analyzed daily, 24 hours a day seven days a week.WebCatcher™Research PartnershipsWeb Reputation
15 Real-Time Security Updates™: Immediately Protects From our Security Labs and ThreatSeeker technology, when threats are discovered we push out real-time security updates to our customers so that they are immediately protected.Take a sample day: January 5, 2006.39 web security updates were published.These updates covered phishing, fraudulent websites, malicious websites, and spyware sites.We are now averaging new updates per day.Websense does the work for IT administrators so they can be proactive.The result is that we protect an organization quicker than traditional solutions reducing your window of exposureSecurity Threat DiscoveredAntivirus Solutions AvailableReal-Time Security UpdatesCustomers Deploy SolutionsTimeWindow of Exposure
16 El Crecimiento de los Ataques en la Web “El Crímen Perfecto”Tecnicamente sencillosCostos de inversión muy bajosSaca provecho de la inexistencia de fronteras en la WebPocas reglaciones internacionales de leyes de informáticaImprobable que lo atrapenNo hay expecialistas o defensas suficientesHay grandes cantidades de Cyber Criminales disponibles
19 MySpace.com Phishing Attack (6/1/06) Websense® Security Labs™ has discovered a phishing attack that attempts to steal the account information of MySpace.com users. A hyperlink is first delivered to victims via AOL Instant Messenger. Users who follow this link are taken to a fraudulent website that spoofs the MySpace.com login page. This page captures their MySpace account information and then forwards the user to the actual MySpace.com website.The fraudulent site also sets a cookie on the victim's computer, which prevents the phishing attack from being displayed on any subsequent visits.The phishing site is located in California and was up at the time of this alert.Sample screenshot:
20 Google Pages Crimeware (16/jun/2006) Websense® Security Labs™ has discovered that the Google website hosting service "Google Pages" is hosting malicious code. To date have not had reports of a lure for the sites within or Instant Messaging linking to this site or exploit code downloading it, however it may either be in the setup phase or not be widely distributed yet.The site is hosted on the same IP address as the main site. The file is packed with ASPack and is a banking Trojan Horse which is designed to steal banking credentials upon visiting pre-defined financial institutions sites.Real-time Security Updates have been published and the website is being blocked in the Websense Security Premium Group until the code is removed and the Trojan Horse Keylogger has been classified within CPM.
22 Websense bloquea download inicial Hearse Trojan HorseRootkit popular sofisticado, llamado HearseTiene código malicioso para robar informaciónDownload como parte del worm de P2P AlcraEl worm de P2P Alcra incluye um downloader HTTP de 3 sitios.Souorce: Yankee GroupO Websense clasificó las páginas el 7 de marzo del 2006101112131415161718192021222324252627282930Prevx detecta Coldcase (Hearse)Prevx detecta segunda varianteSana detecta evidência de HearseSana Security anuncia HearseHuella McAfee (PWS-Banker.be)Prevx detecta tercera varianteHuella Trend Micro (TSPY_HEARSE.A)Huella Symantec (TROJ_Hearse.A)HUella Kaspersky (Trojan-Spy.Win32.Goldun.im)Huella F-Secure (Hearse.A)Huella SophosLatência de detecção10-30 de marzo del 2006Websense bloquea download inicial7
23 Web Reputation – New Categories Websense with Web ReputationWebsense 6.3Extended Protection!Potentially Damaging ContentElevated ExposureEmerging ExploitsBot NetworksKeyloggersMalicious WebsitesPhishing & Other FraudsPotentially UnwantedSoftwareSpywareCurrently Websense offers a number of Security URL categories, designed to protect against known threats. These include Bot networks, keyloggers,…With Web Reputation, there will be extended protection to offer the ability to manage “suspicious” threats.Sample websites that would be included:Sites that change their IP addresses frequentlySites that have poisoned search enginesSites that have proof-of-concept exploit codeSites with a bad reputationExtended Protection: Parent CategoryPotentially Damaging Content: Sites likely to contain little or no useful content. (Allow)Elevated Exposure: Sites that camouflage their true nature or identity, or that include elements suggesting latent malign intent. (Block)Emerging Exploits: Sites found to be hosting known and potential exploit code. (Block)These new categories, backed by the power of Websense ThreatSeeker, help keep Websense at the forefront of web security and your customers more secure then ever.
25 Control Instant Messaging Attachments Control the sending and receiving of files via instant messaging (IM) clientsAllows organizations to leverage business benefits from instant messaging while managing the security, bandwidth, and reducing legal liability related to IM file attachments.Instant Messaging attachments can introduce risk into an organizationIM can transmit proprietary company information in unencrypted format and transfer file attachments that bypass the existing security infrastructure.Viruses, Trojans and worms can hitch a ride on IM attachmentsWebsense Security Suite controls the sending and receiving of files via instant messaging (IM) clientsAllows organizations to leverage business benefits from instant messaging while managing the security, bandwidth, and legal liability issues related to IM file attachments.Allows organizations to block file transfers via IM clients For example:Block all usage of IM clients except Microsoft Messenger (MSN)Block file attachments for all IM clients including MSN
26 Websense Web Protection Services™: Protect Your Brand, Web Site, and Web Servers Alerts customers if their websites have been compromisedAlerts customers if their brands have been targeted in phishing or malicious keylogging code attacksTakes a hackers view of web servers alerting customers of vulnerabilitiesWebsense Web Protection Services are unique services available with every Websense Web Security Suite subscription.SiteWatcher is a service which alerts customers if their company website has been infected with MMC.This allows customers to take immediate measures to prevent its spread to customers, prospects, and partners visiting their website.BrandWatcher alerts customers if their website or brand has been targeted in phishing or malicious keylogging code attacks.This allows customers take immediate measures to notify their customers, take preventative measures, and minimize potential public relations damage.ThreatSeeker takes a hackers-eye-view of your web server providing the organization about vulnerabilities to allow organization to proactively take measures before they are compromised.
27 Protect Anytime, Anywhere Websense Remote Filtering applies the same protection when your users are outside of your organization’s network:CorporateRemote UserDMZRemote Filtering ServerRemote Filtering AgentReportingToolsWebsenseInternetBBWebsense Remote Filtering allows organizations to apply the same internet use policies outside the network as they do inside the network. Here is how it works:The remote user’s internet request is sent through the Remote Filtering server at corporate to the Websense policy server.The request is checked against the user’s policy and access to the site is either allowed or denied.In this case, since the user was trying to go to a site known to contain spyware, the request was denied.Firewall(spywaresite).comB= Block
28 The Websense Web Security Ecosystem™ Websense has assembled a comprehensive ecosystem of world class security and networking technology providers to enable easy deployment and integration of Websense solutions in environments. The Websense technology alliance partner network incorporates vendors from leading security and networking markets, including: internet gateways, certified appliance platforms, network access control, security event management, and identity management.So in addition to the capabilities and the value offered by our solution, you can be assured that your investment in Web Security Suite leverages your existing infrastructure today and as the infrastructure changes over time.A framework that enhances organizations’ Web security capabilities through technology integrations with leading security and networking solutions that increases the ROI of existing IT investments
29 Easily Check the Status of Your Network Monitor & Reporting:Unparalleled enterprise reporting with intuitive web-based, drill-down capabilities usable by technical and non-technical groupsCombine statistics with trend graphs for an instant or historical view of categorized network activityUnique in offering “Risk Classes” which provides management-level summary information on risksWebsense offers unparalleled enterprise reporting that include web-based, drill-down capabilities usable by IT as well as non-technical groups such as HR, Legal, and management teams.Websense offers reporting tools with drill-down reports which provide quick answers across terabytes of data and with easily-understood resultsWebsense Real-Time Analyzer TM combines statistics with trend graphs for an instant view of categorized network activityWebsense is unique in offering “Risk Classes” which provide management-level summary information on risks to an organization
30 Easily Fits into Your Organization Scalable, from 25 to over 500,000 seat deploymentsOver 40 security and networking solutionsInternet GatewaysCertified Appliance PlatformsNetwork Access ControlProvides flexible administrationDelegated administrationRemote administrationDelegated reportingFits with your own custom filtering needsCustom categories can be easily createdSecurity Event ManagementIdentity ManagementWebsense fits easily into your organization integrating seamlessly with your existing infrastructure and processes.Fit any industry and size – Websense serves organizations of all sizes across any industryFits your existing infrastructure – Websense web filtering integrates with over 40 different security and networking solutions including-- Internet Gateways including Cisco, Microsoft, Juniper-- Appliances including Celestix, Crossbeam, Resiliance-- NAC including Cisco NAC-- Security Event Management including ArcSight-- Identity Management
32 All-in-one-server Websense approach Up to 250 users
33 Express Highlights Flexible Deployment Options Software Appliances (US ONLY)Integrated System PlatformSingle Server FootprintUnified Product InstallationStreamlined to Support Windows PlatformsOS (Windows 2003 Server SP2, R2)DB (MSDE)ApacheUser Authentication (AD, NT)Localized Language SupportGerman, French, Spanish, Japanese