Presentation is loading. Please wait.

Presentation is loading. Please wait.

Websense: Protecting Your Internet Users

Similar presentations

Presentation on theme: "Websense: Protecting Your Internet Users"— Presentation transcript:

1 Websense: Protecting Your Internet Users
Italics – Notes to the speaker, not necessarily speaking points. Bold – Points to emphasis

2 The Problems With Web Surfing
Bandwidth Consumption 18% downloaded media (Source: Websense 2006 Survey) Productivity Loss Studies show employees spend over 10 hours per week surfing non-business related websites (Source: Websense 2006 Survey) Legal Liability More than 12% of web traffic visit pornography and other offensive sites (Source: Websense 2006 Survey) Security Risk More than 75% of all organizations are infected with spyware (Source: IDC’s Enterprise Security Survey, 2005) Internet use continues to increase at a dramatic rate. And with that, the potential for problems with internet use in the workplace: With all of the bandwidth-rich content available, has become easy for end users to consume bandwidth without even realizing it… In a recent Websense survey, 18 percent of employees admitted to downloading and storing non-work-related mp3s, personal photos, video clips, or movie clips on their work computer or network. Non-business use of the internet is rampant. Websense found that the average time employees are spending per week accessing the internet at work is 10.2 hours. Or over 25% of a typical work-week. The internet can cause legal issues as well. Consider that twelve percent of employees have either by accident or on purpose, visited a pornography website while at work and twelve percent of employees said that they have had a co-worker, friend, or acquaintance send a link to their work address that they considered offensive. Finally, the internet poses security risk. Survey results indicate that 84% of organizations have implemented anti-spyware solutions and yet, IDC believes more than three-quarters of all corporate machines are infected with various forms of spyware.

3 Improve Your Network Bandwidth Utilization
Prioritize network activities Ensures sensitive information is always available Manage access to bandwidth-intensive websites Internet TV and Radio, Streaming Media Manage access to bandwidth-intensive protocols Ex. P2P file sharing, Skype Let’s take a look now at how Websense solves these problems. First, it helps improve bandwidth utilization by prioritizing network activities by business criticality. For example, if you are having a critical Videoconference at noon and you don’t want any chance of interference because of low bandwidth availability, then you can restrict other network activities such as Streaming Media use when the available bandwidth exceeds a certain threshold 50%, 70%, or whatever you define. Websense web filtering can also help you manage access to bandwidth intensive web sites such as download sites. Also, the web filtering adds an additional dimension in allowing easy management of protocols. Network traffic such as P2P file sharing and Skype can be easily filtered simple by selecting ‘Block’ on the intuitive GUI.

4 More Productive Computing Environment
Make your policies specific Over 90 URL categories Over 80 protocols Use flexible enforcement Allow Block Continue Quota Block by Bandwidth, File Type, Time of Day Right people receive the right policy Policies by user or group Employees often visit non-business related sites intentionally or unintentionally. To ensure that their web use is in accordance with your organization’s values and policies, Websense provides a very flexible and easy to use solution. You can make your policies very specific. With over 90 URL categories and over 60 protocol categories it is easy to ensure that only the websites that you wish you manage are selected. You have flexible enforcement options. With many different enforcement options, you can select one that works best for your organization. For example, you may wish to restrict shopping sites to 30 minutes per day between 9am-5pm but make them available at all other times. This can be easily done with Websense. Make sure that the right people have the right policy. Your marketing department may have different website viewing needs then your HR department. The ability to define policies by user or group allows this to happen.

5 Proactively Manage Legal Liability Risks
Reduce your organization’s legal liability exposure: Manage access to inappropriate sites, as deemed by corporate policy (E.G. Porn, Music Downloads, etc) Manage access to IM and P2P, frequent sources of inappropriate file and information sharing Inappropriate internet use can also lead to legal problems. In particular pornography, hate websites, and illegal music downloads have been known to cause legal troubles for companies around the world. To help prevent an undesirable situation, Websense makes it easy to monitor and enforce activity that can be considered legal liability.

6 Protection from Web-Based Threats
Stop web-based threats before they infect your organization’s endpoints: Security Filtering will block access to websites with web-based threats including: Spyware Keyloggers Phishing Malicious Code Bot websites Potentially Unwanted Software There are many known sources of web based threats out there today. Websense effectively manages access to websites that are infected with malicious threat including spyware, keyloggers, phishing, malicious code, bot website, and website that contain potentially unwanted software. By blocking access to these websites before a threat ever reaches your desktop, the web filtering provides a proactive security measure. This differs from traditional solutions such as antivirus software, that requires your system to become infected before it is identified cleaned and removed. With Websense’s patent-pending technology called ThreatSeeker that helps mine the internet and discover malicous threats, Websense is continually the first to detect and protect against web-based threats. The basic filtering for security URLs is available as an additional feature to Websense Enterprise called Security Filtering. It is also included in Websense Web Security Suite. A proactive approach to web security

7 Websense Web Filtering
Protect user and network resources Control bandwidth consumption Pro-active Protection Manage access to non-business critical websites Conserve Bandwidth Block traffic to offensive websites Increase Productivity The Websense Web Filtering solution tackles the problems with web surfing described earlier. It Optimizes the use of bandwidth Improves productivity Reduces legal liability Provides URL level protection against web-based threats It does that while protecting employees both inside and outside of the network, Integrating seamlessly into your organization and provide a powerful set of reporting tools to allow for monitoring and reporting of employee internet use. Mitigate Legal Liability

8 Master Database Construction
30 milliones de URLs Agentes Web propietarios y Robots inteligentes investigan sitios web Analistas Revisan los sitios Servidores de actualización desde San Diego, Londres y Tokyo INTERNET

9 Troyanos personalizados
Web-based attacks Troyanos personalizados Trojans Crimeware Spyware Sua rede Código malicioso Virus Worms RSS Keyloggers

10 The Traditional Approach to Security
Signature- Based Behavior-Based Advantages Definitive action once signature is available No specialized skill set required for ongoing management Drawbacks Reactive – relies on incidents within customer base Slow – requires post-facto reverse engineering and signature updates Advantages Fast – instant reaction to known behaviors Drawbacks Requires specialized skill set for tuning and ongoing management Educated guesswork – prone to false positives Traditional Security generally takes one of two paths to mitigate threats: 1) Signature based. Anti-Virus Definitive Action: Once a signature is available – this takes time and requires that customers get infected Ease of Management: Doesn’t require a lot of administrative overhead Reactive not proactive: they are effective only against very specific or known threats Slow to react: provide even this limited protection only after an attack has already occurred. **Side on Firewalls Detect but can’t monitor: Firewalls have no means of monitoring the specific information being transferred. 2) Behavior based. IDS/IPS Fast: Instant reaction to known behaviors Administration Required: Specialized skill needed for tuning, management Overblocking: because they are behavior based they are prone to false positives New challenges make the traditional security approaches even weaker: The network perimeter is rapidly disappearing: -- abundance of laptops, home networks, hotspots, wireless -- gateway security solutions are becoming ineffective Complex malicious code threatens the IT infrastructure: -- Gateway firewalls, IDS/IPS, and antivirus software alone cannot protect against these threats Organizations need a solution that complements firewalls and antivirus solutions with content-level protection. The Websense solution complements traditional Firewall/IDS and AV security.

11 Traditional Solutions vs. Today’s Web Security Threats
Outbreak Outbreak More sophisticated IRC bot ICMP Trojan horses Reverse engineering Patch released Patch deployed Cost TIME TIME Today’s Threat -- Strikes quickly -- Complex—difficult to reverse engineer -- Costly: Averages $740,000/yr/US business Example: February 2°, 2007: Super Bowl spoiler Official Web site of Miami’s Dolphin Stadium has been compromised with malicious code. Websense ThreatSeeker technology discovered a link to a malicious file in the header of the site’s front page. Visitors to the site automatically execute the file’s script, which attempts to exploit two known Microsoft® vulnerabilities. Both vulnerability exploits attempt to download and execute a malicious file providing the attacker with full access to the compromised computer. Websense Web Security Suite customers were protected due to ThreatSeeker real-time security updates. Traditional Solutions can’t keep up -- Reacting to threat -- Then, need to reverse engineer -- Takes time to deploy patch -- Can take days, even weeks before a solution is put into place In 2006, e-crime cost an average U.S. business a staggering $740,000 a year. Source: CSO Magazine, “2006 E-Crime Watch Survey,” September 2006.

12 Framing The Threats Threat Matrix Information Protection Threats
Exposed Data Stolen Data Unclassified / Undiscovered Data Next Generation Web Security Threats RSS Worms Crimeware Custom Trojans Emerging New Productivity & Liability Threats Porn, Shopping, Sports Streaming Media IM, P2P, Blogs Web Security Threats Spyware Adware Phishing So here is how Websense looks at threats. Websense protects an organization against the threats that occur inside your organization and outside your organization. Against known (traditional) types of threats and new and emerging types of threats. And while Websense has solutions to address these areas, we are focusing on the Web Security Threats. Known Internal External

13 Research Partnerships
ThreatSeeker™ Processes Active HoneyClients Patent-pending processes for collecting, mining and analyzing Data mining of more than 600 million sites a week Importing and monitoring millions of domain name records, registrars and fluxes Automated algorithmic checks for suspicious URLs and applications 1 TB+ collected and analyzed daily, 24 X 7 Passive HoneyClients Lurking URL Sharing Active HoneyPots Passive HoneyPots Search Engines / DNS AppCatcher™ ThreatSeeker uses many sophisticated methods to find security threats: Programs that crawl websites, peer-to-peer networks, and other systems looking for malicious content and applications. Mine over 600 million sites/week Honeypots and honeynets – computers and networks deliberately set up to get infected. Expert staff from all over the world, skilled in multiple languages and international cultures to look at these sites, applications, and protocols. The WebCatcher and AppCatcher feedback loops that give us the uncategorized URLs and applications from our customers so our database adapts to customers’ needs. And, once items are in the database they don’t just stay there – they are reviewed on a regular basis to ensure accuracy. Over 1 terra byte of data is collected and analyzed daily, 24 hours a day seven days a week. WebCatcher™ Research Partnerships Web Reputation

14 ThreatSeeker – Cambio de Estrategia

15 Real-Time Security Updates™: Immediately Protects
From our Security Labs and ThreatSeeker technology, when threats are discovered we push out real-time security updates to our customers so that they are immediately protected. Take a sample day: January 5, 2006. 39 web security updates were published. These updates covered phishing, fraudulent websites, malicious websites, and spyware sites. We are now averaging new updates per day. Websense does the work for IT administrators so they can be proactive. The result is that we protect an organization quicker than traditional solutions reducing your window of exposure Security Threat Discovered Antivirus Solutions Available Real-Time Security Updates Customers Deploy Solutions Time Window of Exposure

16 El Crecimiento de los Ataques en la Web
“El Crímen Perfecto” Tecnicamente sencillos Costos de inversión muy bajos Saca provecho de la inexistencia de fronteras en la Web Pocas reglaciones internacionales de leyes de informática Improbable que lo atrapen No hay expecialistas o defensas suficientes Hay grandes cantidades de Cyber Criminales disponibles

17 Navegación sin protección

18 Estudio de Casos

19 Phishing Attack (6/1/06)
Websense® Security Labs™ has discovered a phishing attack that attempts to steal the account information of users. A hyperlink is first delivered to victims via AOL Instant Messenger. Users who follow this link are taken to a fraudulent website that spoofs the login page. This page captures their MySpace account information and then forwards the user to the actual website. The fraudulent site also sets a cookie on the victim's computer, which prevents the phishing attack from being displayed on any subsequent visits. The phishing site is located in California and was up at the time of this alert. Sample screenshot:

20 Google Pages Crimeware (16/jun/2006)
Websense® Security Labs™ has discovered that the Google website hosting service "Google Pages" is hosting malicious code. To date have not had reports of a lure for the sites within or Instant Messaging linking to this site or exploit code downloading it, however it may either be in the setup phase or not be widely distributed yet.The site is hosted on the same IP address as the main site. The file is packed with ASPack and is a banking Trojan Horse which is designed to steal banking credentials upon visiting pre-defined financial institutions sites.Real-time Security Updates have been published and the website is being blocked in the Websense Security Premium Group until the code is removed and the Trojan Horse Keylogger has been classified within CPM. 

21 Super Bowl XLI

22 Websense bloquea download inicial
Hearse Trojan Horse Rootkit popular sofisticado, llamado Hearse Tiene código malicioso para robar información Download como parte del worm de P2P Alcra El worm de P2P Alcra incluye um downloader HTTP de 3 sitios. Souorce: Yankee Group O Websense clasificó las páginas el 7 de marzo del 2006 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 Prevx detecta Coldcase (Hearse) Prevx detecta segunda variante Sana detecta evidência de Hearse Sana Security anuncia Hearse Huella McAfee ( Prevx detecta tercera variante Huella Trend Micro (TSPY_HEARSE.A) Huella Symantec (TROJ_Hearse.A) HUella Kaspersky ( Huella F-Secure (Hearse.A) Huella Sophos Latência de detecção 10-30 de marzo del 2006 Websense bloquea download inicial 7

23 Web Reputation – New Categories
Websense with Web Reputation Websense 6.3 Extended Protection! Potentially Damaging Content Elevated Exposure Emerging Exploits Bot Networks Keyloggers Malicious Websites Phishing & Other Frauds Potentially Unwanted Software Spyware Currently Websense offers a number of Security URL categories, designed to protect against known threats. These include Bot networks, keyloggers,… With Web Reputation, there will be extended protection to offer the ability to manage “suspicious” threats. Sample websites that would be included: Sites that change their IP addresses frequently Sites that have poisoned search engines Sites that have proof-of-concept exploit code Sites with a bad reputation Extended Protection: Parent Category Potentially Damaging Content: Sites likely to contain little or no useful content. (Allow) Elevated Exposure: Sites that camouflage their true nature or identity, or that include elements suggesting latent malign intent. (Block) Emerging Exploits: Sites found to be hosting known and potential exploit code. (Block) These new categories, backed by the power of Websense ThreatSeeker, help keep Websense at the forefront of web security and your customers more secure then ever.

24 Protección Extendida

25 Control Instant Messaging Attachments
Control the sending and receiving of files via instant messaging (IM) clients Allows organizations to leverage business benefits from instant messaging while managing the security, bandwidth, and reducing legal liability related to IM file attachments. Instant Messaging attachments can introduce risk into an organization IM can transmit proprietary company information in unencrypted format and transfer file attachments that bypass the existing security infrastructure. Viruses, Trojans and worms can hitch a ride on IM attachments Websense Security Suite controls the sending and receiving of files via instant messaging (IM) clients Allows organizations to leverage business benefits from instant messaging while managing the security, bandwidth, and legal liability issues related to IM file attachments. Allows organizations to block file transfers via IM clients For example: Block all usage of IM clients except Microsoft Messenger (MSN) Block file attachments for all IM clients including MSN

26 Websense Web Protection Services™: Protect Your Brand, Web Site, and Web Servers
Alerts customers if their websites have been compromised Alerts customers if their brands have been targeted in phishing or malicious keylogging code attacks Takes a hackers view of web servers alerting customers of vulnerabilities Websense Web Protection Services are unique services available with every Websense Web Security Suite subscription. SiteWatcher is a service which alerts customers if their company website has been infected with MMC. This allows customers to take immediate measures to prevent its spread to customers, prospects, and partners visiting their website. BrandWatcher alerts customers if their website or brand has been targeted in phishing or malicious keylogging code attacks. This allows customers take immediate measures to notify their customers, take preventative measures, and minimize potential public relations damage. ThreatSeeker takes a hackers-eye-view of your web server providing the organization about vulnerabilities to allow organization to proactively take measures before they are compromised.

27 Protect Anytime, Anywhere
Websense Remote Filtering applies the same protection when your users are outside of your organization’s network: Corporate Remote User DMZ Remote Filtering Server Remote Filtering Agent Reporting Tools Websense Internet B B Websense Remote Filtering allows organizations to apply the same internet use policies outside the network as they do inside the network. Here is how it works: The remote user’s internet request is sent through the Remote Filtering server at corporate to the Websense policy server. The request is checked against the user’s policy and access to the site is either allowed or denied. In this case, since the user was trying to go to a site known to contain spyware, the request was denied. Firewall (spywaresite).com B = Block

28 The Websense Web Security Ecosystem™
Websense has assembled a comprehensive ecosystem of world class security and networking technology providers to enable easy deployment and integration of Websense solutions in environments. The Websense technology alliance partner network incorporates vendors from leading security and networking markets, including: internet gateways, certified appliance platforms, network access control, security event management, and identity management. So in addition to the capabilities and the value offered by our solution, you can be assured that your investment in Web Security Suite leverages your existing infrastructure today and as the infrastructure changes over time. A framework that enhances organizations’ Web security capabilities through technology integrations with leading security and networking solutions that increases the ROI of existing IT investments

29 Easily Check the Status of Your Network
Monitor & Reporting: Unparalleled enterprise reporting with intuitive web-based, drill-down capabilities usable by technical and non-technical groups Combine statistics with trend graphs for an instant or historical view of categorized network activity Unique in offering “Risk Classes” which provides management-level summary information on risks Websense offers unparalleled enterprise reporting that include web-based, drill-down capabilities usable by IT as well as non-technical groups such as HR, Legal, and management teams. Websense offers reporting tools with drill-down reports which provide quick answers across terabytes of data and with easily-understood results Websense Real-Time Analyzer TM combines statistics with trend graphs for an instant view of categorized network activity Websense is unique in offering “Risk Classes” which provide management-level summary information on risks to an organization

30 Easily Fits into Your Organization
Scalable, from 25 to over 500,000 seat deployments Over 40 security and networking solutions Internet Gateways Certified Appliance Platforms Network Access Control Provides flexible administration Delegated administration Remote administration Delegated reporting Fits with your own custom filtering needs Custom categories can be easily created Security Event Management Identity Management Websense fits easily into your organization integrating seamlessly with your existing infrastructure and processes. Fit any industry and size – Websense serves organizations of all sizes across any industry Fits your existing infrastructure – Websense web filtering integrates with over 40 different security and networking solutions including -- Internet Gateways including Cisco, Microsoft, Juniper -- Appliances including Celestix, Crossbeam, Resiliance -- NAC including Cisco NAC -- Security Event Management including ArcSight -- Identity Management

31 Introducing Websense Express

32 All-in-one-server Websense approach
Up to 250 users

33 Express Highlights Flexible Deployment Options Software
Appliances (US ONLY) Integrated System Platform Single Server Footprint Unified Product Installation Streamlined to Support Windows Platforms OS (Windows 2003 Server SP2, R2) DB (MSDE) Apache User Authentication (AD, NT) Localized Language Support German, French, Spanish, Japanese

34 Websense Express – Status

35 Websense Express – Summary

36 Websense Express – Tools

37 Websense Express – Policies

38 Websense Express – Reporting

39 Websense Express – Explorer

40 Questions?

Download ppt "Websense: Protecting Your Internet Users"

Similar presentations

Ads by Google