Social Media Center

Today, web security threats are quickly shifting from signature-based threats to zero-day attacks, exploit kits, dynamic bot call-outs and many more. It’s absolutely critical that IT security teams stay ahead of cybercriminals with defenses that can analyze web traffic and threats in real time. That’s where the IDC MarketScape for Web Security report comes into play. Recently released, this report includes all major industry players. Below are four ways this report will help...

Once again, Websense has been recognized for three awards at the annual SC Magazine Awards. This year, we won all three for:

-          Best Enterprise Security Solution

-          Reader’s Trust Award for Websense Web Security Gateway

-          Best Corporate Security Blog

It is great to win in three different categories and to be recognized for exceptional enterprise protection and research of advanced attacks and evolving threats.

Websense Web Security Gateway Anywhere won the award for Best Enterprise Security Solution in the U.S. Excellence Award category and the award for Best Web Content Management Solution in the U.S. Reader’s Trust category. And the Websense Security Labs Blog won the award for Best Corporate Security Blog in the U.S. Social Media Award category. The awards were presented on February 28, 2012 at the SC Magazine Awards Gala in San Francisco.

The product awards are a testament to the foundations that allow us to claim that nobody in the world stops more threats:

-          The research and prevention expertise of the Websense Labs

-          ACE (the Websense Advanced Classification Engine), along with the ThreatSeeker Network

-          The TRITON architecture that products like Websense Web Security Gateway (along with email, mobile, and DLP solutions) are built upon.

Websense won by demonstrating the effectiveness against advanced malware of its real-time content analysis and unified security intelligence to a hand-picked expert panel of judges and the 2012 Reader Trust Voting Panel. 

The winner of this blogging category was determined by online votes from the general public, demonstrating that the Websense Security Labs blog is a trusted source for up-to-date and useful information on the latest outbreaks, threats, and other valuable security topics.

IT managers feel that getting a divorce or losing their job is less stressful than looking after company confidential data

SAN DIEGO—October 20, 2011— How are IT managers coping with today’s fast-changing threat landscape? Are they properly protected against the latest data-stealing malware? And would employees report if they compromised corporate data? To find out these answers and more, Websense, Inc. (NASDAQ: WBSN), a global leader in content security and data theft protection, commissioned independent research firm Dynamic Markets to survey 1,000 IT managers and 1,000 non-IT employees in the U.S., UK, Canada, and Australia about the latest threats to corporate and personal security, including modern malware and advanced persistent threats (APTs).

The research reveals that serious data breaches have occurred compromising CEO and other executives’ data, confidential customer data, and data necessary for regulatory compliance. IT managers are feeling the pressure and saying that data loss incidents put their jobs on the line and that the stress of managing their company confidential data is greater than divorce, managing personal debt, or a minor car accident. But help is on the horizon as headline-grabbing security incidents have promoted data security talks amongst top management and have driven focus on security, including the need for additional budget. Click here to download the full report entitled Security Pros & ‘Cons’: IT professionals on confidence, confidential data, and today’s cyber-cons.

Recently, Blue Coat announced the end of support for Websense in the next version of ProxySG (v6.3) and noted that affected customers using Websense need to migrate to Blue Coat WebFilter. The announcement incorrectly states that Websense was not providing updates and support despite recently working together to solve a customer issue. Websense fully supports its integrated product versions and has an open offer to Blue Coat executives to integrate its real-time defenses to increase the security effectiveness provided to joint customers.

The ‘net-net’ is that Blue Coat, at its sole discretion, decided to end support for Websense, thus removing the option for customers to protect their networks with market-leading Websense® web filtering. The Websense solution is backed by the Websense ThreatSeeker® Network, which is now linked into Facebook and its more than 800 million users, plus the Advanced Classification Engine (ACE) with its multiple defenses and real-time composite scoring to detect advanced threats and stop data-stealing attacks.

Over the years, Blue Coat has been challenged to develop product solutions on two fronts, one being web security and the other WAN optimization. Resources at Blue Coat are limited, and trade-offs have to be considered: Blue Coat had seven product releases over the past five years, and they were focused on WAN optimization, not security.

Security advancements in ProxySG and the underlying operating system SGOS have been few, if any, per-product release cycles during these years, including the most recent release v6.2. An example of trade- offs includes changing SGOS v5.x to allow non-compliant protocol traffic by default to make WAN optimization deployments easier at the expense of security. The other side of release cycles is software testing, and that can be a major bottleneck and delay in time to market (even more so when building WAN optimization into a web proxy). In order for Blue Coat to sustain advancements in ProxySG for web security, they have to try to do more with less.

Removing custom SDKs that support market-leading web filtering is one way to accomplish this objective at an expense to customers. The result for Blue Coat appears to be less code, less testing, less functionality, fewer support issues, and faster time to market for a release cycle. For an organization facing escalating feature requests from customers and declining rankings in analyst quadrants, they are faced with cutting back to the basics and trying to move forward. The big question is if there is enough runway to lift off and change the downward slide in web security at Blue Coat.

Pease read the following document here to read why you should consider Blue Coat as a tactical solution and Websense as a longer-term strategic web defense.

In the first two installments in this series, I talked about getting rid of the FUD around APTs and why they should matter to you, even if you aren’t a government agency, or one of the biggest companies on earth. Now let’s get down to the controversy that is consuming a lot of bandwidth in security circles: What is an APT and how is it any different from older malware attacks out there like botnets, blended attacks,  and standard binary-based viruses? So much is written about the topic, yet many people don’t really understand it and are just rehashing an old topic under a new name. 

The jaded folks in the security community say that all of the talk about APTs is FUD because true APTs are very few and far between. I beg to differ. I’d say that the APT buzz is not Fear, Uncertainty, and Doubt but rather Fear, Certainty, and Damage.

Let’s start with what makes a “true” APT (all examples are real)...

Early last week I was a guest of the OWASP San Diego Chapter who invited me to give a presentation on the Top Ten Web Hacking Techniques of 2010. An audience of nearly 50 filled the room, graciously hosted by Websense, and was treated to a sushi and sake dinner while I described and demoed the last year's latest research.

For those unfamiliar with this top ten, every year the Web security community produces a stunning amount of new hacking techniques published in various white papers, blog posts, magazine articles, mailing list emails, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and so on. The Top Web Hacking Techniques acts as a centralized knowledge base, a way to recognize researchers who contribute excellent work, and digestible way for the community keep up with the latest trends -- a look forward.

After the presentation I got the opportunity to meet many new people and learn more about the things in Web security that most interest them. Lots of chatter about where OWASP as an organization should be heading, conversations about the latest hacks in the news, what various Web security vendors are up to, and of course, several personal appsec projects. If you are in the San Diego area and interested in the subject matter, you should really consider attending. 

Jeremiah Grossman

Google announced a number of new technologies as part of their Google Inside Search Launch (http://www.google.com/insidesearch/). One of the more interesting elements is their idea to speed up the Web with something called "Instant Pages." The basic idea is that they are taking their ability to correctly guess what a user is going to search on, and pre-loading the content from the origin server onto your local machine. Apparently, this will only work with the Chrome browser.

On the challenging side, this leads to some interesting exploit scenarios. In the past, search algorithms have been duped to have malicious pages show up in results. In those cases, although they are dangerous, the user still has to click on one of the top results to get infected. In the new scenario, the big question is if a user can be exploited by simply searching, without even clicking on a link.

Though Google has assured in a subsequent interview that they don’t believe this will be an issue due to several aspects of their technology, there still exists an interesting possibility for exploitation of unsuspecting users, as SEO poisoning continues to be an ongoing problem. Remember from our 2010 Threat Report, searching for breaking trends and current news represents a higher risk (22.4% of search results poisoned) than searching for objectionable content (21.8%).

In slightly related news, Google also announced voice recognition to search. It will be interesting to see how the rogue AV camps will also be utilizing this to their advantage in the future.

Alan commented on the initial APT post: I hope you don't spew marketing hyperbole else this will turn dull rapidly. Don’t worry. We are going to stick to the facts. In this piece, I want to separate from the buzz around these attacks and talk about why you should care.

We’ve heard from a lot of executives, “What should we do about APTs?” There is a high level of concern from large organizations with serious IP (like source code) that they know others will try to get. But there’s also a large group that thinks, “I’m a $10M manufacturing company, in Ohio. I don’t think Chinese or North Korean hackers are going to be knocking on my door anytime soon.”

And, they are right. (read more)

Websense Positioned as a Leader in Magic Quadrant for Secure Web Gateway

Websense also positioned as a leader in the Magic Quadrant for Content-Aware Data Loss Prevention

SAN DIEGO, June 8, 2011 - In 2010, 52 percent of data-stealing attacks were conducted over the web(i) and 2011 doesn't look any safer. To stop targeted attacks and advanced persistent threats (APTs), organizations need new security strategies. Their content security needs to examine-in real time-the substance of each website and email. Traditional endpoint and network security products are no longer sufficient. That's why Websense, Inc. (NASDAQ: WBSN) developed the TRITON^TM solution, including the Websense® Web Security Gateway. And today, Websense announced that Gartner, Inc. has positioned Websense as a leader in its recently released "Magic Quadrant for Secure Web Gateway."(ii)

Hacker is a term used to mean a variety of things over the years, and as a catch all name for ‘bad guys’ perpetrating cybercrimes it’s pretty well accepted. Most people are unaware that different meanings exist when we say hacker, and it would be reasonable to ask why should you care? However, in understanding the motivation and objective behind your ‘hacker’  - you may be in a better position to plan an appropriate defence. Malicious hackers can be broken down in to 5 broad classifications, which we will explore in a series of ongoing posts. The first type we are going to explore are "Script Kiddies."

The Canadian Press just published a new article highlighting a recent Websense® report on cyber security in Canada. According to the report, Canada has become a hotbed for cybercrime as hackers move away from servers in China and Eastern Europe. Canada is now second on the list of countries hosting the most phishing sites, in addition to becoming sixth worst on Websense’s overall list for hosting all cybercrime attacks (as opposed to 13^th from last year).

"That doesn't mean the bad guys are in Canada, it doesn't mean the affected users are in Canada, but it means the Canadian infrastructure is being used to attack against someone in the world.” –Patrik Runald, Websense senior manager of security research

Basic precautions cannot prevent the harmful effects of attacks on this scale: most of the time network administrators can’t even tell that there’s malicious content hiding on their servers. The Canadian Press article calls attention to the Websense Security Labs™2010 Threat Report, which reports that almost 80% of cybercrime scams are on compromised legitimate web servers.

"The attacks we're tracking today are so advanced they're really hard to find unless you know exactly what you're looking for."—Patrik Runald

These findings raise an important issue: older, more traditional forms of web security do not stand a chance against such modern, blended threats. Learn about advanced ways to protect your organization here.

Cybercriminals are on the move again. And, this time, Canada is the prime target. IP addresses in China and Eastern Europe are highly scrutinized and undergoing intense evaluation. So hackers are on a quest to move their networks to countries, like Canada, that have better cyber reputations. 

It's a little surprising to me as well. Previously, Canada was a place of great beer and hockey (next year, Habs!). But Websense recently conducted an analysis of Canada’s cyber security risk profile, and all trends pointed to Canada as the new launchpad for cybercriminals. For example:

Jump in Hosted Phishing Sites - Canada saw a huge increase in the number of servers hosting phishing sites, jumping 319 percent in the last year.  This tremendous increase over the last 12 months is second only to Egypt in terms of the growth of sites hosting crime ware.                        

 Increase in Bot Networks – Cyber criminals are moving their command and control centers to safer grounds. In the past eight months, Canada saw a53 percent increase in bot networks. In fact, Canada scored the second highest for hosting bot networks, when compared to the U.S., France, Germany and China.  

Malicious Websites – We’re seeing a trend of malicious websites decline across the board. However, Canada’s decline is tremendously slower, when compared to the countries listed above.

Overall Increase in Cyber Crime – In Websense’s most recent Threat Report, Canada is #6 in the world for hosting cyber crime . And, this number continues to rise.