Choose from several options for complete web, email and data security.
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Come work for the global leader in unified information security.
I recently hosted a Websense customer round-table discussion with 20 CSOs from top U.S. companies. We swapped war stories, hashed out the security challenges they face every day and they shared how they’ve been successful. These CSOs work in a variety of industries, including federal, finance and healthcare. Recently, there have been a number of highly public targeted attacks, which led to a lengthy discussion on spear-phishing. I found their insights very valuable and I wanted to share some key points...
This week, Juniper Research estimated that the number of employee-owned smartphones and tablets used at work is set to reach 350 million by 2014, up from 150 million in 2012. With new smartphones and tablets inundating companies worldwide, IT security teams are struggling to determine acceptable use policies. It goes beyond corporate BlackBerries and laptops to the newest BYOD (like iPads, iPhones, etc).
To help teams manage the mobile influx, we just released a new five-part Websense Mobile Acceptable Use Policy Kit. It provides a guide to help your company embrace mobile devices, communicate with employees, and keep confidential data secure. You can confidently use this guide to help you get started on your company’s acceptable use policy or to supplement your existing mobile device acceptable use policy.
Last week we announced several new, important core security technologies that we added to our TRITON architecture. Websense ACE now includes 10 new defense innovations; seven are focused on outbound traffic to keep data theft and call-home communications contained, preventing theft or loss. Because so many of them are industry firsts, I wanted to take a moment to explain what many of these do and why we created them.
Truth is, the bad guys are stealing corporate data and avoiding detection using advanced techniques. In just the last year, we've seen key intellectual property and user identities stolen from corporations and government agencies, including some you would least expect-including entertainment (gaming) and security companies!
Below are a few examples of how cyber criminals are going undetected, stealing your IP, and how we can stop it from happening.
Every day, organizations worldwide are targeted by data-stealing attacks. While these attacks have evolved in frequency and sophistication, many security defenses have failed to adapt. Old techniques don’t address containment against data theft and cybercrime call-home communications. The growing prevalence of cloud apps, along with increases in SSL traffic, mobility and remote users are also adding more blind spots to traditional defenses.
It’s imperative that we continue to stay up-to-date on the latest tactics and tricks. Join me this Wednesday, August 8, 2012 from 10 a.m. - 11 a.m. PT for a webinar on the seven stages of data theft. We’ll be covering each of these steps:
Reconnaissance - Targeted
attackers access credentials and research online profiles, email IDs, org.
chart information, hobbies and interests from social profiles to gain insight
on their victims.
Lures - Designed to prey
on human curiosity, web lures often link to videos or breaking news, while
email lures are more business-focused on transaction and fake delivery notices.
Redirects - Users are
usually directed to a survey, rogue anti virus offer or a fake web page where
an exploit kit is waiting. Traditional redirects are injection attacks, while
newer ones focus on social networking wall postings, fake plug-ins, fake
certificates and heavily obfuscated java script.
Exploit Kits - The
exploit kit objective is like that of a sniper: take the shot with a malware
dropper file only when an open door for tested vulnerabilities is found.
Dropper Files - This stage
is what most people consider the focus of their forward-facing defenses:
analyze every file that comes into the network for malware. The problem is
dropper files use dynamic packers, so known signatures and patterns are not
Call-Home - This stage
involves calling home for malware downloads and tools, and for sending back
information, standard procedure for any successful online attack. The problem
is that most defenses are only forward-facing and do not analyze the outbound
traffic from infected systems.
Data Theft - This is
what they are after. The ability to contain an attack and stop data theft raises
many questions that we will address. Can your defenses detect password files
leaving your network or the use of custom encryption on outbound files?
In addition, we’ll be covering: why current defenses are failing; today’s new security requirements; and the newest, bleeding edge advanced threat and data theft defenses to emerge thus far.
We look forward to having you join the webinar. Bring your questions and be ready to talk threats!
Time for Black Hat again! Day one is almost complete and I’ve seen some big themes.
There’s some of the usual. Vulnerability scanning and pen testing are definitely present and the topics of identifying and learning from data breaches are still big—especially around the area of SIEM. There are also some new developments. For example, more exhibitors are simply about education, including your typical certification schools, but general higher learning institutions, like the University of Maryland, are also here.
As usual, Black Hat USA is full of security vendors and their products, but there seem to be more ‘service’ offerings showcased this year. This may not be surprising to those who have heard analysts increasingly discuss the weaknesses assumed by an organization that is overly dependent on purely in-house resources.
Education, services and research tools are obviously taking center stage in the battleagainst cybercrime. All this focus on education is precisely why we’ve developed a few new tools and resources to help resource-strapped customers tap into the expertise of the Websense® Security Labs™ researchers.
Sometimes you need more than what you have on-hand—especially when you are dealing with highly advanced malware and complex data stealing attacks. That’s when you need an expert security researcher to help. Our Websense Security Labs have morethan one hundred team members worldwide, hip–deep in the latest threats. The new Websense CyberSecurity Intelligence™ (CSI) services, announced today, help extend their expertise and educational benefits right into your organization.
Websense CSI services offer both online and 1:1 time with our researchers, through tools, training, in-person guidance and malware forensics.
All Websense CSI customers will have access to ThreatScope™, an online sandbox environment, to safely test potential malware. It uses our Websense Advanced Classification Engine (ACE) analytics to compile an extensive report of observed behavior on an uploaded file. Insights include the infection process; post-infection activities (such as calling home); system-level events and processes; registry changes and filemodifications.
Think about it, Black Hat USA only comes around once a year, but every day needs to be about education in the security field. Websense CSI services can be an extension of your learning process— giving you access to our researchers and the necessary tools to help you become more educated on the threats of today.
If you could study one aspect of today’s threats, what would you dive into?
We recently released findings on the current state of security in Canada. If you’ve read that piece, you may now be wondering how that compares with the rest of the world. The Websense Security Labs recently released our 2012 Threat Report exploring the biggest threats, trends, and themes collected by the Websense ThreatSeeker Network and investigated by our security lab research teams.
2011 redefined the way many think of and view internet and corporate security. 2012 is continuing this trend. From high profile targeted attacks, hacktivism, data theft and the leverage of exploit kits to selectively deliver malware dropper files when vulnerabilities are detected on user systems, the year forced everyone to think, “Am I next?”
The Websense Security Labs Threat Report provides metrics and practical advice for IT Security professionals. Take a read and let us know if you have any questions about the findings.
With the hectic travel schedule of first quarter wrapping up I had some spare time to think about advocating a fresh approach to security for the spring. I know it’s not the beginning of the year, but if your schedule is anything like mine, this may be the first time you’ve had a minute to spare since the calendar moved to 2012. With everything in the threat landscape changing so frequently, it’s important to reassess your current status and plan for the coming year, whenever we can come up for air. So, I came up with the following nine tips to help you get a fresh start this spring:
Ever been to a webinar that tells you what to do, but fails
to say how? Well, this week I’m determined to change that. I’m hosting a
webinar that will help eliminate DLP fears and provide a guide on managing
risk. As a Websense expert on DLP, I’m going to give real-world practical
advice on how anyone can understand, apply, and realize real measurable DLP
Here’s the webinar
link. Join me on Thursday, April 5th at 10 a.m. PST/1 p.m. EST. You’ll
- Guiding principles of security and risk
- Data breach trends from the last six years
- Nine-step DLP methodology and execution strategy
- Success factors in addressing the web DLP
While CIOs don’t need to be convinced that data loss protection is
important—many are afraid of failure. They have heard horror stories about
deployment complexities and operational nightmares. Recent high-profile data
breach headlines have also made them question the true value and effectiveness
of DLP. Could you blame them? Well, this webinar is designed to give you a road
map to DLP success.
Register for the webinar here: http://www.websense.com/content/brighttalk-webcast.aspx
If you have any questions on DLP or the webinar, feel free
to post a comment.
When we were looking at putting out our Websense Security Labs predictions for 2012, we knew that mobile threats were going to be big this year. While we included one prediction on it, there was one piece that I had thought of, but didn’t include. It’s still a ways away, but Paul Henry has an excellent write up on “QR Codes – Leading Lambs To the Slaughter.”
He correctly points out that these “ultimate url-obfuscators” can be a serious threat down the line.
It’s a good reminder that any applications on workforce mobile devices need to be properly sandboxed from the operating system. We’ve already noted in Websense Security Labs research that there are challenges with certain platforms and there are a number of mobile malware variants, including Trojans on handhelds.
It’s interesting to think QR codes as threats continue to evolve in the mobile landscape. What’s funny is as I was writing this, our Security Labs researches discovered QR codes being used a new way – through a spam campaign.
What do you think about QR codes?
IT managers feel that getting a divorce or losing their job is less stressful than looking after company confidential data
SAN DIEGO—October 20, 2011— How are IT managers coping with today’s fast-changing threat landscape? Are they properly protected against the latest data-stealing malware? And would employees report if they compromised corporate data? To find out these answers and more, Websense, Inc. (NASDAQ: WBSN), a global leader in content security and data theft protection, commissioned independent research firm Dynamic Markets to survey 1,000 IT managers and 1,000 non-IT employees in the U.S., UK, Canada, and Australia about the latest threats to corporate and personal security, including modern malware and advanced persistent threats (APTs).
The research reveals that serious data breaches have occurred compromising CEO and other executives’ data, confidential customer data, and data necessary for regulatory compliance. IT managers are feeling the pressure and saying that data loss incidents put their jobs on the line and that the stress of managing their company confidential data is greater than divorce, managing personal debt, or a minor car accident. But help is on the horizon as headline-grabbing security incidents have promoted data security talks amongst top management and have driven focus on security, including the need for additional budget. Click here to download the full report entitled Security Pros & ‘Cons’: IT professionals on confidence, confidential data, and today’s cyber-cons.
Follow us on SpiceWorks
We want to hear from you!