Choose from several options for complete web, email and data security.
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Come work for the global leader in unified information security.
“Patch Java and you’ll be protected against Java threats”
We seem to hear this constantly, not just in the last few months, but for years. Way back in Nov. 2011, we were told that if we had Java 6 Update 29 or Java 7 update 1, we wouldn’t be vulnerable to the security weaknesses in the headlines. Yet, with each update vulnerabilities continue to be discovered and exploited. We even had two Java 0-day exploits included in kits before Oracle had patches prepared. Yet despite the patches, we continue to hear about new vulnerabilities...
So what to do? Based on my discussions with other pros and my own experience I’ll be presenting a series on how to mitigate Java risks to protect your endpoints. We’ll look at: Proactive; Immediate; and Long-Term prophylactic measures. Here’s what you can start acting on now:
This week, Juniper Research estimated that the number of employee-owned smartphones and tablets used at work is set to reach 350 million by 2014, up from 150 million in 2012. With new smartphones and tablets inundating companies worldwide, IT security teams are struggling to determine acceptable use policies. It goes beyond corporate BlackBerries and laptops to the newest BYOD (like iPads, iPhones, etc).
To help teams manage the mobile influx, we just released a new five-part Websense Mobile Acceptable Use Policy Kit. It provides a guide to help your company embrace mobile devices, communicate with employees, and keep confidential data secure. You can confidently use this guide to help you get started on your company’s acceptable use policy or to supplement your existing mobile device acceptable use policy.
Last week we announced several new, important core security technologies that we added to our TRITON architecture. Websense ACE now includes 10 new defense innovations; seven are focused on outbound traffic to keep data theft and call-home communications contained, preventing theft or loss. Because so many of them are industry firsts, I wanted to take a moment to explain what many of these do and why we created them.
Truth is, the bad guys are stealing corporate data and avoiding detection using advanced techniques. In just the last year, we've seen key intellectual property and user identities stolen from corporations and government agencies, including some you would least expect-including entertainment (gaming) and security companies!
Below are a few examples of how cyber criminals are going undetected, stealing your IP, and how we can stop it from happening.
Every day, organizations worldwide are targeted by data-stealing attacks. While these attacks have evolved in frequency and sophistication, many security defenses have failed to adapt. Old techniques don’t address containment against data theft and cybercrime call-home communications. The growing prevalence of cloud apps, along with increases in SSL traffic, mobility and remote users are also adding more blind spots to traditional defenses.
It’s imperative that we continue to stay up-to-date on the latest tactics and tricks. Join me this Wednesday, August 8, 2012 from 10 a.m. - 11 a.m. PT for a webinar on the seven stages of data theft. We’ll be covering each of these steps:
Reconnaissance - Targeted
attackers access credentials and research online profiles, email IDs, org.
chart information, hobbies and interests from social profiles to gain insight
on their victims.
Lures - Designed to prey
on human curiosity, web lures often link to videos or breaking news, while
email lures are more business-focused on transaction and fake delivery notices.
Redirects - Users are
usually directed to a survey, rogue anti virus offer or a fake web page where
an exploit kit is waiting. Traditional redirects are injection attacks, while
newer ones focus on social networking wall postings, fake plug-ins, fake
certificates and heavily obfuscated java script.
Exploit Kits - The
exploit kit objective is like that of a sniper: take the shot with a malware
dropper file only when an open door for tested vulnerabilities is found.
Dropper Files - This stage
is what most people consider the focus of their forward-facing defenses:
analyze every file that comes into the network for malware. The problem is
dropper files use dynamic packers, so known signatures and patterns are not
Call-Home - This stage
involves calling home for malware downloads and tools, and for sending back
information, standard procedure for any successful online attack. The problem
is that most defenses are only forward-facing and do not analyze the outbound
traffic from infected systems.
Data Theft - This is
what they are after. The ability to contain an attack and stop data theft raises
many questions that we will address. Can your defenses detect password files
leaving your network or the use of custom encryption on outbound files?
In addition, we’ll be covering: why current defenses are failing; today’s new security requirements; and the newest, bleeding edge advanced threat and data theft defenses to emerge thus far.
We look forward to having you join the webinar. Bring your questions and be ready to talk threats!
We recently released findings on the current state of security in Canada. If you’ve read that piece, you may now be wondering how that compares with the rest of the world. The Websense Security Labs recently released our 2012 Threat Report exploring the biggest threats, trends, and themes collected by the Websense ThreatSeeker Network and investigated by our security lab research teams.
2011 redefined the way many think of and view internet and corporate security. 2012 is continuing this trend. From high profile targeted attacks, hacktivism, data theft and the leverage of exploit kits to selectively deliver malware dropper files when vulnerabilities are detected on user systems, the year forced everyone to think, “Am I next?”
The Websense Security Labs Threat Report provides metrics and practical advice for IT Security professionals. Take a read and let us know if you have any questions about the findings.
With the hectic travel schedule of first quarter wrapping up I had some spare time to think about advocating a fresh approach to security for the spring. I know it’s not the beginning of the year, but if your schedule is anything like mine, this may be the first time you’ve had a minute to spare since the calendar moved to 2012. With everything in the threat landscape changing so frequently, it’s important to reassess your current status and plan for the coming year, whenever we can come up for air. So, I came up with the following nine tips to help you get a fresh start this spring:
With all of the crazy 2011 security breaches, exploits and notorious hacks, what can we expect for 2012? Last year’s Websense Security Labs predictions were very accurate, so these predictions should provide very useful guidance for security professionals. Here are the highlights; the full report can be downloaded here.
Read more commentary and watch the video here.
The only constant in corporate security is change. Websense became famous as the best URL filtering company. We invented our ThreatSeeker Network and the world’s first Honey Grid, and as a result, we know the Web better than anyone else. Our customers saw Websense filtering as nice-to-have software that helped employees be productive and prohibited inappropriate use of a company’s Internet access.
But as our knowledge of the Web deepened, we were on the front lines as more attacks and security threats moved online. We quickly became the go-to experts on Web-based threats and our technology was so ingrained within the Web that we often were the first company to detect these threats. As we moved from filtering to Web security, we often protected our customers from Web threats before competitors were even aware that they existed.
As Chief Security and Strategy Officer for Websense my calendar is filled with customer visits, events, and meetings in different cities each month. All the time spent on planes also allows me to catch up on my reading and keep up with the latest trends and topics in the security world. While I may not have quite as many airline miles as George Clooney in Up in the Air, I like to think I am getting close. What I would like to do in this blog is share the knowledge I gain each month surrounding new insights or particularly interesting talks I have with top security executives, creating the opportunity for everyone to benefit from my travels (without the lost luggage).
If you are an IT executive, leverage me to help you with the changing landscape of IT Infrastructure and Security. My role is to listen to your needs and help you develop strong security strategies. Then I bring these needs back to Websense so that we are always on top of the latest trends and always listening to our customers and what they want out of a security solution. I also spend a significant amount of time helping CISOs develop strategies in my five areas of expertise:
The sky is falling! Or maybe it’s just the clouds… regardless, this week’s crash of Amazon’s Elastic Cloud Compute (EC2) - is simply incredible. One of the largest and most reliable cloud providers in the world DIED. Redundancies failed.
And, unfortunately this calls into questions many cloud services and what this means to the future adoption of these very beneficial technologies. This brings me back to a few more third-party SLA elements that I overlooked in my previous post after the Epsilon breach.
I read a recent Mashable article that points to the repercussions of this episode, and what it means for many cloud or SaaS startups – things you should consider before even thinking about engaging with them.
How many letters have you received? You know what I’m talking about. Let’s talk data breaches. Let’s avoid the hype of the headlines and some of the sensationalism of the media coverage. And look at a few facts from recent episodes to see if we can identify the root issue at the heart of the breaches.
I’ve already posted a first glance look at the Epsilon breach, but, let’s talk about this in a little more detail. There are three critical elements that need to be addressed here.
1. The business imperatives that lead to this episode
2. Why most organizations aren’t currently equipped to prevent such breaches
3. What companies need to do to protect themselves from third part breaches
In my second discussion at CSO Perspectives 2011, I’m going to speak with Roland Cloutier, Vice President and Chief Security Officer for ADP on “It’s Not Just the Devices: Getting a Secure Handle on Rogue Cloud Applications.”
The fact is so much is moving to the cloud that you’ve probably got some work groups within your organization implementing them without telling the CIO, let alone the CSO. This is a serious security concern. So much of our workforce is mobile, or at remote offices, that these sorts of implementations aren’t just inevitable, they’ve probably already occurred in your business. Roland and I are going to talk through our personal experiences ensuring that the right information is only going to the right places, and that any security gaps in these applications are addressed with proper security focused on the content.
I’d like to start a conversation here.
“There is no question that the threat landscape is evolving at a rapid pace… Furthermore, cyber-perpetrators will readily pounce on exploitable gaps in legacy security products… what Websense is accomplishing with its TRITON architecture is providing businesses with an extensible and adaptable mechanism to fight fire with fire” – Michael Suby, VP Research at Stratecast
CRN recently released an article that calls attention to the predicament organizations are finding themselves in: as they leverage social media, mobility, and cloud computing, companies are realizing that their traditional protection methods are ill-equipped to adapt to growing threats. CRN outlines our launch of Websense® TRITON ™ as arming partners and customers with a new breed of content security, quoting David Meizlik:
“They need a blended set of security technologies for blended styles of threats,” he said, adding that Websense’s goal is “keeping bad content out and good content secure.”
Follow us on SpiceWorks
We want to hear from you!