Choose from several options for complete web, email and data security.
Learn more
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Come work for the global leader in unified information security. Go
we want to hear from you >
Time for Black Hat again! Day one is almost complete and I’ve seen some big themes.
There’s some of the usual. Vulnerability scanning and pen testing are definitely present and the topics of identifying and learning from data breaches are still big—especially around the area of SIEM. There are also some new developments. For example, more exhibitors are simply about education, including your typical certification schools, but general higher learning institutions, like the University of Maryland, are also here.
As usual, Black Hat USA is full of security vendors and their products, but there seem to be more ‘service’ offerings showcased this year. This may not be surprising to those who have heard analysts increasingly discuss the weaknesses assumed by an organization that is overly dependent on purely in-house resources.
Education, services and research tools are obviously taking center stage in the battleagainst cybercrime. All this focus on education is precisely why we’ve developed a few new tools and resources to help resource-strapped customers tap into the expertise of the Websense® Security Labs™ researchers.
Sometimes you need more than what you have on-hand—especially when you are dealing with highly advanced malware and complex data stealing attacks. That’s when you need an expert security researcher to help. Our Websense Security Labs have morethan one hundred team members worldwide, hip–deep in the latest threats. The new Websense CyberSecurity Intelligence™ (CSI) services, announced today, help extend their expertise and educational benefits right into your organization.
Websense CSI services offer both online and 1:1 time with our researchers, through tools, training, in-person guidance and malware forensics.
All Websense CSI customers will have access to ThreatScope™, an online sandbox environment, to safely test potential malware. It uses our Websense Advanced Classification Engine (ACE) analytics to compile an extensive report of observed behavior on an uploaded file. Insights include the infection process; post-infection activities (such as calling home); system-level events and processes; registry changes and filemodifications.
Think about it, Black Hat USA only comes around once a year, but every day needs to be about education in the security field. Websense CSI services can be an extension of your learning process— giving you access to our researchers and the necessary tools to help you become more educated on the threats of today.
If you could study one aspect of today’s threats, what would you dive into?
Yesterday we posted about a new strain of highly advanced malware (APT), dubbed Flame. It is potentially the most advanced malware to date, at least in terms of functionality combined with the ability to stay hidden over a long period of time. It’s also unusually large (20 MB), whereas most attacks contain small files (under 1MB). The file is so large because it incorporates a broad set of capabilities including recording audio, taking screenshots, compiling a list of nearby Bluetooth devices, and more. It even includes some rare techniques not commonly found in malware, such as using the LUA scripting language for some of its functions. The primary function of Flame is to...
I’ve been to countless RSA Conferences. Two years ago it was about who survived. Last year was cloud hype. This year: mobile security.
In our booth, I demonstrated our new mobile security solution on an iPad non-stop. To the point of shoulder pain and post-show massage therapy after holding that thing up for hours and hundreds of demos to eager onlookers. The interest in mobile security is very real.
So how big is the problem?
We had the Ponemon Institute survey more than 4,000 IT professionals in 12 countries. It is clear from the answers that corporate mobile devices and the bring-your-own-device (BYOD) phenomenon are absolutely circumventing enterprise security and policies. Fifty-nine percent report that employees circumvent or disengage security features like passwords and key locks. A lost device with no password is an open door to email, calendars, social circles, and apps that access confidential information. And just over half experienced data loss because of unsecured mobile devices, including laptops, smartphones, USB devices, and tablets. The problem is big.
Most IT pros know that by enabling a mobile workforce they are supporting business productivity, but they also recognize the risk. Check out the full results of the survey here.
I can’t say this often enough: standard mobile device management (MDM) isn’t enough. You really need to look at the new Websense TRITON Mobile Security solution that we announced the RSA Conference. It combines four components (web security, data security, mobile malware / app protection, and mobile device management features). As a cloud security service, it prevents confidential data loss on iPads, iPhones, Android, and other mobile devices.
Feel free to comment and let me know what you think.
.XXX was approved as a "top-level domain" address last year by ICANN, and was set up to make it easier to identify adult sites. However, it has also had some unintended consequences.
For example, if you own Acme Explosives and have operated acmeexplosives.com for years, you might want to register acmeexplosives.xxx too (just to make sure no one else registers it for a porn site, possibly besmirching your reputation with the demolition crowd). You could leave it as a null site, or you could redirect your new .XXX site to your standard .com site.
Therein lies the rub: Websense will automatically categorize all .XXX sites as “Sex”. But if you are Acme, you might prefer to have people redirected to your commercial site, rather than having them run into a block page. Have no fear. If you have registered a .XXX page that redirects to a non-adult site and would prefer to have it categorized to something that reflects the true content, just send your request to suggest@websense.com or use the online submission tool.
Websense customers are already protected from inappropriate access. A database download has been pushed out to all Websense customers, timed to take effect before the .XXX top-level domain went live. Any product, from filtering to our TRITON Enterprise, will have this domain categorized in their database as "Sex." We may have some folks out there using old, unsupported versions of Websense that may be in for a surprise, but it shouldn't affect any current customers.
Today, we have some exciting news. Some of you may have already heard about it, because it is big!
Starting today, we have implemented a partnership with Facebook, arguably the largest, most important platform on the globe, to better protect users against malicious links leading to malware-embedded websites and fraud.
A platform as popular as Facebook is naturally a target for attackers. We have been working with Facebook and their security teams for a number of years in order to keep their users safe, but now we have integrated directly into the platform for an unprecedented security combination.
Soon, when a user clicks on a URL that has been posted within Facebook, that link will be sent to Websense for security classification. The Websense® ThreatSeeker® Cloud, an advanced classification and malware identification platform, will then analyze the link in real time. If the destination site is considered unsafe, the user is presented with a warning page that offers the choice to continue at their own risk, return to the previous screen, or get more information on why it was flagged as suspicious.
In this way, we are helping Facebook continue their proactive fight to keep malicious links off of their platform and allow safe use for all of its members.
Read more
Alan commented on the initial APT post: I hope you don't spew marketing hyperbole else this will turn dull rapidly. Don’t worry. We are going to stick to the facts. In this piece, I want to separate from the buzz around these attacks and talk about why you should care.
We’ve heard from a lot of executives, “What should we do about APTs?” There is a high level of concern from large organizations with serious IP (like source code) that they know others will try to get. But there’s also a large group that thinks, “I’m a $10M manufacturing company, in Ohio. I don’t think Chinese or North Korean hackers are going to be knocking on my door anytime soon.”
And, they are right. (read more)
The only constant in corporate security is change. Websense became famous as the best URL filtering company. We invented our ThreatSeeker Network and the world’s first Honey Grid, and as a result, we know the Web better than anyone else. Our customers saw Websense filtering as nice-to-have software that helped employees be productive and prohibited inappropriate use of a company’s Internet access.
But as our knowledge of the Web deepened, we were on the front lines as more attacks and security threats moved online. We quickly became the go-to experts on Web-based threats and our technology was so ingrained within the Web that we often were the first company to detect these threats. As we moved from filtering to Web security, we often protected our customers from Web threats before competitors were even aware that they existed.
Cybercriminals are on the move again. And, this time, Canada is the prime target. IP addresses in China and Eastern Europe are highly scrutinized and undergoing intense evaluation. So hackers are on a quest to move their networks to countries, like Canada, that have better cyber reputations.
It's a little surprising to me as well. Previously, Canada was a place of great beer and hockey (next year, Habs!). But Websense recently conducted an analysis of Canada’s cyber security risk profile, and all trends pointed to Canada as the new launchpad for cybercriminals. For example:
Jump in Hosted Phishing Sites - Canada saw a huge increase in the number of servers hosting phishing sites, jumping 319 percent in the last year. This tremendous increase over the last 12 months is second only to Egypt in terms of the growth of sites hosting crime ware.
Increase in Bot Networks – Cyber criminals are moving their command and control centers to safer grounds. In the past eight months, Canada saw a53 percent increase in bot networks. In fact, Canada scored the second highest for hosting bot networks, when compared to the U.S., France, Germany and China.
Malicious Websites – We’re seeing a trend of malicious websites decline across the board. However, Canada’s decline is tremendously slower, when compared to the countries listed above.
Overall Increase in Cyber Crime – In Websense’s most recent Threat Report, Canada is #6 in the world for hosting cyber crime . And, this number continues to rise.
A key media source on bin Laden’s death, Sohaib Athar (@ReallyVirtual), live-tweeted about hearing helicopters and explosions in Abbottabad six hours before bin Laden's death was announced. Athar links to his website from his Twitter account and has become a major source of media and public interest seeking more information. Websense Security Labs has discovered that the website belonging to Athar has been compromised by hackers and leads to the Blackhole exploit kit. Hackers are infamous for immediately taking advantage of notoriety and related searches in an attempt to infect massive numbers of computer users.
Cybercriminals are constantly exploiting where the masses go, and news on Osama bin Laden’s death is no exception. We want to warn everyone looking for news on bin Laden’s death to be cautious when clicking new links. Make no mistake—hackers are going after websites, like @ReallyVirtual’s, along with search engine results to prey on visitors looking for more information. Compromises on breaking news items are also very dangerous to organizations because employees who are searching online can potentially put an organization at risk for exploit and data loss.
