Choose from several options for complete web, email and data security.
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Come work for the global leader in unified information security.
we want to hear from you >
Do you think data breaches are up or down in 2011 compared to 2007 or 2008? The official answer may surprise you. According to DatalossDB and the 2011 Data Breach Investigations Report by Verizon, the number of records compromised per year has been decreasing since its 2008 peak. But these reports are missing something very important. It all comes down to what is reported. Last year I met with more than 450 CIOs and CSOs, and almost all of them said that incidents are way up. New breaches are constantly making headlines, so why is there a discrepancy between our perception and what these reports are finding?
Many industry reports focus on the never-ending stream of leaked or stolen personally identifiable information (PII). Most laws and industry standards, such as PCI DSS, also concentrate on PII. But there is something that could be more dangerous to lose than PII and that isn't getting enough attention in data breach reports—intellectual property (IP).
As soon as I heard about today’s Pew Internet Trust and American Life Project survey that says most people surf the Internet for no particular reason—I immediately thought of our recent research showing that the leisure, or fun side of the web can often be tainted. Searching for breaking trends and current news represented a higher risk (22.4 percent) than searching for objectionable content (21.8 percent). For example, while doing research for our threat report we found that searching for breaking trends and current news represented a higher risk (22.4 percent) than searching for objectionable content (21.8 percent).
Most people get into trouble when they are busy doing something that isn’t useful—internet use included. OK, so what does this mean for you at work? Well, if you didn’t know it already, your new workforce is on the internet A LOT, and they expect to have internet access.
So, you’ve got workers wandering the net and at every moment they are just two clicks away from malware. Makes you stop and think a bit about the security defenses you have in place within your organization, doesn’t it?
The study says, “internet users of all ages are much more likely now than in the past to say they go online for no particular reason other than to pass the time or have fun. Some 58 percent of all adults (or 74 percent of all online adults) say they use the internet this way.”
“Young adults’ use of the internet can at times be simply for the diversion it presents. Indeed, 81 percent of all young adults in this age cohort report they have used the internet for this reason at least occasionally.”
And it’s not just the youngest that are wandering the internet in their spare time (at their lunch, or on a slow Friday, or Monday). More than 65 percent of those 30-49 exhibit the same behavior.
You can’t stop internet access and keep happy employees, but you can keep your organization safe.
Keep up with the latest in threats and threat research at the Websense Security Labs blog.
Recently, Blue Coat announced the end of support for Websense in the next version of ProxySG (v6.3) and noted that affected customers using Websense need to migrate to Blue Coat WebFilter. The announcement incorrectly states that Websense was not providing updates and support despite recently working together to solve a customer issue. Websense fully supports its integrated product versions and has an open offer to Blue Coat executives to integrate its real-time defenses to increase the security effectiveness provided to joint customers.
The ‘net-net’ is that Blue Coat, at its sole discretion, decided to end support for Websense, thus removing the option for customers to protect their networks with market-leading Websense® web filtering. The Websense solution is backed by the Websense ThreatSeeker® Network, which is now linked into Facebook and its more than 800 million users, plus the Advanced Classification Engine (ACE) with its multiple defenses and real-time composite scoring to detect advanced threats and stop data-stealing attacks.
Over the years, Blue Coat has been challenged to develop product solutions on two fronts, one being web security and the other WAN optimization. Resources at Blue Coat are limited, and trade-offs have to be considered: Blue Coat had seven product releases over the past five years, and they were focused on WAN optimization, not security.
Security advancements in ProxySG and the underlying operating system SGOS have been few, if any, per-product release cycles during these years, including the most recent release v6.2. An example of trade- offs includes changing SGOS v5.x to allow non-compliant protocol traffic by default to make WAN optimization deployments easier at the expense of security. The other side of release cycles is software testing, and that can be a major bottleneck and delay in time to market (even more so when building WAN optimization into a web proxy). In order for Blue Coat to sustain advancements in ProxySG for web security, they have to try to do more with less.
Removing custom SDKs that support market-leading web filtering is one way to accomplish this objective at an expense to customers. The result for Blue Coat appears to be less code, less testing, less functionality, fewer support issues, and faster time to market for a release cycle. For an organization facing escalating feature requests from customers and declining rankings in analyst quadrants, they are faced with cutting back to the basics and trying to move forward. The big question is if there is enough runway to lift off and change the downward slide in web security at Blue Coat.
Pease read the following document here to read why you should consider Blue Coat as a tactical solution and Websense as a longer-term strategic web defense.
I’ve been on the road quite a bit and have collected a lot of good information that I want to share with you all. Most of what’s been attracting my attention is the recent crop of targeted attacks. For every one you hear about in the news, another 50 occur behind the scenes. I’ve spent a lot of time working with CIOs and CISOs to help them develop a strategy to protect against these threats.
One place where targeted attacks were a huge topic of conversation was at the U.S. Security Confab event that I attended last week. It’s hosted annually by my friends Jerry Archer, CISO Sallie Mae, Dave Cullinane, CISO EBAY, and Bob Bragdon, Publisher CSO Magazine. If you have never attended I highly recommend it (as if you needed an excuse to spend a week in California). It’s one of the best security conferences in the world.
APTs, targeted attacks, and advanced malware were the common threads that permeated the majority of the presentations. The resounding theme was also the lack of shared strategy and organization within the security community against our common enemy – cybercriminals. Right now when one of us is attacked we share the information upstream with the government, but we fail to turn that into any real, viable intelligence for the private sector. Don’t you think it would be helpful if we had a standardized way to share the intelligence in a standard format that details the “who” and the “how” of the attack? And I’m not just talking about U.S. here; this could be global as well. In this scenario, thousands of companies would be protected instantaneously when one of us learns of a new cyber threat.
Recently, we took a step in the right direction when the Pentagon announced that cyber space is a new battleground. A cyberspace attack on U.S. assets is now considered equal to an attack occurring on U.S. soil. At the same time Department of Defense Secretary, William J. Lynn III acknowledged the need for cooperation. He said:
“Strong partnerships with other U.S. government departments and agencies, the private sector and foreign nations are crucial. Our success in cyberspace depends on a robust public/private partnership. The defense of the military will matter little unless our civilian critical infrastructure is also able to withstand attacks.”
This is a great step, but we must continue to organize within the security community, since the bad guys are already organized and many of us stand on our own. Click here to read more about the Pentagon news.
This week I am attending the Austin NG security summit, so next week I will be talking about successful strategies to protect against ATPs and targeted attacks as well as any great insights from the Austin summit. In the meantime, let me know if you have any questions.
Early last week I was a guest of the OWASP San
Diego Chapter who invited me to give a presentation on the Top
Ten Web Hacking Techniques of 2010. An audience of nearly 50 filled
the room, graciously hosted by Websense, and was treated to a sushi and sake
dinner while I described and demoed the last year's latest research.
For those unfamiliar with this top ten, every
year the Web security community produces a stunning amount of new hacking
techniques published in various white papers, blog posts, magazine articles,
mailing list emails, etc. Within the thousands of pages are the latest ways to
attack websites, Web browsers, Web proxies, and so on. The Top Web Hacking
Techniques acts as a centralized knowledge base, a way to recognize researchers
who contribute excellent work, and digestible way for the community keep up
with the latest trends -- a look forward.
After the presentation I got the opportunity to meet many new people and learn
more about the things in Web security that most interest them. Lots of chatter
about where OWASP as an organization should be heading, conversations about the
latest hacks in the news, what various Web security vendors are up to, and of
course, several personal appsec projects. If you are in the San Diego area and
interested in the subject matter, you should really consider attending.
Who: These are the heavyweights of the cybercriminal world. Corporate attack and espionage is a stealthy, organised, funded activity by professional agents operating rather like the legitimate companies they hope to steal from. The worker bees are usually found beavering away with state of the art computing equipment, multiple monitors and the blinds well drawn. While the big cheeses are well connected individuals with fingers in pies and eyes firmly on the ball. Together they make a formidable team.
Why: Big Bucks. These guys are out to target company confidential data which can then be sold on to the highest bidder. There are two distinct categories within this group; one aiming long term using Advanced Persistent Threats (APT) and the other group more focused on short- to midterm financial gains.
What: The APT attack nicknamed Operation Aurora in 2009/2010 was aimed at US high tech companies including Google and Adobe. It was thought to originate in China with speculation of Government involvement. Aurora exploited a zero-day vulnerability in Internet Explorer with a goal to steal IP and modify source code.
commented on the initial APT post: I hope you don't spew marketing hyperbole else this will turn dull rapidly. Don’t worry. We are going to stick to the facts. In this piece, I want to separate from the buzz around these attacks and talk about why you should care.
We’ve heard from a lot of executives, “What should we do about APTs?” There is a high level of concern from large organizations with serious IP (like source code) that they know others will try to get. But there’s also a large group that thinks, “I’m a $10M manufacturing company, in Ohio. I don’t think Chinese or North Korean hackers are going to be knocking on my door anytime soon.”
And, they are right. (read more)
Who : This is the largest group of cybercriminals. In another era they would have been found nicking your purse, knocking over old ladies or selling solid gold watches for £10 from a battered old suitcase. These guys have picked up a few skills along the way, nothing too complicated, just straightforward malware, adware or spam. Once they have perfected how to do it once, they do it again and again and again.
Why: Fast, financial gain. The mainstays are fake antivirus programs, manipulating your identity, using your credit card numbers, or stealing passwords. Some make their money through illegal advertising, often paid by a legitimate company for pushing business their way. Cheap pills, anyone? Some members of this group believe they are simply "aggressive marketers." It helps them sleep at night.
What: Phishing and SEO poisoning was used within minutes of the earthquake which hit Japan in March 2011. Emails asking for donations to a rogue cause ‘Humanitarian Care Japan’ did the rounds and searching for the latest news online resulted in several links to malicious sites. Following the link, the victim was redirected to fake antivirus via a "CLICK HERE" button. A warning then appears stating that your computer might already be infected. Whether the "Cancel" or "OK" button is clicked, rogue a Windows OS-like anti-virus interface will popup. The user is then scared into thinking their computer is infected and they must download the scammers' program and pay for it to be cleaned up.
Hacker is a term used to mean a variety of things over the years, and as a catch all name for ‘bad guys’ perpetrating cybercrimes it’s pretty well accepted. Most people are unaware that different meanings exist when we say hacker, and it would be reasonable to ask why should you care? However, in understanding the motivation and objective behind your ‘hacker’ - you may be in a better position to plan an appropriate defence. Malicious hackers can be broken down in to 5 broad classifications, which we will explore in a series of ongoing posts. The first type we are going to explore are "Script Kiddies."
1. Script kiddies
Who : This group want in on the action. They are usually thought of as barely shaving malodorous teens, hacking late in to the night, drinking pop and eating giant bags of crisps. Remember the film "War Games"? Despite the fact that it’s nearly 30 years later the resemblance is just as popular as ever. Often they break into computers using programs written by others, with very little knowledge about the way they work, other times they are flexing their newly formed cyber muscles.
Why: because they can. These are not the hardened criminals of the cyber world - their primary motivation is not money – it’s bragging rights. It’s all about proving they have the skills or hacking for the sheer thrill of doing something naughty. At best they're a nuisance, at worst they are honing their CV for a future career in cybercrime.
What: In 2009 an 18-year-old hacker hijacked high-profile Twitter accounts, including Barack Obama and Britney Spears. He gained entry to Twitter’s administrative control panel by pointing an automated password-guesser at the account of a member of Twitter’s support staff, giving him the ability to access any Twitter account by resetting the password. Realizing he hadn’t used a proxy to hide his IP address, potentially making him traceable, he shared the knowledge with fellow hackers so they could hack the accounts instead.
We'll continue to look at other types of hackers in future posts. Stay tuned for more Insights in the coming days.