Choose from several options for complete web, email and data security.
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Come work for the global leader in unified information security.
we want to hear from you >
Last week we announced several new, important core security technologies that we added to our TRITON architecture. Websense ACE now includes 10 new defense innovations; seven are focused on outbound traffic to keep data theft and call-home communications contained, preventing theft or loss. Because so many of them are industry firsts, I wanted to take a moment to explain what many of these do and why we created them.
Truth is, the bad guys are stealing corporate data and avoiding detection using advanced techniques. In just the last year, we've seen key intellectual property and user identities stolen from corporations and government agencies, including some you would least expect-including entertainment (gaming) and security companies!
Below are a few examples of how cyber criminals are going undetected, stealing your IP, and how we can stop it from happening.
Before we begin, I recommended reading Getting Ready For Data Loss Prevention (DLP). Go ahead, I’ll wait for you…
Back? OK, now let’s talk what comes after; the “How” to implement DLP part.
As a next step, and at the risk of blowing my own horn, consider watching the recording of a webcast I did on April 5 here. You’ll get recommendations on how to deal with issues that are often overlooked in DLP deployments as well as some critical “how to” advice. This I position as an antidote to the all-too-common and none-too-helpful “just do it” approach to DLP advice. Because, on the path to DLP success, there are two deadly pitfalls to watch out for:
The first is in understanding where to start your data protection strategy using DLP (and why). Where to start influences your program’s effectiveness compared to how much risk you are hoping to eliminate from the business.
The second pitfall is in understanding how to execute. The "how" may be the most important part as it ultimately determines how soon you will benefit from DLP and determines the amount of resources that are required.
Surviving one of the pitfalls is hard enough, but trying to get through both on your own is nearly impossible.
Unfortunately, much of the historical “how” started with massive data-discovery projects, which usually meant at least six-months of project consulting before any data is protected.
Not every DLP vendor has the same vision for how to make DLP work, so make sure that you understand your vendor’s approach and agree with it.
Have a listen and let me know what you think.
Ever been to a webinar that tells you what to do, but fails
to say how? Well, this week I’m determined to change that. I’m hosting a
webinar that will help eliminate DLP fears and provide a guide on managing
risk. As a Websense expert on DLP, I’m going to give real-world practical
advice on how anyone can understand, apply, and realize real measurable DLP
Here’s the webinar
link. Join me on Thursday, April 5th at 10 a.m. PST/1 p.m. EST. You’ll
- Guiding principles of security and risk
- Data breach trends from the last six years
- Nine-step DLP methodology and execution strategy
- Success factors in addressing the web DLP
While CIOs don’t need to be convinced that data loss protection is
important—many are afraid of failure. They have heard horror stories about
deployment complexities and operational nightmares. Recent high-profile data
breach headlines have also made them question the true value and effectiveness
of DLP. Could you blame them? Well, this webinar is designed to give you a road
map to DLP success.
Register for the webinar here: http://www.websense.com/content/brighttalk-webcast.aspx
If you have any questions on DLP or the webinar, feel free
to post a comment.
As we conduct business in an increasingly cloudy, mobile, and social world, it’s more important now than ever to take data security and privacy into consideration. Data is everywhere and its value is growing exponentially. But with data moving in and out of your organization so quickly—how can you keep it safe?
This is the perfect time of year to ask that question—today is Data Privacy Day. The National Cyber Security Alliance has coordinated various events in the United States and Canada to help facilitate discussions and raise awareness of data privacy and security issues.
In my opinion, the public and private sector must work together to combat the rising tide of data-hungry cyber criminals. Government legislation is and has been making strides toward mitigating cyber crime. In the U.S., 48 out of 50 states now enforce data breach notification laws, which require companies that collect or store personal identifiable information to notify customers if their information is compromised.
And, in Canada, mandatory data breach notification may soon become federal law. The Canadian Parliament is currently reviewing Bill C-12, a proposed update to Canada’s existing privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA). At present, PIPEDA currently does not contain any breach notification provisions.
However, as we all witnessed in 2011, legislation alone cannot protect data. According to an upcoming study from the Identity Theft Resource Center (ITRC), previewed in advance by Information Week, in 2011, there were 419 breaches publicly disclosed in the U.S., affecting a staggering 22.9 million records.
This means we still have A LOT of work to do. And, consumers are losing patience. They hold businesses directly accountable for the loss of their personal data and continue to bring class action lawsuits against organizations. This consumer unrest is likely to fuel additional legislation that may punish companies financially for losing customer data. Corporations have to take responsibility.
Here are three key recommendations for protecting customer data:
Recently, the Wall Street Journal posted a great article on “What to Do if You've Been Hacked,” and I think there are a few items that should be looked at a little more closely.
The article explores the traditional forensics and communications approach to dealing with the aftermath of a data breach. I’d like to take it a step further to discuss how you can prevent future hacks from happening.
In a number of recent cases we’ve where one hack can lead to another. It’s a potentially embarrassing situation for a company and a potentially career-threatening event for a CISO or CSO.
So, what should you do?
I think there is a need for industries to first admit a problem – a problem with data. A huge volume of new content is being created, shared and moved inside and outside our walls every second. The challenge is that much of this data is sensitive and is a major governance and data theft concern. In order to prevent both accidental data loss and malicious data theft organizations need to be able to identify what is and is not sensitive information and be able to accurately categorize sensitive information as it is created without a massive process that intrudes or adds additional steps to content creator.
We’ve seen this is a real challenge for organizations, so we have been working closely with Microsoft to accurately monitor, identify, categorize, and ensure protection and proper use of sensitive information— as it is being authored. It’s a big challenge and a huge technology hurdle. That said, at the recent Microsoft® BUILD developer conference we demonstrated accurate real-time file classification and data security policy application done automatically, without manual intervention from the author.
I’ve been getting a lot of questions about compliance as more companies reveal that they’ve been breached or hacked – so I thought I’d get your feedback on the issue.
While these episodes have businesses and consumers (including me) paying attention, I’ve also started to become more concerned about another source of sensitive, private data: electronic health records (EHR).
Last year, the Identity Theft Resource Center counted 160 breaches in the medical/healthcare industry, representing 24.2 percent of total breaches and close to 2 million records. That’s a huge volume, and a huge concern. Medical records are a veritable gold mine of personal data, often containing a complete package of all the valuable information criminals need to perpetrate fraud, including: SSNs, DOB and in many cases, insurance and credit card information. (more)
The headlines are bleeding again with news of another HUGE data theft story. How many more will there be in the next week, month, year? In the last few months alone, Sony, RSA, and Oak Ridge National Laboratory lost data. Jai Vijayan at ComputerWorld thinks these breaches are matter of when, not if (“You will get breached. Get over it.”). And at a an average cost of about $200 per record you can multiply the number of customer records that you store and probably get funding for your long-delayed DLP project TODAY.
But is that just the tip of the iceberg?