Choose from several options for complete web, email and data security.
Learn more
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Come work for the global leader in unified information security. Go
we want to hear from you >
“Patch Java and you’ll be protected against Java threats”
We seem to hear this constantly, not just in the last few months, but for years. Way back in Nov. 2011, we were told that if we had Java 6 Update 29 or Java 7 update 1, we wouldn’t be vulnerable to the security weaknesses in the headlines. Yet, with each update vulnerabilities continue to be discovered and exploited. We even had two Java 0-day exploits included in kits before Oracle had patches prepared. Yet despite the patches, we continue to hear about new vulnerabilities...
So what to do? Based on my discussions with other pros and my own experience I’ll be presenting a series on how to mitigate Java risks to protect your endpoints. We’ll look at: Proactive; Immediate; and Long-Term prophylactic measures. Here’s what you can start acting on now:
Last week we announced several new, important core security technologies that we added to our TRITON architecture. Websense ACE now includes 10 new defense innovations; seven are focused on outbound traffic to keep data theft and call-home communications contained, preventing theft or loss. Because so many of them are industry firsts, I wanted to take a moment to explain what many of these do and why we created them.
Truth is, the bad guys are stealing corporate data and avoiding detection using advanced techniques. In just the last year, we've seen key intellectual property and user identities stolen from corporations and government agencies, including some you would least expect-including entertainment (gaming) and security companies!
Below are a few examples of how cyber criminals are going undetected, stealing your IP, and how we can stop it from happening.
More
With the hectic travel schedule of first quarter wrapping up I had some spare time to think about advocating a fresh approach to security for the spring. I know it’s not the beginning of the year, but if your schedule is anything like mine, this may be the first time you’ve had a minute to spare since the calendar moved to 2012. With everything in the threat landscape changing so frequently, it’s important to reassess your current status and plan for the coming year, whenever we can come up for air. So, I came up with the following nine tips to help you get a fresh start this spring:
<CONTINUE>
Last week, Lady Gaga became the latest celebrity to have her Twitter account hacked. In this instance the hacker used it to attract clicks to a scam offer for a free iPad. While this scam was designed to collect information rather than inject malware or data stealing code, it was incredibly effective. Hundreds of thousands of clicks happened in a very short amount of time before the post was taken down.
As a Security Researcher in the Websense Security Labs I’m often called upon to explain the dangers associated with these types of hacks, and how to avoid falling victim. It's a tough one because once an account is taken over the hacker mimics/impersonates the true owner of the account. In the Lady Gaga example the twitter hack used the nickname "monsters" in a rogue tweet which is a term her fans will be familiar with. Making it all the more believable.
Here are some tips for staying safe while following celebrities on Twitter...
As soon as I heard about today’s Pew Internet Trust and American Life Project survey that says most people surf the Internet for no particular reason—I immediately thought of our recent research showing that the leisure, or fun side of the web can often be tainted. Searching for breaking trends and current news represented a higher risk (22.4 percent) than searching for objectionable content (21.8 percent). For example, while doing research for our threat report we found that searching for breaking trends and current news represented a higher risk (22.4 percent) than searching for objectionable content (21.8 percent).
Most people get into trouble when they are busy doing something that isn’t useful—internet use included. OK, so what does this mean for you at work? Well, if you didn’t know it already, your new workforce is on the internet A LOT, and they expect to have internet access.
So, you’ve got workers wandering the net and at every moment they are just two clicks away from malware. Makes you stop and think a bit about the security defenses you have in place within your organization, doesn’t it?
The study says, “internet users of all ages are much more likely now than in the past to say they go online for no particular reason other than to pass the time or have fun. Some 58 percent of all adults (or 74 percent of all online adults) say they use the internet this way.”
“Young adults’ use of the internet can at times be simply for the diversion it presents. Indeed, 81 percent of all young adults in this age cohort report they have used the internet for this reason at least occasionally.”
And it’s not just the youngest that are wandering the internet in their spare time (at their lunch, or on a slow Friday, or Monday). More than 65 percent of those 30-49 exhibit the same behavior.
You can’t stop internet access and keep happy employees, but you can keep your organization safe.
Keep up with the latest in threats and threat research at the Websense Security Labs blog.
I've been meeting with a lot of customers recently, and two things that keep coming up are concerns about advanced targeted attacks and how to deal with the threats that social media bring into an organization.
Now, social media has been around for quite some time, it’s not new. The new challenge is the surprising rate at which it is evolving and the fact that it is seen now as a freight train that IT can’t stop—and shouldn’t try stopping.
Marketing uses Facebook and Twitter. HR uses LinkedIn. Even customer support is looking at Twitter. And a new generation of workers can’t seem to live without constantly being connected—and expectation they bring to work with them. I’ve even had a CSO come out and say, “Even in a tough job market, my CEO says we need to do everything we can to get the best candidates out there. That means access to social media and the innovations that come with it. Basically they told me to make it happen AND keep us safe.”
We’ve been working on things to keep organizations safe on the social Web for ages, but it helps to check in with the world every now and then to make sure we are on the right track in allowing safe access to social media.
With that in mind, we teamed with the Ponemon Institute to assess the social media readiness and risk profile of more than 4,000 IT and IT security practitioners around the globe, and what we found is a little surprising.
The Websense Security Labs™ are recognized worldwide for their threat expertise and research on the latest trends and exploits on the wild Web. Recently, the Security Labs began their Video Diary series, a quick look at what they are working or what's hot in security research for that week. These quick insights can be found every week at the Security Labs home page. Archived episodes can be found by clicking on the video player and scrolling across the bottom.
This week, Stephan Chenette and Elad Sharf talk about a recent event in which the Security Labs provided customers a hands on training experience, sharing how our researchers analyze and understand threats on the Web. This week's video is featured here.
You can follow the Weekly Video Diary, along with Websense Security Labs Alerts by subscribing to the RSS feed, so you don't miss any breaking security news.
Recently, I was speaking with a CSO of a major corporation and the topic of how much money is made with cybercrime came up. Now, many of us talk about the proliferation of easily monetizable cybercrime, but because it is an invisible enemy, some people have trouble understanding the threat. I wanted to quickly share with you a great article that should be required reading for everyone in IT security:http://www.wired.com/magazine/2011/01/ff_hackerville_romania/all/1
The story covers the evolution of the small town of Râmnicu Vâlcea, Romania and how it went from having “a decades-old chemical plant and a modest tourism industry” to become what the article calls “Cybercrime Central.”
