CEO Dennis McCabe spends a few minutes with CEOCFO Magazine

Tuesday, July 30th, 2013

 

 

“We focus on both the security and forensic features that provide not just an IT solution but a company-wide solution.”   Wavecrest Computing CEO Dennis McCabe spends a few minutes with CEOCFO Magazine

A Recognized Leader in Web Security Solutions, Wavecrest Computing Focuses on Maximizing the Benefits of Utilizing the Internet for Greater ROI and Provides Corporations with Essential Tools to Enforce Internet Use Policies and Protection.

 

CEOCFO Magazine Article

 

Analyze Your Encrypted Traffic With CyBlock SSL Inspection

Wednesday, July 17th, 2013

In huge numbers, more and more organizations, particularly e-businesses, are using Web-enabled applications that involve the use of personal, private, and sensitive data. Banking, online shopping, and credit card transactions are good examples, but by no means the only ones. SSL encryption is being increasingly used to protect the confidentiality of this business and personal data on the Web. Surveys show 25%-35% of enterprise traffic is SSL-encrypted, and the number can be as high as 70% in specific industries. SSL encryption is the most cost-effective way of protecting the privacy of this traffic.

While SSL encryption solves many privacy-protection problems, it can allow traffic that poses security threats–both inbound and outbound–to pass through security protection measures uninspected and unchecked.

Inbound Problem.  SSL encryption creates security blind spots in incoming traffic. The traditional security infrastructure that protects an organization is blind to the threats in inbound SSL traffic and provides an easy vehicle for criminals and hackers to hide their cyber attacks.

Outbound Problem.  In addition to the risks of incoming threats hiding over SSL channels bypassing security protections, outbound enterprise traffic is now a growing problem. This is becoming quite a “hot button” for security applications (e.g., content filtering applications) that tackle data loss prevention (DLP), compliance reporting, and lawful intercept. In the past these solutions could see what was outgoing, but now they are suddenly “in the dark” when it comes to the data transferred over SSL.

From a security standpoint, most organizations already deploy an array of network and security appliances and programs to protect their enterprise, enforce internal corporate acceptable use policies, and satisfy external government regulation. Unfortunately, in many instances, they can only inspect plaintext traffic and are unable to inspect HTTPS communications for attack signatures. This makes it difficult or impossible for network administrators to enforce corporate acceptable use policies or ensure threats, such as viruses, spam, and malware, are stopped before they reach individual users.

In addition, without the ability to examine the contents of HTTPS communications, network administrators leave open the possibility for information to be accidentally leaked out of the enterprise or worse, stolen. Regulatory compliance requirements, including identifying accidental or intentional leakage of confidential information, are also virtually impossible to meet because of HTTPS encryption.

CyBlock SSL Inspection gives network administrators the ability to monitor this SSL-encrypted traffic and to identify and respond to any undesirable content. The total HTTPS inspection process decrypts, analyzes, categorizes, and then re-encrypts the traffic. If necessary, specific standard and/or custom URL categories can be exempted from the inspection process; this is known as “tunneling.” In addition, full URL information in a number of Wavecrest audit reports is available to network administrators.

To learn more about how CyBlock SSL Inspection can protect your sensitive data, please see our SSL Inspection Tech Brief or contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

Source:  Examining SSL-Encrypted Communications – Netronome

Cyfin Release 8.8.2 and CyBlock Release 6.8.2 Now Available

Monday, July 1st, 2013

We are pleased to announce the release of new versions of CyBlock Appliance, CyBlock Software, and Cyfin. In this release, you will find significant enhancements to the products. For CyBlock, the first enhancement is the addition of a new screen that allows you to install client authentication certificates for the proxy so that it can connect to sites that require a nonstandard client certificate. The second enhancement involves a total revision of the Login Name Caching feature to allow more flexibility in the way user names are cached and cached entries are used. Also for CyBlock, domains that have issues when SSL Inspection is used can now be exempted from inspection.

Other enhancements in this release include the ability to import Active Directory Groups and IDs on a more frequent basis than once every 24 hours, and for Cyfin, we have made numerous changes to log file configurations. We also have a number of corrections in this release. The enhancements are described below.

  • SSL Certificates.  This includes the following changes:
    • The ability to install client authentication certificates for the proxy has been added so that the proxy can connect to sites that require a nonstandard client certificate. The proxy uses the installed client certificates when SSL Inspection is enabled to identify clients (Web applications) to Web servers.
    • The Advanced Settings – Proxy Settings – SSL Certificates screen has been added to allow you to add a client certificate. On this screen, you assign domains and groups and/or IDs to the certificate so that the usage of the certificate is secured to only those domains and for those groups and/or IDs. All fields on the screen are required.
    • As certificates are added, they are displayed in a list where you can enable/disable, edit, view, and delete each certificate.
  • Login Name Caching.  This includes the following changes:
    • The Advanced Settings – Proxy Settings – Login Name Caching screen has been updated to allow more flexibility in the way user names are cached and cached entries are used. The screen now consists of the following fields:
    • Cache Mode – The following options are available:
      • Primary – In this mode, cache is used when connection requests are made. If a cache entry is not found or is invalid, authentication occurs and user names are added to the cache.
      • Supplemental – This option is the default and replaces the previous Enable option. If authentication fails or an entry in the Authentication Manager Bypassed list is accessed, the cache is used before the user name “bypassed.”
      • Disabled – In this mode, cache is never used, and all connection requests are authenticated. Entries in the Authentication Manager Bypassed list are given the user name “bypassed.”
    • Duration of Valid Entry – This is the time in minutes that the entry will be available in cache before it is cleared. The default is two minutes.
    • Exempt IPs – This box allows you to enter IP addresses that should be excluded from login name caching. Wildcards (e.g., asterisk (*)) in IP addresses are not matched and should not be used.
  • SSL Inspection.  This includes the following changes:
    • The Advanced Settings – Proxy Settings – SSL Inspection screen now allows you to specify domains to be tunneled, that is, exempted from inspection.
    • Domains to be tunneled can be added or deleted.
    • The list of domains to be tunneled will include specific entries from the URL List. These sites are known to have issues when SSL Inspection is used, and they cannot be deleted from the domain list.
  • Active Directory.  The ability to import Active Directory Groups and IDs on a more frequent basis than once every 24 hours has been added. The Frequency field was added to the Advanced Settings – Groups and IDs – Import – Active Directory – Schedule screen allowing you to schedule the import hourly or at a specific hour.
  • Log File Configurations.  This includes the following changes:
    • On the Logfiles – Setup – Select Logfile Type screen, the Type of Logfile drop-down box has been updated as follows:
      • The following log file configurations have been added.
        • EdgeWave iPrism
        • NETGEAR
        • Palo Alto Firewall
        • Trustwave
      • The following log file configurations have been renamed.
        • 8e6 to 8e6 Appliance
        • BorderManager Proxy to BorderManager
        • BorderWare Firewall to BorderWare
        • Cisco Cache Engine to Cisco Content Engine
        • IronPort Appliance to IronPort
        • Nemesis Cache Proxy to SuperLumin Nemesis
        • NetCache Appliance to NetCache
        • Symantec Web Security to Symantec Web Gateway
      • The sort in the drop-down box has been changed to a case-insensitive sort. Previously, entries beginning with a lowercase letter were sorted last in the list, and entries with the first few letters in uppercase were out of order.
      • The following log file configurations have been converted to an XML format and allow the processing and better handling of more records. Previous and new reports may show differences in counts based on the number of records processed.
        • Barracuda Networks
        • Bloxx Proxy
        • Blue Coat Systems (SGOS 3 & 4 & 5)
        • Blue Coat Systems Common Format
        • CyBlock Appliance
        • CyBlock Proxy
        • Cyfin Proxy
        • EdgeWave iPrism
        • IronPort
        • McAfee Web Gateway
        • NETGEAR
        • Palo Alto Firewall
        • Squid Proxy
        • SuperLumin Nemesis
        •  Webwasher Gateway V7

To see the full release notes for your product, visit the Support Forum. You can download the latest release by going to the Administration – Product Update screen in your Cyfin or CyBlock product.

For additional assistance, please contact us.