Category Archives: CyBlock Appliance

Reasons Customers Continuously Choose Wavecrest Include Pricing, ROI and Flexibility.

Wavecrest Computing has been providing the best-of- breed Web security and Web forensic solutions since 1996. Continuously delivering the highest quality products at the most competitive pricing has been pivotal to our longevity. We have the best and most loyal customer base in the industry. The fact is, we care about the success of each and every customer. If you are still not convinced, see what one of our loyal customers has to say for themselves.

“Our IT and Management team evaluated several products that were considered “tops” in the web monitoring field. Our evaluation included hardware appliances and software based systems as well as free to expensive versions. We decided upon the Wavecrest Cyblock Appliance for several reasons which included Pricing, ROI and Flexibility. We discovered that the Cyfin Reporter was also just as flexible providing us with the details needed to make adjustments to our Policies and Bandwidth as well as increasing employee’s productivity.”

— Allen Lochamy, Atlanta Bonded Warehouse, Atlanta, GA

Running Reports in the New CyBlock/Cyfin UI

With the release of the new user interface, managing reports is easier than ever before. The new UI streamlines the way reports are managed by displaying recently run reports and scheduled reports all in one location. It also consolidates scheduling a report with creating a report. The following highlights of the new features describe how to navigate through reporting.

First, you need to select the type of report you want to create. On the Reports Selection page, the reports are grouped by similarity, and a Tooltip provides a short description of the report to help you determine which report to run. Click the name of the report that you want to run.

This takes you to the Create Report page where you can run the report at the present time (unscheduled). You can also schedule the report to run automatically at a specific time, that is, daily, weekly, or monthly at a specific hour, or set up the report to run manually as needed.

Report delivery options allow you to wait for the report, e-mail the report to multiple addresses that you specify, and save the report to a location. E-mailing reports to group recipients has been replaced with allowing you to easily specify each e-mail address to which you want to send the report. Recipients will also receive an e-mail should a report fail to run for any reason. Saving the report to a group directory has been replaced with allowing you to save to any directory. If the directory does not exist, it will be created.

After you run or schedule your report, it will be displayed on the Manage Reports page.

The Recently Run Reports list shows all reports that were last run, that is, scheduled and unscheduled reports. The Scheduled Reports list shows reports that will run automatically at a specific time and those that will be run manually at a later time as needed.

Once you have run or scheduled reports, the Manage Reports page allows you to run, edit, duplicate, schedule, delete, and view these reports. You can also create new reports from this page.

For additional assistance, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

Wavecrest Computing Announces the Release of Our Redesigned User Interface

We are excited to announce the release of our redesigned user interface for Cyfin, CyBlock Software, CyBlock Appliance, and CyBlock Cloud. The new user interface (UI) design was a collaborative effort, including direct customer input. This input played a major role in the design and layout of the new UI. The results of this shared effort include a very intuitive layout with easy-to-use navigation and a widescreen layout that will cleanly work with any size monitor.

The new UI enhances our clients’ productivity by making it easier to access, configure, and manage all product functionality. We invite you to contact sales or technical support if you have any questions about the new UI!

CyBlock/Cyfin Release 9.0.5 Now Available

We are pleased to announce the release of a new version of CyBlock Appliance, CyBlock Cloud, CyBlock Software, and Cyfin. In this release, you will find corrections as well as enhancements to the products. For CyBlock Cloud, several enhancements have been added including the new SSL Inspection feature that allows our CyBlock products to decrypt, analyze, and fully inspect all HTTPS traffic. The enhancements are described below.

CyBlock Cloud

SSL Inspection. The new functionality includes the following:
- Ability to view the full URL including path, embedded URLs, and parameters.
- Domain, path, and parameter matching.
- Ability to filter detailed HTTPS traffic by Web categories and Web content types and display blocking messages for both.
- Search Term blocking.
- Ability to view full URLs in the Real-Time Web Monitor.
- Ability to view full URLs, not just domains in the following reports:
  - Category Audit Detail
  - Category Audit Summary
  - Site Audit Detail
  - User Audit Detail
  - User Audit Summary
- A new SSL Inspection page that allows you to first install the Wavecrest Certificate, and then select groups and/or IDs and categories to be inspected. Go to Settings – Proxy – SSL Inspection to access this page.
Control Web Categories. The following features have been added:
- The Filtering Schedule allows you to block categories by day, hour, or half hour
- Coaching can be enabled on blocked categories and allows users to temporarily bypass blocked sites.
Web Blocking Message. The following features have been added:
- The Redirect option allows you to specify a URL that the user will be redirected to when he or she tries to access a blocked site.
- “Coaching” has been added to the Tokens drop down in the Message Editor, and token {6} to the blocking message for coaching purposes. If coaching is enabled on the Control Web Categories page, the message will include a link to bypass the blocking message allowing the user to access the Web site.
Reports. The following features have been added:
- On the Manage Reports page, in the Recently Run Reports section, the view icon allows you to view your recently run report. If multiple reports were generated depending on how you ran the report, a list is displayed with links.
- On the Create Report page, the following options have been added:
  - Report Format. A PDF version of the report can now be generated in addition to the HTML format.
  - Time Frame Filter. The Filter field allows you to filter the days and times to include in the report data. You can create a new filter or select an existing filter.
- Sample Site Analysis and User Audit Detail reports are now available. Go to Reports – Sample Reports to access these reports.
Product Help. The Technical Support contact page has been replaced by the product Help. The Help system has a similar TOC as the product manual, but also includes an Index and a Search box. Access the product Help by clicking Help in the navigation bar at the top.

CyBlock Appliance and CyBlock Software

Web Blocking Message. This includes the following changes:
- “Coaching” has been added to the Tokens drop down in the Message Editor.
- For the Redirect option, a note is displayed indicating that the URL for the blocking message must include “https://.”
SSL Inspection. The URL live.mozillamessaging.com has been added from the URL List to the list of domains to be tunneled and cannot be deleted from the domain list.

CyBlock Appliance, CyBlock Software, and Cyfin

E-Mail Settings. The ability to use e-mail server authentication has been added to the Settings – E-Mail page. If authentication is required, you can now enter the e-mail server user name and password.

To see the full release notes for your product, visit our Web site. You can download the latest release by going to CyBlock Software Downloads or Cyfin Downloads. To upgrade CyBlock Appliance, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

For additional assistance, please feel free to contact us.

March Madness Starts This Week! – Estimated $1.9 billion Lost for Every Unproductive Hour

This week is the beginning of one of the most popular events of the year… March Madness! An exciting month for sports fans everywhere!

The excitement during the tournament is addictive! Employees have office pools and discuss the games all through the day. The trouble with March Madness? It occurs during the work day. “An average of 10.7 million people watched March Madness games in 2013, the most since 1994.” During this time, an organization does need to worry.

Management needs to be concerned about low productivity, “An MSN poll in 2012 found that 56% of respondents, equivalent to 77.1 million employees, planned to devote at least one hour to March Madness. Using those figures, the damages rise to $1.9 billion for every unproductive hour.” IT, as well as management, needs to worry about the risk of lower bandwidth for critical business operations, “Turner Sports, which operates the NCAA’s website, said 6.8 million unique visitors watched games online during the first week of last year’s tournament. Visitors spent an average of 1 hour and 51 minutes online each time they opened a stream.” These disruptions can cause major problems with the normal operations of any business.

March Madness begins March 18^thand runs through the beginning of April. Revisit your organization’s AUP and let your employees know the negative impact their actions could have on the organization.

It is a good time to think seriously about making one of Wavecrest Computing’s CyBlock Advanced Web Security solutions a priority. Whether you are thinking you would like to block all access to sports, or thinking you would like to allow some time for your employees to enjoy March Madness while maintaining control over crucial business operations. CyBlock Advanced Web Security solutions can do both. CyBlock can easily block sports or, just as easily, allow for filtering by time frame. Implement flexible filtering by day, hour, or half hour while controlling bandwidth, threat protection, and enforcing your AUP in an easy to manage interface. With deployments options of CyBlock Cloud with the optional CyBlock Mobile Security App, CyBlock Software, CyBlock ISA/TMG, or CyBlock Appliance, Wavecrest can help you find the solution that you need now. Many of these options can be up and running the day you purchase. Do not wait until the Final Four’s final basket!

*Excerpts from Foxbusiness.com, March Madness Ready to Distract Workers Nationwide, By Matthew Rocco Published March 11, 2014

Wavecrest Early Adopter Program

Be part of Wavecrest’s innovative process

When participating in the Early Adopter Program (EAP), you will have access to our latest innovations and emerging technologies. Having the opportunity to provide suggestions on new solutions before they are publicly released, you will play an integral part in the future enhancements to our products. We will also provide a dedicated EAP Wavecrest expert who will be there to assist you throughout the program.

How does the program work:

Simply put, you apply for the Wavecrest EAP program and select what product/features interests you most. We will provide you with access to the latest fully tested products/features. You communicate with your EAP Wavecrest expert on your progress and any issues.

Who can participate:

All current Wavecrest Computing customers are eligible to join the Early Adopter Program (EAP)

How to participate:

New User Interface Now Available in CyBlock/Cyfin Release 9.0.4

We are excited to announce the availability of a major release with a redesigned user interface and enhanced functionality in our products – CyBlock Software, CyBlock Appliance, and Cyfin. Some of the highlights of the enhancements are listed below within the new menu structure.

Rebranding

CyBlock Proxy has been renamed to CyBlock Software, and Cyfin Reporter to Cyfin.
Product version numbers have been consolidated, and all products now have the same version number.

Logon

A more secure logon is available. After logging on with the default password, you will be required to change your password on the Change Your Password screen. If you forget your password, a “Forgot password” link is available to reset your password to the default.

Menu Structure

Web Management (CyBlock). In this menu, you will find the Filtering features, such as Control Web Categories, Web Content, and Web Search, and Web Blocking Message. Bandwidth Management and the Client Download and Install screen for CyBlock Appliance are also in this menu.
- You can now customize your blocking message using a Message Editor embedded in the interface. Previously, your HTML file would have to be modified outside the product. A Restore Default button allows you to revert to the Wavecrest default blocking message.
Data Management. This menu covers the screens for setting up, viewing, and revalidating log file data. The screens for enabling and configuring settings for the Report Database are in this menu as well as the screens for importing, viewing, and deleting the data.
User Management. This menu covers all aspects of managing users including adding groups and IDs, setting up and importing users from Active Directory, importing users from a text file, adding administrator and operator logon accounts, and authentication.
- The Change Your Password screen lets you change your password at any time and requires your password to meet certain criteria.
Categorization. This menu contains all screens associated with the Wavecrest URL List including changing the location, downloading the list, checking the categories of URLs, adding custom categories, and selecting categories to display on reports.
Real-Time Monitors (CyBlock). In this menu, you will find the protocol (CyBlock Appliance), Web, and bandwidth monitors.
- The Real-Time Web Monitor includes new options to display authentication challenge (407) requests and wrapped URLs. The settings and controls are now also available in a toolbar and can be changed while the monitor is gathering data in real time.
Reports (CyBlock Software and Cyfin). This menu covers running Dashboard Top and Trend charts, creating different types of reports, and viewing sample reports. The ability to customize or schedule a report has been consolidated with creating a report giving you a streamlined way to manage reports.
- The Dashboard Top Coached Report is now available in CyBlock Appliance.
System Status. This menu covers system information that is intended for administrators’ use, such as server status and information, filter status (CyBlock), job queue, and policy reports.
- New screens allow you to see array communication messages, dates and times of the URL List and product updates, product event errors and messages, and profiling information. The event and profiling logs are used by Technical Support for troubleshooting purposes.
Settings. In this menu, you will find those features that usually require a one-time setup, such as license information, product admin e-mail address, PAC file, SSL certificates, SSL inspection, array setup, memory settings, and report options.
- (CyBlock Appliance) The Web Redirects screen allows you to redirect HTTP traffic from port 80 to port 8080 and also exclude IP addresses from being redirected.
Help. Along with product documentation, Support screens, and contact information, the Help menu now contains the Category Descriptions and Check for Product Updates screens.

To see the full release notes for your product, visit our Support Web site. You can download the latest release by going to the Administration – Product Update screen in your Cyfin or CyBlock product.

For additional assistance, please contact us.

Cyfin Release 8.8.3 and CyBlock Release 6.8.3 Now Available

We are pleased to announce the release of three new audit reports in the new versions of Cyfin and CyBlock, which can provide management with detailed Web-use data on specific employees. These audit reports could be of interest to corporate IT forensic personnel, law enforcement agencies, anyone in the legal community, and forensic criminal investigators. They are capable of processing large amounts of log file data and support several types of log file formats such as Blue Coat and IronPort. The new reports are as follows:

Search Terms Audit Detail – The report shows search terms that users entered on popular search engine sites such as Google. It includes an option to show “prefetched” search results that were performed as the user was typing. These results are referred to as keystroke searches. This report can be used as a tool to aid in forensic investigations. It also indicates the number of search terms entered and can give the details of a user’s keystrokes.
Denied Detail – The report shows the specific URLs to which users were denied access. The data is broken out by user. Each Web page attempt is displayed with its corresponding category. Denied attempts for a Web page can signify that the user may not be authorized to receive the page, the page may not have been found by the Web server, or the page may have been blocked for access. If you have Web filtering enabled, this report can verify that it is working and is a very useful supplementary tool for individual user audits.
Legal Liability Detail – The report shows the specific URLs of Legal Liability Web activity by user, that is, visits to only the Anonymous/Public Proxy, Cults, Drugs, Gambling, Hate and Crime, Malware, and Pornography categories that pose a legal liability risk. By reporting on only these categories, smaller, more focused reports are available to facilitate analyses, investigations, and audits related to legal liability issues.

To see the full release notes for your product, visit the Support Forum. You can download the latest release by going to the Administration – Product Update screen in your Cyfin or CyBlock product.

For additional assistance, please co ntact us.

Displaying the Blocking Message When Connecting to a Secure Site

Using CyBlock Software or CyBlock Appliance, a secure Web site (https://domain) can be blocked by blocking the corresponding category, explicit URL, or custom category in which the URL has been added. If the secure site contains a path (https://domain/path), the URL match is made on only the domain portion by default. SSL Inspection has to be turned on with the associated blocked category set to be inspected in order to match on the domain and path portions combined.

However, the following issue may be encountered with the browser for a secure site (https://domain). When a user attempts to connect to a blocked secure site through CyBlock Software or CyBlock Appliance, the browser is only capable of receiving a Connection Established header response. Any other response, including a blocking message, is treated as a failed connection, and contents embedded in the response are not rendered due to security constraints.

Therefore, in order to display the blocking message when a user is connecting to a blocked secure site, the proxy must first send a Connection Established header which will require an SSL certificate to be accepted by the browser. This certificate is generated using the Wavecrest root certificate. If the Wavecrest root certificate is not already installed in the browser, a certificate warning message will be issued that must be accepted in order to display the blocking message. Please see the Wavecrest Certificate Installation Guide for instructions on how to install and distribute the Wavecrest root certificate and prevent the certificate warning message for your users.

If you do not accept the certificate when you receive the warning message, just a blank page will be rendered in the browser with a generic browser error message.

For additional assistance, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

Analyze Your Encrypted Traffic With CyBlock SSL Inspection

In huge numbers, more and more organizations, particularly e-businesses, are using Web-enabled applications that involve the use of personal, private, and sensitive data. Banking, online shopping, and credit card transactions are good examples, but by no means the only ones. SSL encryption is being increasingly used to protect the confidentiality of this business and personal data on the Web. Surveys show 25%-35% of enterprise traffic is SSL-encrypted, and the number can be as high as 70% in specific industries. SSL encryption is the most cost-effective way of protecting the privacy of this traffic.

While SSL encryption solves many privacy-protection problems, it can allow traffic that poses security threats–both inbound and outbound–to pass through security protection measures uninspected and unchecked.

Inbound Problem. SSL encryption creates security blind spots in incoming traffic. The traditional security infrastructure that protects an organization is blind to the threats in inbound SSL traffic and provides an easy vehicle for criminals and hackers to hide their cyber attacks.

Outbound Problem. In addition to the risks of incoming threats hiding over SSL channels bypassing security protections, outbound enterprise traffic is now a growing problem. This is becoming quite a “hot button” for security applications (e.g., content filtering applications) that tackle data loss prevention (DLP), compliance reporting, and lawful intercept. In the past these solutions could see what was outgoing, but now they are suddenly “in the dark” when it comes to the data transferred over SSL.

From a security standpoint, most organizations already deploy an array of network and security appliances and programs to protect their enterprise, enforce internal corporate acceptable use policies, and satisfy external government regulation. Unfortunately, in many instances, they can only inspect plaintext traffic and are unable to inspect HTTPS communications for attack signatures. This makes it difficult or impossible for network administrators to enforce corporate acceptable use policies or ensure threats, such as viruses, spam, and malware, are stopped before they reach individual users.

In addition, without the ability to examine the contents of HTTPS communications, network administrators leave open the possibility for information to be accidentally leaked out of the enterprise or worse, stolen. Regulatory compliance requirements, including identifying accidental or intentional leakage of confidential information, are also virtually impossible to meet because of HTTPS encryption.

CyBlock SSL Inspection gives network administrators the ability to monitor this SSL-encrypted traffic and to identify and respond to any undesirable content. The total HTTPS inspection process decrypts, analyzes, categorizes, and then re-encrypts the traffic. If necessary, specific standard and/or custom URL categories can be exempted from the inspection process; this is known as “tunneling.” In addition, full URL information in a number of Wavecrest audit reports is available to network administrators.

To learn more about how CyBlock SSL Inspection can protect your sensitive data, please see our SSL Inspection Tech Brief or contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

Source: Examining SSL-Encrypted Communications – Netronome

Wavecrest Blog

The Latest news, tips and resources straight from the Wavecrest team.