CyBlock Cloud Removes Security Blind Spots

Thursday, April 10th, 2014

 

CyBlock HTTPs Inspection

CyBlock HTTPs Inspection

Wavecrest Computing announces that SSL Inspection is now available in CyBlock Cloud. The SSL (HTTPS) Inspection feature allows CyBlock Cloud to decrypt, analyze, and fully inspect all HTTPS traffic. In order to defeat security threats facing companies today, the capability of SSL Inspection is becoming critical. With the rise in use of HTTPS and with applications (such as Twitter and Facebook) and search engines enabling SSL by default, most enterprises should expect an average yearly increase of ~20% in SSL traffic. The increased use of SSL can create “blind spots” that can actually reduce security on corporate networks because network security products and other defenses may not be able to monitor SSL traffic effectively or efficiently.

Surveys show 25%-35% of enterprise traffic is SSL-encrypted, and the number can be as high as 70% in specific industries. CyBlock Cloud’s SSL inspection feature enables organizations to gain visibility and control of SSL communications. It provides a critical control point for protection against Web threats, enforcing acceptable use policies and performance. Users can seamlessly enforce usage policies on both unsecured and secure traffic. Users can also choose what traffic to inspect or “tunnel” base on their specific security policies.

SSL traffic is growing into a significant amount of corporate traffic. This creates major blind spots for IT. CyBlock Cloud removes these blind spot, enabling organizations to establish a critical control point for Web protection, policy enforcement and performance of users and Web applications using SSL.

Displaying the Blocking Message When Connecting to a Secure Site

Tuesday, August 6th, 2013

Using CyBlock Software or CyBlock Appliance, a secure Web site (https://domain) can be blocked by blocking the corresponding category, explicit URL, or custom category in which the URL has been added. If the secure site contains a path (https://domain/path), the URL match is made on only the domain portion by default. SSL Inspection has to be turned on with the associated blocked category set to be inspected in order to match on the domain and path portions combined.

However, the following issue may be encountered with the browser for a secure site (https://domain). When a user attempts to connect to a blocked secure site through CyBlock Software or CyBlock Appliance, the browser is only capable of receiving a Connection Established header response. Any other response, including a blocking message, is treated as a failed connection, and contents embedded in the response are not rendered due to security constraints.

Therefore, in order to display the blocking message when a user is connecting to a blocked secure site, the proxy must first send a Connection Established header which will require an SSL certificate to be accepted by the browser. This certificate is generated using the Wavecrest root certificate. If the Wavecrest root certificate is not already installed in the browser, a certificate warning message will be issued that must be accepted in order to display the blocking message. Please see the Wavecrest Certificate Installation Guide for instructions on how to install and distribute the Wavecrest root certificate and prevent the certificate warning message for your users.

If you do not accept the certificate when you receive the warning message, just a blank page will be rendered in the browser with a generic browser error message.

For additional assistance, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

Analyze Your Encrypted Traffic With CyBlock SSL Inspection

Wednesday, July 17th, 2013

In huge numbers, more and more organizations, particularly e-businesses, are using Web-enabled applications that involve the use of personal, private, and sensitive data. Banking, online shopping, and credit card transactions are good examples, but by no means the only ones. SSL encryption is being increasingly used to protect the confidentiality of this business and personal data on the Web. Surveys show 25%-35% of enterprise traffic is SSL-encrypted, and the number can be as high as 70% in specific industries. SSL encryption is the most cost-effective way of protecting the privacy of this traffic.

While SSL encryption solves many privacy-protection problems, it can allow traffic that poses security threats–both inbound and outbound–to pass through security protection measures uninspected and unchecked.

Inbound Problem.  SSL encryption creates security blind spots in incoming traffic. The traditional security infrastructure that protects an organization is blind to the threats in inbound SSL traffic and provides an easy vehicle for criminals and hackers to hide their cyber attacks.

Outbound Problem.  In addition to the risks of incoming threats hiding over SSL channels bypassing security protections, outbound enterprise traffic is now a growing problem. This is becoming quite a “hot button” for security applications (e.g., content filtering applications) that tackle data loss prevention (DLP), compliance reporting, and lawful intercept. In the past these solutions could see what was outgoing, but now they are suddenly “in the dark” when it comes to the data transferred over SSL.

From a security standpoint, most organizations already deploy an array of network and security appliances and programs to protect their enterprise, enforce internal corporate acceptable use policies, and satisfy external government regulation. Unfortunately, in many instances, they can only inspect plaintext traffic and are unable to inspect HTTPS communications for attack signatures. This makes it difficult or impossible for network administrators to enforce corporate acceptable use policies or ensure threats, such as viruses, spam, and malware, are stopped before they reach individual users.

In addition, without the ability to examine the contents of HTTPS communications, network administrators leave open the possibility for information to be accidentally leaked out of the enterprise or worse, stolen. Regulatory compliance requirements, including identifying accidental or intentional leakage of confidential information, are also virtually impossible to meet because of HTTPS encryption.

CyBlock SSL Inspection gives network administrators the ability to monitor this SSL-encrypted traffic and to identify and respond to any undesirable content. The total HTTPS inspection process decrypts, analyzes, categorizes, and then re-encrypts the traffic. If necessary, specific standard and/or custom URL categories can be exempted from the inspection process; this is known as “tunneling.” In addition, full URL information in a number of Wavecrest audit reports is available to network administrators.

To learn more about how CyBlock SSL Inspection can protect your sensitive data, please see our SSL Inspection Tech Brief or contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

Source:  Examining SSL-Encrypted Communications – Netronome

Cyfin Release 8.8.0 and CyBlock Release 6.8.0 Now Available

Wednesday, April 17th, 2013

We are excited to announce the release of two major enhancements in the new version of Cyfin and CyBlock. The first major enhancement is the new SSL Inspection feature that allows our CyBlock products to decrypt, analyze, and fully inspect all HTTPS traffic. In order to defeat security threats facing companies today, SSL Inspection is essential. The second major enhancement is an innovative technique for protection against automated invasion of malicious scripts and software and/or unauthorized access to internal networks. Enhanced Malware Protection automates the process of identifying large numbers of new malware-spreading sites daily. To facilitate identifying and blocking malware traffic, three security threat categories have been consolidated into a new Malware category.

Other enhancements in this release include the rebranding of our products, new product icons displayed after installation, and new product Help. We also have a number of corrections in this release. The details of the enhancements include the following:

  • Product Rebranding.The Wavecrest products have been rebranded as follows:
    • The products offered are CyBlock and Cyfin (formerly Cyfin Reporter).
    • Three deployment options are available for CyBlock:
      • CyBlock Software (formerly CyBlock Proxy)
      • CyBlock Appliance
      • CyBlock ISA/TMG
    • These changes are reflected on the Wavecrest Web site and the Forum. They will eventually transition to the products and associated documentation.
  • SSL Inspection.This includes the following changes:
    • Ability to view the full URL including path, embedded URLs, and parameters.
    • Domain, path, and parameter matching.
    • Ability to filter detailed HTTPS traffic by Web categories and Web content types and display blocking messages for both.
    • Safe Search blocking (where applicable).
    • Ability to view full URLs in the Real-Time Web Monitor.
    • Ability to view full URLs in the following reports (where applicable), not just domains:
      • Category Audit Detail
      • Category Audit Summary
      • Site Audit Detail
      • User Audit Detail
      • User Audit Summary
    • A new SSL Inspection screen that allows you to select groups and/or IDs and standard and custom categories to be inspected. To access this screen, go to Advanced Settings – Proxy Settings – SSL Inspection. For inspection to occur, you must select a group and/or an ID, and set a category to Inspected. The Financial category is set to Tunneled by default for privacy reasons, but this can be changed to Inspected.

Note:  Before using SSL Inspection, the Wavecrest Certificate must be installed. Refer to the Wavecrest Certificate Installation Guide for instructions on how to install/distribute the certificate. For more information on this enhancement, see the SSL Inspection Tech Brief.

  • Enhanced Malware Protection in URL List.This includes the following changes:
    • Extensive malware site additions were made to the URL List. You will receive the enhanced protection when the list is downloaded manually or automatically.
    • The Hacking, Phishing/Fraud, and Spyware/Malicious categories were consolidated into a new Malware category.
    • Custom URL entries categorized as Hacking, Phishing/Fraud, and Spyware/Malicious are now categorized as Malware.
    • The Hacking, Phishing/Fraud, and Spyware/Malicious categories were replaced by the new Malware category on appropriate screens and in all category drop-down boxes.
    • For CyBlock, on the Block Web Categories screen, the Malware category is set to “Block” in the Default policy in new installations by default. In existing installations, previous settings will not change when the product is upgraded, that is, the Malware category will be set to the previous Spyware/Malicious category setting.
    • The Malware category is displayed on the Help – Reporting – Check URL screen under URL Category Match when there is a category match.
    • Scheduled reports now report on the Malware category if they were set up to report on the Hacking, Phishing/Fraud, and Spyware/Malicious categories.
  • Product Icons. The Wavecrest product icon has been replaced with new CyBlock and Cyfin product icons on the Start menu and on the browser tab (favicon).
  • Product Help. The QR pages in the product have been replaced by a new searchable Help system. The Help system has a similar TOC as the product manual, but also includes an Index and a Search box. If a search result indicates “Web site,” you can right-click the entry to open the page in a new tab or window. You can also print a displayed Help topic by clicking the Print button.

To see the full release notes for your product, visit the Support Forum. You can download the latest release by going to the Administration – Product Update screen in your Cyfin or CyBlock product.

For additional assistance, please contact us.