Determining employee Web-use behavior with Smart Engine analytics

Wednesday, October 31st, 2018

Determining employee Web-use behavior with Smart Engine analytics

I previously discussed that employee Web use has much to do with human behavior in the workplace, and the management of it is not just an IT issue. All stakeholders and areas of the company can help manage employee Web use effectively. With IT investing time in researching and implementing the most suitable Web filtering and monitoring solution for the organization, collaborators in the company, such as senior managers, HR, and department managers, can get the right information in the right format. Ideally the solution would include a reporting engine or Smart Engine making it possible for collaborators to get a true picture of employee behavior. Here I’ll discuss the features of a Smart Engine and its importance in deriving human behavior from Web-use data.

First of all, what is a Smart Engine? A Smart Engine is a powerful reporting engine that helps companies make informed, data-driven decisions and take action on issues concerning the proper use of their network resources. It provides direct, easy, and fast access to data, and low-latency, real-time analytics. With its elaborate, distributed system, it is highly scalable and able to handle petabytes of data. A Smart Engine is built for speed and provides a scalable solution that is optimized for analytics retrieval.

Smart Engine analytics provide the information for reporting–charts and reports–to present accurate and up-to-date Web activity. The Smart Engine utilizes algorithms that perform functions such as determining real Web browsing activity, user names, and time online from Web traffic, and categorizing URLs into logical groups based on content. Without the Smart Engine and its analytics, the reporting components could not provide the adequate information that a company needs to manage employee Web use. The Smart Engine makes technical data usable and manager-ready. Examples of its algorithms are discussed below.

The most important algorithm is one that distinguishes between real Web browsing activity from user clicks (or visits) and background Web activity (unsolicited traffic or hits) by identifying the content of each URL. True visits are actual user clicks that do not include multimedia URLs, such as images, audio Web pages, advertisements, or Web pages that were requested as part of a visit, that is, unsolicited. The differentiation between Web traffic visits and hits is of high importance for companies that want to manage the human factor. Companies can get a true, meaningful picture of the level and type of Web activity occurring in their network.

When Web filtering and reporting products do not include user names in Web traffic records, user Web activity is lost and unaccounted for. The company may not even know that this is occurring. Another algorithm performed by the Smart Engine is a user name caching algorithm that uses the cache user name if available, versus the IP address, allowing you to capture all activity of the user and get more detailed data in reporting.

When users are online, they could be reading a Web page, performing another task in a different application with the browser open, or possibly away from the computer entirely with the browser open. A time online algorithm uses a highly accurate priority method for calculating users’ time online. Managers and IT administrators can quickly see which users, categories, sites, and so on had the most volume of activity and address any potential issues, such as productivity loss, bandwidth slowdowns, and policy noncompliance.

Another algorithm that produces Smart Engine analytics is a categorization algorithm. This algorithm is designed to report on all Web activity. With the extensive content categories available in the Web filtering and monitoring tool, this algorithm categorizes the organization’s Web activity so that managers can analyze their employees’ Web usage. Proper URL categorization detects and identifies a broad range and a high percentage of total Web activity.

The Smart Engine feeds data to the reporting components of a Web monitoring and filtering tool and provides analytics for determining human behavior. You will not get this type of data directly from any firewall on the market today. The raw data itself is only information about machine/network requests. It is not about human activity, but about the machine’s response to a human request to get or push information. The Smart Engine enables companies to quickly create simple Web browsing reports and analyze current or historical Web-use data from human behavior. This human behavior data is what is truly needed to effectively manage employee Web use to keep your employees and network safe.

Read more of my articles on Web-use management on LinkedIn and the Wavecrest blog: WaveNews.

Show cyber threats who is boss in 2018.

Wednesday, January 24th, 2018

Last year went by so fast. In between everyone’s normal busy schedule, most of us had to deal with natural disasters of some kind. For us at Wavecrest, it was Hurricane Irma as well as an above average rainy season. For others, it was Harvey and Maria, as well as fires, flooding,  earthquakes, remnants of storms causing wind damage–the list last year seems to be endless.

2017 also brought on some notable cyber events with the Equifax breach as one of the top incidents. 2017 was definitely a year for the books. You may have also noticed a shift in the business digital threat protection messaging. We at Wavecrest noticed . . . because it shifted to what we have always focused on. People.

People are a big part of the cyber threats that take place in businesses. No matter how automated things are, there is always the aspect of human interaction–human vulnerability. Humans inherently have vulnerabilities. It’s not a fault of one individual over another; it’s not about how good your employees are. There is a point where a business owner, manager, or decision-maker has to come to terms with managing Web use for the sake of the business over “my employees wouldn’t do that” or “I trust everyone working for me.” It may be true that you have the most trustworthy employees, but mistakes happen . . . even to the best of us. Cyber criminals focus on the easiest route first to gain access to your systems. Many times this is the employee, or human, vulnerability.

So . . . the new year is here. What can be done to improve managing employee Web use? The key is to make sure you pay attention to the human endpoint because it is not always about a failure in the actual technology. The firewall is great but if you have a weakness with an authorized user, the hacker will get past the firewall. Defend the human endpoint.

Consider these as a starting point and build on each or all!

  • MONITOR YOUR EMPLOYEES’ WEB USE! Sorry. It had to be said. If you do not know what is happening, you will not be able to know why, when, or where it happened. And you will not be able to make an informed decision on how to stop it from happening again. Remember that many times the human error that allowed for a breach may have been habitual or reactive so the employee’s memory of how it happened may not be very clear. Make sure to have visibility into the actual Web activity.
  • Analytics. Really another part of monitoring but noted separately due its importance and the flexibility of what you should be able to view and analyze. Find a Web activity solution that allows you to see relevant, drill-down data when you need it. Trends, customizable charts, by user or group, and real-time information on activity and bandwidth use are all things you should be able to analyze easily. All will allow you to expose abnormalities in user activity, identify potential insider threat behavior, flag possible legal liability issues, assess trends for data breach exposure, and observe patterns for lost productivity.
    • Hits versus Visits. This one deserves a sub-bullet. Make sure the Web-use management solution you choose has clearly defined Hits vs. Visits. Hits consist of unsolicited traffic, such as ads, and are not a reliable tracking metric on its own. Visits give you uncluttered, relevant Web activity detail based on user clicks and are a critical component to understanding human behavior. The last thing you want to do is try and sift through a bunch of data that is not even really relevant to the employee’s actual Web activity.

  • Filter. Yup . . . another suggestion that has the “but my employees are awesome” stigma to it. BUT let me just remind you that this is something that will provide another layer of security from phishing, malicious Web links, and data loss. I got your synapses firing now, don’t I! Filtering allows you to block or restrict URL link clicks that an employee may not be aware are malicious. Hackers have become increasingly precise in how things look. Very convincing e-mails and Web links are not rare anymore; they are commonplace. It is not really all about making sure your employee isn’t streaming YouTube all day. Although that should be managed as well, it should all be under your control. Allow it, don’t allow it, throttle it, or open it all up. The solution you choose should allow you to do it all, in your own customizable way.

The point is that the human endpoint is still a leading way threats get into your network. It may be through phishing, a malicious ad, or use of a unsanctioned cloud application, or it may even be a human error such as the delay of updating software. Whatever the issue, you have to be as proactive as possible to protect your network. Educate your employees continuously, have a comprehensive Web activity solution in place, make sure your Acceptable Use Policy is current, make sure patch management is an active process, and hug your IT people regularly because they are usually some of the busiest and stressed people in your organization.

Here is to showing the cyber criminals who is boss in 2018! Happy New Year!

About Wavecrest

Wavecrest has over 20 years of proven history of providing reliable, accurate Web-use management and Advanced Log File Analyzer products across various industries. Managed Service Providers, IT specialists, HR professionals, Forensics Investigators, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage the human factor in business Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Trusted by large government and commercial organizations such as US-CERT Homeland Security, U.S. Department of Justice, USPS Office of Inspector General, National Grid, Johns Hopkins, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit

CyBlock® and ConnectWise® – Integration for MSPs

Monday, August 1st, 2016


Wavecrest Computing is excited to announce a new feature for its Managed Service Provider (MSP) offerings, CyBlock Cloud’s integration with ConnectWise!

The CyBlock integration is built to provide comprehensive Web-use security and analytics along with the time-saving management of the leading ConnectWise Professional Services Automation (PSA) platform. With only one click between ConnectWise and the CyBlock Cloud MSP Partner Portal, MSPs can now automatically populate new client information in the ConnectWise interface, track and manage CyBlock Cloud licenses, proactively pursue timely renewals, and more. This integration is focused on saving time and improving efficiencies, allowing for increased new and recurring revenue, customer satisfaction, and crucial time to focus on mission-critical issues.

CyBlock Cloud for MSPs is a leading Web-use security, analytics, and reporting solution that will fit any MSP client business size or industry type and requires no hardware or software to buy and install, and no maintenance. Monitor, filter, and analyze data to help protect customers from Web-borne threats, such as malware, ransomware, and phishing attacks, while providing useful, time-saving tools, for example, automatically distributed, manager-ready reports, alerts when thresholds are reached, and trusted coverage over any distributed workforce.

“Wavecrest has a great managed service partner program that allows MSPs easy access to manage their CyBlock clients’ needs from anywhere, at any time. Now, we are excited to work with ConnectWise to increase the convenience to MSPs even more. MSPs can now manage their CyBlock Cloud clients directly in the ConnectWise user interface, saving time and expense that they can then use to increase revenue and focus on mission-critical issues,” explains Dennis McCabe, co-founder and President of Wavecrest Computing. “We know that time is money. Developing ways to help MSPs find more time and increase revenue while offering a product and service that surpasses expectations makes us proud of what we do, and motivated to do much more.”

About Wavecrest Computing

Celebrating 20 years in business, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Provider (MSP), IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit

Potential Victims to Very Smart Thieves

Tuesday, May 24th, 2016

cat paw stealing cookie

Employees need to know what their employers’ philosophy is behind technology. Does my employer want me to use whatever app I choose? Can I just store and share work information where it is most convenient for me? Will my employer listen when I explain how much my cloud app does to improve my workflow? If you as the employer listen, you could save your business from an incident or a serious breach.

It is amazing that the news is filled with data breach, data loss, ransomware, and spear phishing, and yet many businesses still think they are immune from an attack. If you are connected to the Internet, you are a highly susceptible victim. Do not take this to mean that you should not run your business with the highly efficient and collaborative tools that cloud services offer. It just means think and act to protect your enterprise assets and employees.

Let’s first cover where a major number of incidents start. Your enterprise weakness . . . the employee. It doesn’t matter if you have the best employees in the universe, they are human. Hackers perfect the way they attack; that is their job. They have become so good at what they do that good employees send out W-2s, transfer millions to banks in foreign countries, and hand out their logon credentials without question.

Now let’s talk about what you can do to help your employees to not become victims.

  • Educate them; make them a part of the process. Communicate. It is everyone’s fight.
  • Go ahead and make your most techy employee an honorary go-to person for others with questions.
  • Gain visibility with proactive monitoring tools. Trust me–this is not an employee privacy invasion. You need to know what is going on first; then make informed decisions.
  • Make sure there is a process in place for an employee who questions something. Make the process part of your Acceptable Use Policy (AUP).

And then the important basics we all know, but are worth repeating . . .

  • Back up regularly and make sure your recovery process is tried and true. Think ransomware attack recovery, so keep it where you can get to it but others can’t.
  • Patch – There is no longer an option to do updates. Many are for security, so just do it and do it consistently. It’s patch management, not patch whenever.
  • Passwords – Maintain, manage, and get creative. Use a password manager if needed.
  • Off-boarding – Make sure to purge all credentials for ex-employees or contractors. How do you know if they are still there? Monitor!!
  • Layered security – Get a firewall, but don’t expect all-in-one add-ons to be impressive. For example, don’t expect the firewall Web-use reporting feature to provide comprehensive and interactive reporting capability. Invest in the solution that means serious employee Web-use reporting business–no more wishy-washy reports that are useless.

Think and act to protect your enterprise assets and employees. Take some time to communicate with your employees about the exploits that they may fall prey to. It is not their fault; they are not an “insider threat” but a potential victim to very smart thieves.

About Wavecrest Computing

Celebrating 20 years in business, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit

20 Years Young and Excited About the Next 20!

Tuesday, February 16th, 2016


We are proud to announce that Wavecrest Computing has reached a pretty big milestone…its 20th anniversary! It has been a path we have happily taken with innovative products and a dedicated staff, many of which have been with us since the beginning. We would also like to thank you…our customers, partners, and followers for sharing this journey and challenging us to be constantly reaching for the stars…or the cloud, as the case may be! Here is to an exciting next 20 years where we will remain “at your side” securing your growing, distributed, and agile workforce.

Since 1996, Wavecrest Computing has been a global leader in employee Web-access security and Web-use monitoring and analytics solutions, with scalable filtering and reporting analysis, forensic data tools, and products designed to enable organizations with today’s distributed workforce to successfully address cyber threats. Wavecrest’s CyBlock and Cyfin solutions are built with today’s unique business in mind, offering comprehensive cloud services management and visibility into Shadow IT and insider threats, as well addressing legal liability, workforce productivity, and Web security threats such as malware and phishing attempts. We offer multiple deployments that include Cloud Access Security Broker (CASB), Cloud, Hybrid, Software, and Hardware deployments that fit any business type or size. Wavecrest Computing is headquartered in Melbourne, Florida and is a longstanding GSA contract holder.

For more information on the company, products, and partners, visit or follow us on LinkedIn, Facebook, and Twitter.

MSP: Manage Client Bandwidth and Cloud Services

Tuesday, January 19th, 2016

Are unsanctioned cloud services using up all of your clients’ bandwidth? As a managed service provider (MSP) today, knowing your client’s cloud services usage is crucial. Cloud services can range from acceptable collaboration tools to unsanctioned personal usage apps that waste critical bandwidth. Most businesses run cloud services to be able to communicate & collaborate more efficiently. Employees, though, tend to find apps that suit their needs best, even when unsanctioned. Help your clients by finding & managing their bandwidth and cloud services with Wavecrest’s CyBlock.

World Cup 2014 is kicking off. Is your network ready?

Thursday, June 12th, 2014

fifa-world-cup-2014-brazil-logoThe 2014 FIFA World Cup games begin today and will run until July 13. Since the broadcast of the last World Cup in 2010, the number of Americans who have watched, attended, or listened to a major soccer match has increased by 32%. If most of your employees start streaming the games or highlights simultaneously, can your Internet bandwidth sustain the demand? 42% of IT professionals state that popular events impact their network. How many simultaneous users watching game highlights does it take to saturate your bandwidth? Just 2 streaming users result in a 1 megabit-per-second download, while 17 users equal a huge 10 megabits per second. The Internet bandwidth is quickly overwhelmed. Given the time difference with Brazil, most of the 64 matches will be played during U.S. office hours, and streaming video could deal a major blow to corporate network and application performance. When the first match of the day kicks off, smartphones, tablets, and laptops will be streaming footage live from offices around the U.S.

In addition to the major spike in bandwidth usage, World Cup 2014 malware sites are out there! According to a recent survey from Osterman research, some kind of malware has infiltrated 74% of organizations via the Web increasing security risks. Another major revenue loss for companies is lost productivity. The World Cup 2014 is 27 days, 66 matches, and a total of 99 hours average wages lost per hour each day.

Wavecrest’s Cyfin and CyBlock products and services help all types of organizations manage and control employee Web activity.Cyfin and CyBlock products do this by monitoring, filtering, and bandwidth throttling employees’ Web use, and reporting on the activity by content categories, e.g., sports, social networking, games, and others. Of particular note, with regard to the World Cup, CyBlock products can be set up to block Web access by categories and by half hour so employees can access sports sites on their lunch break or after hours. This approach can help sustain morale while minimizing lost productivity and bandwidth associated with the World Cup.

Set Your Block Policies For Newly Released Categories

Thursday, April 22nd, 2010

The new categories released and updated in your product on April 3 are set to “Allow” by default (for all CyBlock products).  This means that you will need to review these new categories and set your policy to “Block” those categories for which you want to restrict access.  Set your block policies at the Advanced Settings – Filter Settings – Block Web Categories screen.

For reporting and monitoring purposes, you may also want to change the new category’s classification statuses at the Advanced Settings – Category Setup – Classification screen to match your organization’s Acceptable Use Policy.

See the Category Update Data Sheet for a full list of categories and their descriptions.