Tag Archives: real-time monitor

CyBlock/Cyfin Release 9.2.0 Now Available

In Release 9.2.0, we are thrilled to announce the availability of reporting for your CyBlock Hybrid deployment. With this feature, you can monitor live Web traffic, run reports, and view Dashboard charts on your cloud users. Another CyBlock feature in this release is the ability to use Safe Search with YouTube to block adult content.

For Cyfin customers, log file detection is available to assist you in quickly creating a log file configuration. Cyfin will analyze your log files to determine the log file format for you. The enhancements are described below.

  • CyBlock Hybrid Reporting. The following features have been added:
    • When your local CyBlock installation is paired with your CyBlock Cloud account, the following occurs:
      • Cloud log files are imported nightly into the Report Database similar to your local logs.
      • Cloud log files are compressed when transferred.
      • A data configuration field is displayed on the following pages to allow you to view your cloud configuration, local CyBlock configuration, or all configurations if applicable.
        • Data Management – Log Data Source – Viewer
        • Data Management – Log Data Source – Revalidate
        • Data Management – Report Database – Import – Manual
        • Data Management – Report Database – Viewer
        • Data Management – Report Database – Delete – Manual
        • Real-Time Monitors – Web
        • Reports – Manager (all reports)
        • Reports – Dashboard (excluding Top Classifications, Top Coached, and Trend Classifications)
      • The cloud configuration is displayed as the pairing cloud server to which your local installation is connected, for example, cloud.cyblock.com.
    • Real-Time Web Monitor. The Real-Time Web Monitor displays the Web traffic of your cloud users. Messages are displayed if sync communication is temporarily stopped, your CyBlock installation and cloud account are unpaired, or the pairing cloud server is down for some reason.
    • Reports. Reports can be run to analyze the Web usage of your cloud users. Cloud reports are current as of the previous day. To get a report with the current day’s cloud data, you would need to perform a manual sync on the Settings – Hybrid screen, and then run the report. You can verify that cloud logs have been transferred by going to the Data Management – Log Data Source – Viewer screen.
    • Dashboard Charts. Dashboard charts show cloud Web activity for the top users, groups, categories, and sites, and provide trending for users, groups, categories, and denied and allowed traffic.
  • CyBlock Safe Search for YouTube. The ability to enable Safe Search for YouTube has been added. When Safe Search and SSL Inspection are enabled, adult content is blocked on YouTube regardless of its Restricted Mode setting.
  • Cyfin Log File Detection. The following features have been added:
    • On the Log Data Source Setup page, you have the option to manually select your log file type or have the system analyze your log files to detect the type.
    • If you choose “Analyze,” you can browse to locate a log file, and the analysis will display the closest matching log file types.
    • You can then select the log file type that is the closest match and continue the configuration process.
    • If no matching log file types are found, a link is displayed so that you can upload a sample log file to Technical Support for analysis.

There are also corrections in this release for CyBlock as well as Cyfin. To see the full release notes for your product, visit our Web site or knowledge base.

If you are at version 9.0.5 or later, you can upgrade to the latest release by going to the Help – Check for Updates screen in your product.

If you are at version 6.8.3.a or earlier, you can download the latest release by going to CyBlock Software Downloads or Cyfin Downloads. To upgrade CyBlock Appliance, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

For additional assistance, please feel free to contact us.

New Releases CyBlock and Cyfin Internet Monitoring Software

Leave a reply

We recently released newer versions of our CyBlock Proxy, Cyfin Reporter, CyBlock ISA and Cyfin Proxy software.  CyBlock Version 6.5.0 and Cyfin Version 8.5.0 are now available and include the following new features:

  • Dashboard Traffic Chart. A new trend chart to track allowed and denied hits traffic has been added to the Dashboard. This chart is available by going to the Dashboard and selecting Trend – Traffic.
  • Dashboard Metrics: Denied Visits and Denied Hits. Two new metric options have been added to the Dashboard Top and Trend charts. They are Denied Visits and Denied Hits. Denied Visits are failed attempts to access a Web site. For the most part this occurs because the user is not authorized to access the site, i.e., his access has been “blocked.” However, a “denied” indication can also be caused by technical anomalies, e.g., “page not found by server”, etc. Denied Hits are any type of viewable or usable data transmission that is triggered by a visit to a Web site and is denied or blocked. Denied hits can be in the form of a denied or blocked file, message, object, graphic, link, banner, ad, or push item.
  • New Option for Scheduled Deletion of Import Data. An option to delete data “older than 4 months” has been added to the Data Manager – Import Data – Delete – Schedule screen.
  • Pause/Restart Button on the Real-Time Web Monitor (CyBlock Proxy and Cyfin Proxy Only). A Pause/Restart button was added to the top of the real-time Web monitor screen. Clicking Pause will stop new results from being displayed. A new IP address column has also been added to the Web monitor. Now the Web monitor displays the ID, IP, Date/Time, Category Name and Web Page. Note: When Authentication is disabled, the ID column will not be displayed.

To see the full release notes for your product, visit the Support Forum. You can download the latest release by going to the Administration – Product Update screen in your CyBlock or Cyfin product.

Detecting and Controlling Unauthorized Outbound Connections

Leave a reply

Do you have a good handle on all outbound connections from your network, and how do you know?  Many times legitimate programs and applications downloaded are creating outbound connections without your knowledge or approval.  This can cause a serious drain on an organization’s network resources.  This exact scenario recently happened to a Wavecrest customer, and with the help of Wavecrest’s reports and technical support specialists, they were able to locate a program that was making 1,400+ outbound connections a day without their knowledge.

Many times, a program like this can be running in the background without the organization’s knowledge and is not necessarily identifiable in the process table.  It can only be caught if an organization is monitoring outbound Web connections through reports such as the ones in Wavecrest’s Cyfin and CyBlock products.

In this particular scenario, the customer became knowledgeable of these unauthorized outbound connections because there were a couple of users being locked out of their computers.  To troubleshoot the issue, they along with Wavecrest technical support used the Authentication Manager in their CyBlock Proxy product to investigate.  They found that the users’ computers were creating some outbound traffic that was not authenticating with the proper credentials, thus eventually locking the users out due to an authentication security setting the organization had on their Active Directory configuration.  By using the Authentication Manager, Real-time Web Monitor and other reports, our technical support specialists were able to identify the file that was making these unauthorized outbound connections and remove it from the computers.

This scenario proves that it is important to be aware of what is going on in your network, and Wavecrest’s products can help IT administrators do that. There are several steps you can take to prevent and identify these types of problems in your network.

  1. Use reporting tools to spot unusual activity.
    1. Look for unusual patterns of Web activity.
      1. Review Dashboard trends to spot any unexpected spikes in activity.
      2. Review Dashboard top sites and top categories charts to find any unexpected sites or categories showing up in the top ten all of the sudden.
      3. Run a Site Analysis report at least once a week and be alert to changes in the volume and pattern of outbound Web activity. For example, if a single user is suddenly logging thousands of visits a day, chances are there’s an issue. That’s because “human” activity is usually more random.
    2. Watch the following categories: IP Address, Spyware/Malicious, Unsolicited or Push, Phishing/Fraud and Uncategorized “Other” Sites. High activity in these categories should raise a red flag for administrators. High traffic volume here warrants further investigation.
    3. Identify the source of the problem. Dig deeper by running a Category Audit Detail report to uncover both the site and the affected user. If your Category Audit Detail report shows an unusual number of hits to a specific Web site, that site is most likely the source of the issue.  You can also monitor the traffic in real time using the Real-Time Monitor to uncover the site causing the problem.
  2. Update your Web-use management tools.
    1. Update your Acceptable Use Policy. Employees need to understand the risks of Web surfing. Minimize risks of Internet abuse by implementing a policy to curtail at-work surfing and communicate it clearly to employees.
    2. Update your Wavecrest list. The Wavecrest control list is updated daily. We recommend downloading your Wavecrest control list daily to minimize the number of visits categorized as “Other” and ensure the best coverage possible. You can set Cyfin and CyBlock to do this automatically on the Administration – URL List – Schedule screen. (Note: If you spot a problem Web site that is uncategorized, email it to us at sites@wavecrest.net. Our site analysts will review the site and categorize it appropriately.)
  3. Contact Wavecrest Technical Support. Our support specialist are always eager to help you troubleshoot any issues you are having by helping you get the best out of the features and tools our products offer.

For more information on how Wavecrest’s products can help keep your network safe, we recommend you read our previous blog post on “Controlling Spyware” and “The Purpose of the IP Address Category.”

Note: The program in question that is addressed in this post is the Akamai NetSession Interface. It was hitting cn1.redswoosh.akadns.net and cn2.redswoosh.akadns.net 1400+ times a day. The program was located at C:\Program Files\Common Files\Akamai\AdminTool.exe. To remove the program with Wavecrest’s help, the customer:

  1. Opened the Command Prompt
  2. Went to the folder location by typing”Program Files\Common Files\Akamai”
  3. Then typed “admin uninstall-force” to remove it.

Remember: Our technical support specialists are here to help. If you ever need help with your product configuration or see something unusual in a report or on the real-time monitor that you are unsure about, please feel free to contact Wavecrest technical support, and they will be happy to help you.

Technical Support Contact Information
Direct: 321-953-5351, ext. 4
Toll-Free: 877-442-9346 ext. 4
Email: support@wavecrest.net