Tag Archives: Security Threats

Is your business’ human operating system secure?

Everyone is worried about operating systems, whether it is network operations, business operations, or a desktop operating system. The functionality of these intricate parts of your business are critical. But have you thought about your employees and how they operate? Today, your human operating system needs to be more than just making sure your employees are doing their job. Human vulnerabilities are a primary target for cyber criminals. Your human operating system, or the human factor, needs to be manageable and efficient, with tools in place that proactively support an open, yet secure, digital work environment.

Insider threats can be found at the top of headlines almost every day. Listen carefully to what each event tells you. It can happen to you, no matter how big or how small your business is. You don’t have to be a government organization to be susceptible to an insider threat. Insider threats can be a malicious employee who may be upset at the company, a good employee who just makes a mistake, or a targeted employee who unknowingly allows a malicious user into the network or access to proprietary data. Whatever the cause, there has to be tools in place to combat these human factor Web-use risks.

The human factor in business Web use is complicated in many ways. Hackers target natural human vulnerabilities and mistakes happen, employees can be sensitive to being singled out or afraid to admit the mistake, and fully blocking all access in today’s digital work world will likely just limit productivity and upset employees. The key? Visibility into the human factor. See how and when your employees use their Internet access. With that visibility into Web-use detail, you can then manage the usage to fit your unique business needs and gain a comprehensive, proactive way to secure and protect your business.

Securing and managing your enterprise’s human operating system in a proactive and efficient manner will help reduce cyber risks, such as phishing, malware intrusions, ransomware, data loss, employee misuse, legal liabilities, bandwidth hogs, shadow IT, and more. Find a solution that fits your business and your budget. Make sure it is flexible, easy to use, and easy to manage, allowing you to secure and shape employee Web-use–on your terms.

About Wavecrest

Wavecrest has over 20 years of proven history of providing reliable, accurate Web-use management and Advanced Log File Analyzer products across various industries. Managed Service Providers, IT specialists, HR professionals, Forensics Investigators, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage the human factor in business Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Trusted by large government and commercial organizations such as US-CERT Homeland Security, U.S. Department of Justice, USPS Office of Inspector General, National Grid, Johns Hopkins, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit https://www.wavecrest.net.

Employees are like Hacker Candy

Employees are still the central part of all our businesses. Even with all the technology, we still have people to run the operations. The human component of our business is the goal for most hackers. It is easier to find the human weakness than it is to find a network flaw. This human point of infiltration still needs attention, even when you feel your business is secure.

Hackers are smart and agile. It’s a full-time job for them. They don’t get called into meetings, get distracted by co-workers, or have to worry about receiving their W-2 in time for their tax advisors. Their focus is to get into your network using those distractions against your employees. Your employees are busy and focused on what they have to get done, many juggling multiple responsibilities. Hackers like these employees; it’s like candy to them.

Is there any one solution that will remove all risks? No. But there are ways you can help your employees protect themselves and your network. Ransomware, insider threats, phishing–there are so many threats that can halt operations that are critical to your business success. Be aware, prepare.

A combination of defenses helps you reduce the risks we all face in business today. Don’t assume one will solve everything. Develop multiple layers of proactive security. This can include anything from making sure your Acceptable Use Policy (AUP) is current or having consistent employee training, to firewall and virus protection, to Web-use comprehensive monitoring and filtering solutions.

It is also important to have a recorded and tested recovery plan in place. Make the assumption that a breach will happen. This way you are prepared. Most importantly, maintain current backups. Make sure that the backups are not accessible through your network!

The “one” solution to protect your business just doesn’t exist. Maintain a combination of defenses and solutions to cover as many risks as possible. Being proactive will pay off in the long run.

Trusted for over 20 years, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit https://www.wavecrest.net.

Don’t let size fool you.

smallpower

 

Don’t be fooled by the name–CyBlock Mini Appliance is powerful, comprehensive, and worth every inch of its compactness.

Maintaining visibility throughout your workforce is key to running a secure business today. Don’t settle on just any solution that really doesn’t meet your needs. If you need coverage for a remote office, have limited space either in your server room or in your office, or are struggling with how to keep your business secure with a limited IT budget, Wavecrest has more choices than ever. No matter what business size or industry type, CyBlock Mini Appliance is likely to be just what you have been looking for.

The powerful Mini Appliance provides the comprehensive Web-use security capabilities of CyBlock, including HTTP and HTTPS URL filtering, comprehensive detailed reporting, secure guest Wi-Fi services with captive portal, advanced threat protection, bandwidth management, cloud services management, as well as coverage for non-HTTP activity, e.g., P2P, torrents, IM, and e-mail. Get all of this in one compact and economical package. The general size of a Wi-Fi hub, the Mini allows you to put it in the corner, on your desk, or in that tiny space you have left in your packed server room!

As a cost-effective choice for any business type or size, the robust, yet compact Mini Appliance provides the leading-edge, comprehensive Web-use security capabilities of CyBlock. Designed to fit every business environment, the Mini Appliance can be paired with CyBlock Appliance or deployed on its own, depending on the required Web-use security solution needs.

For more information on CyBlock Mini Appliance or any of our other products, please contact us today!

About Wavecrest Computing

Celebrating 20 years in business, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit https://www.wavecrest.net.

Things That Lie In Wait

crocodile-small

There are many shows on cable today that portray instant recognition of a breach. To repeat what all others in the actual cyber industry say . . . not realistic.

Think of the scenario where an employee opens a file or accesses a malicious Web site. Step one is done. Nothing happens; the employee shrugs his or her shoulders and moves on. Nothing happened, so we are all good, right? Wrong. In reality, malware can happen behind the scenes with no visual effect at all at the time of being infected. The malware is just lying in wait. It either waits for an external signal–a preprogrammed time or until a specific action on the host computer is done. A hacker then would have access to look around, doing nothing noticeable, just checking things out . . . until the time that he finds what he wants.

Six months pass. All of a sudden, systems are breached, potentially causing loss of controls, data, or financial information. And no one knows where or how it happened until a thorough investigation finally points back to the past point in time.

It sounds unavoidable, right? No, it’s not unavoidable but the chances increase all the time that it will happen to your business. But if you take steps to protect and prepare as much as possible, the damage can be potentially avoided or at least somewhat overcome.

How? Here are 5 steps to try to avoid or quickly recover from a breach:

  1. BACK UP!!! Enough said. Think cloud, separate, secure, and frequent. Ransomware, a type of malware, takes over your files and holds them hostage. With a secure and separate backup, your business can go on operating.
  2. Train. Train your employees for anything that could happen. Teach them about current cyber threats; keep them informed. They can be considered an additional “firewall.”
  3. Use patch management. The days of worrying about how frustrating the changes will be from new updates are over. Patch consistently . . . because many of the patches today are security related and crucial to staying protected.
  4. Apply multiple layers of security. Your firewall will not protect you from a threat that originates internally. And yes, many happen using some form of an internal breach such as phishing and e-mails with malware links, or by way of privileged credentials whether internally or from a breach at a third-party contractor. Get a comprehensive employee Web-use security solution that will block access to malicious sites and links.
  5. Monitor. Watch it all. You will see trends, user behavior, and anomalies. Monitor network activity and the activity that accesses the Internet. Guest Wi-Fi networks, BYOD, and employee Web use should be included. Make sure you have visibility into what is going on with a solution that not only provides real-time monitoring, but also forensic-level detail reporting easily accessible by both IT and managers.

Overall, taking steps to ensure your business is protected is crucial, but know that you can still keep critical business operations functioning following any type of breach. Providing proactive solutions to protect, secure, and manage your business’s Web use in a cost-effective, agile, and customer-centric way is what we do. Let us help.

About Wavecrest Computing

Celebrating 20 years in business, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit https://www.wavecrest.net.

New User Interface Now Available in CyBlock/Cyfin Release 9.0.4

We are excited to announce the availability of a major release with a redesigned user interface and enhanced functionality in our products – CyBlock Software, CyBlock Appliance, and Cyfin. Some of the highlights of the enhancements are listed below within the new menu structure.

  • Rebranding
    • CyBlock Proxy has been renamed to CyBlock Software, and Cyfin Reporter to Cyfin.
    • Product version numbers have been consolidated, and all products now have the same version number.
  • Logon
    • A more secure logon is available. After logging on with the default password, you will be required to change your password on the Change Your Password screen. If you forget your password, a “Forgot password” link is available to reset your password to the default.
  • Menu Structure
    • Web Management (CyBlock). In this menu, you will find the Filtering features, such as Control Web Categories, Web Content, and Web Search, and Web Blocking Message. Bandwidth Management and the Client Download and Install screen for CyBlock Appliance are also in this menu.
      • You can now customize your blocking message using a Message Editor embedded in the interface. Previously, your HTML file would have to be modified outside the product. A Restore Default button allows you to revert to the Wavecrest default blocking message.
    • Data Management. This menu covers the screens for setting up, viewing, and revalidating log file data. The screens for enabling and configuring settings for the Report Database are in this menu as well as the screens for importing, viewing, and deleting the data.
    • User Management. This menu covers all aspects of managing users including adding groups and IDs, setting up and importing users from Active Directory, importing users from a text file, adding administrator and operator logon accounts, and authentication.
      • The Change Your Password screen lets you change your password at any time and requires your password to meet certain criteria.
    • Categorization. This menu contains all screens associated with the Wavecrest URL List including changing the location, downloading the list, checking the categories of URLs, adding custom categories, and selecting categories to display on reports.
    • Real-Time Monitors (CyBlock). In this menu, you will find the protocol (CyBlock Appliance), Web, and bandwidth monitors.
      • The Real-Time Web Monitor includes new options to display authentication challenge (407) requests and wrapped URLs. The settings and controls are now also available in a toolbar and can be changed while the monitor is gathering data in real time.
    • Reports (CyBlock Software and Cyfin). This menu covers running Dashboard Top and Trend charts, creating different types of reports, and viewing sample reports. The ability to customize or schedule a report has been consolidated with creating a report giving you a streamlined way to manage reports.
      • The Dashboard Top Coached Report is now available in CyBlock Appliance.
    • System Status. This menu covers system information that is intended for administrators’ use, such as server status and information, filter status (CyBlock), job queue, and policy reports.
      • New screens allow you to see array communication messages, dates and times of the URL List and product updates, product event errors and messages, and profiling information. The event and profiling logs are used by Technical Support for troubleshooting purposes.
    • Settings. In this menu, you will find those features that usually require a one-time setup, such as license information, product admin e-mail address, PAC file, SSL certificates, SSL inspection, array setup, memory settings, and report options.
      • (CyBlock Appliance) The Web Redirects screen allows you to redirect HTTP traffic from port 80 to port 8080 and also exclude IP addresses from being redirected.
    • Help.  Along with product documentation, Support screens, and contact information, the Help menu now contains the Category Descriptions and Check for Product Updates screens.

To see the full release notes for your product, visit our Support Web site. You can download the latest release by going to the Administration – Product Update screen in your Cyfin or CyBlock product.

For additional assistance, please contact us.

Analyze Your Encrypted Traffic With CyBlock SSL Inspection

In huge numbers, more and more organizations, particularly e-businesses, are using Web-enabled applications that involve the use of personal, private, and sensitive data. Banking, online shopping, and credit card transactions are good examples, but by no means the only ones. SSL encryption is being increasingly used to protect the confidentiality of this business and personal data on the Web. Surveys show 25%-35% of enterprise traffic is SSL-encrypted, and the number can be as high as 70% in specific industries. SSL encryption is the most cost-effective way of protecting the privacy of this traffic.

While SSL encryption solves many privacy-protection problems, it can allow traffic that poses security threats–both inbound and outbound–to pass through security protection measures uninspected and unchecked.

Inbound Problem.  SSL encryption creates security blind spots in incoming traffic. The traditional security infrastructure that protects an organization is blind to the threats in inbound SSL traffic and provides an easy vehicle for criminals and hackers to hide their cyber attacks.

Outbound Problem.  In addition to the risks of incoming threats hiding over SSL channels bypassing security protections, outbound enterprise traffic is now a growing problem. This is becoming quite a “hot button” for security applications (e.g., content filtering applications) that tackle data loss prevention (DLP), compliance reporting, and lawful intercept. In the past these solutions could see what was outgoing, but now they are suddenly “in the dark” when it comes to the data transferred over SSL.

From a security standpoint, most organizations already deploy an array of network and security appliances and programs to protect their enterprise, enforce internal corporate acceptable use policies, and satisfy external government regulation. Unfortunately, in many instances, they can only inspect plaintext traffic and are unable to inspect HTTPS communications for attack signatures. This makes it difficult or impossible for network administrators to enforce corporate acceptable use policies or ensure threats, such as viruses, spam, and malware, are stopped before they reach individual users.

In addition, without the ability to examine the contents of HTTPS communications, network administrators leave open the possibility for information to be accidentally leaked out of the enterprise or worse, stolen. Regulatory compliance requirements, including identifying accidental or intentional leakage of confidential information, are also virtually impossible to meet because of HTTPS encryption.

CyBlock SSL Inspection gives network administrators the ability to monitor this SSL-encrypted traffic and to identify and respond to any undesirable content. The total HTTPS inspection process decrypts, analyzes, categorizes, and then re-encrypts the traffic. If necessary, specific standard and/or custom URL categories can be exempted from the inspection process; this is known as “tunneling.” In addition, full URL information in a number of Wavecrest audit reports is available to network administrators.

To learn more about how CyBlock SSL Inspection can protect your sensitive data, please see our SSL Inspection Tech Brief or contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

Source:  Examining SSL-Encrypted Communications – Netronome

Monitoring Internet Usage … From the IT Department

During July, August, and September of 2011, Commtouch assessed categories of Web sites most likely to be home to malware, below are the top ranking offenders.  The Portals category includes those sites offering free hosting which are often abused to publish malware and phishing content or will redirect to sites with this content.

What were the most-visited categories by your employees during 2011?

Are you currently monitoring and/or blocking the existing Spyware/Malicious, Phishing/Fraud, Public Proxy, and Hacking categories to help protect your network?

Source: Commtouch

In today’s wired workplace, internet security and bandwidth consumption are top concerns for IT professionals while employee productivity and legal liability ail management and HR professionals.  As a major contributor to the Web-use management effort, IT typically becomes deeply involved in planning, testing, selecting, installing, and administering Internet monitoring software.  With the different departments playing a role in deciding on the best product to fit their vast needs, most are left without a solution.  Fortunately, Wavecrest’s products have been reviewed by our customers as meeting each role’s needs most effectively, offering manager-ready, easy-to-interpret reports that can be accessed without the IT personnel in addition to providing a robust, truly scalable IT-friendly remedy.

With Wavecrest Computing, customers have the insight needed to proactively monitor / block the notorious malicious sites based on custom categories, the Wavecrest Control List, and a real-time deep packet analysis process.  Plus, our 19 comprehensive templates provide a variety of summarized and detailed Web-use activity reports on users, groups, categories, sites, acceptability ratings, and bandwidth consumption.  Conveniently import your current Web Use Policy to easily customize or classify categories, implement abuse thresholding, and monitor employee productivity while our Administrator and Operator Accounts allow for non-IT personnel to create and obtain their role-specific reports.

While serving a diverse mixture of commercial businesses, industrial firms, government agencies, military units, educational institutions, and non-profit organizations since 1996, our products continue to present the most up-to-date, proactive coverage in line with the one factor that underlies all Web-use management issues, human online activity. Wavecrest’s managers and developers understand human resource management well and we use that knowledge to develop features that prevent productivity losses, legal liability problems, network issues, and unnecessary costs.

Web Use in the Workplace: Risks and Solutions

Approximately 20% of personal Internet use at work poses potential threats to the employer. Web access in the workplace can be a valuable business tool, but it also carries significant risks. Check out our presentation that discusses the risks associated with Web use and why monitoring and filtering helps mitigate those risks.

 

Stop A Pornography Surfing Problem Before It Starts: Why Monitoring Is Important

USA Today reported today that “several top Security and Exchange Commission staffers surfed porn sites as economy teetered.”  While many of us like to think that “everyone” knows it’s inappropriate to surf porn at work using the office computer, time and time again stories like these still pop up.  While whether or not to allow social networking in the office and how to control the use of these sites seems to be the big surfing topic today, apparently we still cannot forget about pornography.  Pornography poses several risks to businesses and government agencies. These include productivity losses, security issues and legal liability.  No matter how strict or lenient your acceptable use policy is, one thing is clear.  Communicating your Web-use policy and regularly monitoring employees’ Web use is important.  You want to stop the problem before it starts or turns into an employee spending “up to eight hours a day looking at and downloading pornography.”

Source: https://content.usatoday.com/communities/ondeadline/post/2010/04/ig-report-several-top-sec-staffers-surfed-porn-sites-as-economy-teetered/1

Are Some Web Domains More Dangerous Than Others?

The simple answer is “yes.”

A recent report published by McAfee showed that specific country domains and some generic domains are more dangerous than others. The most dangerous country domain is Hong Kong (.hk) with 19.2% of sites posing a security threat to visitors. Second to Hong Kong was China (.cn) with just over 11% of sites found to pose a security threat. The most dangerous generic domain is .info with 11.8% of sites posing a security threat, while government sites (.gov) still remain the safest domains.

The report also revealed that security threats from surfing the Web have increased 41.5% over 2007. So then the question becomes, “how can I protect my Internet users from accessing these sites that are prone to harboring spyware, adware, viruses, etc.?”

There are several steps you can take to help protect your network from a Web-use management perspective.

  1. If you have CyBlock, you can block access to those domains that are the most dangerous by using the wild card option in a custom category. Assuming that access to these domains in your workplace is not needed for the majority of Internet users, then simply blocking the domains is a good way to keep users from accessing them on purpose or on accident. Should a user ever have a need to access a legitimate site with that domain, then it can simply be added to an allow list in either a custom category or one of the other 69 predefined Wavecrest categories that you allow.
  2. If you are using Cyfin, while you can’t block sites with a particular domain, you can still track access to them by using a custom category and running a report against that category to see if there is any activity in those domains.
  3. Also be sure to monitor and/or block the existing Spyware/Malicious, Phishing/Fraud, Public Proxy, and Hacking categories to help protect your network.
  4. Finally, the most important step you can take to ensure that your Internet users are surfing safely is to make them aware of Web security threats and the type of sites that are more likely to harbor them.