CyBlock/Cyfin Release 9.2.3 Now Available

Wednesday, May 18th, 2016

In Release 9.2.3, you will find several enhancements in the new version of CyBlock and Cyfin. In CyBlock Appliance, logon accounts can now be created for additional administrators as well as managers, allowing managers to generate their own reports. With the Logon Account feature, new account users will receive an e-mail with logon information. They can then log on with their logon name or e-mail address. This applies to CyBlock Software and Cyfin as well.

In Cyfin, many improvements have been made to log file configurations, such as adding new log file configurations, removing log file configurations that are no longer shipped with the product, improving the performance of log database configurations, and attempting to match all existing configurations when analyzing log files.

Other enhancements include updates to the Dashboard trend charts, Time Online metric, Visit Filter, memory settings, and Wavecrest root certificate. The enhancements are highlighted below.

  • Logon Accounts in CyBlock Appliance. The following features have been added:
    • You now have the ability to add, modify, and delete logon accounts for administrators and managers (operator accounts) for reporting purposes.
    • Go to User Management – Logon Accounts – Add to create a logon account.
      • You may create an account using Active Directory authentication if an Active Directory configuration exists in the product.
      • An e-mail is sent to the account user indicating that the account was created and providing logon information.
      • If the logon account was not created with Active Directory, a temporary password is provided which needs to be changed after the initial logon, before the product can be used.
      • Users can log on with their assigned logon name or e-mail address, or network credentials if you are using Active Directory.
    • Go to User Management – Logon Accounts – Modify to modify previously established logon accounts.
      • If the Generate New Password option is selected, a Password Reset e-mail is sent to the user with a temporary password. The user will also receive a Password Changed e-mail after changing the password.
      • If the e-mail address is changed in the logon account, the user will receive the Account Created e-mail with new logon information.
    • Go to User Management – Logon Accounts – Delete to delete previously established logon accounts.
  • Log File Configurations in Cyfin. The following features have been added:
    • On the Data Management – Log Data Source – Setup screen, in the Type of Log File drop-down box, the following log file configurations have been added:
      • Fortigate 5.0
      • McAfee SaaS CSV (No Time Zone)
      • McAfee SaaS CSV (Time Zone)
      • SonicWALL Syslog
      • Symantec Cloud
      • WatchGuard Syslog*
      • WatchGuard Syslog (HTTP)*
      • WatchGuard Syslog (HTTPS)*
      • ZScaler CSV

      * For more information, see Selecting WatchGuard Log File Configurations in Cyfin.

    • In the Type of Log File drop-down box, log file configurations have been removed as they are no longer shipped with the product. However, existing configurations will continue to work. If the removed log file configurations are needed, contact Technical Support.
  • Dashboard Trend Chart Comparisons. The following features have been added:
    • In the trend charts, you can now compare the Web traffic for a predefined date range with a previous period to detect any anomalies in Web activity.
    • The predefined date range is shown as a line series, and the equivalent previous period is shown as a filled series.
    • A Tooltip shows activity by metric, such as Visits, as well as the percentage change in activity from the previous to the current period.
  • Dashboard Time Online Metric. The Time Online metric has been added to the Top Users and Trend Users Dashboard charts. Time Online is an approximation of the time that a user spends on the Internet, based on the time stamps from Internet requests made as the user browses Web sites, the average number of minutes for reading a specific Web site, and the time spent reading the last Web site before the end of the browse session.
  • Visit Filter. The Visit Filter is now enabled by default when upgrading the product or installing a new version. The default time period is set to 3 seconds.
  • Memory Settings. For new installations, the default memory setting is now 512 MB. For optimal performance, it is recommended that you choose the setting that is approximately half of your available memory (RAM).
  • Wavecrest Root Certificate. The root certificate has been updated to be more secure and to reduce errors or warning prompts. Existing customers will need to install the new certificate. For installation instructions, see Wavecrest Certificate Installation Guide.

There are also a number of corrections in this release. To see the full release notes for your product, visit our Web site or knowledge base. You can upgrade to the latest release by going to the Help – Check for Updates screen in your product.

For additional assistance, please feel free to contact us.

Displaying the Blocking Message When Connecting to a Secure Site

Tuesday, August 6th, 2013

Using CyBlock Software or CyBlock Appliance, a secure Web site (https://domain) can be blocked by blocking the corresponding category, explicit URL, or custom category in which the URL has been added. If the secure site contains a path (https://domain/path), the URL match is made on only the domain portion by default. SSL Inspection has to be turned on with the associated blocked category set to be inspected in order to match on the domain and path portions combined.

However, the following issue may be encountered with the browser for a secure site (https://domain). When a user attempts to connect to a blocked secure site through CyBlock Software or CyBlock Appliance, the browser is only capable of receiving a Connection Established header response. Any other response, including a blocking message, is treated as a failed connection, and contents embedded in the response are not rendered due to security constraints.

Therefore, in order to display the blocking message when a user is connecting to a blocked secure site, the proxy must first send a Connection Established header which will require an SSL certificate to be accepted by the browser. This certificate is generated using the Wavecrest root certificate. If the Wavecrest root certificate is not already installed in the browser, a certificate warning message will be issued that must be accepted in order to display the blocking message. Please see the Wavecrest Certificate Installation Guide for instructions on how to install and distribute the Wavecrest root certificate and prevent the certificate warning message for your users.

If you do not accept the certificate when you receive the warning message, just a blank page will be rendered in the browser with a generic browser error message.

For additional assistance, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

Cyfin Release 8.8.0 and CyBlock Release 6.8.0 Now Available

Wednesday, April 17th, 2013

We are excited to announce the release of two major enhancements in the new version of Cyfin and CyBlock. The first major enhancement is the new SSL Inspection feature that allows our CyBlock products to decrypt, analyze, and fully inspect all HTTPS traffic. In order to defeat security threats facing companies today, SSL Inspection is essential. The second major enhancement is an innovative technique for protection against automated invasion of malicious scripts and software and/or unauthorized access to internal networks. Enhanced Malware Protection automates the process of identifying large numbers of new malware-spreading sites daily. To facilitate identifying and blocking malware traffic, three security threat categories have been consolidated into a new Malware category.

Other enhancements in this release include the rebranding of our products, new product icons displayed after installation, and new product Help. We also have a number of corrections in this release. The details of the enhancements include the following:

  • Product Rebranding.The Wavecrest products have been rebranded as follows:
    • The products offered are CyBlock and Cyfin (formerly Cyfin Reporter).
    • Three deployment options are available for CyBlock:
      • CyBlock Software (formerly CyBlock Proxy)
      • CyBlock Appliance
      • CyBlock ISA/TMG
    • These changes are reflected on the Wavecrest Web site and the Forum. They will eventually transition to the products and associated documentation.
  • SSL Inspection.This includes the following changes:
    • Ability to view the full URL including path, embedded URLs, and parameters.
    • Domain, path, and parameter matching.
    • Ability to filter detailed HTTPS traffic by Web categories and Web content types and display blocking messages for both.
    • Safe Search blocking (where applicable).
    • Ability to view full URLs in the Real-Time Web Monitor.
    • Ability to view full URLs in the following reports (where applicable), not just domains:
      • Category Audit Detail
      • Category Audit Summary
      • Site Audit Detail
      • User Audit Detail
      • User Audit Summary
    • A new SSL Inspection screen that allows you to select groups and/or IDs and standard and custom categories to be inspected. To access this screen, go to Advanced Settings – Proxy Settings – SSL Inspection. For inspection to occur, you must select a group and/or an ID, and set a category to Inspected. The Financial category is set to Tunneled by default for privacy reasons, but this can be changed to Inspected.

Note:  Before using SSL Inspection, the Wavecrest Certificate must be installed. Refer to the Wavecrest Certificate Installation Guide for instructions on how to install/distribute the certificate. For more information on this enhancement, see the SSL Inspection Tech Brief.

  • Enhanced Malware Protection in URL List.This includes the following changes:
    • Extensive malware site additions were made to the URL List. You will receive the enhanced protection when the list is downloaded manually or automatically.
    • The Hacking, Phishing/Fraud, and Spyware/Malicious categories were consolidated into a new Malware category.
    • Custom URL entries categorized as Hacking, Phishing/Fraud, and Spyware/Malicious are now categorized as Malware.
    • The Hacking, Phishing/Fraud, and Spyware/Malicious categories were replaced by the new Malware category on appropriate screens and in all category drop-down boxes.
    • For CyBlock, on the Block Web Categories screen, the Malware category is set to “Block” in the Default policy in new installations by default. In existing installations, previous settings will not change when the product is upgraded, that is, the Malware category will be set to the previous Spyware/Malicious category setting.
    • The Malware category is displayed on the Help – Reporting – Check URL screen under URL Category Match when there is a category match.
    • Scheduled reports now report on the Malware category if they were set up to report on the Hacking, Phishing/Fraud, and Spyware/Malicious categories.
  • Product Icons. The Wavecrest product icon has been replaced with new CyBlock and Cyfin product icons on the Start menu and on the browser tab (favicon).
  • Product Help. The QR pages in the product have been replaced by a new searchable Help system. The Help system has a similar TOC as the product manual, but also includes an Index and a Search box. If a search result indicates “Web site,” you can right-click the entry to open the page in a new tab or window. You can also print a displayed Help topic by clicking the Print button.

To see the full release notes for your product, visit the Support Forum. You can download the latest release by going to the Administration – Product Update screen in your Cyfin or CyBlock product.

For additional assistance, please contact us.