Shop Online
Websense Price Info

Home
Products and Services
Websense Enterprise
Web Security Suite
Corporate Edition
Web Protection Svs.
Remote Filtering
Websense Solutions
Government
Education / Schools
Banks / Insurance
Legal Firms
Manufacturing
Technology Sector
Healthcare
Retail Businesses
Services Industry
Download - Free Trial
Blocked Websites
Blocked Applications
Internet Usage Stats
Websense Benefits
Cost Savings
Emerging Threats
Internet Policies
Client Applications
Reporting Tools
Sample Applications
Websense Databases
Websense Partners
System Requirements
Quick Quotes
Download Assistance
Websense Renewals
Our Company
Testimonials
Market Share
Contact Us

Firewall Compatibility/ Websense Platforms
-Websense for CacheFlow (Blue Coat Systems)
-Websense for Check Point Firewall -1
-Websense for Cisco Catalyst Switch
-Websense for Cisco Content Engine
-Websense for Cisco Content Engine
-Websense for Cisco PIX Firewall
-Websense for Cisco Routers
-Websense for Compaq TaskSmart/HP ProLiant
-Websense for CyberGuard
-Websense for Dell PowerApp.cache
-Websense for F5 EDGE-FX
-Websense for HP Web Cache
-Websense for iMimic DataReactor
-Websense for InfoLibria DynaCache
-Websense for Inktomi Traffic Server
-Websense for Lightspeed Systems IP Magic
-Websense for Microsoft ISA Server
-Websense for Microsoft Proxy Server
-Websense for NetCache
-Websense for NetScreen
-Websense for SLMsoft SecurIT
-Websense for SonicWALL Firewall
-Websense for Stratacache
-Websense for Volera Excelerator

Internet Use at Work
 The Emerging Threats to Corporate Computing

Most companies view security threats from an outside-in perspective: How can we protect our corporate computing environment from risks and threats from the outside world? Organizations deploy or configure firewalls, demilitarized zones, and intrusion detection systems, and implement a myriad of other security devices in an attempt to stop intruders from entering their corporate network.

As we've discussed, there are significant emerging threats to enterprise security that are not being introduced from external, unknown sources, but from employees themselves. Its critical that companies acknowledge these inside-out risks.

Instant Messaging
Less expensive than the phone and quicker than even email, instant messaging (IM) allows employees to easily communicate with other IM program users in a kind of private chat room. Most employees are using public IM chat tools from AOL, MSN, and Yahoo! to communicate with both colleagues and company outsiders. This presents significant challenges to IT organizations because, in addition to being a potential productivity drainer, public IM tools can relay company-confidential information over the Internet and contain exploitable vulnerabilities, making them a serious security threat to an organization.

Peer-to-peer applications
Peer-to-peer (P2P) applications like Kazaa make it possible for a user on one computer to directly access files, such as MP3 musicon another users computer anywhere on the Internet and download them. P2P application use is extremely popular2 and not solely a home-use phenomenon. A survey by AssetMatrix in July 2003 showed that 77% of companies had detected at least one P2P file-sharing application on their network3.

With little, if any, business justification for P2P networks in the enterprise, organizations face a significant security threat, in addition to the threats of network bandwidth misuse and legal liability.

Forty-five percent of the executable files downloaded through Kazaa, the most popular file-sharing program, contain malicious code like viruses and Trojan horses.

(TruSecure study, January 2004)

In October 2002, the RIAA, along with the Motion Picture Association of America, the National Music

Publishers Association and the Songwriters Guild of America, sent letters to Fortune 1000 companies warning that they are at risk when employees illegally distribute copyrighted works over corporate networks.

(Raleigh News & Observer, January 14, 2004)

Kazaa, the most popular gnutella-based P2P network, is the most searched term on the Internet, as well as the most downloaded executable. Search term statistic as reported by Yahoo!: http://search.yahoo.com/top2003. Download statistic as reported by Downloads.com in December 2003.

Corporate P2P Use Is Common, Study Says, c|net News.com, July 16, 2003.

Spyware and malicious mobile code
Spyware is any technology used to gather information about users or their activities, secretly or without consent, and relay that information to interested and potentially undesirable third parties over the Internet.

These programs are often downloaded automatically and unintentionally from Web sites or P2P sites.

Examples of spyware include adware, Web bugs, and tracking cookies. Although many of these programs are harmless and simply annoying, some more insidious spyware, such as keystroke loggers, records and transmits information about keystrokes and specific user actions on the computer to outside third parties.

Since keystrokes and user actions can include usernames and passwords, bank account numbers and PINs, or other access codes, these programs pose a significant security threat to the enterprise and, depending on the information relayed, may present a legal concern for organizations as well.

Similar to spyware, malicious mobile code (MMC) can infect an end-users computer simply by visiting the URL to the Website that distributes it. Perhaps the most well known example of this type code was the Nimda worm that spread throughout the Internet in 2002. Among other means of distributing itself, Nimda could infect computers that merely visited Websites which had its payload embedded as an ActiveX component. MMC includes any executable delivered via a Website that changes system settings without the end-users knowledge or approval. The consequences of MMC are as variable to an organization as the nature of the payload and can result in anything from a security threat to a legal liability concern.

Employee hacking
Organizations have always been concerned about the ability of outsiders to hack into their computing environments and gain access to proprietary information. Interestingly enough, the threat of hacking is primarily a threat from the insider. In fact, security experts often say that over 70% of hacking exploits are from insiders.4 Employee hacking is a bigger problem than ever before, because dangerous how-to information is now so readily available and easily accessible over the Internet. Newly available hacking portals target novice users and offer tools such as scripts and programs, as well as message boards that would-be hackers can use to learn about and discuss their hacking exploits.

45% of companies have suffered an unauthorized access by an insider in the previous 12 months.

(Source: 2003 CSI/FBI Computer Crime and Security Survey)

Motivated employees can find ingenious ways to access information to which they should not be private customer data, confidential corporate information, or intellectual property, to name just a few. And employees willing to go to such lengths to obtain this type of information almost never keep the information to themselves, thus presenting a legal risk from information breach to compound the security risk.

Streaming media
Streaming media includes interactive and high-bandwidth applications that use the Internet to run. Media players, Internet radio, and Internet television are three examples. While it may be useful for employees to view Web-based training sessions on their office computers, it is difficult to see the company benefit of employees watching concert highlights or clips from their favorite TV shows. When used inappropriately, streaming media also presents a risk to organizations in the IT resource domain, as precious network bandwidth is consumed by non-work-related activity, thus adversely impacting business-critical applications.

Based on informal consensus. An Information Week Global Information Security Survey in November 2003 found the figure to be 30% based on a formal survey of security experts.

As seen from the discussion above, these threats can pose risks to employee productivity, legal liability, IT resource use, and security. The following table summarizes the many activities and actions that employees engage in and assesses the corporate impact and risks associated with them.

Emerging Threats in Employee Computing

Activity/ Application Threat

Corporate Impact/Risk

Introduction of viruses, worms or Trojan horses to corporate network

Security (high)

Interception of confidential information (customer, privacy, IP, financial disclosure)

Security (low)

Introduction of illegal or inappropriate content into corporate environment (through file attachments)

Legal liability (moderate)

Instant messaging

Employee distraction

Productivity (high)

Introduction of virus or worm into corporate network

Security (high)

Lawsuit from illegal exchange of copyrighted digital material on corporate network

Legal liability (low)

Saturation of network bandwidth (possibly impacting business-critical applications)

IT resource (varies)

Peer-to-peer application use

Probability of pornography (possibly child porn) existing on the corporate network

Legal liability (high)

Interception of system password through keystroke logging program (possible use in identity theft)

Security (low but increasing)

Transmission of sensitive data to outside party

Security (high)

Spyware and malicious mobile code

Non-optimal utilization of network bandwidth or desktop CPU cycles

IT resource (high)

Unauthorized access to systems by an insider

Security (high)

Confidential customer information security breach (possible use in identity theft)

Security (varies)

Theft of corporate secrets or valuable confidential information

Security (varies)

Legal liability from affected outside parties

Legal liability (moderate)

Damage to computing systems by hacker

IT resource (moderate)

Employee hacking

Public disclosure of executive compensation packages and bonuses

Security (low)

Saturation of network bandwidth

IT resource (varies)

Employee distraction and loss of productivity

Productivity (moderate)

Streaming media

Legal liability from viewing of or listening to illegal copyrighted movie or material

Legal liability (low)

Desktop incompatibilities

IT Resource (high)

Installation/execution of unauthorized applications

Use of pirated/un-licensed software programs

Legal liability (high)

Quick Quotes, Quick Support & Best Rates for New Installations, Renewals & Upgrades
 Websense - Download your Free 30-day Trial Today!

Products - Websense Prices and More Info
 Free Phone Support & Free Specification Support with all our Websense Subscriptions

Security - Websense is Second to None If your concerns are: Corporate Email Security, Corporate Computer Security, Corporate Network Security, Computer Information Security, or Business Internet Filtering.
Productivity - Increasing Productivity has never been easier. For less than one hour's salary of a clerical employee, Websense provides cost-effective solutions to inappropriate internet use.

Please take a Quick Look:

| Websense Enterprise | Websense Web Security Suite |
| Websense Corporate Edition | Web Protection Services |
Websense Remote Filtering for Laptops |
| IT Decision-Maker Survey 2006 | Employee Computing Trends Survey 2006 |
| Market Share | Enterprise Network Security with Websense |
| Websense, SurfControl, Secure Computing, etc. |

| Websense for Government and Public Sector | Websense for the Technology Sector | Websense for Schools and Education Environments | Websense for Healthcare Industry | Websense for Banks, Insurance and other Financial Institutions | Websense for Retail Businesses | Websense for Legal Firms | Websense for the Services Industry | Websense for Manufacturing and Industry | Websense Web Security Suite | Websense Web Security Suite – Lockdown Edition™ | Websense Enterprise | Websense Instant Messaging (IM) Attachment Manager | Websense Bandwidth Optimizer | Websense Premium Groups: Security PG™, Productivity PG™, Bandwidth PG™ | Client Policy Manager | Websense Security Labs™ Services | Websense Real-Time Security Updates | Websense Priority One 24x7 Support | MyWebsense Portal | Websense Partner Integration Ways | Websense Enterprise Integration Partners | Websense Regulatory Compliance | URLs Database | Applications Database | Internet Use Policies | System Requirements | Our Partners / Full List | EIM Benefits | Cost-Savings | Internet Usage Statistics |
| Client Applications | Reporting Tools | Sample Applications | Websense Databases | Blocked URLs | Blocked Software |
| Internet Access Policies | Partners | Partners Full List |
| Emerging Threats | Corporate Managers | IT Managers | HR Professionals | Educators | Case Study |
| Renew or Upgrade your Websense Subscriptions | Check the Websense Platforms / Firewalls
| Download - Free 30 Days Evaluations | Assistance | Quick Quotes | Testimonials |
About Us  | Contact Us | Home | E-Mail |

 

All rights reserved.© 2005-2007. Websense Inc. provides the most comprehensive software for web filtering, web security, and corporate computer security at three control points: the gateway, network, and desktop / mobile computer.
Click Here
Web Counter
Click Here