websense: protecting your internet users. the problems with web surfing bandwidth consumption –...
TRANSCRIPT
Websense: Protecting Your
Internet Users
The Problems With Web Surfing
Bandwidth Consumption– 18% downloaded media
(Source: Websense Web@Work 2006 Survey)
Productivity Loss– Studies show employees spend over 10 hours per week surfing
non-business related websites(Source: Websense Web@Work 2006 Survey)
Legal Liability– More than 12% of web traffic visit pornography and other offensive
sites(Source: Websense Web@Work 2006 Survey)
Security Risk– More than 75% of all organizations are infected with spyware
(Source: IDC’s Enterprise Security Survey, 2005)
Improve Your Network Bandwidth Utilization
Prioritize network activities– Ensures sensitive information is always available
Manage access to bandwidth-intensive websites– Internet TV and Radio, Streaming Media
Manage access to bandwidth-intensive protocols– Ex. P2P file sharing, Skype
More Productive Computing Environment
Make your policies specific – Over 90 URL categories – Over 80 protocols
Use flexible enforcement – Allow– Block– Continue– Quota– Block by Bandwidth, File
Type, Time of Day
Right people receive the right policy – Policies by user or group
Proactively Manage Legal Liability Risks
Reduce your organization’s legal liability exposure:– Manage access to inappropriate sites, as deemed by
corporate policy (E.G. Porn, Music Downloads, etc)
Manage access to IM and P2P, frequent sources of inappropriate file and information sharing
Protection from Web-Based Threats
Stop web-based threats before they infect your organization’s endpoints:– Security Filtering will block access to websites with
web-based threats including:• Spyware
• Keyloggers
• Phishing
• Malicious Code
• Bot websites
• Potentially Unwanted Software
A proactive approach to web security
Protect user and network resourcesPro-activeProtection
Websense Web Filtering
Block traffic to offensive websites
Manage access to non-business critical websites
Control bandwidth consumption
IncreaseProductivity
Conserve Bandwidth
Mitigate LegalLiability
Master Database Construction
AnalistasRevisan los sitios
Servidores de actualización desde San Diego, Londres y Tokyo
INTERNETINTERNET
Agentes Web propietarios
y Robots inteligentesinvestigan sitios web
DATABASE
30 milliones de URLs
Web-based attacks
Suarede
Troyanos personalizados
Trojans CrimewareSpyware
Código malicioso
Keyloggers
VirusWorms RSS
Signature- Based
Advantages• Definitive action once
signature is available
• No specialized skill set required for ongoing management
Drawbacks• Reactive – relies on incidents
within customer base
• Slow – requires post-facto reverse engineering and signature updates
Behavior-Based
Advantages• Fast – instant reaction to
known behaviors
Drawbacks• Requires specialized skill set
for tuning and ongoing management
• Educated guesswork – prone to false positives
The Traditional Approach to Security
Cost
TIMETIME
Outbreak
•More sophisticated• IRC bot• ICMP Trojan horses
Outbreak
•Reverse engineering•Patch released•Patch deployed
Traditional Solutions vs. Today’s Web Security Threats
Source: CSO Magazine, “2006 E-Crime Watch Survey,” September 2006.
In 2006, e-crime cost an average U.S. business a staggering $740,000 a year.
Framing The Threats
Known
NewEmerging
Threat Matrix
Internal External
Next Generation Web Security Threats
RSS WormsCrimeware
Custom Trojans
Web Security ThreatsSpywareAdware
Phishing
Information Protection Threats
Exposed DataStolen Data
Unclassified / Undiscovered Data
Productivity & Liability ThreatsPorn, Shopping, Sports
Streaming MediaIM, P2P, Blogs
Web Reputation
Research Partnerships
WebCatcher™
AppCatcher™
Search Engines / DNS
Passive HoneyPots
Active HoneyPots
URL Sharing
Patent-pending processes for collecting, mining and analyzing
Data mining of more than 600 million sites a week
Importing and monitoring millions of domain name records, registrars and fluxes
Automated algorithmic checks for suspicious URLs and applications
1 TB+ collected and analyzed daily, 24 X 7
Lurking
Passive HoneyClients
Active HoneyClients
ThreatSeeker™ Processes
ThreatSeeker – Cambio de Estrategia
Real-Time Security Updates™: Immediately Protects
Security Threat
Discovered
Time
CustomersDeploy Solutions
Antivirus Solutions Available
Window of Exposure
Real-Time Security Updates
El Crecimiento de los Ataques en la Web
“El Crímen Perfecto”
– Tecnicamente sencillos
– Costos de inversión muy bajos
– Saca provecho de la inexistencia de fronteras en la Web
• Pocas reglaciones internacionales de leyes de informática
– Improbable que lo atrapen
– No hay expecialistas o defensassuficientes
– Hay grandes cantidades de Cyber Criminales disponibles
Navegación sin protección
Estudio de Casos
MySpace.com Phishing Attack (6/1/06)
Google Pages Crimeware (16/jun/2006)
Super Bowl XLI
Hearse Trojan Horse
Rootkit popular sofisticado, llamado Hearse Tiene código malicioso para robar información Download como parte del worm de P2P Alcra El worm de P2P Alcra incluye um downloader
HTTP de 3 sitios.
7
Websense bloquea download inicial
Souorce: Yankee Group
• O Websense clasificó las páginas el 7 de marzo del 2006
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Prevx detecta Coldcase (Hearse)
Prevx detecta segunda variante
Sana detecta evidência de Hearse
Sana Security anuncia Hearse
Huella McAfee (PWS-Banker.be)
Prevx detecta tercera variante
Huella Trend Micro (TSPY_HEARSE.A)
Huella Symantec (TROJ_Hearse.A)
HUella Kaspersky (Trojan-Spy.Win32.Goldun.im)
Huella F-Secure (Hearse.A)
Huella Sophos
Latência de detecção
10-30 de marzo del 2006
Websense 6.3.1with Web Reputation
Potentially DamagingContent
Elevated Exposure
Emerging Exploits
Bot Networks
Keyloggers
Malicious Websites
Phishing & Other Frauds
Potentially UnwantedSoftware
Spyware
Websense 6.3
Web Reputation – New Categories
Extended Protection!Extended Protection!
Protección Extendida
Control Instant Messaging Attachments
Control the sending and receiving of files via instant messaging (IM) clients
Allows organizations to leverage business benefits from instant messaging while managing the security, bandwidth, and reducing legal liability related to IM file attachments.
Websense Web Protection Services™: Protect Your Brand, Web Site, and Web Servers
Alerts customers if their websites have been compromised
Alerts customers if their brands have been targeted in phishing or malicious keylogging code attacks
Takes a hackers view of web servers alerting customers of vulnerabilities
Remote Filtering Agent
Firewall
Corporate
DMZRemote User Remote Filtering Server Reporting
Tools
BBInternet
B = Block
(spywaresite).com
Websense
Websense Remote Filtering applies the same protection when your users are outside of your organization’s network:
Protect Anytime, Anywhere
A framework that enhances organizations’ Web security capabilities through technology integrations with leading security and networking
solutions that increases the ROI of existing IT investments
The Websense Web Security Ecosystem™
Easily Check the Status of Your Network
Monitor & Reporting: Unparalleled enterprise reporting with intuitive web-based,
drill-down capabilities usable by technical and non-technical groups
Combine statistics with trend graphs for an instant or historical view of categorized network activity
Unique in offering “Risk Classes” which provides management-level summary information on risks
Easily Fits into Your Organization
Scalable, from 25 to over 500,000 seat deployments
Over 40 security and networking solutions – Internet Gateways– Certified Appliance Platforms– Network Access Control
Provides flexible administration– Delegated administration– Remote administration– Delegated reporting
Fits with your own custom filtering needs– Custom categories can be easily created
– Security Event Management– Identity Management
Introducing Websense
Express
All-in-one-server Websense approach
`
`
Websense® Express
SPAN portor TAP
Policy ServerReporting Server
InternetInternet
Daily Updates
Websense
Up to 250 users
Express Highlights
Flexible Deployment Options– Software– Appliances (US ONLY)
Integrated System Platform– Single Server Footprint– Unified Product Installation
Streamlined to Support Windows Platforms– OS (Windows 2003 Server SP2, R2)– DB (MSDE)– Apache– User Authentication (AD, NT)
Localized Language Support– German, French, Spanish, Japanese
Websense Express – Status
Websense Express – Summary
Websense Express – Tools
Websense Express – Policies
Websense Express – Reporting
Websense Express – Explorer
Questions?