English (US)
Security on the social web
Websense makes it safe to be social.
The social web is essential to business. Facebook, LinkedIn, and Twitter began as fads for users who wanted to connect. Now companies connect to users with coupons, recruitment ads, and promo buzz on social sites. Today's web is an essential business tool – and a huge security risk.
How big is business on the social web?
- 75% of brand "likes" on Facebook come from ads¹
- 22% of Fortune 500 companies have a public-facing blog¹
- $2.2 billion goods bought by social gamers in 2009; predicted to rise to $6 billion by 2013¹
- 80% of companies use social media for recruitment²
Websense® TRITON™ solutions
help you socialize – safely. Social sites increase your exposure to inappropriate content, reduced productivity, and confidential data loss. Here are three key ways Websense TRITON solutions can help you:
Protect productivity and limit legal liability. You want to reap the business benefits of posts, tweets, and tubes. But you don't want employees wandering off to unproductive sites or engaging in illegal activities. The secret is to:
- Enable use of the social web
- Eliminate the risks of the social web
Websense automatically extends AUP to social media. The Websense® TRITON solution offers an industry exclusive: automatic extension of acceptable use policies (AUP) to the entire web, including the social web. You can apply AUP for more than 150 protocols and applications, and choose from 95 content categories, including:
- Adult material
- Games
- Gambling
- Shopping
- Sports
Only Websense offers real-time content categorization scanning... so you can apply AUP across all categories to content within social sites.
Websense also provides a Social Media AUP Toolkit. In addition to applying the content usage policies listed above, you can also create your own Social Media AUP by reviewing the sample templates provided in the Websense toolkit. The kit will help you:
- Communicate facts about social media and security to your employees
- Define an AUP that will work within your company
- Announce, deploy, and train employees in your social media AUP
Help prevent modern malware. Hackers and other cyber-criminals love social sites because they're so, um, social:
- Huge numbers of fans form gigantic victim pools
- People freely post personal facts that attackers use in scams
- Fans trust each other and forget to be cautious
- Free or low-cost apps that were not developed with security in mind and can be easily implanted with malware
Super-fast social traffic = super-high attack opportunities
- 90 million Tweets per day³
- 490 million YouTube users4
- 600 million Facebook users4
³TechCrunch.com
4royalpingdom.com
Anatomy of a blended threat: Case study Phishing attacks that blend web and email channels flood
the social web. Here's how a real-life blended attack worked, and how Websense prevented it.
This attack:
- Exploited user trust in the Facebook brand
- Used no code to evade antivirus detection
- Manipulated insecure application logic
1. Email lure goes to Facebook users, directing them to verify their accounts by clicking an embedded link.
2. Clicking the link redirects users to a false Facebook login page. Attackers harvest the credentials for use in other scams or to sell to other cyber-criminals.
3. ACE protected Websense customers with its composite risk scoring technology that identified multiple risk factors that indicated an increased likelihood of attack:
- Hidden text within the false login page identified the host as a service known to host phishing attacks in the past
- A request for user credentials, a common tactic of phishing attacks, raises additional suspicion
- Use of Facebook brand, also common to phishing further raises suspicion
Problem: Point-based products leave security gaps. Traditional security products target one type of threat at a time: viruses, spam, scripts, or reputation rating. The independence of these analytics limits their effectiveness because they don't inform each other – or you – of compound security threats.
Solution: ACE helps prevent malware by adding up the threats. The Websense Advanced Classification Engine (ACE) analyzes all the factors listed above and applies advanced risk scoring to evaluate the risk of the combination to identify security threats. This is especially essential in today's world where an individual antivirus signature is not adequate to protect against zero-day web threats. With its advanced composite content classification technology, ACE:
- Detects and helps prevent zero-day attacks
- Classifies never-before-seen content on the fly, even content behind registration and within SSL sessions
- Includes a layered defense for known virus attacks
Help prevent data loss and simplify compliance. The magic of the social web is its interactivity. Sharing information with all kinds of people all over the globe. All this give and take is fun for fans, and it can be productive for business. But as sharing information freely becomes second nature, the risk of confidential data loss and unintentional regulatory violations rises dramatically.
Just saying "no" doesn't work. Typical products can't tell if your employee is posting a list of company benefits (not confidential) or a list of client contact data (confidential) to LinkedIn. So, to "solve" the problem, these products simply block LinkedIn from any postings at all. And you lose an important recruiting opportunity.
Websense says "yes" with TruWeb DLP capability. Websense TRITON solutions include enterprise-class data loss prevention (DLP) with our TruWeb DLP™ technology embedded right into our products. You get:
- Extremely high accuracy with fewer false positives
- Thousand of predefined data classifiers
- Hundred of compliance policy templates
- Natural language processing
- Data fingerprinting
- Proven incident management workflow
TRITON products give you many options for managing data loss in social settings. Our products let you set controls to help prevent data loss and stay within regulations when your employees venture out onto the social web. Capabilities include options to:
- Block posting of specific confidential data (healthcare, financial, employee, customer, etc.) while allowing posting of everything else.
- Allow read-only access to social networking
- Prevents posting of Salesforce customer data
- Set controls for chat, social networking, email, and encrypted sessions
