Wavecrest Computing is pleased to announce an enhancement that delivers a tenfold increase in CyBlock’s ability to protect computer networks from malware and Cyfin’s ability to identify increasing security threats. Here is some background information.

Malware is the scourge of the Internet. The term “malware” includes computer viruses, worms, Trojan horses, spyware, adware, and other malicious programs that can disrupt computer operations, gather sensitive information, or gain access to private computer systems. For Wavecrest’s purposes, malware also includes Web sites that support hacking. Most malware originates and is spread from particular Web sites. Unfortunately, many thousands of such sites exist today, and to make matters worse, the number is growing steadily every day at distressingly fast rates.

The malware problem is not new to Wavecrest. For a number of years, companies have been using CyBlock and Cyfin products to protect against and identify automated invasions of malicious scripts and software, and unauthorized access to their internal networks–the two major problems caused by malware. CyBlock provided protection–under customer control–by blocking and reporting on employees’ attempts to visit sites in 3 of more than 70 URL List categories: Hacking, Phishing/Fraud, and Spyware/Malicious.

While this methodology was effective, it was not perfect. The difficulty lay in keeping the URL List up to date in the face of the relentless and rapid increase in the number of malware-spreading sites. This issue has been addressed with an enhancement that significantly improves the ability to keep the list current.

At the same time, three related categories, Hacking, Phishing/Fraud, and Spyware/Malicious, have been consolidated into one called Malware. This consolidation increases the ease of administration for customers.

This enhancement with its improved URL List is included in the latest release of CyBlock v.6.8.0 and Cyfin v.8.8.0. To realize its benefits as soon as possible, it is recommended that you upgrade your CyBlock or Cyfin product as soon as you can. Wavecrest will continue to update the enhanced list daily and make it available for download by customers. The download process remains unchanged.

You can schedule the list to be downloaded automatically every day, or you can download it manually at any time. In any case, as soon as it is downloaded, you will immediately begin to receive the added protection and see a significant reduction in the number of security threats to which you may be exposed.

To download the latest release, go to the Administration – Product Update screen in your CyBlock or Cyfin product. For additional assistance, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

It’s that time of year again. Christmas is coming, and it’s time to find the best deals and research the best products. And where does everyone go these days to find the deals and do their product research?  You guessed it. The Internet.  Should employers be concerned with this? Absolutely!  Online shopping results in significant productivity losses, excessive bandwidth usage and serious threats to cybersecurity.

Lost productivity can mean big bucks for your company. A recent study by Comscore found that 50% of all online holiday purchases occur during working hours. For the companies in the study, the typical productivity loss during the short holiday season averages $15,000.

Adding insult to injury, the additional traffic will lead to network slowdowns due to significant increases in bandwidth usage. Just as they did in previous years, online retailers are now preparing bandwidth-hogging promotional videos to help sell their products. Remember last year?  On Cyber Monday 2011, video views increased by 897 percent over the previous year. And now the number of views this coming Cyber Monday are expected to exceed last year’s. So, it is critical to prevent vital bandwidth from being consumed by non-productive Web-use.

Contributing to the danger, hackers and identity thieves are very aware of these online shopping patterns. They are fully prepared to deceive online holiday shoppers with very appealing schemes – “deals” that require them to click a link to special discount or filling in personal information before they can get the deal. These acts can lead to malware infection or pose significant risks to your organization’s network and sensitive data.

The peak period for all these holiday-related problems is coming soon. The Comscore study tells us that 80% of all annual online purchases occur between Nov 26th (CyBer Monday) and Dec 14th.  So now is a good time to remind your employees of your organization’s Web-use policy and make sure you have the right protections in place.

Dennis McCabe, President of Wavecrest Computing, recommends that companies monitor and/or filter employee Web-use to better protect themselves from lost productivity, excessive bandwidth usage and security threats. His company is ready to help them do this.  Easy to use and priced to fit any budget, Wavecrest products are tailored to address all aspects of Web-use management reliably and cost-effectively.

About Wavecrest

Since 1996, Wavecrest Computing has developed, marketed, and supported a spectrum of innovative Internet usage monitoring, analysis, filtering, and reporting solutions. Their products help all types of organizations manage employees’ online activities, ensure compliance with acceptable use policies, preclude legal liability and prevent bandwidth abuse. Founded 15 years ago, their client base has grown to more than 3,000 organizations, including many prominent Fortune 500 companies and high-profile government agencies.

During July, August, and September of 2011, Commtouch assessed categories of Web sites most likely to be home to malware, below are the top ranking offenders.  The Portals category includes those sites offering free hosting which are often abused to publish malware and phishing content or will redirect to sites with this content.

What were the most-visited categories by your employees during 2011?

Are you currently monitoring and/or blocking the existing Spyware/Malicious, Phishing/Fraud, Public Proxy, and Hacking categories to help protect your network?

In today’s wired workplace, internet security and bandwidth consumption are top concerns for IT professionals while employee productivity and legal liability ail management and HR professionals.  As a major contributor to the Web-use management effort, IT typically becomes deeply involved in planning, testing, selecting, installing, and administering Internet monitoring software.  With the different departments playing a role in deciding on the best product to fit their vast needs, most are left without a solution.  Fortunately, Wavecrest’s products have been reviewed by our customers as meeting each role’s needs most effectively, offering manager-ready, easy-to-interpret reports that can be accessed without the IT personnel in addition to providing a robust, truly scalable IT-friendly remedy.

With Wavecrest Computing, customers have the insight needed to proactively monitor / block the notorious malicious sites based on custom categories, the Wavecrest Control List, and a real-time deep packet analysis process.  Plus, our 19 comprehensive templates provide a variety of summarized and detailed Web-use activity reports on users, groups, categories, sites, acceptability ratings, and bandwidth consumption.  Conveniently import your current Web Use Policy to easily customize or classify categories, implement abuse thresholding, and monitor employee productivity while our Administrator and Operator Accounts allow for non-IT personnel to create and obtain their role-specific reports.

While serving a diverse mixture of commercial businesses, industrial firms, government agencies, military units, educational institutions, and non-profit organizations since 1996, our products continue to present the most up-to-date, proactive coverage in line with the one factor that underlies all Web-use management issues, human online activity. Wavecrest’s managers and developers understand human resource management well and we use that knowledge to develop features that prevent productivity losses, legal liability problems, network issues, and unnecessary costs.

Cyber Monday is no more – in an uncertain economy, post-Thanksgiving online holiday shopping has increased since coined in 2005 and now lasts for one month with more than 50% of all online spending taking place during working hours¹.  What does this mean for your business?  A large decrease in employee productivity, a boost in bandwidth consumption, and one of the most popular times for cybercriminals to attack your secure data.

Lost productivity can mean big bucks for your company, reducing employee output to a mere 60%².  A survey by CareerBuilder states that more than half of the 4,000 respondents polled intend on shopping online while at work with one third of those planning for more than one hour each day, in addition to the two typical hours daily already reported by respondents (time excludes lunch hour and scheduled breaks).  If you do not have a Web-use policy or Internet Acceptable Use Policy (AUP) in place, one is necessary to help report, monitor, and prevent employee Internet abuse in addition to protecting your company from legal liability.

Downloading malware is another risk as employees use the Internet for personal reasons. Spyware and malicious code are big threats to company networks as they can consume bandwidth and compromise security.  Recent studies show that company networks are being infected with spyware and malicious code most often through employees surfing the Web; with the holidays increasing that risk, these threats make it imperative for companies to enforce an AUP to protect their networks. Wavecrest Computing suggests that companies monitor and/or filter employee Web use in order to better protect themselves from security threats. In addition to the inherent risks associated with hacking your online security – loss of company reputation, destruction of company data, and the downtime employees face while systems are restored – the costs to mitigate attacks are extraordinary and rising each year.  This year, U.S. companies are expected to spend more than triple the costs spent in 2006³.

To ensure these threats do not happen to your company this holiday season, run through our checklist and remember to check it twice!

• Install all applicable system and program updates to avoid malware from infiltrating any system frailty that could have easily been patched with an update.
• Create a Web usage policy and clearly communicate it to your employees.
• Be cautious prior to clicking on links to different websites particularly those found on social networking sites as they’re often a hotspot for malware.
• Avoid the use of pirated / illegal software as many contain malware.
• Never open email attachments from unknown senders and make sure to scan attachments you do decide to download.
• Make steps to consistently back up your computer in the case that malware wipes your hard drive clean.
• Monitor servers and security devices 24x7x365 for security issues and require preventative actions be taken on security threats in real time – this is where we come in!

CyBlock can be set up to block Web access by categories and by hour so employees can access shopping sites on their lunch break or after hours. This approach can help sustain morale while minimizing the risks associated with online shopping.  With Cyfin, you can monitor employees’ Web use to ensure that Web-use policies are followed or that unwanted spyware or malware is not downloaded as a result.  Let us guide you to a safer, more reliable, robust security solution with exceptional support at an unbeatable price!

Sources:

¹http://blog.comscore.com/2011/11/cyber_monday_work_computers.html

² http://www.wavecrest.net/editorial/costsavings.html

³http://money.cnn.com/galleries/2011/technology/1107/gallery.cyber_security_costs/index.html?iid=EL

Unfortunately, some instances of Web-use activity cannot be readily identified or categorized by Web access management products.  One type appears in the Wavecrest products’ Web Monitor and employee internet usage reports simply as IP addresses with no domain.

If the IP address is not recognized by our product it is put into IP address category and not into “Other” for the below reasons  (While some IP addresses have been identified and categorized in the Wavecrest URL control list, many have not.) If the product does not recognize the IP Address, it initially assigns them – in parallel to two special categories: (a) the IP Address category, and (b) the “Other” (uncategorized) category. This ‘groups’ them so they can be dealt with, as follows.

Using IP Addresses to Help Analyze Web Activity. At first glance it may appear impossible to make use of these initially unidentified IP addresses, but that’s not really the case. With a bit of work, it’s possible to:

• Deduce the source and purpose of most of them
• Categorize the legitimate ones
• Isolate/neutralize the malicious ones

Let’s see how this is done.

First though, for purposes of this discussion, let’s ‘label’ the four general types of unidentified IP addresses. We’ll call them:

• ‘Internal and partner Web pages without domain names’
• ‘Innocent links on Web sites’
• ‘Possible malware or virus servers.’
• ‘Public proxies’

Identification and Corrective Action Process. This is a three step process: (a) listing the IP addresses; (b) classifying them by the types defined above; and (c) taking appropriate action.

To take the first step, simply run a Top Non-Categorized Sites Report and note the rows with IP addresses.  Then, as explained below, classify each (by type) and take action.

1. IP Addresses Associated with Internal and Partner Web Pages.  These IP addresses could result from user-generated or Web application traffic. Using local knowledge, determine the sources and then enter the addresses in one or more custom categories. If you wish, give the addresses recognizable names. Complete instructions on how to create custom categories can be found in our manual.
2. IP Addresses Associated with Innocent links on Web sites. These addresses could be associated with image or ad servers. If you send a Otherwise report that contains these IPs to Wavecrest our categorization team will research and categorize these IPs for you  the same way we would categorize domains. If you would like to identify them yourself there are IP Address lookup tools like the one available from http://www.networksolutions.com This tool will provide you with information about the owner of the IP address(es) of interest. For example, the owner of the IP address could be a marketing company that serves ads, or it could be an image server. Once identified, add the addresses to one or more custom categories. If you wish, give the addresses recognizable names.
3. IP Addresses Associated with Possible Malware or Virus Servers. These addresses could be associated with malware, spyware or virus servers. The clue here is very high around-the-clock traffic (an indication that the user’s computer has been infected or attacked).  The solution in these cases is to isolate the internal computer(s) and remove the malware/spyware or virus.
4. Public proxies. Also known as “Anonymous proxies”, public proxies are often used by employees or students who want to get around Web filters and/or avoid being identified by Internet logging. In other words, public proxies allow individuals to surf the Web “anonymously.” Many public proxies promote spyware or malware activity. They are created to gather user information, or even worse, company information on an employee’s computer. They often log an individual’s online browsing, emails, and chat sessions to gather user names, passwords, credit card or banking information. Some of the information gained, e.g., email addresses, is often used to sell to other companies for marketing purposes.

For more information, read our post: The danger of public proxies.

If you are still using Internet Explorer 6, we and Microsoft recommend that you upgrade as soon as possible.  One of the main reasons to upgrade is that Wavecrest’s CyBlock versions 6.3.0 and later and Cyfin versions 8.3.0 and later no longer support IE6.

Microsoft also has a big push now to get users to upgrade and stop using IE6.  See their new website ie6countdown.com. One of the main reasons they are pushing the upgrade is security. They state, “we recommend that Internet Explorer 6 users upgrade to a newer version of Internet Explorer for a safer browsing experience.” So if you haven’t done so already, Wavecrest recommends that you take a minute to make sure all of the computers and servers in your network are upgraded to a later version of Internet Explorer.

If you have any questions, please contact Wavecrest’s technical support team by phone at 321-953-5351, ext. 4 or toll-free at 1-877-442-9346, ext. 4.

Sources:

The Internet Explorer 6 Countdown
Microsoft Begs Users to Stop Using IE6
It’s Time to Finally Drop Internet Explorer 6

With the holiday season coming up, now is a good time to remind your employees of your organization’s Web-use policy.  Black Friday and Cyber Monday are just around the corner, and many employees may want to do some pre-searching and shopping to find those upcoming holiday deals. Online holiday shopping can generate network security and performance issues and be a huge productivity waster for businesses.

If you have CyBlock, your product can be set up to block Web access by categories and by hour so employees can access shopping sites on their lunch break or after hours. This approach can help sustain morale while minimizing the risks associated with online shopping. If you have Cyfin, you can monitor employees’ Web use to ensure that Web-use policies are followed or that unwanted spyware or malware is not downloaded as a result.

Approximately 20% of personal Internet use at work poses potential threats to the employer. Web access in the workplace can be a valuable business tool, but it also carries significant risks. Check out our presentation that discusses the risks associated with Web use and why monitoring and filtering helps mitigate those risks.

Do you have a good handle on all outbound connections from your network, and how do you know?  Many times legitimate programs and applications downloaded are creating outbound connections without your knowledge or approval.  This can cause a serious drain on an organization’s network resources.  This exact scenario recently happened to a Wavecrest customer, and with the help of Wavecrest’s reports and technical support specialists, they were able to locate a program that was making 1,400+ outbound connections a day without their knowledge.

Many times, a program like this can be running in the background without the organization’s knowledge and is not necessarily identifiable in the process table.  It can only be caught if an organization is monitoring outbound Web connections through reports such as the ones in Wavecrest’s Cyfin and CyBlock products.

In this particular scenario, the customer became knowledgeable of these unauthorized outbound connections because there were a couple of users being locked out of their computers.  To troubleshoot the issue, they along with Wavecrest technical support used the Authentication Manager in their CyBlock Proxy product to investigate.  They found that the users’ computers were creating some outbound traffic that was not authenticating with the proper credentials, thus eventually locking the users out due to an authentication security setting the organization had on their Active Directory configuration.  By using the Authentication Manager, Real-time Web Monitor and other reports, our technical support specialists were able to identify the file that was making these unauthorized outbound connections and remove it from the computers.

This scenario proves that it is important to be aware of what is going on in your network, and Wavecrest’s products can help IT administrators do that. There are several steps you can take to prevent and identify these types of problems in your network.

1. Use reporting tools to spot unusual activity.
   1. Look for unusual patterns of Web activity.
      1. Review Dashboard trends to spot any unexpected spikes in activity.
      2. Review Dashboard top sites and top categories charts to find any unexpected sites or categories showing up in the top ten all of the sudden.
      3. Run a Site Analysis report at least once a week and be alert to changes in the volume and pattern of outbound Web activity. For example, if a single user is suddenly logging thousands of visits a day, chances are there’s an issue. That’s because “human” activity is usually more random.
   2. Watch the following categories: IP Address, Spyware/Malicious, Unsolicited or Push, Phishing/Fraud and Uncategorized “Other” Sites. High activity in these categories should raise a red flag for administrators. High traffic volume here warrants further investigation.
   3. Identify the source of the problem. Dig deeper by running a Category Audit Detail report to uncover both the site and the affected user. If your Category Audit Detail report shows an unusual number of hits to a specific Web site, that site is most likely the source of the issue.  You can also monitor the traffic in real time using the Real-Time Monitor to uncover the site causing the problem.
2. Update your Web-use management tools.
   1. Update your Acceptable Use Policy. Employees need to understand the risks of Web surfing. Minimize risks of Internet abuse by implementing a policy to curtail at-work surfing and communicate it clearly to employees.
   2. Update your Wavecrest list. The Wavecrest control list is updated daily. We recommend downloading your Wavecrest control list daily to minimize the number of visits categorized as “Other” and ensure the best coverage possible. You can set Cyfin and CyBlock to do this automatically on the Administration – URL List – Schedule screen. (Note: If you spot a problem Web site that is uncategorized, email it to us at sites@wavecrest.net. Our site analysts will review the site and categorize it appropriately.)
3. Contact Wavecrest Technical Support. Our support specialist are always eager to help you troubleshoot any issues you are having by helping you get the best out of the features and tools our products offer.

For more information on how Wavecrest’s products can help keep your network safe, we recommend you read our previous blog post on “Controlling Spyware” and “The Purpose of the IP Address Category.”

Note: The program in question that is addressed in this post is the Akamai NetSession Interface. It was hitting cn1.redswoosh.akadns.net and cn2.redswoosh.akadns.net 1400+ times a day. The program was located at C:\Program Files\Common Files\Akamai\AdminTool.exe. To remove the program with Wavecrest’s help, the customer:

1. Opened the Command Prompt
2. Went to the folder location by typing”Program Files\Common Files\Akamai”
3. Then typed “admin uninstall-force” to remove it.

Remember: Our technical support specialists are here to help. If you ever need help with your product configuration or see something unusual in a report or on the real-time monitor that you are unsure about, please feel free to contact Wavecrest technical support, and they will be happy to help you.

Technical Support Contact Information
Direct: 321-953-5351, ext. 4
Toll-Free: 877-442-9346 ext. 4
Email: support@wavecrest.net

It has always been important to know that your company’s resources are being used properly and to the best of their capability.  Businesses want to ensure that their employees are being productive and not wasting the organization’s time and resources.

Internet access is one of those resources that can easily be abused, costing an organization time and money. Internet filtering and/or monitoring with one of Wavecrest’s Cyfin or CyBlock products can help preclude or drive down costs in at least four areas: productivity, bandwidth, legal liability and security.

1. Productivity

• The average worker admits to frittering away 2.09 hours per 8-hour workday, not including lunch and scheduled break-time (America Online and Salary.com survey, 2006).
• The average employee costs a company $29.71 per hour (including salary, overhead costs, benefits, payroll taxes, etc.) —- United States Department of Labor Bureau of Labor Statistics — March 2010.
• Lost productivity costs the company $59.42 per day per employee (2 hrs x $29.71).
• Average employee works 240 days per year.
• Yearly loss per employee is $14,260.80  (240 x $59.42)
• Loss per 1000 employees is $14,260,800 per year.
• Average cost for a Wavecrest Internet filtering or monitoring product with a 1000-employee license is $3,500 per year ($3.50 per user).

Conclusion:  Cost of a Wavecrest license is less than three tenths of one percent of the cost of lost productivity. A well-communicated Web-use policy, coupled with an effective monitoring product, greatly increases productivity in the workplace.

2.  Bandwidth

Reliable studies indicate that as much as 70% of a company’s bandwidth is being consumed by non-productive pursuits. Activities such as online video, audio streaming, downloading movies or MP3′s are especially damaging.  It is quite clear that eliminating or significantly reducing bandwidth abuse can improve network performance and preclude or decelerate the need for organizations to support increased bandwidth use.

3.  Legal Liability

Web-related legal costs typically result from employees visiting pornography sites.  Many studies show this to be a serious problem. In fact, according to research by Nielsen Online in October 2008, one quarter of employees who use the Internet visit porn sites during the workday.  Hits to porn sites are higher during office hours than at any other time of day, according to M.J. McMahon, publisher of AVN Online magazine, which tracks the adult video industry.

This type of activity puts the employer at serious risk of being sued by other workers who are offended or upset by being exposed to pornographic images. Such suits usually take the form of sexual harassment or hostile workplace litigation and can be very costly in terms of damage to reputation as well as legal costs.

4.  Security

Studies show that approximately twenty percent of personal use of the Internet by employees involves activities that pose potential threats to employer network security. Examples include file sharing, the use of malicious code, spyware and more. Like bandwidth abuse, the associated costs are difficult to quantify, but such activities can easily result in network disruptions or slowdowns and/or loss or compromise of proprietary data; these all come with a cost.