Websense White Papers

One data loss incident can result in continuous cost. After making afected customers whole, conducting an internal investigation, repairing any damage to internal systems, and dealing with expected litigation, you can count on external audits, increased regulatory oversight, and a damaged reputation to stay with you for a while.

While there can be enormous business benefts to leveraging Web 2.0 (such as building and enhancing customer intimacy and loyalty), it also introduces unprecedented levels of security risks.

Today, the Internet touches every facet and asset of business. Efcient organisations rely heavily on the Internet as a business platform—through software-as-a-service and Web-based applications, remote workplaces and extended partner ecosystems. This Web 2.0 platform enables competitive advantages and Employee 2.0, the anywhere, anytime, always-connected worker.

Locks on doors do not protect sensitive data. Security measures intended to keep the outside world at bay do little to protect organization’s data from internal leaks. Eighty-one percent of data loss comes from unintentional, internal leaks, according to a study by the Ponemon Institute. Yet, few businesses take action, even after a data loss incident has occurred. Most return to business as usual, exposed, even after information has undeniably and damagingly leaked.

Security is an absolutely critical component for any organization’s email or Web infrastructure.  The growing volumes of spam, viruses, worms, Trojans, blended threats and other issues, coupled with more sophisticated attacks from spammers and others, necessitates that organizations have robust and adaptable defenses to protect their networks, users and data from a wide range of vulnerabilities.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA), healthcare providers, insurance carriers, and other companies that use or store Non-Public Health Information (NPHI) must ensure that protected information does not reach inappropriate eyes. The result is a signifcant—and sometimes costly—compliance burden requiring new technology, reengineered processes, and employee education.

Ongoing reports of data breaches bring home the reality that organizations are seriously vulnerable to assaults on their digital assets. Legislation forcing companies to disclose these incidents is elevating what has been “a dirty little secret” into primetime news. This Aberdeen report looks at how Best in Class companies protect their sensitive data.

Once considered only an annoyance, spyware has evolved from a nuisance to  a malicious threat. Preventing spyware from infiltrating an organization requires security measures at multiple points on the network, gateway, and endpoint.  This paper describes the impact of spyware on organizations and explains how Websense® software can be used to help combat this growing problem. 

The same activities that make your employees efficient and productive—doing research over the internet, sharing files, sending instant messages to customers and coworkers, and emailing status information while traveling—are making your IT infrastructures vulnerable to mobile malicious code, spyware, viruses, Trojan horses, and phishing and pharming.

The security appliance market, which includes everything from firewalls and virtual private networks (VPNs) to all-in-one security appliances, is expected togrow at a tremendous rate over the next three to five years.

Data Loss Prevention is one of the most hyped, and least understood, tools in the security arsenal. With at least a half-dozen different names and even more technology approaches, it can be difficult to understand the ultimate value of the tools and which products best suit which environments. This report will provide the necessary background in DLP to help you understand the technology, know what to look for in a product, and find the best match for your organization.

An organization’s success will be predicated on successfully implementing an effective risk management program, but its success will be measured by its interpretation and addressing of applicable regulation.

Guarding customer, employee, and proprietary corporate information has always been a priority for companies, but recent developments on the legal, regulatory, and legislative fronts are turningthe protection of data privacy from best practices into de facto legal requirements.

Despite the implementation of sophisticated malware detection, firewalls, intrusion detection and intrusion prevention, and content filtering, corporations continue to leak customer data and company information at alarming rates.

It has always been good business practice for companies the world over—whether in financial, educational, health care, business, or retail organizations—to protect their customers’ privacy and control access to sensitive information. In recent years, the inadequacy of policies and controls at companies such as Enron, WorldCom, and Arthur Andersen  has led to the creation of new regulations.

Over the last few years, governments around the world have taken an increasingly detailed interest in how organizations manage personal data. This has led to a rash of legislation, much of which requires corporations to take specifc action to protect personal, identifable information.

Increasingly, businesses and analysts are recognizing the value of providing protection where it makes the most sense. Deploying messaging security in layers as a hybrid solution helps achieve greater efciency and protection while maximizing network resource investments. A hybrid approach to messaging security combines on-premise and hosted email security into a unifed solution.

Data theft, piracy, and malicious employees put intellectual property (IP) at risk every day. But the greater threat to IP comes from the most reliable staff members. Accidents and seemingly trivial errors cause more IP loss than angry employees or devious hackers. Routine mistakes, from which nobody is immune, pose the greatest threat to IP, competitive positioning, and ability to effectively grow the business.

Litigation keeps getting more expensive. Even the threat of a lawsuit can lead to high, unavoidable costs, requiring internal resource hours and possibly outside counsel.  The discovery process alone is time consuming and painstaking, as all pertinent materials must be found and reviewed.

Financial institutions must protect customer privacy and adhere to regulatory requirements. The Gramm-Leach-Bliley Act of 1999 (GLBA) restricts the sharing of private customer  data; even the accidental loss of sensitive information can trigger profound consequences.  Not just limited to banks, GLBA applies broadly to the fnancial community. It affects fnancial institutions such as non-bank mortgage lenders, insurance companies and investment advisors.

The Internet—with its wealth of information and features that are integrated into our everyday lives—has become a necessary tool for business and provides a vast array of options for personal use. However, it does have a dark side.

More than a decade after the commercialization of the Internet, many remain afraid to shop online. A plethora of responses have emerged, with 63% of online retailers requiring Card Verifcation Value (CVV) at checkout and 47% displaying logos such as “Hacker Safe” on their home pages. In addition to these individual measures, the credit card industry adopted almost universally the Payment Card Industry Data Security Standards (PCI DSS).

Today’s employee computing environment offers access to powerful applications and downloads, which can introduce new security challenges for corporate IT. With the nature of the employee workplace becoming increasingly more interconnected and mobile, the frequency and cost of the resulting security intrusions can be high.

PortAuthority Technologies offers a leading, functionally rich, information leak prevention (ILP) solution, with a track record of innovation and strong strategic vision. In our Forrester Wave study of eight leading ILP offerings, PortAuthority scored highly in nearly every area of functionality we reviewed, standing out particularly in policy management, non-text accuracy, and external system connectivity.

More than 100 researchers worldwide apply a vast array of classifcation techniques to block malicious or unwanted data from entering the network and protect confdential or proprietary data from leaving. Behind the scenes, they have built the necessary tools, data and infrastructure into a web of interconnected technologies known as the Content Research Cortex. In tandem with the vast data collection capabilities of the ThreatSeeker™ Network, these technologies allow Websense to discover, identify, classify, and adapt to content trends on a global scale.

Websense security Labs is a recognized leader in Web security research. For more than five years, Websense has been dedicated to researching Web-based threats. unlike other research labs, Websense is focused on detecting new threats that traditional security research methods miss.

With the recent wave of security breaches in the news, executives are realizing that despite their best eforts, information leaks can afect organizations of all sizes and in any industry. few organizations have found themselves immune to the insider threat: employees who expose sensitive information whether intentionally or accidentally.