Archive for December, 2008
Finding the Application Needle in the Traffic Haystack
Posted by actiance in Employee Behavior, Enterprise 2.0, New Internet, Trends, Web Security on December 12, 2008
It seems as soon as a new technology is adopted into mainstream business, a whole host of support technologies soon follow to fill in the gaps and solve the new issues that are created. Consider the enormity of the anti-virus market that was created after the ILoveYou Virus hit in 2000, and the addition of URL filtering to enterprise IT’s checklist of “must-haves” following the adoption of the Web browser.
The good news is that browser based traffic is now monitored and managed in most organizations. So, what’s the next new technology? Always one step ahead, employees have turned to other real-time applications including social networking platforms, IM, peer-to-peer file sharing, Web 2.0 VoIP and conferencing applications. And the next new technology solution? Application filtering.
This week, FaceTime announced that we’ll begin licensing our application inspection and classification technology, called ACE (Application Control Engine), to other network security vendors. This same technology is at the core of our Unified Security Gateway product, detecting and classifying more than 1,400 Web 2.0 and real-time communications applications and more than 50,000 social networking widgets – a number that grows daily.
This is the new frontier for Web security, as Sarah Perez points out in her analysis of how Web applications fly under IT’s radar,
“… when users become their own I.T. department, they’re unknowingly introducing inherent risks into the previously hardened network infrastructure. Just because a web app is easy to operate, that doesn’t make it safe and secure for enterprise use. As users upload and share sensitive files through these unapproved backchannels or have business-related conversations through web-based IM chatrooms, they might not only be putting their company’s data at risk, they could also be breaking various compliance laws as well.”
Sarah’s analysis is spot on. She goes on to point out that
“If FaceTime’s ACE or other similar technologies become a mainstay in the enterprise I.T. toolkit, the explosion of Web 2.0 for business use, a trend typically called Enterprise 2.0, may be dealt quite a blow. The only Enterprise 2.0 apps that will succeed given that scenario will be the ones that worked with the I.T. admins from the very beginning to assure them of their safety. The apps reliant on a slew of the company’s rule-breaking users for adoption, however, will be out of luck. Perhaps being sneaky may not have been a great business model after all.”
From our conversations with IT managers and through our annual study of usage trends, end user attitudes and IT impact, it’s clear that the number of unsanctioned applications on enterprise networks is exploding because the nature of the workforce is changing. In fact, one in three employees say they feel they have the right to download whatever applications they need to do their jobs, regardless of policy. And interestingly, one in three IT respondents believe that written policies are ineffective methods for controlling enduser downloading of applications.
Given not only the sheer number of Web 2.0 applications but their obvious increased rate of adoption in business, I believe we’ll eventually see application filtering become standard, and most likely even more important, than URL filtering is today.
The Koobface Worm Returns…
It’s been a busy few days in security, as the Koobface Worm has indeed returned to Facebook.
As the lines blur between personal and business use of Social Networking sites (our recent FaceTime survey showed that 81% of survey respondents said they use social networks at work for personal reasons, and that 51% are accessing them several times a day), it’s clear that Social Networking sites are quickly becoming the place above all others where IT Managers need to concentrate their security thinking.
Sites are already out there such as Yammer.com that focus exclusively on business use. How long will it be before there’s a major security incident in relation to a Social Networking and workplace related mashup? I have a feeling it’s going to be sooner rather than later…
Are these the Halcyon Days, or are they gone forever?
Posted by actiance in Employee Behavior, Enterprise IM, Malware, Public IM, Social Networking, Unified Communications on December 2, 2008
[Halcyon: Oxford English Dictionary: Definition adj & n calm peaceful]
Sarah Carter definition: sepia tinted memories of days where you only remember the good bits…often a rose tinted remembrance…
I don’t believe I’m surprised anymore by what happens in our increasingly connected world. Perhaps I’m a natural cynic. Having been in the IT security industry for more years than I’ll ever admit to, I’m naturally suspicious. When Steve Gold, one of our well known journalists in the UK, Skype’d me an unsolicited article synopsis text file that he wanted to interview FaceTime about recently, I wouldn’t accept the file until he’d answered a specific question I asked him in the Skype IM. As I explained to Steve, “Sure, we Skype each other regularly, but just because I know you doesn’t mean I trust you. And I certainly don’t trust your IT or some of the nefarious characters (I include myself in this list) you associate with and who send you files and information to investigate.”
I remember, you see, the days of the “I love you virus”, the days before we purchased anti-spam and email anti-virus without question. When I’d click on a link that someone in my trusted network would send me, or I’d open a .zip file and the only way that I could stop the resulted virus being propagated out to my entire contacts list, was to reach under my desk and pull out the network cable and then sit and wait red faced for helpdesk to come and rescue me.
It surprises me that people aren’t more suspicious, that there is a natural trust between users of real-time communications.
At FaceTime (in our labs and through working with customers) we see threats propagating over real time channels every day – protecting you from them, is after all our business. We’ve seen Trojans come in over a public IM network, propagate out to all your buddies and then hop over to an enterprise IM network.
So, is it just a matter of time then before we see malware and Trojans and worms written specifically for unified messaging and communications platforms, written to take advantage of the inherent trust shared between users? And are we currently in an equivalent halcyon period that I remember before ILoveYou and email? Or am I worrying about nothing?
Time, I guess will tell. But next time, I ask you for verification that you are who you say you are when you’re sending me a file over IM, or when you’re sending me your holiday pics over Skype…well, it’s not that I don’t trust you. I just think the halcyon days are long gone. Am I the only one?
