Archive for category Application Filtering
We’ve all heard this saying before and it’s easy to get lost in the bewildering array of communications channels available to us. There’s the usual email, instant messaging networks (Yahoo!, Google Talk), peer-to-peer networks (Skype), enterprise IM applications (IBM Sametime, Microsoft Lync/OCS), and social networks (Facebook, Twitter). And these are just the big boys. There are literally thousands of IM, P2P, and social networks, in addition to those listed above.
To give you an idea of the bevy of tools out there, the US Department of Agriculture (USDA) uses over 21 different email systems, but they’ve recently decided to award Microsoft a contract to provide cloud-based email, Web conferencing, IM, and collaboration solutions. Similarly, the US General Services Administration (GSA) awarded an email contract to Google. What this goes to show is that messaging in large organizations (in this case, it’s the government) is starting to move to the cloud as companies look for ways to streamline their messaging systems, improve efficiency, and cut costs.
What with all these communications options available to end users, it’s all too common for folks to use Facebook, Yahoo!, or Skype while they’re at work on company-issued computers. Oftentimes, individuals use a combination of Web 2.0 (think Facebook or Skype) and enterprise (think Microsoft Communicator or Cisco Jabber) applications. The problem with doing so is that it opens up new vectors for malware to invade the corporate network. In other words, there are far more avenues for evil to infiltrate the corporate network these days than ever before.
Thankfully, platforms like Actiance Vantage make it easier to manage the proliferation of communications tools within the enterprise. From blocking virus attacks to managing file transfers to logging and archiving of all IM activities, Vantages provides end-to-end security and compliance coverage for an organization’s unified communications.
We can all learn a lesson from the government contracts cited above. Long ridiculed for being the poster child of bureaucracy and antiquated computer systems, it must be saying something to have two large agencies moving their communications applications to the cloud. Looks like the US government has taken heed of that old KISS principle after all.
Last month we announced that Check
Point Software Technologies had purchased our application database for use in
their products. According to Check Point, this technology will “… provide
businesses unparalleled granular control over application usage and enable
security administrators to prevent threats associated with the use of certain
Internet applications. Check Point will offer this new level of security
controls as a Software Blade that will be available for all gateways.” (read their
release here: )
This deal reaffirms our leadership
in the Web 2.0 security space. More importantly, it highlights the growing need
for network solutions that provide visibility and control at the application
level not just at the port & protocol level. Check Point sees this need and
will use our database to provide application level control. Application level
control will become the price of entry in the Firewall
But beyond visibility and control,
what enterprises are asking for is “enablement”.
- How do I allow access to Facebook or
LinkedIn and stay in compliance with FINRA or FERC or HIPAA or PCI or [insert
your favorite regulation here]?
- How do I allow access to YouTube
videos but not the inappropriate stuff?
- How do I allow access to blogs and
wikis and webmail but ensure that confidential information if not getting
Our customers realize they can’t
block access to the New Internet
- they must enable it.
Which is why our mission statement
reads “Secure & ENABLE the New Internet”
How are you and your organization enabling the new Internet? What tools and applications do you need to secure to effectively enable your team?
As you’ve no doubt already heard, China recently announced plans mandating that all new computers sold in that country – including imported PCs – be delivered with pre-installed and pre-configured Web filtering technology beginning July 1, 2009.
Branded Green Dam-Youth Escort, China’s foreign ministry spokesman defends the software claiming it’s “aimed at blocking and filtering some unhealthy content, including pornography and violence” in an effort to protect children.
Putting aside the obvious discussions of censorship versus freedom of information, there’s a fatal flaw in China’s plan. Maybe we shouldn’t tell them this, but Web filtering software alone doesn’t block people from visiting Web sites and/or accessing Web applications.
Surprised? While the Internet used to be primarily about transmitting and accessing fairly static information via HTTP, FTP and e-mail it’s now dominated by Web 2.0 applications such as instant messaging, P2P, VoIP and social networking sites. Savvy Internet users already use tools like anonymizers to mask their browsing habits, and real-time communications and Web 2.0 applications are highly evasive, specifically designed to get around Web filtering, firewalls and other traditional security solutions using a variety of techniques like port crawling, tunneling, onion routing, etc. – after all, their goal is to grow their communities and ensure users have the full experience.
From what I’ve read, neither China nor the media has considered or addressed this. I’m certainly not in favor of China to block access — yes, FaceTime helps organizations control employee Web browsing and use of Web 2.0 applications, where visiting certain sites or using certain applications may be inappropriate in the workplace, put the company at risk or impact productivity — but the Web sites you choose to visit and applications you use at home are for you to decide and parents to control.
The backlash over China’s censorship plans is widespread, including nearly 20 trade groups representing technology companies calling on the Chinese government to reconsider the mandate contending that it “raises significant questions of security, privacy, system reliability, the free flow of information and user choice.” There’s also the California company that claims the mandated Internet filtering software contains stolen programming code. Other articles say the Chinese government has already backed down, retreating on its controversial new web filtering plan, saying the software can be uninstalled or switched off.
It’s not clear yet how all of this will play out, but you have to ask, if China’s mandate won’t be effective, why do it at all?