Vulnerabilities / Threats
9/17/2010
03:40 PM
Connect Directly
RSS
E-Mail
50%
50%

Tech Insight: Employee Monitoring--Coming Soon To A Network Near You

More companies are monitoring and enacting policies to address employee Web and e-mail activity at work and off-hours

Social networking and Generation Y have had a profound impact on how companies perceive casual Web surfing by employees. The effects on security and productivity can have dire consequences for all involved -- everything from a little bad press to a major data breach and employee dismissal with possible civil and criminal action. This is why more companies are performing monitoring and enacting policies to address employee Web and e-mail activity at work and off-hours.

Companies are taking on Web monitoring for a number of legitimate reasons. On the corporate IT side, the concerns center around the increase of malware taking advantage of social networking sites and the potential of sensitive data being posted on a site they do not control. On the flip side, management is caught in a Catch-22 trying to increase productivity by blocking popular social networking sites while trying not to negatively affect Gen Y employees' likelihood to move onto a more "open" company. The choice to monitor and filter Web content is not one that should be taken lightly. It forces management to make several critical decisions, like who will be responsible, the level of monitoring to put in place, and which sites and content are deemed inappropriate. The chance of sensitive data leaking through social media or a workstation becoming infected with data stealing malware is not something companies want to risk. No one likes to consider themselves "big brother," but more and more companies are choosing to put the onus of monitoring and reporting of employee Web surfing activity onto IT -- a task most do not relish. Seven percent of respondents to the InformationWeek 2010 Strategic Security Survey said they spend a great deal of time monitoring employee behavior. That doesn't sound like much, but the number of respondents who said they monitor is much higher. In 2010, the percentage of organizations jumps 8 percent -- to 73 percent who monitor employee behavior to reduce the use of inappropriate websites. With nearly three-quarters of the survey's respondents focused on preventing access to inappropriate Web content, it's a little surprising that less than half were focused on increasing user productivity since that is the most common argument from management.

No matter the argument, the fact is that monitoring has become incredibly easy. The simplest method is to set up workstations to use a Web proxy through which all Web traffic must pass. The proxy can handle monitoring and filtering, and often includes content inspection for malware. Reports can be generated on-the-fly or e-mailed at a scheduled interval.

Whether your enterprise is concerned with security or productivity, the time to start monitoring and filtering content is here. The Web and content filtering market has matured beyond simple software on endpoints and appliances to cloud-based services requiring little up-front capital expense and reduced operating costs, making it a much more attractive offering than several years ago.

For e-mail and Web monitoring, most network-based content filtering solutions handle both and address filtering, monitoring, and even some basic data loss prevention. And with hosted security services including Web and e-mail filtering, there is less setup time to test out a cloud-based provider. It often consists of a quick change on the firewall, router, or a workstation.

Choosing the level of monitoring often makes security professionals a little squeamish. To make things easier and more palatable, the initial effort can be more focused on security risks and material generally categorized as offensive. Security risks include known malicious or infected sites and sites containing hacking tools. Offensive sites can vary, especially given the nature of the business, but it typically includes pornography, drugs, and violence. The flexibility of modern monitoring solutions let enterprises choose just which categories of content to block. Beyond the common ones previously mentioned, organizations can choose to block social networking, political, shopping, file sharing, news, sports, religion, entertainment, and much more. Much of the decision-making will revolve around corporate culture and the personalities involved in choosing what should be blocked.

One statistic worth noting is that 55 percent of respondents to the InformationWeek survey said they monitor to reduce unauthorized attempts to access sensitive data. Unless those respondents' data is accessed through Web applications, they will need something beyond the typical Web and e-mail monitoring tools -- something in the realm of database activity monitoring or data loss prevention solution that can monitor and report on usage of sensitive data. Whether you want to be big brother, employee monitoring is becoming commonplace, and blocking content is necessary to protect data, public image, and branding. Sometimes it can be used to the extreme, but when kept in check and reasonable policies are set forth, it can help prevent malware from ever being downloaded to a workstation from a malicious site.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7877
Published: 2014-10-30
Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.

CVE-2014-3051
Published: 2014-10-29
The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Application Manager (ITCAM) for Transactions 7.1 and 7.2 before 7.2.0.3 IF28, 7.3 before 7.3.0.1 IF30, and 7.4 before 7.4.0.0 IF18 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof s...

CVE-2014-3668
Published: 2014-10-29
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument t...

CVE-2014-3669
Published: 2014-10-29
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function ...

CVE-2014-3670
Published: 2014-10-29
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly exec...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.