Vulnerabilities / Threats
9/17/2010
03:40 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Tech Insight: Employee Monitoring--Coming Soon To A Network Near You

More companies are monitoring and enacting policies to address employee Web and e-mail activity at work and off-hours

Social networking and Generation Y have had a profound impact on how companies perceive casual Web surfing by employees. The effects on security and productivity can have dire consequences for all involved -- everything from a little bad press to a major data breach and employee dismissal with possible civil and criminal action. This is why more companies are performing monitoring and enacting policies to address employee Web and e-mail activity at work and off-hours.

Companies are taking on Web monitoring for a number of legitimate reasons. On the corporate IT side, the concerns center around the increase of malware taking advantage of social networking sites and the potential of sensitive data being posted on a site they do not control. On the flip side, management is caught in a Catch-22 trying to increase productivity by blocking popular social networking sites while trying not to negatively affect Gen Y employees' likelihood to move onto a more "open" company. The choice to monitor and filter Web content is not one that should be taken lightly. It forces management to make several critical decisions, like who will be responsible, the level of monitoring to put in place, and which sites and content are deemed inappropriate. The chance of sensitive data leaking through social media or a workstation becoming infected with data stealing malware is not something companies want to risk. No one likes to consider themselves "big brother," but more and more companies are choosing to put the onus of monitoring and reporting of employee Web surfing activity onto IT -- a task most do not relish. Seven percent of respondents to the InformationWeek 2010 Strategic Security Survey said they spend a great deal of time monitoring employee behavior. That doesn't sound like much, but the number of respondents who said they monitor is much higher. In 2010, the percentage of organizations jumps 8 percent -- to 73 percent who monitor employee behavior to reduce the use of inappropriate websites. With nearly three-quarters of the survey's respondents focused on preventing access to inappropriate Web content, it's a little surprising that less than half were focused on increasing user productivity since that is the most common argument from management.

No matter the argument, the fact is that monitoring has become incredibly easy. The simplest method is to set up workstations to use a Web proxy through which all Web traffic must pass. The proxy can handle monitoring and filtering, and often includes content inspection for malware. Reports can be generated on-the-fly or e-mailed at a scheduled interval.

Whether your enterprise is concerned with security or productivity, the time to start monitoring and filtering content is here. The Web and content filtering market has matured beyond simple software on endpoints and appliances to cloud-based services requiring little up-front capital expense and reduced operating costs, making it a much more attractive offering than several years ago.

For e-mail and Web monitoring, most network-based content filtering solutions handle both and address filtering, monitoring, and even some basic data loss prevention. And with hosted security services including Web and e-mail filtering, there is less setup time to test out a cloud-based provider. It often consists of a quick change on the firewall, router, or a workstation.

Choosing the level of monitoring often makes security professionals a little squeamish. To make things easier and more palatable, the initial effort can be more focused on security risks and material generally categorized as offensive. Security risks include known malicious or infected sites and sites containing hacking tools. Offensive sites can vary, especially given the nature of the business, but it typically includes pornography, drugs, and violence. The flexibility of modern monitoring solutions let enterprises choose just which categories of content to block. Beyond the common ones previously mentioned, organizations can choose to block social networking, political, shopping, file sharing, news, sports, religion, entertainment, and much more. Much of the decision-making will revolve around corporate culture and the personalities involved in choosing what should be blocked.

One statistic worth noting is that 55 percent of respondents to the InformationWeek survey said they monitor to reduce unauthorized attempts to access sensitive data. Unless those respondents' data is accessed through Web applications, they will need something beyond the typical Web and e-mail monitoring tools -- something in the realm of database activity monitoring or data loss prevention solution that can monitor and report on usage of sensitive data. Whether you want to be big brother, employee monitoring is becoming commonplace, and blocking content is necessary to protect data, public image, and branding. Sometimes it can be used to the extreme, but when kept in check and reasonable policies are set forth, it can help prevent malware from ever being downloaded to a workstation from a malicious site.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

CVE-2014-2392
Published: 2014-04-24
The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer log...

CVE-2014-2393
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment.

CVE-2011-5279
Published: 2014-04-23
CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.

CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

Best of the Web