Take note, cyberslackers: the days of messing around on the company internet may be numbered.
The best of Infosec Europe 2006
Vendors at the Infosec Europe 2006 conference in London this week showed products that could hasten the demise of the idle surfer at work. With employees being increasingly blamed for security woes faced by enterprises, their online activity is being monitored to keep attention squarely focused on work.
Enterprises face two main risks for indiscriminate internet use: a loss in productivity and legal liability if employees access inappropriate material. Companies try to enforce acceptable use policies, but 52 percent of large UK businesses still reported misuse of email and internet access, according to a recent study commissioned by the government.
Disgruntled employees can download valuable company data and make off with it, creating other threats.
Software makers are jumping on the concerns, saying their products will help to avoid legal tangles, secure company data and keep businesses in line with compliance regulations. The following are examples of a few products on show at the conference.
Accessing improper images PixAlert, from BioObservation Systems in Dublin, is software that identifies images likely to be risque or pornographic on corporate networks or in web pages accessed by workers. The software uses algorithms to identify fleshy skin tones, luminosity and texture and blurs what it considers inappropriate images when they hit the screen.
Users have the option of removing the blur - but here's the catch: if the blur is removed, the image is forwarded to the administrator, who gets a report with thumbnails of the images and can take further action, said Kieran Caulfield, a sales manager with the company. PixAlert costs between £5 to £15 per user per year, depending on volume. PixAlert counts HP and Xerox as clients, Caulfield said.
Removable devices Sacked employees may try to secrete company data away on devices such as USB drives or iPods, which have increasingly higher storage capacities. Safend, headquartered in Israel, makes Protector, a software program that can seal off ports from connecting with such mobile storage devices.
The product can pull up a list from a computer's registry of all devices that have ever been connected to it. A policy function allows administrators to set restrictions on which devices can and cannot be connected, and restrict the use of other technologies such as Wi-Fi and Bluetooth. The product costs $10 (about £5.60) per user, a one-off fee, with maintenance priced at 20 percent of the user total per year.
Protector is used by the US Navy, Israel's Ministry of Defence and the Philadelphia Stock Exchange, said Alex Teh of Vigil Software, which distributes Protector in the UK.
Forensic computing Logicube's devices can copy hard drives at high speeds and produce an audit trail showing that the material on the drive has not been tampered with by investigators, meeting legal standards for evidence, according to the company. Its clients are split between government outlets such as law-enforcement and enterprise clients, said Andy Piper of Tap Systems, a distributor.
Logicube's handheld Talon device can copy hard drives at 4GBpm (gigabytes per minute) through a USB port, and the source computer doesn't have to be turned on. Costing between £1,200 and £1,300, larger enterprises might opt for the Talon to do in-house forensic work rather than hiring consultants, Piper said. Logicube's products have been used by the FBI and the US military in terrorist investigations, according to the company.
Enforcing acceptable use What if users ignore the company's internet use policy? Security Software System's program scans text for keywords or phrases that might indicate improper behaviour or the divulgence of company data. The software, called Policy Central Enterprise, scans all text visible to the user, such as instant-messaging applications and email.
If a flagged word is detected, the software can take a snapshot of the desktop and forward the information to an administrator. Keywords and phrases are regularly updated, and specific ones can be added. Rules can be set to immediately warn users or close applications. Policy Central Enterprise also records what websites a user visited and for how long, among other details.
The software can be either purchased or rented, ranging from £30 per user per year for under 200 users down to £12 per user for 2,000 or more employees.