SpamTitan anuncia a nova vers√£o do web filter WebTitan

Leia abaixo a notícia do lançamento oficial pela SpamTitan Technologies de sua poderosa solução de filtragem web para as empresas, WebTitan 4.0. Esta versão inclui uma série de novas funcionalidades:

SPAMTITAN TECHNOLOGIES ANNOUNCES MAJOR NEW RELEASE OF ACCLAIMED WEB FILTER WEBTITAN WIDELY USED BY SMBS, SCHOOLS AND GOVERNMENT DEPARTMENTS

SpamTitan Technologies today announced a major new release of its powerful web filtering solution for businesses, WebTitan 4.0.The release includes a host of new functionality such as full transparent authentication, bandwidth management controls, delegated administration and reporting management, SNMP support and enhanced white labelling options. The new functions greatly improve the end user experience, ease of product management and overall business protection options.

Full transparent authentication while using WebTitan in transparent proxy mode will allow end users a more seamless internet experience while allowing management comprehensive user reports rather than IP based reporting typically associated with transparent proxies.

Bandwidth management controls adds to the corporate internet policy options within WebTitan with the addition of bandwidth quotas ensuring bandwidth is not wasted and adequate capacity is available for business-critical applications. With the increased popularity of media rich applications which allow users to listen to radio stations or watch video via the Internet in the workplace the provision of these bandwidth management controls avoid bottlenecks or severe slowdowns in the internet. These controls add to the granular nature of WebTitan and provide the added advantages in terms of cost savings and resource allocation.

Delegated administration allows for configurable levels of administration functions within WebTitan and for these controls to be passed to stake holders across the organisation. With WebTitan 4.0 administrators can grant policy management privileges, reporting rights, or both to delegated administrators who can then manage or report on Internet usage for specific clients (users / groups). Delegated administrators with policy permissions can edit existing policies and create new policies making this a powerful tool for distributing filtering policy management and reporting responsibilities across an organization. Delegated administration allows for greater cross organisational participation in policy creation and maintenance therefore ensuring the most appropriate filtering policy applies to each user / group.

‚ÄėThe web is getting more complex, thus the requirements within organisations for managing it usage and protecting users is getting equally complex ‚Äė says Kavanagh, CEO of SpamTitan. ‚ÄėWebTitan 4.0 has been designed with this at the forefront, balancing this complexity with management tools that are both intuitive to use and effective in their deployment to ensure our customers get the best end user web experience while organisations are fully protected from all malware as it emerges.‚ÄĚ

WebTitan 4.0 also includes a range of enhancements including SNMP support and improved white labelling allowing an organisation add its own brand and identity to the solution.

fonte: www.webtitan.com

Conhe√ßa mais sobre o filtro de conte√ļdo web WebTitan no site: www.webtitan.com.br

 

 

 

 

 

Antispam | A base crescente de usuários do Pinterest é um alvo atraente para spammers

Fonte: http://solutions.webtitan.com/blog/bid/131640/Anti-spam-Pinterests-growing-user-base-is-an-attractive-target-for-spammers

Have you tried Pinterest yet? This is now one of the fastest growing social networks reachingantispam, anti malware, email security over 10 million users in record time. I’ve heard it described as Twitter, but for pictures which pretty much sums it up. Just last week Pinterest had to lock an undisclosed number of user accounts as a result of a spam outbreak. The company reported that this was not the fault of a data breach by them but rather blamed recent leaks of user log-in credentials from other social networking websites. The log in credentials of both Yahoo and Linkedin accounts were recently leaked with over 6 million Linkedin passwords posted on line.

The growing Pinterest user base is an attractive target for spammers

Many small businesses use Pinterest as a way to promote and grow their small business. However as the number of genuine users increase so too does the level of interest from spammers. There have been several reports of Pinterest spammers stealing and repurposed images from legitimate vendors to promote scams and computer viruses.

network security, anti phishing, block spam, anti virusSpammers are active on all social networking sites, many businesses regard the move to on-line spam and phishing as a natural response to the growth in the user communities of the main social networking sites. It stands to reason that a relatively new social networking site like Pinterest with a growing user base will be an attractive target for spammers. Pinterest also sends a lot of email notifications to users which presents spammers with a convenient email spam route.

With over 10 million users pinning and following each other, that’s a lot of emails being generated. As Pinterest grows spam and malware is definitely something to be on the lookout for in the future as the site becomes increasingly popular. Unfortunately, once an image is posted on Pinterest all rights are surrendered, at this point anyone including cybercriminals can use the images on Pinterest for spam or other purposes without infringing on copyright.

Social networks must tighten social spam filters to protect users

It is possible for an executive in any company to fall prey to such scams, business users are just as susceptible to phishing attacks via spam as consumers are, the difference is that in the business environment the stakes can be considerably higher. A successful corporate phishing scam can lead to financial loss and loss of customer data. Organisations need to remain vigilant and follow proven guidelines such as not clicking on links or attachments in unsolicited emails. Social Networks like Pinterest too have a responsibility in preventing successful attacks from happening. It is clear that the implementation and tightening of social spam filters is inevitable if this is to be achieved. Are social networking sites like Pinterest doing enough to secure their users ?

Cleverly designed Facebook phishing scam steals credit card details

Posted by Geraldine Hunt

Cleverly designed Facebook phishing scam dupes users into entering email & credit card details

You may already have heard of the latest Facebook phishing scam, it’s already been going on anti phishing, facebook phishing scam for a few weeks. You have to marvel at the increased sophistication of these scams. Clever, maybe, but definitely scary. This latest Facebook chat phishing scam is designed to steal not only your Facebook credentials but also your email log in details and your credit card details.

What is Phishing

Phishing, a form of Internet fraud, aims to steal valuable information such as credit cards, bank details, user IDs and passwords. It uses spam, malicious Web sites, email messages and instant messages to trick people into divulging sensitive information. The latest Facebook chat phishing scam The latest scam as reported in the Kaspersky blog¬† last week involves the Facebook chat function. Once a Facebook account is successfully compromised the scammer changes the name of that account to that of ‚ÄėFacebook security‚Äô. A chat message is then sent to contact list of that account warning that the users account will be shut down unless you reconfirm the account details.

Guess what happens next? This is a Facebook security message afterall!

The chat message contains a link and redirects to a site which looks just like Facebook. The unsuspecting victim is then asked to supply account details including their Facebook log in details. It’s that simple, the scammer now has access to the Facebook account details and access to all of your Facebook contacts which allow them to move onto the next part of the scam.

This particular attack also asks for email passwords leaving the scammer in a powerful position to easily compromise several other accounts. As if that wasn’t enough Kaspersky report that this phishing attack goes one step further and asks for a payment giving the attacker access to credit card details including CSC/CVV code.

Sometimes it‚Äôs best to take a step back, a few deep breaths and think ‚Äď why would a social network that is free be asking you for your credit card details to confirm your account.? When do you ever need to give your CVV number except when your ordering something on line ?.

We are programmed to respond to security messages – would you be fooled by this Facebook scam?

This is certainly an intricate scam yet simple in that it relys on the victim believing the initial fake facebook security message. Facebook or any reputable organisation will not ask you for your credit card details as a way to prove your identity. I guess you could say the approach is clever but as these attacks are malicious in nature perhaps the best word is evolved trickery. A word of advice, your Facebook account will not be shut down. Facebook or any reputable organisation will not ask you for your credit card details as a way to prove your identity.

Phishing attacks take advantage of both technical and social vulnerabilities.

There are a large number of different kinds of attacks The internet provides benefits and opportunities to everyone, including criminals. Phishing attacks take advantage of both technical and social vulnerabilities. Ongoing financial attacks are now a reality to the point that they’re considered the norm.The fact that some business don’t take the necessary measures to protect themselves against what can only be described as increasingly ingenious scams is worrying. The fact that businesses can loose substantial sums of money due to both fraud and network damage / clean up.

anti malware, Facebook phishing scam, internet securityAs Sherlock Holmes might say, its elementary.

With a successful phishing and malware attack, everything is at risk. A company network can suffer a malware infection as a result of an employee clicking on a bogus link in a Facebook post or other social networking site. The impact of a successful malware attack can have serious and long term consequences such as unauthorized network access, exposure of the companies information systems and the exploitation of this highly classified business information by criminals.

An unsecured network is a broken link and enables criminals to take advantage of your internal resources. Its increasingly important to comunicate to employees to ignore messages like these if they reach their inbox or news feed. As well as using basic common sense on the Internet ensure your organisation is running powerful web filtering software and email security software ‚Äď these could save the day if an employee ever get fooled by a phishing scam.

fonte: http://solutions.webtitan.com/blog/bid/114653/Cleverly-designed-Facebook-phishing-scam-steals-credit-card-details

Hackers access Zappos network, affecting 24million + accounts|Network Security

anti malware, anti phishing, network security

The online shoe and apparel shop Zappos.com is the latest to experience a network security  breach. It’s reported that hackers have accessed its network and compromised customer account information. This latest security breach raises some important questions :How are IT managers dealing with today’s ever changing network security threats? Are companies fully protected against the latest phishing techniques and data-stealing malware? 

According to a statement posted on the company blog¬† ‚Äúwe were recently the victim of a cyberattack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky”. “We are cooperating with law enforcement to undergo an exhaustive investigation.”

The company stressed that credit cards were not affected, but that email addresses, billing and shipping addresses, phone numbers may have been compromised. The specifics of the attack are not known but it is though to affect over 24 million customer accounts internationally.

anti-malware, anti spam, internet security

Many high profile companies have suffered serious data breaches; in the past year compromised security at Sony, the global games company, allowed criminals 20 million accounts which including email addresses,  phone numbers, passwords, and in some cases credit card numbers. It has been reported that some of this information is for sale in several cybercrime forums. Another high profile attack and possibly the biggest data breach in US history was the Epsilon attack earlier this year. Epsilon had their IT system hacked and the criminals gained access to the names and email addresses on their customer database which included some of the worlds largest companies across a variety of sectors. This successful attack gave criminals access to large amounts of information about individuals in these companies, details which will allow them to more effectively target each company more specifically.

A layered approach to protection is key. Companies need to deploy a variety of tools in an intelligent way to ensure the network is protected both from email and web attacks. From a social networking viewpoint companies need to monitor, manage and control how different individuals use social networks in the workplace as well as providing protection for company data from malware and other internet threats such as viruses, spyware and phishing . It is vital companies keep their security solutions valid and up to date so that they can secure their organisations and improve network security.

¬†A successful corporate phishing scam can lead to financial loss and loss of customer data. ¬†Organisations must remain vigilant and follow proven guidelines such as not clicking on links or attachments in unsolicited emails. User awareness¬† is key and awareness training should be a part of every corporate security program. Social Networks too have a responsibility in preventing successful attacks from happening. It’s clear that the implementation and tightening of social spam filters is inevitable if this is to be achieved.

fonte: http://solutions.webtitan.com/blog/bid/114263/Hackers-access-Zappos-network-affecting-24million-accounts-Network-Security

Dez mandamentos para a segurança corporativa em 2012

√Č poss√≠vel adaptar as pol√≠ticas de TI e seguran√ßa para proporcionar mobilidade e produtividade sem deixar de administrar riscos.

Tend√™ncias mostradas pela pr√≥xima gera√ß√£o da for√ßa de trabalho em ignorar amea√ßas on-line representam desafios para seguran√ßa pessoal e corporativa, de acordo com estudo global da Cisco. O relat√≥rio Cisco Connected World Technology, composto por tr√™s partes, revela atitudes surpreendentes em rela√ß√£o √†s pol√≠ticas de TI e √†s crescentes amea√ßas de seguran√ßa que surgem com a pr√≥xima gera√ß√£o de profissionais que entrar√£o no mercado de trabalho ‚Äď um grupo demogr√°fico que cresceu com a realidade da Internet e que possui um estilo de vida cada vez mais sob demanda, que mistura atividades pessoais e profissionais no local de trabalho.

Mesmo que as organiza√ß√Ķes precisem desenvolver uma abordagem de seguran√ßa de rede e dados que suportem as necessidades espec√≠ficas de sua for√ßa de trabalho e a ajude a alcan√ßar os objetivos de neg√≥cios, h√° v√°rias coisas que qualquer empresa pode fazer para melhorar a sua postura de seguran√ßa, imediatamente e a longo prazo. Seguem-se 10 recomenda√ß√Ķes de especialistas de seguran√ßa da Cisco, publicadas no relat√≥rio de seguran√ßa anual Cisco 2011.

1 – Avalie a totalidade da sua rede.

Saber onde come√ßa e termina a infraestrutura de TI √© muito importante. Muitas empresas simplesmente n√£o t√™m id√©ia da totalidade de sua rede. Al√©m disso, saber o que √© o seu ‘normal’ √© fundamental para poder identificar e responder um problema com rapidez.

2 РReavalie a sua política de uso aceitável e o Código de Conduta.

Afaste-se da abordagem lista de lavanderia para as políticas de segurança. Foque apenas nas coisas que você sabe que você deve e pode impor.

3 – Determine quais dados devem ser protegidos.

Voc√™ n√£o pode construir um programa eficaz de preven√ß√£o de perda de dados (DLP) se n√£o souber quais informa√ß√Ķes devem ser protegidas. Voc√™ tamb√©m deve determinar quem, na empresa, ter√° permiss√£o para acessar essas informa√ß√Ķes, e como eles ser√£o autorizados a acess√°-las.

4 РSaiba onde estão seus dados e entenda como é (e se) ele está sendo garantido.

Identifique todos os terceiros com permissão para armazenar dados da sua empresa a partir de provedores de nuvem e confirme que a sua informação está sendo protegido de forma adequada. Requisitos de conformidade, e agora a tendência do cibercrime em hackear grandes empresas significa que você deve assumir que seus dados nunca estão seguros, mesmo quando colocá-lo nas mãos daqueles em quem confia.

5 РAvalie práticas de educação do usuário.

Semin√°rios e manuais extensos n√£o s√£o eficazes. Empregados mais jovens ser√£o mais receptivas a uma abordagem para a educa√ß√£o do usu√°rio com sess√Ķes mais curtas e treinamentos “just-in-time”. A forma√ß√£o de pares tamb√©m funciona bem no atual ambiente de trabalho colaborativo.

6 – Monitore tudo o que sai.

Isso é algo básico, mas nunca o suficiente para animar as empresas a fazê-lo. Monitorar a saída é uma mudança de foco. Você precisa saber o que está sendo enviado para fora da sua organização e por quem e para onde.

7 – Prepare para a inevitabilidade da BYOD.

As empresas precisam parar de pensar sobre quando elas vão adotar o modelo BYOD e começar pensar mais sobre como fazer isso.

8 – Crie um plano de resposta a incidentes.

TI deve ser tratado como qualquer outro negócio de risco. Significa a necessidade de ter um plano claro para reportar e responder rápida e adequadamente a qualquer tipo de evento de segurança, quer se trate de uma violação de dados resultante de um ataque direcionado, uma violação devido ao descuido de um empregado, ou um incidente de hacktivismo.

9 РImplemente medidas de segurança para ajudar a compensar a falta de controle sobre as redes sociais.

N√£o subestime o poder das tecnologias de controle, como os sistemas de preven√ß√£o de intrus√£o e de protec√ß√£o contra amea√ßas da rede. Filtragem de reputa√ß√£o tamb√©m √© uma ferramenta essencial para detectar atividades suspeitas e conte√ļdos suspeitos.

10 – Monitore o cen√°rio din√Ęmico de risco e mantenha os usu√°rios informados.

As empresas e suas equipes de seguran√ßa precisam vigiar uma gama muito ampla de fontes de risco, a partir de dispositivos m√≥veis, da nuvem, das redes sociais e tudo o que as novas tecnologias possam oferecer amanh√£. Elas devem adotar uma abordagem de duas etapas: reagir √†s divulga√ß√Ķes de vulnerabilidades de seguran√ßa, al√©m de ser proativo na educa√ß√£o de seus funcion√°rios sobre como proteger a si e a empresa das amea√ßas cibern√©ticas potentes e persistentes.

Fonte: http://cio.uol.com.br/gestao/2011/12/15/dez-mandamentos-para-a-seguranca-corporativa-em-2012/

WebTitan – Poderosa ferramenta de web filtering – filtro de conte√ļdo web

Webtitan √© uma poderosa solu√ß√£o de ‚ÄúWeb Filtering‚ÄĚ que prov√™ ricas funcionalidades e permite o gerenciamento e a prote√ß√£o dos usu√°rios quando est√£o navegando na internet.

A DANRESA Consultoria de Informatica implementa e da suporte ao webtitan para seus clientes. Solicite um piloto ou demo online gratuíto para um Consultor DANRESA através do telefone 55 11 4452-6450 ou envie um e-mail para comercial@danresa.com.br

Veja abaixo como o webtitan pode ajudar sua empresa pode facilmente gerenciar o conte√ļdo web evitando o uso indevido de sites impr√≥prios, de conte√ļdo malicioso, v√≠rus, e outros riscos potenciais a rede corporativa.

Resumo de Funcionalidades

  • Servidor Proxy e Cache
  • Filtro de URLs ‚Äď 53 categorias pr√©-definidas e mais, permite a cria√ß√£o de categorias customizadas pelo cliente
  • Mecanismo de pol√≠ticas baseado em Usu√°rios e Grupos
  • Controle de Conte√ļdo
  • Controle de Aplica√ß√Ķes
  • Inclui prote√ß√£o antiv√≠rus
  • Processo de implanta√ß√£o r√°pido √© f√°cil
  • Solu√ß√£o ‚ÄúPlug and Play‚ÄĚ
  • Console de Administra√ß√£o via WEB (N√£o √© necess√°rio o uso de linhas de comando)
  • Relat√≥rios poderosos e automatizados
  • Atualiza√ß√Ķes autom√°ticas de Filtros de URL, antiv√≠rus e vers√Ķes do software
  • Backup automatizado do sistema
  • Integra√ß√£o com Active Directory e LDAP

Principais Recursos do WebTitan

  • Antiv√≠rus
  • Filtro de URL
  • Anti Phishing
  • Filtro de Conte√ļdo
  • Mecanismo de pol√≠tica granular
  • Solu√ß√£o completa de relat√≥rios
  • Controle de Aplica√ß√Ķes
  • Servidor Proxy Completo
  • Integra√ß√£o LDAP
  • Backups, atualiza√ß√Ķes de sistema e envio de relat√≥rios totalmente automatizados.
  • Whitelists e Blacklists (Listas brancas e Negras)
  • Solu√ß√£o completa de relat√≥rios de diagn√≥sticos.
  • Interface gr√°fica do Administrador totalmente WEB

Abaixo est√£o os detalhes dos recursos do produto, bem como algumas informa√ß√Ķes t√©cnicas:

Recursos Detalhes
Antivírus WebTitan inclui o mecanismo do premiado Clam Antivírus. O mecanismo do Clam antivírus é atualizado automaticamente garantindo máxima proteção com o mínimo de esforço de tempo de gestão dispendido pelos administradores.
Filtro de URL Webtitan oferece at√© 53 categorias predefinidas e at√© 8 categorias customizadas pelos administradores, incluindo 10 milh√Ķes de URLs. Este sistema trabalha em conjunto com uma rede baseada em nuvem proporcionando classifica√ß√£o em tempo real para fornecer combina√ß√£o inigual√°vel de precis√£o, cobertura e flexibilidade.
Anti Phishing WebTitan filtra e bloqueia tentativas de ‚Äúphishing‚ÄĚ protegendo os usu√°rios contra roubo de informa√ß√Ķes pessoais.
Filtro de Conte√ļdo WebTitan pode efetuar bloqueios de sites por palavras-chave, em sua URL ou em seu conte√ļdo, efetuar bloqueio por tipos de arquivos atrav√©s de suas extens√Ķes (incluindo arquivos renomeados) e por ‚Äúmime-types‚ÄĚ. Estes recursos podem ser ativados atrav√©s do ‚Äúmecanismo de pol√≠ticas‚ÄĚ permitindo os administradores organizarem as regras de acordo com a necessidade da empresa e pol√≠tica de uso da internet.
Mecanismo de política granular WebTitan contém um mecanismo de políticas altamente granular que permite ao administrador criar políticas de navegação baseadas em usuários, grupos, categorias, horários de trabalho e muito mais, garantindo maior produtividade e adequando o uso da internet a política da empresa.
Solução completa de relatórios WebTitan contém um conjunto de relatórios abrangentes, fornecendo relatórios gráficos automatizados, incluindo usuários e grupo de usuários, exibindo URLs mais acessadas, bloqueadas, os tempos de navegação e muito mais. Estes relatórios podem ser agendados para serem enviados por e-mail aos Gestores dos departamentos e/ou aos administradores de rede.
Controle de Aplica√ß√Ķes WebTitan permite que as organiza√ß√Ķes bloqueiem o acesso a aplicativos indesejados, tais como softwares de mensagens instant√Ęneas e Peer to Peer. EX.: MSN, Skype, Torrent, etc.
Servidor Proxy Completo WebTitan contem um servidor proxy que faz cache das paginas visitadas visando economia na utilização dos recursos de internet e rede.
Integração LDAP WebTitan fornece autenticação baseada em IP e pode integrar com LDAP ou Active Directory usando NTLM.
Backups, atualiza√ß√Ķes de sistema e envio de relat√≥rios totalmente automatizados. Todas as atualiza√ß√Ķes, incluindo antiv√≠rus, novas vers√Ķes do sistema, backup, categoriza√ß√Ķes de URLs e relat√≥rios s√£o totalmente automatizadas, exigindo assim o m√≠nimo poss√≠vel de gerenciamento pela equipe de TI e consequentemente proporcionando seguran√ßa m√°xima ao ambiente.
Whitelists e Blacklists (Listas brancas e Negras) Listas Brancas (Whitelists) e Listas Negras (Blacklists) Globais podem ser definidas no sistema e permitir ou bloquear um site pela sua URL, domínio ou IP. Além disso, categorias customizadas podem ser criadas e definidas para usuários ou grupos de usuários.
Solu√ß√£o completa de relat√≥rios de diagn√≥sticos. WebTitan cont√©m um conjunto completo de ferramentas de testes e relat√≥rios de diagn√≥sticos que fornecem tanto aos administradores quanto a equipe de suporte do WebTitan todas as informa√ß√Ķes necess√°rias para investigar os problemas de suporte. Isso inclui a capacidade de enviar um relat√≥rio de diagn√≥stico para time de suporte do WebTitan¬† que poder√° realizar uma conex√£o SSH remota e autenticada visando solucionar um incidente relatado.
Interface gr√°fica do Administrador totalmente WEB Todos os recursos do WebTitan s√£o acessados usando uma interface intuitiva baseada na web. Isso permite o acesso controlado a partir da rede e dispensa a necessidade de um software de administra√ß√£o instalado na esta√ß√£o do Administrador. Restri√ß√Ķes de acesso podem ser configuradas para limitar quem e onde esta interface pode ser acessada.