Websense used the InfoSecurity Canada show to introduce a software-based gateway product aimed at protecting enterprise customers from the dangers of social networking sites and other advanced online services.
The company's Web Security Gateway is designed to offer inline inspection of Web and SSL traffic, application and more than 100 network protocols, classifying content in real time and blocking dangerous or inappropriate portions of sites. Employees would still be allowed to access other parts of such portals.
William Leichter, director of product marketing at Websense from San Diego, Calif., said in an interview on the InfoSecurity Canada exhibit floor the gateway would likely be an add-on of sorts to its flagship subscription-based service.
"We're tackling this space because there's just so much dynamic content," he said. "Malware can pop on legitimate sites, including Facebook, or even Google."
Websense gathers information on potentially dangerous sites through its ThreatSeeker Network, which was launched in March and surfs millions of pages per day, according to Leichter. It also gets fed information through its various hosted services. Earlier this year, Websense reported that MSNBC Sports Web site was a victim in a string of hacker attacks that has compromised more than 26,000 other sites.
Leichter acknowledged that Web 2.0 doesn't consist merely of outside Web sites but internal projects that may or may not be driven by the IT department, which can create its own complications -- and risks.
"IT is in an uncomfortable position," he said. "You may have someone posting an annual report on their blog. The real challenge is that IT does not want to expose every wart in the organization, either."
While some companies have curtailed use of Web 2.0 applications or banned the use of social networking sites such as Facebook outright, Leichter said that with the right security, there should be ways to offer employees access in a more controlled way.
"We're not going out there and saying that Web 2.0 is bad," he said. "We think Web 2.0 offers companies tremendous opportunities."
One example of Web 2.0 in the enterprise is Google's iGoogle service, whereby users can create a customized homepage filled with small applications (called widgets or gadgets) they have downloaded and provide information about the weather or sports scores. The Websense gateway is designed to watch out for vulnerabilities within such mini-programs and continuing to allow employees to use their iGoogle page.
While companies like Websense are focusing on the security issues in emerging technology like Web 2.0, speakers in the educational session at InfoSecurity Canada were preaching against adding unnecessary new features. Winn Shartau, author of Information Warfare, told a crowd of IT security experts that increased complexity in everyday applications is one of the main reasons more vulnerabilities and opportunities for exploits creep into the enterprise.
"I blame the vendors," he said. "If you look at what 90 per cent of people are doing on their computer, it's e-mail, it's surfing the Web, it's using Word. Why do you need 125 million lines of crappy code to do that? We need to engineer simplicity (into these products)." Although the Web Security Gateway is aimed at the threats around next-generation online activities, Leichter said Websense will continue to help organizations block malicious code and prevent the loss of information in the more traditional areas of enterprise IT.
"Just because you see new security issues doesn't mean the old ones go away," he said. InfoSecurity Canada 2008 wrapped up Thursday.