We’ve said it before, and we’ll continue to say it: “Your people are your biggest asset, but they are also your biggest risk.”
Knowing what your trusted insiders are up to is a crucial first step in mitigating the potential risk of an insider threat incident. It is the “Detect” portion of our holistic approach to insider threat management, where you should be able to detect, investigate, and prevent insider threat risks, and address them with People, Policy, and Technology.
Limiting access to risk-enabling tools is a valuable next step, working alongside the construction of a comprehensive (but understandable) list of cybersecurity policies.
This is where website categorization comes in.
What is Website Categorization?
The Internet is the first thing that humanity has built that humanity doesn’t understand, the largest experiment in anarchy that we have ever had.
-Eric Schmidt, Google
To say the Internet is a massive place is an understatement.
At any given time, the indexed Internet contains around 4.5 billion unique web pages and billions more subpages. Website categorization places this extensive number of websites into appropriate categories, available for security teams to help monitor user activity.
For example, “Facebook.com” might be placed into the category Social Networking and “Bovada.com” might be categorized as a gambling website.
Categorization can be immensely helpful for companies, as managing website categories can not only potentially increase employee productivity, but also help detect and prevent potential insider threat incidents.
Why is Website Categorization Valuable?
Managing User Browsing
Most organizations have an acceptable use policy in place when it comes to employees and web browsing. Taken directly from a SANS acceptable use template, the verbiage might look something like this:
3.1 Internet Services Allowed
Internet access is to be used for business purposes only. Capabilities for the following standard Internet services will be provided to users as needed:
E-mail: Send/receive E-mail messages to/from the Internet (with or without document attachments).
Navigation: WWW services as necessary for business purposes, using a hypertext transfer protocol (HTTP) browser too. Full access to the Internet; limited access from The Internet to dedicated company public servers only.
“Business purposes” is a very vague term, and, as you can imagine, some websites are not always what they seem.
Some organizations are very strict and may block access to certain websites using a web content filter. Other companies may be very loose and allow users to use their best judgment. In either practice, security and IT teams often need the ability to detect when a user is going to a website not related to business needs. It would be a nearly impossible task for teams to categorize every website in creation, so these teams really need services and products to do it for them.
2. Detecting & Preventing Insider Threats
While some companies choose to block sites such as social media or job searching sites, there are other sites on the Internet that companies might need to block for security reasons.
Those often include malicious, adult content, and phishing sites – a common criminal practice to obtain sensitive information by tricking employees into inappropriately sharing important information.
How to Categorize Websites Effectively
Tools like ObserveIT’s website categorization module can categorize over 28 billion URLs and domains, including:
- Infected Malicious
- DDNS Services
- Remote Proxies
- Copyright Sensitive
- Illegal Drugs
- Search Engines & Portals
- Job Searching
- Social Media Sites
- Web Mail
- Instant Messaging
The ObserveIT module in particular, relies on the inCompass solution by NetSTAR, which maintains a huge database of URLs and their respective categories.
Here are some of the prebuilt alerts in the ObserveIT Insider Threat Library that leverage website categorization:
For example, here is what the ObserveIT metadata would look like when a user goes to a website like Hulu.com:
Want to Learn More?
Now is as good a time as any to start learning about how website categorization and insider threat management tools like ObserveIT can help you mitigate risk of an insider threat incident, and ensure that your people maintain their productivity.