INTEGRATED Web, messaging and data protection technology provider Websense is actively driving awareness on the risks that are abound on the Internet and offering its Essential Information Protection (EIP) products as solutions for the corporate market.

“The definition of the workplace is changing – work is where you are at,” said Timothy Lee, Websense’s Asia-Pacific vice president.

The emphasis is that the knowledge worker of today depends on technology to work, which can be away from the office using unsecured and ordinarily risky Internet connections such as those available at eateries and coffee shops. While offsite, the same person could also be looking at his MySpace pages, for example, an action through which some pages could be compromised.

“Compromised Web pages could expose the notebook PC to unknown risks which can cause confidential personal and corporate data to be stolen. The threats today come from all sides, and 90 per cent from the Web,” Lee said.

This is where EIP comes in. It is what Websense terms as “an innovative method of data protection”.

“Think of EIP as a firewall for data. In the Web 2.0 scenario, security is no longer at the perimeter; it is now on the data which needs to be secured,” Lee explained.

Websense, he said, has tweaked the solution approach. The company ran rendering tests for two days to see what confidential information it could find on the Internet. A lot of social security and credit card numbers turned up unprotected. Websense made use of the findings to make its technology better.

“Everyone’s worried on how information should not be leaked. About 30 per cent of social networking Web pages like Facebook and MySpace have been compromised. The challenge is that data changes every second, so there’s no effective control over risks posed by malware or keyloggers. Everything’s in real time, and this needs a lot of work,” Lee said.

Imagine a chief financial officer (CFO) with a notebook PC going to the local Coffee Bean or Starbucks. He proceeds to download music

using iTunes. A paranoid organisation might disable all forms of access to the outside world from the company’s notebook PC.

But the main idea is not to block everything, but to let relevant information flow, Lee pointed out.

This way, the CFO will be able to download his music, but not be allowed to copy information to a universal serial bus flash drive.

With EIP, Lee believes that Websense has an enabler technology specially made for the business traveller.

“One can travel and do anything on his notebook PC. Confidential information will still be available for work on the road and the incorporated data leakage prevention technology will ensure one does not lose sleep,” he said.

The EIP system can stop confidential data from being sent through a Webmail account such as Yahoo! or Gmail. The system is also able to strip malware from useful information after analysing what is being sent, how it is being sent and where it is being sent to.

Regarding threats on the Internet, Lee said Websense is now seeing the designing of specific bots such as for medical-related incidents related to specific diseases.

“Some would offer a miracle cure for US$5,000 (RM17,000), for example. Some desperate people might just buy into these,” he said, adding that vishing or voice-over-Internet protocol phishing, where voice calls are made claiming to be from banks asking for passwords, will become more prevalent this year.

“It is tougher (for most people) to tell whether the calls are legitimate.”

Lee also believes that there will be more blended attacks, which are tougher to detect.

With the coming of popular events tied to Web sites such as the Olympics or World Cup, malicious hackers will try to compromise these Web sites. Even pirates on the high seas, Lee said, can turn to the Internet to find shipping routes to target an attack.

After its acquisition of SurfControl last October, Websense has become the biggest Web security vendor with over 36.8 per cent of market share.