Lifting the Veil on “Anonymized” Employee Traffic

By   ISBuzz Team
Writer , Information Security Buzz | Aug 06, 2015 09:00 pm PST

It’s well established that all organizations, regardless of nature and size, are facing significant online threats that, in many cases, are entering through backdoors unintentionally opened by their own employees. One embodiment of this challenge is the use of anonymizers, or sites designed to make Internet activity untraceable.

Employees are increasingly turning to sites that mask traffic and circumvent corporate network restrictions and, as a result, are unknowingly putting the corporate network at risk. Recent data shows the average employee made 6.2 attempts per day to access blocked social networking sites and 1.5 attempts to access workplace inappropriate content, like dating sites and pornography. This study shows that enterprises have seen increased use of sites such as VPNBook and Tor, which means that anonymized traffic may be in corporate networks well before the enterprise is aware.

While a more nefarious history of anonymizers points to cyber criminals, illegal activity, or even politics, one of the primary drivers for the use of these sites has been a seemingly legitimate — the desire for personal privacy. What some call the “Snowden Effect” has been responsible for an increase in the use of anonymizers to disguise Internet activity from the government or any organization that could have the potential to monitor and gather personal data.

Alongside privacy concerns, another major driver for the increased use of anonymizers is the desire to download and/or watch otherwise restricted content. For example, CBS, HBO, Hulu and Netflix are commonly blocked outside of the U.S. However, using an anonymizer, users can ensure they can catch that Game of Thrones finale regardless of their geography.

To date, anonymizers have been generally viewed by the public as something to keep them safe, and keep what they do online private. However, when personal tools enter the workplace, corporate networks can easily become vulnerable to significant risk. Anonymizers can evade corporate firewalls and Acceptable Use Policies, which defeats efforts to stop employees from accessing sites, webmail accounts, instant messaging and other applications that have the potential to open backdoors for hackers and malicious traffic to enter the organization.

To further complicate detection efforts, anonymizer content can appear as “harmless” CDN traffic across the network. Without clear visibility into types of traffic traversing enterprise networks, IT security managers lack the proper insight to identify potentially harmful applications. This makes standard security measures often ineffective in blocking potential threats hidden by Anonymized activity.

What’s an enterprise to do? Simply eliminating certain applications from the workplace is neither realistic nor productive. Management need to be sensitive to employee workflow and the tools needed to collaborate and communicate in today’s connected work environment. To develop an effective strategy to combat the challenges associated with anonymizers, organizations should:

  1. Educate employees on the risks associated with anonymizers, social sites and other applications used within the company. In many cases, they may not even realize that the tools they use in their everyday lives could be harmful when used at work. For example, a file transferred via a chat session could potentially take the network down.
  1. Deploy tools that run seamlessly in the background and don’t require extra steps for the user or an action at each endpoint. The less disruptive you make security, the more cooperation you will receive from employees.
  1. Set smart usage policies instead of outright banning certain applications. For example, don’t completely block Skype or WhatsApp in the workplace, just limit its usage to the proper times, authorized users and settings.
  1. Take an application-aware approach to network security and make it part of your team’s DNA. You can’t stop what you can’t see.

Companies need the right tools to gain full visibility into their networks. At the same time, organizations must work together with employees to set the right policies that balance user needs against potential risks. The more streamlined and clear the tools and policies are, the higher the chance your employees will work with you and not against you, and the IT organization will be successful in preventing the next information leak or attack.[su_box title=”Jay Klein, CTO & VP, Allot Communications” style=”noise” box_color=”#336588″]203c135Jay Klein has over 20 years of experience in telecommunications and is responsible for driving our technology strategy and core intellectual property. Before joining Allot, he served as VP Strategic Business Development at DSPG (VoIP and multimedia silicon solutions) where he was responsible for strategic technology acquisitions. Prior to this, he co-founded and held the position of CTO at Ensemble Communications (wireless access systems) and was one of the founders and creators of WiMAX and IEEE 802.16. Jay was also CTO and VP of R&D at CTP Systems (cellular system manufacturer) which was acquired by DSP Communications and later by Intel. Jay holds numerous patents in the telecommunications field.[/su_box]

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x