Digital Edition

SYS-CON.TV
SurfControl Addresses Enterprise Threats
Issues Guidelines Relating to Increased Use of VoIP Desktop Services

SurfControl has issued a warning to enterprise IT departments to establish policies regarding the use of free and paid-for Desktop Voice-over-Internet-protocol (VoIP) services. Analysis by SurfControl’s Global Threat Analysis and Research team shows the rapid growth of these desktop-based services mirrors the adoption rate seen of public instant messaging systems.

"These services, as with instant messaging, create a threat vector to enterprises which can be exploited to gain entry into corporate networks, distribute destructive malware such as spyware and Trojans, instigate denial of service (DoS) attacks or steal sensitive and confidential information," the Scotts Valley, CA-based company has warned.


“Because consumers often use corporate computers for both personal and business purposes, and no doubt will be compelled by the promise of free or relatively free phone services, this is a very real security threat to enterprise networks. We recommend businesses begin addressing the issue today, before it gets out of control as we saw with the use of public instant messaging in enterprise settings,” said Susan Larson, vice president, global threat analysis and research. “VoIP voice traffic is still relatively insecure and can be easily stolen and recorded. Because these services require that an application be downloaded, enterprises are also faced with a new way by which malicious content can bypass existing security measures to enter corporate networks.”

SurfControl’s Global Threat Center offers the following guidelines to help companies safeguard against the new threat posed by desktop VoIP services:

  1. Create and enforce an Acceptable Use Policy (AUP) for Desktop VoIP.
  2. Standardize on Desktop VoIP applications that will be supported on the corporate network.
  3. Create security policies governing the downloading of any application onto corporate desktops, including Desktop VoIP clients.
  4. Establish a layered security model that operates at the gateway, on the network, and on the desktop.
  5. Use security technologies to ensure the optimum threat protection including
    • ability to prevent unwanted desktop VoIP applications from installing on the desktop.
    • ability to create customizable threat signatures.
    • proactive monitoring and reporting of Desktop VoIP usage on the network.
  6. Provide ongoing education to users regarding the potential dangers of desktop VoIP systems.

SurfControl offers enterprises desktop VoIP protection today through SurfControl Enterprise Threat Shield and the company’s Adaptive Threat IntelligenceTM (ATI) Service. SurfControl Enterprise Threat Shield enables IT departments to create and enforce endpoint policies regarding the use of applications, and prevent the downloading of unapproved applications to desktop computers.

Where applications may have already been downloaded, Enterprise Threat Shield protects businesses by preventing the application from launching. SurfControl’s ATI service tracks existing Websites offering VoIP services, and flags new sites as they arise for inclusion in the company’s comprehensive URL database. Global Threat Experts provide a 24/7 worldwide human review and analysis of sites for legitimacy and threat potential.

About Security News Desk
SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

use of free and paid-for Desktop Voice-over-Internet-protocol (VoIP) services sounds kind of interesting to explore




ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

Modern software design has fundamentally changed how we manage applications, causing many to turn to...
In this presentation, you will learn first hand what works and what doesn't while architecting and d...
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost...
In his session at 20th Cloud Expo, Mike Johnston, an infrastructure engineer at Supergiant.io, discu...
Everyone wants the rainbow - reduced IT costs, scalability, continuity, flexibility, manageability, ...
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing w...
Founded in 2000, Chetu Inc. is a global provider of customized software development solutions and IT...
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held Novemb...
Most DevOps journeys involve several phases of maturity. Research shows that the inflection point wh...
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 1...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018,...
Dynatrace is an application performance management software company with products for the informatio...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22...
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, ...
Today, we have more data to manage than ever. We also have better algorithms that help us access our...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: D...
A valuable conference experience generates new contacts, sales leads, potential strategic partners a...
DXWorldEXPO LLC announced today that ICOHOLDER named "Media Sponsor" of Miami Blockchain Event by Fi...
SYS-CON Events announced today that IoT Global Network has been named “Media Sponsor” of SYS-CON's @...
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news an...