Digital Edition

SYS-CON.TV
SurfControl Addresses Enterprise Threats
Issues Guidelines Relating to Increased Use of VoIP Desktop Services

SurfControl has issued a warning to enterprise IT departments to establish policies regarding the use of free and paid-for Desktop Voice-over-Internet-protocol (VoIP) services. Analysis by SurfControl’s Global Threat Analysis and Research team shows the rapid growth of these desktop-based services mirrors the adoption rate seen of public instant messaging systems.

"These services, as with instant messaging, create a threat vector to enterprises which can be exploited to gain entry into corporate networks, distribute destructive malware such as spyware and Trojans, instigate denial of service (DoS) attacks or steal sensitive and confidential information," the Scotts Valley, CA-based company has warned.


“Because consumers often use corporate computers for both personal and business purposes, and no doubt will be compelled by the promise of free or relatively free phone services, this is a very real security threat to enterprise networks. We recommend businesses begin addressing the issue today, before it gets out of control as we saw with the use of public instant messaging in enterprise settings,” said Susan Larson, vice president, global threat analysis and research. “VoIP voice traffic is still relatively insecure and can be easily stolen and recorded. Because these services require that an application be downloaded, enterprises are also faced with a new way by which malicious content can bypass existing security measures to enter corporate networks.”

SurfControl’s Global Threat Center offers the following guidelines to help companies safeguard against the new threat posed by desktop VoIP services:

  1. Create and enforce an Acceptable Use Policy (AUP) for Desktop VoIP.
  2. Standardize on Desktop VoIP applications that will be supported on the corporate network.
  3. Create security policies governing the downloading of any application onto corporate desktops, including Desktop VoIP clients.
  4. Establish a layered security model that operates at the gateway, on the network, and on the desktop.
  5. Use security technologies to ensure the optimum threat protection including
    • ability to prevent unwanted desktop VoIP applications from installing on the desktop.
    • ability to create customizable threat signatures.
    • proactive monitoring and reporting of Desktop VoIP usage on the network.
  6. Provide ongoing education to users regarding the potential dangers of desktop VoIP systems.

SurfControl offers enterprises desktop VoIP protection today through SurfControl Enterprise Threat Shield and the company’s Adaptive Threat IntelligenceTM (ATI) Service. SurfControl Enterprise Threat Shield enables IT departments to create and enforce endpoint policies regarding the use of applications, and prevent the downloading of unapproved applications to desktop computers.

Where applications may have already been downloaded, Enterprise Threat Shield protects businesses by preventing the application from launching. SurfControl’s ATI service tracks existing Websites offering VoIP services, and flags new sites as they arise for inclusion in the company’s comprehensive URL database. Global Threat Experts provide a 24/7 worldwide human review and analysis of sites for legitimacy and threat potential.

About Security News Desk
SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

use of free and paid-for Desktop Voice-over-Internet-protocol (VoIP) services sounds kind of interesting to explore




ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

Having been in the web hosting industry since 2002, dhosting has gained a great deal of experience w...
NanoVMs is the only production ready unikernel infrastructure solution on the market today. Unikerne...
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO Silicon Valley 2019 will cover all of these tools, with the m...
SUSE is a German-based, multinational, open-source software company that develops and sells Linux pr...
Your job is mostly boring. Many of the IT operations tasks you perform on a day-to-day basis are rep...
Technological progress can be expressed as layers of abstraction - higher layers are built on top of...
When building large, cloud-based applications that operate at a high scale, it’s important to mainta...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, disc...
Big Switch's mission is to disrupt the status quo of networking with order of magnitude improvements...
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism...
Dynatrace is an application performance management software company with products for the informatio...
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Ser...
All in Mobile is a mobile app agency that helps enterprise companies and next generation startups bu...
Yottabyte is a software-defined data center (SDDC) company headquartered in Bloomfield Township, Oak...
Serveless Architectures brings the ability to independently scale, deploy and heal based on workload...
Whenever a new technology hits the high points of hype, everyone starts talking about it like it wil...
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the c...
"Calligo is a cloud service provider with data privacy at the heart of what we do. We are a typical ...
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (No...
Chris Matthieu is the President & CEO of Computes, inc. He brings 30 years of experience in developm...