Digital Edition

SYS-CON.TV
SurfControl Addresses Enterprise Threats
Issues Guidelines Relating to Increased Use of VoIP Desktop Services

SurfControl has issued a warning to enterprise IT departments to establish policies regarding the use of free and paid-for Desktop Voice-over-Internet-protocol (VoIP) services. Analysis by SurfControl’s Global Threat Analysis and Research team shows the rapid growth of these desktop-based services mirrors the adoption rate seen of public instant messaging systems.

"These services, as with instant messaging, create a threat vector to enterprises which can be exploited to gain entry into corporate networks, distribute destructive malware such as spyware and Trojans, instigate denial of service (DoS) attacks or steal sensitive and confidential information," the Scotts Valley, CA-based company has warned.


“Because consumers often use corporate computers for both personal and business purposes, and no doubt will be compelled by the promise of free or relatively free phone services, this is a very real security threat to enterprise networks. We recommend businesses begin addressing the issue today, before it gets out of control as we saw with the use of public instant messaging in enterprise settings,” said Susan Larson, vice president, global threat analysis and research. “VoIP voice traffic is still relatively insecure and can be easily stolen and recorded. Because these services require that an application be downloaded, enterprises are also faced with a new way by which malicious content can bypass existing security measures to enter corporate networks.”

SurfControl’s Global Threat Center offers the following guidelines to help companies safeguard against the new threat posed by desktop VoIP services:

  1. Create and enforce an Acceptable Use Policy (AUP) for Desktop VoIP.
  2. Standardize on Desktop VoIP applications that will be supported on the corporate network.
  3. Create security policies governing the downloading of any application onto corporate desktops, including Desktop VoIP clients.
  4. Establish a layered security model that operates at the gateway, on the network, and on the desktop.
  5. Use security technologies to ensure the optimum threat protection including
    • ability to prevent unwanted desktop VoIP applications from installing on the desktop.
    • ability to create customizable threat signatures.
    • proactive monitoring and reporting of Desktop VoIP usage on the network.
  6. Provide ongoing education to users regarding the potential dangers of desktop VoIP systems.

SurfControl offers enterprises desktop VoIP protection today through SurfControl Enterprise Threat Shield and the company’s Adaptive Threat IntelligenceTM (ATI) Service. SurfControl Enterprise Threat Shield enables IT departments to create and enforce endpoint policies regarding the use of applications, and prevent the downloading of unapproved applications to desktop computers.

Where applications may have already been downloaded, Enterprise Threat Shield protects businesses by preventing the application from launching. SurfControl’s ATI service tracks existing Websites offering VoIP services, and flags new sites as they arise for inclusion in the company’s comprehensive URL database. Global Threat Experts provide a 24/7 worldwide human review and analysis of sites for legitimacy and threat potential.

About Security News Desk
SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

use of free and paid-for Desktop Voice-over-Internet-protocol (VoIP) services sounds kind of interesting to explore




ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures....
Now is the time for a truly global DX event, to bring together the leading minds from the technology...
On-premise or off, you have powerful tools available to maximize the value of your infrastructure an...
Artifex Software began 25-years ago with Ghostscript, a page description language (PDL) interpreter ...
In an age of borderless networks, security for the cloud and security for the corporate network can ...
In today's always-on world, customer expectations have changed. Competitive differentiation is deliv...
As the digitization of business accelerates the move of critical applications and content to the clo...
Blockchain has shifted from hype to reality across many industries including Financial Services, Sup...
Cloud Storage 2.0 has brought many innovations, including the availability of cloud storage services...
Concerns about security, downtime and latency, budgets, and general unfamiliarity with cloud technol...
In very short order, the term "Blockchain" has lost an incredible amount of meaning. With too many j...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web...
For enterprises to maintain business competitiveness in the digital economy, IT modernization is req...
Cloud-Native thinking and Serverless Computing are now the norm in financial services, manufacturing...
Data center, on-premise, public-cloud, private-cloud, multi-cloud, hybrid-cloud, IoT, AI, edge, SaaS...
Public clouds dominate IT conversations but the next phase of cloud evolutions are "multi" hybrid cl...
Moving to Azure is the path to digital transformation, but not every journey is effective. Organizat...
Most modern computer languages embed a lot of metadata in their application. We show how this goldmi...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with exp...
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the c...