Penn National Insurance (Harrisburg, Pa.; $1.3 billion in assets) has improved its ability to meet the privacy and security regulations of the Gramm-Leach Bliley (GLB) Act, which regulates the use of consumers' confidential financial information, through three enhancements made to its existing Websense (San Diego) Internet security solution during the last 12 months. These enhancements were designed to provide added protection from online security threats.
"We are into our third year with Websense, and they have enabled us to add some security functionality each year," says Thomas Miele, manager, information security, Penn National Insurance. Seeing the Internet as a hotspot for security vulnerability, the insurer invested in Websense's core product, Websense Enterprise, to monitor Internet traffic. For example, if employees exceed the corporate policy Internet threshold of 12 hours per month, a report is generated listing sites visited. "Our employees go through a security awareness program, so they know how our policy works, but we know there are a lot of dangers, and we need to create an environment that lessens the opportunity for that danger," says Miele.
To ensure compliance and protection from new Web-based attacks, Penn National has deployed all three Websense Enterprise Premium Groups (PG), which provide flexible filtering components of the solution. The components work on three separate levels: Websense Security PG prevents employees from inadvertently accessing Web sites that are infected with mobile malicious code, or distributing spyware. This is backed with a filter that stops the transmission of sensitive information, such as consumer financial records, to external spyware host servers. Websense bandwidth PG blocks employees from accessing sites such as Internet radio TV, streaming media, and peer-to-peer (P2P) file sharing. The carrier's concern is that P2P is an attractive capability because it connects users directly to each other to quickly and easily download and swap files. But it is also easily exploitable to hackers for the spread of viruses, spyware and the transfer of confidential information. Websense Productivity PG blocks employee access to pop-up ads, instant messaging host sites, message boards and clubs, and online brokerage and trading sites.
All of these applications are supported by a Master Database, which includes over 7.3 million Web sites, classified into over 90 categories in more than 50 languages, and a Client Policy Manager (CPM) database that identifies and categorizes over 500,000 software applications and executable files. The Productivity PG blocks are enabled by a database of common network protocols to manage network policies and filter non-http traffic. "The Internet is where business is headed," says Miele. "People will extend their work hours beyond the normal 7 or 8 hours a day. Now, if our employees log onto our network from home and use Internet to do research, they are tracked and protected."