CyBlock Archives - Page 2 of 4 - Wavecrest Knowledge Base

Sessions

The Session Settings Screen allows you to customize, run, and analyze your session algorithm against specific log file configurations and defined timespans. Built with adaptability in mind, you can modify session algorithm parameters to better align with the unique requirements of any customer environment.

Go to Settings – Reports – Sessions. The Session screen is displayed

Session Analyzer

To manually run the session algorithm go to the Session Analyzer section
Select Log File Configuration: Use the dropdown to select the log files you’d like to include in your analysis.
Define Your Timespan: Using the calendar tool, select your desired start and end dates and times.
Press the button labeled ‘Analyze’ on the screen to initiate the session algorithm.

Session Analyzer Configuration

If you’re familiar with the specifics of the session algorithm and wish to fine-tune it, use the input boxes to adjust the default parameters. If unsure, it’s recommended to consult the definition below or contact our support team for assistance.

To override the system defaults use the below input boxes to adjust the default parameters.
Press the button labeled ‘Update Configuration’ to apply Session algorithm parameter changes.

Session Parameter Definitions

Minimum Duration (minutes): The least amount of continuous Web activity to a particular Application/Site required to constitute a session.
Inactivity Cutoff (minutes): The amount of time since the last activity to an Application/Site for a session to be considered complete. Future activity will start a new Session.
Minimum Session Hit Count: The minimum amount of Web activity (log hits) required to each Application/Site for the activity to constitute a Session.
Maximum Session Duration(hours): A hard limit in hours for acitvity to single Application/Site.
Required Browser User-Agent: When enabled Log records containing known browser types will be analyzed.
- Notes:
  - Keeping the checkbox enabled allows for a more refined and relevant session analysis by focusing on known browser types.
  - Users who wish to view all log records, regardless of browser type, should disable the checkbox. However, please note that disabling this option will affect the accuracy of the session analysis.
  - Disabling this checkbox might be necessary if SSL inspection is not enabled on your firewall. Without SSL inspection, the session analysis may not only be inaccurate but could also return without any results because the user agent field would be empty.

SSL Inspection with Firewalls: Challenges and Effective Solutions

Category: Best Practices, SSL Inspection

In our ever-evolving digital landscape, the focus on cybersecurity and data integrity has never been higher. SSL inspection, which is the process of decrypting and inspecting HTTPS traffic to monitor and regulate web content, is one way organizations aim to boost their cybersecurity posture. Many businesses trust their firewalls to undertake this task, but as technology advances, this approach presents several challenges:

1. Strain on Firewall Performance

The computational load required to perform SSL inspection can be demanding, and this additional burden may affect a firewall’s core functions. If a firewall is overtaxed with decrypting and inspecting traffic, its primary responsibility—shielding your network from threats—may suffer.

2. Limited SSL Inspection Capabilities

Not all firewalls are created equal. While some might possess robust SSL inspection capabilities, others might offer limited functionality or none at all. If you’re relying on a firewall without the necessary capabilities, your organization’s web traffic remains largely unseen.

3. Emerging Encryption Technologies

With encrypted DNS (DoH) and Encrypted Client Hello becoming increasingly popular, firewalls will find it increasingly challenging to intercept and examine traffic. These encryption advancements can limit the efficacy of even the most sophisticated firewalls, rendering them less effective for SSL inspection.

Given these challenges, many experts suggest looking beyond firewalls for SSL inspection.

Proxy-Based Solutions: The Way Forward

For environments seeking comprehensive SSL inspection without overloading their firewall, proxy-based solutions are often the ideal answer. These solutions are specifically crafted to execute SSL inspection tasks, offering detailed monitoring and reporting on employee web activity.

One of the trusted names in this arena is Wavecrest Computing. With nearly three decades in the field, Wavecrest has designed tools like Cyfin and CyBlock to address the specific challenges of SSL inspection.

CyBlock stands out as a premium choice for those in need. Not only does it offer the extensive monitoring and reporting features found in Cyfin, but it can also filter web access in real-time if desired. For businesses solely seeking SSL inspection, monitoring, and reporting, CyBlock fits the bill perfectly.

In Conclusion

Relying solely on a firewall for SSL inspection can lead to potential vulnerabilities and performance issues. As encrypted web traffic becomes the norm and emerging encryption technologies come into play, the challenges will only increase. Solutions like Cyfin and CyBlock from Wavecrest Computing can help businesses rise to these challenges, ensuring robust cybersecurity while providing detailed insights into web activity. If your current setup falls short or you’re aiming to optimize SSL inspection without taxing your firewall, Wavecrest offers the specialized solutions you need.

v9.6.5 Release Notes for CyBlock Software & Virtual Appliance Release Notes

Category: Administration, Data Manager, Release Notes

Enhancements

Health
- Added new Health status page to display the current state of different components in the product through Health Modules. These modules can be configured to trigger notification alert emails when an error is detected. The following modules are currently available:
  - License Expiration – Checks the number of days left on the license and can trigger warning and error notifications based on days left.
  - Syslog Inactivity – Checks active syslog ports for data being sent and triggers alert when no data is received in a configurable time period. Module also checks for valid data being received instead of just any data and triggers different error alert accordingly.
Reporting
- Dashboard
  - Visualizer
    - Added an extensive library of preconfigured charts for users to select when creating new panels.
Library
- Updated product to use most recent MySQL library (8.0.33).

Corrections

Dashboard
- Removed “AVG Daily Usage” and “AVG Daily Ingestion” tiles because metric is not useful when combined with metric data removal as it is currently. Results include large possible negative numbers.

v9.6.3 Release Notes for CyBlock Software & Virtual Appliance Release Notes

Category: Release Notes

Enhancement

Data Managements
- Log Data Setup
  - Added Microsoft Defender as a configuration option. This feature only available for Cyfin in VM environment.
Reporting
- Dashboard
  - Visualizer
    - Added Dashboard level filters. This allows a filter to be applied to all panels with matching data source on the configured dashboard.
Usage statistics
- Added periodic anonymous usage statistics gathering to improve customer experience.

v9.6.2.a Release Notes for CyBlock Appliance

Category: Release Notes

Enhancements

Logon Accounts
- Added ability to add additional group permissions to imported logon accounts from Active Directory.
Reporting
- Visit Filter
  - Updated algorithm for determining hit versus visit to include additional portions of URL.

v9.6.2.a Release Notes for CyBlock Software & Virtual Appliance Release Notes

Category: Release Notes

Enhancements

Logon Accounts
- Added ability to add additional group permissions to imported logon accounts from Active Directory.
Reporting
- Visit Filter
  - Updated algorithm for determining hit versus visit to include additional portions of URL.

v9.6.2 Release Notes for CyBlock Appliance

Category: Release Notes

Enhancements

Enhancements
- System
  - Added ability to import Groups and IDs through Directory Agent.
- System Status
  - Messages
    - Visualizer
      - Added screen to view Visualizer profiling information.
- Reporting
  - Dashboard
    - Visualizer
      - Added preconfigured dashboard templates for users to select when creating new dashboards.
      - Updated timeframe selection to always be relative when creating/editing dashboards. Modifying the timeframe in the dashboard view page is only temporary and a button is added to reset back to default timeframe selection. Navigating away also resets the timeframe back to dashboard default.

Corrections

Reporting
- Dashboard
  - Visualizer
    - Corrected visualizer link in product menu when user account does not have a valid email address by redirecting to logon accounts modification screen.

v9.6.2 Release Notes for CyBlock Software & Virtual Appliance Release Notes

Category: Release Notes

Enhancements

Enhancements
- System
  - Added ability to import Groups and IDs through Directory Agent.
- System Status
  - Messages
    - Visualizer
      - Added screen to view Visualizer profiling information.
- Reporting
  - Dashboard
    - Visualizer
      - Added preconfigured dashboard templates for users to select when creating new dashboards.
      - Updated timeframe selection to always be relative when creating/editing dashboards. Modifying the timeframe in the dashboard view page is only temporary and a button is added to reset back to default timeframe selection. Navigating away also resets the timeframe back to dashboard default.

Corrections

Reporting
- Dashboard
  - Visualizer
    - Corrected visualizer link in product menu when user account does not have a valid email address by redirecting to logon accounts modification screen.

v9.6.0 Release Notes for CyBlock Appliance

Category: Release Notes

Enhancements

Enhancements
- System
  - Added ability to import Groups and IDs through Directory Agent.
- System Status
  - Messages
    - Visualizer
      - Added screen to view Visualizer profiling information.
- Reporting
  - Dashboard
    - Visualizer
      - Replaced all existing dashboards with Visualizer. This new charting solution allows you to create and save panels on multiple dashboards as opposed to the single view that you had to configure each time you went to the charts. Any non-ad logon will automatically be able to log into the visualizer using the same credentials.

v9.6.0 Release Notes for CyBlock Software & Virtual Appliance Release Notes

Category: Release Notes

Enhancements

Enhancements
- System
  - Added ability to import Groups and IDs through Directory Agent.
- System Status
  - Messages
    - Visualizer
      - Added screen to view Visualizer profiling information.
- Reporting
  - Dashboard
    - Visualizer
      - Replaced all existing dashboards with Visualizer. This new charting solution allows you to create and save panels on multiple dashboards as opposed to the single view that you had to configure each time you went to the charts. Any non-ad logon will automatically be able to log into the visualizer using the same credentials.