In the last decade, Internet related technologies have advanced in leaps and bounds, but this advance has also led to growth in malicious and illegal activity on the internet, making organizations increasingly vulnerable to threats from hackers and viruses, and even from their own staffs. Internet security has become a paramount concern for organizations, and failing to secure systems and manage employee usage of the internet exposes the organization to great risk—risk of a damaged reputation, risk of system damage, and risk of losing business. Most enterprises implement at least some basic security measures by using multiple security systems at the network edge of the enterprise, e.g., firewalls, gateway security agents, intrusion detection and prevention systems, or software security systems in each computing device. These security measures, however, require regular updating and cannot protect organizations from all possible threats.
Further, most organizations install applications that inhibit employee web browsing. These applications block or restrict access to certain websites based on defined security policies. For example, some applications block websites that contain specific words such as ‘cars’, ‘entertainment’, ‘download’, ‘torrent’, and so on, while other applications block previously determined malicious websites, such as phishing sites, illegal downloading sites, and so on. With all these applications and measures in place, it is still possible for employees to access websites that might have a detrimental effect on the organization.
To monitor employee web behaviour, security administrators oftentimes use applications that record and report user generated web activity. These applications, however, neither perform any calculation on the recorded data nor provide any intelligence. Administrators must perform the tedious task of examining stacks of reports to detect any vulnerability introduced by the user generated web activity, determine how detrimental the web activity can be for the organization, and implement corrective measures based on the detection.
Therefore, it would be desirable to have a method and system that can calculate the risk posed by a user based on the user's web activity and a set of predetermined criteria.