A free online encyclopedia of internal network security issues was released Tuesday by network security provider Promisec, which includes popular Web-based applications among possible data-loss threats.
Internal threats may come from various sources such as usage of USB (Universal Serial Bus) memory sticks, programs like Skype, unwanted file types, and any services or applications that are not permissible or aren't covered by registered software licenses, according to Promisec, based in Rishon Letziyon, Israel.
Promisec hopes that the encyclopedia -- which lists and dates dozens of potential threats and ranks them on a five-part scale, ranging from "extremely critical" to "not critical" -- will help promote its marketing and sales efforts.
The newest applications that may pose threats -- such as EnterMyPC, Kismet and Wireshark -- are included and described with information on the manufacturer, systems affected, relevant links and date added. In addition, the site contains monthly charts showing how internal network risk trends have changed in the past year, an internal security tips and tricks section, articles on recent internal security incidents, an overview of internal threats, and other resources.
Today, the top five threats listed by the encyclopedia are MySpace, Skype, Tencent QQ, PacketTrap and Google Talk.
The encyclopedia is part of the Promisec Risk Center, a resource for statistics highlighting significant internal network threats.
"This tool helps us make sense of internal threats and actually beg companies to draw comprehensive policies and action plans to deal with these threats," said Amir Kotler, Promisec CEO. "It is set to include thousands of terms and enable IT professionals to post feedback and comments."
Promisec's network security software aims to detect and eliminate internal threats, without using ActiveX or any other type of dissolvable agent, run-once technology that removes traces of itself. The company estimates that over 80 percent of attacks and corporate abuse originate internally. As an example, Kotler noted last year's data breach in Pfizer, where the data of about 15,700 existing and former employees were compromised when the spouse of an employee downloaded file-sharing software onto a company-issued laptop.