New Releases

Auditor Is Here – Our Free Tool for Bullying and Self-harm Detection on Gmail

/ securlyinc / Leave a comment

auditor, school, student, safety, email, gmail, detectLast year, we introduced “Auditor” – a free tool that helps schools ensure the safety of their students by monitoring Gmail for messages that are indicative of bullying or self-harm. Today, we are emerging from closed Beta after an extended period with 20 customers in which we scanned 70,000 emails daily for indicators of cyberbullying and self-harm.

Already, Principals and IT Admins are finding Auditor to be a powerful asset to student safety. Tom Walker, Massac Unit School District #1, remarked, “The ability to detect bullying, self harm, or other potential destructive behavior is something we’ve never had before. One Saturday evening, I received an email from the Auditor Safety Bot. The email contained wording about a video being uploaded to YouTube with a suicidal line. Upon further inspection, the video was not uploaded by one of our students, but was from a popular YouTube channel that the student had subscribed to. However, the fact that the Auditor was able to detect it gives us another tool to have in the struggle against bullying and self harm. From a legal perspective, it makes perfect sense that a school district would want the Auditor on their side.”

How Auditor Came to Be

As Gmail became the chosen tool in thousands of schools across the world, we realized blocking these channels is no longer a productive solution. However, from conversations with our customers, we learned that these resources have opened up new avenues for students to vent negative emotions such as bullying and self-harm.

In general, we found that many schools did not have good solutions in place that address this issue due to the following:

  • By its very definition, “web-filtering” does not apply to emails. A lot of schools that we’ve spoken to use Google’s default compliance options to flag emails that contain a predefined set of keywords. This can be prone to lots of False Positives (False Alarms) and False Negatives (Missed Alerts) and does not scale well in a large District where IT becomes the bottleneck in sorting through these flagged messages.
  • Old school approaches to monitoring these channels involving human auditors are costly.
  • The CIPA law is vague about the need to cover this vector – “The policy proposed must address.. security and safety of minors using chat rooms, email, instant messaging, or any other types of online communications.” However, the meaning of “safety” is left too vague.

Auditor’s Unique Benefits – COMING SOON

Automated sentiment inference approach: While existing tools rely heavily on keyword matching to detect inappropriate behavior (e.g. by looking for words like “suicide” or “ugly”), Auditor will use our tried and tested machine learning techniques. For example, consider the following post that was flagged by our algorithm: “slowly i’m realizing i don’t really have a purpose here say good-bye cause Fryday it’s all over <3” It should be clear to the reader that a keyword-based approach would not have worked in detecting this.

911 Emergency Response Notifications to Parents and Guidance Counselors: We will extend our existing Delegated Administration and Parent Reports functionality from our flagship web-filtering product to Auditor. In the context of Auditor, these services will become 911 Emergency Response notifications to both guidance counselors and parents. Parents, principals and guidance counselors will receive an alert whenever our Auditor detects disturbing emails sent or received.

It’s free? What’s the catch?

No catch! Keeping Auditor free –forever – is our commitment to the pursuit of student safety. Given the lack of any compliance requirement, and cash-strapped schools already reluctant to spend on paid solutions, we felt it necessary to introduce a free tool to address this serious issue.

As with any other company that is trying to build a sustainable business, we need to charge a fee for our services and grow our revenues year over year. However, while achieving this somewhat “practical” goal, we aspire to make a dent in the universe. In our mind, that “dent” has always been (and likely always will be) ubiquitous child safety – both at school and at home.

 

For more updates and product releases, subscribe to our newsletter: 


The First Ever Proxy-less, DNS-based iPad Filtering Solution for K-12

/ securlyinc / Leave a comment

securly, filtering, schools, ipad, proxy, filter, device, app

iPads have a prominent place in the K-12 ecosystem. While we often see the higher grades go with Chromebooks as the 1:1 device of choice, lower grades typically go with iPads due to its tactile interface. Educational apps minimize the need to type while fostering learning.

With many schools choosing to send these devices home, both the CIPA law and pressure from the local parent community forces schools to provision their iPads with some form of filtering. Apple’s architectural limitations have thus far allowed only 2 options. Both of these have their own limitations.

Safe browsers: This approach requires uninstalling Safari and installing a specialized browser that filters web traffic. The approach suffers from the following limitations:

  • App traffic is not filtered.
  • Hyperlinks on any webpage tend to use Safari as the default browser.
  • Removing Safari breaks a number of Edu critical apps such as docs and drive.

In other words, Safe Browsers are simply not an option for a school or district trying to ensure that their taxpayer dollars spent on devices will move the needle on student achievement.

Proxy: Apple provides the option to push out a global proxy setting via MDM. This would mean that every byte of data from the iPad would need to be routed through the designated proxy. This approach has the following downsides:

  • Most proxy solutions are hardware appliance based. When the device leaves the network, the traffic is forced back through the appliance which is usually installed on the school’s network. By definition, this requires the school to become a 24/7 ISP for at-home traffic!
  • Even those proxy solutions that are cloud based like Securly’s often see Apps “break” because many cloud based services simply do not like to see their App traffic be proxy-ed. These services need to be constantly exempted from PAC files as the school runs in to them.
  • Many Firewalls tend to block proxy traffic out of the box. To address this, schools often need to maintain a running proxy whitelist on their Firewall.

The holy grail of iPad filtering: Thanks to months of often time frustrating R&D + recent advances in iOS 10, Securly is able to introduce the first proxy-less off-site filtering solution for iPads that is not a safe browser. The solution involves provisioning the iPad with a lightweight DNS setting – as a result of which ~1% of the device’s traffic is selectively proxy-ed. This includes App traffic. Securly is also able to avoid proxy-ing all of the traffic.

For more updates and product releases, subscribe to our newsletter: 


Introducing “Auditor by Securly” – A free tool to monitor Google Mail for bullying and self-harm

/ securlyinc / Leave a comment

Request an invite here: http://www.securly.com/auditor

button

Auditor by Securly

Today, in honor of Stop Cyberbullying Day, we are announcing the launch of “Auditor by Securly”. This is a free tool that helps schools using Google Email ensure the safety of their students by monitoring these channels for messages that are indicative of bullying or self-harm. At this time the product is in Beta phase and we are working with early adopter districts who are willing to collaborate with us to shape this product over the next couple of months before it is available for general release. For an invite, click on the button above.

In this blog post, we outline the thought process that brought us to this announcement.

In Pursuit of Student Safety

We have always thought of Securly as a company with a “double-bottom line” mission. As with any other company that is trying to build a sustainable business, we need to charge a fee for our services and grow our revenues year over year. However, while achieving this somewhat “practical” goal, we aspire to make a dent in the universe. In our mind, that “dent” has always been (and likely always will be) ubiquitous child safety – both at school and at home. We have introduced a number of innovations to market in pursuit of this aspiration:

  • 911 Emergency Response notifications for Guidance Counselors: Industry’s first Delegated Administration that allows district guidance counsellors and school principals to be alerted on these flagged activities allowing the district IT team to focus on infrastructure related operations.
  • 911 Emergency Response notifications for Parents: Industry first Parent Portal and e-mail reports. While the concept of a Parent Portal is extremely common among EdTech companies, Securly is the first (and at this time only) web-filter to have introduced this concept to the web-filtering and student-safety space. Parents can get immediate notification on any instances of bullying/self-harm.

Expanding Student Safety to Emails

With Google Mail becoming a tool of choice in thousands of schools across the world, blocking these is no longer an option for most middle and high schools. However, we have learnt through conversations with our customers that these resources have opened up new vectors for students to vent negative emotions such as bullying and self-harm.

Generally speaking, we have found that many schools do not have good solutions in place that address this issue because of the following factors at play:

  • While web-filters are required by law, they do not cover these vectors. By its very definition, “web-filtering” does not apply to emails. A lot of schools that we’ve spoken to use Google’s default compliance options to flag emails that contain a predefined set of keywords. This can be prone to lots of False Positives (False Alarms) and False Negatives (Missed Alerts) and does not scale well in a large District where IT becomes the bottleneck in sorting through these flagged messages.
  • Old school approaches to monitoring these channels involving human auditors have cost money.
  • The CIPA law is vague about the need to cover this vector – “The policy proposed must address.. security and safety of minors using chat rooms, email, instant messaging, or any other types of online communications.” However, the meaning of “safety” is left too vague.

Given the lack of any compliance requirement, and cash-strapped schools already reluctant to spend on paid solutions, we felt compelled to introduce a free tool to address this serious issue. We expect even districts that have never purchased paid solutions to now consider using Auditor as a free tool that could potentially preempt the next bullying or suicide incident.

Unique Benefits

Automated sentiment inference approach: The key advantage that we will be providing over the state of the art is that while existing tools rely heavily on keyword matching to detect inappropriate behavior (e.g. by looking for words like “suicide” or “ugly”), we will be relying on our tried and tested machine learning techniques to do so. To appreciate the value of this approach, consider the following post that was flagged by our algorithm – “slowly im realizing i don’t really have a purpose here say good bye cause Fryday it’s all over <3” It should be clear to the reader that a keyword based approach would not have worked in detecting this.

911 Emergency Response Notifications to Parents and Guidance Counselors: We will be extending our existing Delegated Administration and Parent Reports functionality from our flagship web-filtering product to Auditor. In the context of Auditor, these services become 911 Emergency Response notifications to guidance counselors and parents respectively. In other words, parents, principals and guidance counselors will receive these alerts whenever our Auditor detects disturbing emails or chats sent or received – or even inside email drafts composed but not sent yet (e.g. a suicide note in progress).

Timeline and Business Model

Securly will be bringing Auditor to market this Fall. We will make it available for free in perpetuity to any school (of any size) that wants to use it. We will be launching with E-mail, Chat and Drafts monitoring.

Like most enterprise “freemium” business models, we are also expecting a fraction of the schools who try this tool out to eventually become paid customers and referrers of our premium web-filtering paid product. This move aligns with the company’s “double bottom-line” goal of helping schools who cannot afford to plug a key hole in student safety while bringing a key business model innovation to the table.

If you would like to use this tool in your District and stay updated of our progress, please do drop a note here and we will keep you posted!

Product Images

auditor_UI

parent_dashboard

flagged_highlightednotification_nohand

Request an invite here: http://www.securly.com/auditor

button

SSL Decryption without PAC files

/ securlyinc / Leave a comment

ee0ddc_00bc58c839464978bc251e28edd6d777.jpg_srz_634_310_85_22_0.50_1.20_0.00_jpg_srz

If you have endured the pain of deploying Proxy Auto-Configuration (PAC) files, get ready to jump for joy! Beginning May 30th, Securly is pleased to announce the “Death of PAC Files”.

As you may know, Securly was founded on the premise of a simple 5-minute deployment. A web filter for schools that IT admins can truly set and forget. As we have evolved as a company, a major impediment to the realization of this vision has been the use of PAC files for those of our customers who deploy Securly for in-school (DNS based) filtering.

To understand how we ended up here, its helpful to trace through our technical evolution:

  • We first started off as a DNS-to-proxy web-filter. Simply put, we use DNS queries to selectively proxy domains that need to be filtered. In slightly more technical terms, when our DNS server receives a query for a domain like google.com or facebook.com, we “lie” to the client about the resolution and instead point to the IP address of one of our proxies.
  • Our core backend engine uses the industry standard – tried and tested Squid open-source web-proxy. Needless to say, we have had to heavily modify Squid over time to get it to perform all of the magic (Google SSO, per policy filtering, etc) that our customers have come to rely on. An essential and early innovation we introduced on the Squid side was industry-first transparent HTTP and HTTPS proxying. Out of the box, Squid relies on the configuration of an explicit proxy at the browser level. The core Squid engine had to be modified to accept unproxy-ed HTTP and HTTPS traffic.
  • Very soon, we ran into the need to decrypt HTTPS traffic due to the following reasons (i) web-sites that YouTube and Yahoo that need HTTP header/cookie insertion to enforce Safety Mode (ii) web-sites like Facebook and Twitter that needed to be allowed for staff, but blocked for students.
  • We tried and failed very early on to achieve transparent HTTPS decryption (which is quite different from transparent HTTPS proxying). However, the numbers spoke for themselves (500 support tickets over one year re: PAC files alone) when it came to the pain our customers were going through as a result of these PAC files.
  • Although the use of PAC files has becomes the industry norm, we realized that to reduce friction for customers (and to make the product easier to support), we simply had to solve this problem. We engaged the services of a industry leading crypto expert who build transparent HTTPS decryption for us. We are in the process of integrating his work back into our technology.

We believe that completely getting rid of PAC files while retaining SSL decryption abilities is nothing short of magic and are thrilled to announce that our customers will experience this for themselves very soon. 

Should you have any questions about this change, please do not hesitate to contact us at support[AT]securly.com.