I would like to suggest a feature to report on international domain access. as of now, websense will categorize these URLs as their actual content type. this is fine, but i would also like the ability to see what IDNs my users are accessing (punycode and unicode). IDN spoofing is something that has always been around, but lately has been on the rise.
currently websense filters on the punycode URL and then converts to unicode before logging. i would like to either retain the punycode (along with the unicode conversion), or be able to report on a sub category, maybe, called "international domain names".
the theory is that attackers register IDNs with unicode translations similar to popular websites (facebook was a recent one). when you paste the encoded url into some browsers/email clients (like IE) the unicode is rendered and most browsers/email clients render international characters the same as latin ones. like the greek "o" and latin "o" will look the same, though the greek url is actually wrapped punycode and thus a different URL altogether. this makes spoofed urls much harder to track.
adding this feature will bring additional visibility and reporting capabilities to websense for its customers interested in this.
it will give us visibility on which IDN URLs our users are going to and we would be able to tell if they are clearly spoof attempts.