Solved

Opinions - Websense Triton Enterprise

Posted on 2013-12-19
4
819 Views
Last Modified: 2013-12-20
Just looking for opinions on the product from anyone who uses it or knows how it works compared to similar solutions.  We're doing a DLP project and considering replacing our Email/Web filtering with a suite at the same time.
0
Comment
Question by:First Last
  • 2
4 Comments
 
LVL 61

Accepted Solution

by:
btan earned 333 total points
Comment Utility
Websense has two area that you may want to consider such as context aware DLP and Secure Web Gateway. The DLP is part of the Secure Gateway appliance too. There is useful info in the Gartner report such as

http://www.computerlinks.de/FMS/22876.magic_quadrant_for_content_aware_data_loss_prevent.pdf

It has introduced enhanced capabilities to support mobile devices and also the ability to use advanced persistent threat features within the DLP solution to better evaluate risks.

Its "drip DLP" feature monitors for slow leaks of information over a long period of time. Websense has a strong policy engine wit h good remediation options. Its optical character recognition (OCR) capabilities identify sensitive content within scanned documents.

Its redaction capabilities are only supported for data at rest... it appears to Gartner that its product road map is showing signs of slow er feature adoption when compared to those of its competitors

However, it was understood that Triton management console provides a common point for policy management and reporting in hybrid environments. The company offers a single SKU hybrid pricing model. Customers can purchase a single license and implement it in a mix-and-match scenario (on-premises or cloud-based users). It also provides strong malware detection technology, including browser code emulation and network traffic analysis.

Websense also provides a cloud-assist sandboxing analysis with its ThreatScope offering. Objects must be submitted manually to ThreatScope, although Websense has plans to automate the process. Its DLP is integrated on box with its solution suite and note that full enterprise DLP requires additional license, it uses deep packet inspection to inspect outbound traffic for malware behaviour (this does not require a DLP license). However, the licensing of services per IP address can be outdated since most of user is carrying multiple mobile devices and definitely such licensing is not scalable and cost effective to customer, needed more flexibility like site pricing or per appliance pricing.
0
 
LVL 26

Assisted Solution

by:skullnobrains
skullnobrains earned 167 total points
Comment Utility
many people may not agree with the following but here is an opinion

websense is based on free software so remember that any feature available will appear later in websense than in the corresponding software. what you are buying is actually less administration hassle and not technology. same applies to all concurrent products i know of as far as DLP is concerned.

----

expecting to achieve DLP in this way is meaningless, because it is just awfully trivial to bypass, even for folks with little technical skill.

for example take an excel sheet, save it as text, paste it into the body of an email, do the reverse operation on the remote side and you'll bypass websense efficiently. when that does not work, stick the excel sheet in a password-protected rar archive first. when that does not work, i'm sure you can figure something out. don't mistake my point : websense is not a bad product, but achieving efficient DLP in such ways is just not feasible...

and actually DLP in itself does not really make sense unless you forbid all kind or removable media, printers, mobile phones, cameras, and only hire people who can't remember a few lines of text (aka they won't be able to remember their passwords either)... even secret services don't manage it, as it would require to stick workers inside an air-tight bunker with no internet access, and enough oxygen and food supply for the duration of the corresponding project(s)

maybe try and think it in terms of onion-layering access to the information, and if possible scatter it so no single person has enough information to leak anything useful
0
 
LVL 61

Assisted Solution

by:btan
btan earned 333 total points
Comment Utility
Another key aspects is to be able to inspect SSL traffic, meaning it needs to have the flexibility to do it in active inline or passive inline mode. I know it has a cloud capability but to the extend of "breaking" the SSL and acts like MITM proxy. It does have this capability but maybe not be part of the DLP suite, you likely need the SWG together with DLP

https://www.websense.com/assets/support/webinar/Presentation/Jan2013_WebinarSlides.pdf
0
 
LVL 1

Author Comment

by:First Last
Comment Utility
Thanks so much for the info guys, very much appreciated!
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now