Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Opinions - Websense Triton Enterprise

Posted on 2013-12-19
4
Medium Priority
?
907 Views
Last Modified: 2013-12-20
Just looking for opinions on the product from anyone who uses it or knows how it works compared to similar solutions.  We're doing a DLP project and considering replacing our Email/Web filtering with a suite at the same time.
0
Comment
Question by:First Last
  • 2
4 Comments
 
LVL 65

Accepted Solution

by:
btan earned 1332 total points
ID: 39731146
Websense has two area that you may want to consider such as context aware DLP and Secure Web Gateway. The DLP is part of the Secure Gateway appliance too. There is useful info in the Gartner report such as

http://www.computerlinks.de/FMS/22876.magic_quadrant_for_content_aware_data_loss_prevent.pdf

It has introduced enhanced capabilities to support mobile devices and also the ability to use advanced persistent threat features within the DLP solution to better evaluate risks.

Its "drip DLP" feature monitors for slow leaks of information over a long period of time. Websense has a strong policy engine wit h good remediation options. Its optical character recognition (OCR) capabilities identify sensitive content within scanned documents.

Its redaction capabilities are only supported for data at rest... it appears to Gartner that its product road map is showing signs of slow er feature adoption when compared to those of its competitors

However, it was understood that Triton management console provides a common point for policy management and reporting in hybrid environments. The company offers a single SKU hybrid pricing model. Customers can purchase a single license and implement it in a mix-and-match scenario (on-premises or cloud-based users). It also provides strong malware detection technology, including browser code emulation and network traffic analysis.

Websense also provides a cloud-assist sandboxing analysis with its ThreatScope offering. Objects must be submitted manually to ThreatScope, although Websense has plans to automate the process. Its DLP is integrated on box with its solution suite and note that full enterprise DLP requires additional license, it uses deep packet inspection to inspect outbound traffic for malware behaviour (this does not require a DLP license). However, the licensing of services per IP address can be outdated since most of user is carrying multiple mobile devices and definitely such licensing is not scalable and cost effective to customer, needed more flexibility like site pricing or per appliance pricing.
0
 
LVL 27

Assisted Solution

by:skullnobrains
skullnobrains earned 668 total points
ID: 39731515
many people may not agree with the following but here is an opinion

websense is based on free software so remember that any feature available will appear later in websense than in the corresponding software. what you are buying is actually less administration hassle and not technology. same applies to all concurrent products i know of as far as DLP is concerned.

----

expecting to achieve DLP in this way is meaningless, because it is just awfully trivial to bypass, even for folks with little technical skill.

for example take an excel sheet, save it as text, paste it into the body of an email, do the reverse operation on the remote side and you'll bypass websense efficiently. when that does not work, stick the excel sheet in a password-protected rar archive first. when that does not work, i'm sure you can figure something out. don't mistake my point : websense is not a bad product, but achieving efficient DLP in such ways is just not feasible...

and actually DLP in itself does not really make sense unless you forbid all kind or removable media, printers, mobile phones, cameras, and only hire people who can't remember a few lines of text (aka they won't be able to remember their passwords either)... even secret services don't manage it, as it would require to stick workers inside an air-tight bunker with no internet access, and enough oxygen and food supply for the duration of the corresponding project(s)

maybe try and think it in terms of onion-layering access to the information, and if possible scatter it so no single person has enough information to leak anything useful
0
 
LVL 65

Assisted Solution

by:btan
btan earned 1332 total points
ID: 39731532
Another key aspects is to be able to inspect SSL traffic, meaning it needs to have the flexibility to do it in active inline or passive inline mode. I know it has a cloud capability but to the extend of "breaking" the SSL and acts like MITM proxy. It does have this capability but maybe not be part of the DLP suite, you likely need the SWG together with DLP

https://www.websense.com/assets/support/webinar/Presentation/Jan2013_WebinarSlides.pdf
0
 
LVL 1

Author Comment

by:First Last
ID: 39731693
Thanks so much for the info guys, very much appreciated!
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question