Web Security Gateway Anywhere

The Web Security Challenge

Web Technology Trends

Dynamic, interactive Web 2.0 technologies have transformed the Web into a core business application platform Customer relationship and payroll are now delivered over the Web while social networking is used for recruitment, lead generation, and marketing.

Along with Web 2.0, however, comes new risk as traditional URL filtering and antivirus solutions are rendered ineffective. Blocking access is not the answer increasingly the business needs broad Web access to compete and enable employees to get the job done.

2010 Websense, Inc. All rights reserved.

The Web Security Challenge

Enable secure business use of dynamic, interactive Web resources
Dynamic malware protection
Web is THE primary malware distribution platform AV cant keep pace

Dynamic acceptable use policy

Traditional URL filtering cant handle dynamic nature of todays Web Force IT into monolithic ON/OFF policies

Inbound mixed content, malicious scripts

Outbound data loss and compliance

Interactive destinations multiply data loss risk 58% of data stealing malware is Web based
AV, Filter, DLP

Outbound PII, CC#, SSN, health, financial

Rising Web security TCO

Managing multiple vendors and products Supporting the distributed enterprise

Static URL Filtering is Dead

Auctions Gambling Video or Audio Streaming Inappropriate Content

Traditional URL filters, classify this as Search Is it really?

Social Networking

Understanding the URL is not enough. You must understand and control the content on the page.

Complexity Driving Higher TCO

Branch Offices Remote Client Remote Users

AV Web SaaS DLP Sniffer SaaS

SaaS Console

Web/AV Manager

AV

Manage multiple products and vendors

Web HQ / Large Branch DLP DLP Manager Sniffer

Web, AV, DLP Multiple boxes, policies, reporting systems, and relationships

Securing the distributed enterprise

Remote offices lack technical expertise May add yet another separately managed SaaS solution

The challenge replace ad-hoc Web security with a simple, unified solution

The Web Security Gateway Anywhere Solution

The TRITON Architecture

Unified Solution
Web
Security

Data
Security

Email
Security

Unified Content Security

SaaS

Appliance

Software

Unified Platform

Unified Management
2010 Websense, Inc. All rights reserved.

The Web Security Gateway Solution

The best security against modern threats Apply policy to dynamic , interactive Web 2.0 content Protect against dynamic and scripted Web threats Prevent outbound data loss and establish compliance controls Manage use of network applications and protocols Gain visibility into encrypted SSL traffic At the industrys lowest TCO Consolidate multiple products and deployment platforms with
a unified content security solution

Web Security Gateway Overview

1

Advanced Classification Engine TruHybrid Deployment TruWeb DLP Enterprise Proxy Architecture TRITON Console

V-Series Appliances
Enterprise-class performance and reliability for on-premise deployments
Scale to 7,500 users per appliance Support for load balanced, high availability clusters Global 24 x 7 phone support Global 4 hour on-site service Proven in Fortune 100 environments

V10000 Appliance
Headquarters/ Large Branch Appliance

Lowest total cost of ownership

Preconfigured, hardened, simple to deploy Consolidated Web security: filtering, AV, real-time scanning, DLP, management Investment protection - future support for Web, DLP, email security

Two Deployment Options

V5000 Medium Business/Branch V10000 Headquarters/Large Branch

V-Series Deployment Options

V10000 Appliance Enterprise HQ / large branch Up to 7,500 users Component redundancy Investment protection
Scale for consolidated Web AND email (v7.6) Headroom to grow beyond 2000 users
V-Series Appliances
DLP DLP DLP DLP

V5000 Appliance

Enterprise branch and medium business Up to 2,000 users Web OR email appliance (v7.6)

Web

Email

Web

OR

Email

V10000

V5000

V5000

Websense TRITON Advanced Classification Engine (ACE)

ThreatSeeker Network

0101010101010101 1010110111010101

Real-time Content Classification

Extends acceptable use policy to dynamic content not accurately classified by traditional URL filtering
Password protected, mixed-content, uncategorized, personalized sites iGoogle, Facebook, LindedIn, Twitter, MyYahoo, etc.

Dynamically classifies content within each Web page on the fly

Allow appropriate content, block unwanted or malicious content Accurate across all 95 Websense categories

Unlock the power of the Web 2.0 without compromising productivity and security
14

Without Websense

15

With Websense

16

Without Websense
Decisions based on past history not actual content Simplistic policies lead to over-blocking or poor security Facebook = BAD, block all pages Wikipedia = GOOD, allow unrestricted access AV and other signature-based technologies protect against known threats only No practical data loss prevention Manually configured regular expressions guarantee false positives, extensive tuning, and wasted time No best practice compliance policies or reporting Enterprise-class compliance solution requires complex and costly third-party integration

YES

NO

MAYBE

? ? ?

? ? ? ?

With Websense
Real-time classification for granular control of content elements within page
Across 95 categories Actual content versus past reputation

Real-time security scanning for dynamic zero day and scripted malware protection
YES

NO

MAYBE

NO

YES

MAYBE

YES

YES

YES

Native integration of market leading DLP for easy to deploy data compliance controls Enables organizations to enable Web 2.0 without inbound threats and outbound risks

Real-time Security Scanning

Modern threats designed to evade antivirus (AV)
AV blocks known threats > attacks change or target zero-day vulnerabilities AV focuses on executables > attacks are scripted Leverage complex evasion methods obfuscation, hybrid Web/email, spearphishing

Real-time security scanning protects against dynamic zero day and scripted attacks that evade antivirus
Analyzes scripts, executables, URL, reputation, and content on-the-fly Multi-point analytics combine to identify malicious intent

Augments integrated antivirus and malicious URL filtering for complete protection against known and unknown threats
JavaScript Active X Executables Applets Flash Silverlight JavaScript Active X

Code analyzed malicious intent blocked

Executables Applets Silverlight

19

The ThreatSeeker Network

1 billion pieces of content per day
Websense

Threat Detection/Probes Real-Time Security Updates Shared Analytics/Feedback

Web Security Gateway

ThreatSeeker Technology

2+ million posts per day

Websense

Hosted Customers

Defensio

Websense ThreatSeeker Technology URL and Security Database

Websense

Security Labs

200+ million sites per day

10+ million emails per hour

Hosted Security

Flexible policy controls

Granular web policy creation
95 URL categories Control to block, allow, confirm and use quota

Implement policy for groups and individuals

Integration with authentication services Allows detailed policy and actionable reporting

Advanced Protocol Control

Growth in development and use of network protocols for applications
IM, P2P etc can be implemented using SSL to create invisibility Growing security concern for inbound and outbound communications

Web Security Gateway controls 130+ protocols and applications

Prevent threats from entering network via non-business channels (e.g. P2P, IM) Prevent confidential data from leaving Preserve bandwidth for business applications Control SSL encrypted (e.g. GoogleWave) and tunneled enterprise applications (e.g. Webified Oracle)

22

TruHybrid Deployment
The ONLY solution with unified management of hybrid on-premise / SaaS deployments
SaaS Web Security Remote Users Branch

TRITON Console

SSL

Flexibility to deploy where and how you need it

Secure HQ with on premise appliance Secure branch and mobile users in the cloud No need to manage separate policies and reports 2X lower operating cost than competition
V-Series Appliances

HQ/Branch

TruHybrid in Action
Secure branch office and mobile users in minutes
Register branch IP addresses with onpremise Web management User, group, policy, reporting data automatically synchronized between onpremise manager and SaaS data centers No remote equipment or client software to support Policy, Users, Groups
SaaS Web Security Remote User V-Series Appliance or Dedicated Management Server

HQ / Large Branch

Log/Reporting

Branch

SaaS Service Delivery

Hosted from 8 globally distributed data centers
San Jose and Ashburn, United States Heathrow and Feltham, UK Dusseldorf, Germany Paris, France Hong Kong Sydney, Australia

Resilient processing clusters Automatic data center allocation and fail-over

Directs travelling users to nearest geographical data center Redirects to nearest alternate in case of failure

Performance
Service Level Agreements: 100% protection against known viruses 99.99% service availability No noticeable latency: < 60ms average processing time

Accredited to ISO27001

TruWeb DLP
Native integration of market leading DLP for Web traffic
Predefined compliance data classifiers, policies, and reporting Patented precise ID fingerprinting
Web DLP

Simplified DLP and compliance

Single-box Web/DLP enforcement Unified TRITON interface Single vendor Automated compliance bestpractices and accuracy

Simple, Single-Box Enforcement

Competitors
Vendor A Web Security Antivirus ICAP DLP Sniffer
Web DLP

Websense

V-Series Appliance

Vendor B

On-premise deployment (appliance or software) Lower latency No unencrypted sensitive data sent over network Lower TCO for complete inbound/outbound Web security

3X fewer enforcement boxes PER LOCATION! 2X fewer management systems 2X fewer vendors Lower software license cost Simple license key upgrade to full DLP

Best Practice Compliance Wizards

Select Region

Select Industry Select Regulation

Best practice compliance policies automatically enabled in minutes

No need to translate vague or complex regulation into technical DLP policies Derived from years of experience meeting worldwide compliance requirements

Web User and Destination Awareness

DLP policies and reports include user and Web category information Accelerate decision making and compliance
Compliance reports immediately reveal sources of outbound risk what, who, and where Separate legitimate business process from compliance violations

Enterprise Web Proxy, SSL Proxy and Cache

Decrease latency for Internet downloads Consolidate existing proxy deployments

Reduce rack space, power, latency, and support cost

Enable visibility and control of encrypted SSL traffic

Eliminates blind spot used to circumvent outbound control policy (firewall, DLP, Web) Often used by proxy avoidance sites Integration with Web DLP enables inbound and outbound control SSL bypass supports privacy exceptions (e.g. banking)

TRITON Console
Unified management of Web, DLP, on-premise, and SaaS

Role based control for Web and data loss prevention Simplifies administration for lowest TCO Expandable to full TRITON unified content security solution
Full enterprise wide DLP (discovery, endpoint, email, etc.) on existing hardware with simple license upgrade Preserve investment in existing policies, reports, training, hardware Future support for integrated email (also running on V10000 appliance)

Comprehensive Security Dashboard

System Health Monitoring Security Alert Monitoring Task-based Management

Fully customizable click-through reports

Task-based Management
Common administration tasks available on all interface pages
Reduce learning curve to manage product Reduce time to carrying out common tasks Simplify troubleshooting without user involvement

World Class Reporting

Drill-down reporting direct from dashboard Integrated policy and reporting interface Numerous output options: pie chart, bar charts, pdf, html

Unparalleled Visibility
Where Your Users are Going

Where Your Data is Going

Where You Are at Risk

Questions?