2. Websense Email Security Solutions Overview
Challenge
The nature of email threats has changed over the past few years. Gone are the days when email security, better
known as anti-spam, was primarily tasked with blocking based on volume and scanning for email-borne viruses. The
signature-based techniques used in early solutions, while still a viable part of a multi-layered strategy, are simply not
capable of protecting organizations from the highly targeted, blended attacks of today. In February 2012 IDC stated,
“Signature-based tools are only effective against 30–50% of current security threats.”
Solution
Read the cybercrime blogs and it’s evident that email is still a major attack vector. But read further and you’ll find
that a large percentage of the attacks are actually perpetrated via the web. The takeaway is email facilitates the
attack and web actually performs the actions. A modern security approach therefore requires both web and email
channels be evaluated with a strong cross-pollination of information between the two.
Websense® email security solutions are built on our core TRITON® technologies:
•
Gateway Threat Analysis leverages security intelligence from the Websense ThreatSeeker® Intelligence Cloud
and Websense ACE (Advanced Classification Engine) — collecting data from more than 900 million endpoints
and analyzing up to 5 billion requests per day — to thwart advanced malware, spam, and blended threats.
•
Point-of-Click Threat Analysis sandboxes suspicious links embedded in emails at the recipient’s point-of-click.
•
Behavioral File Sandboxing analyzes suspicious files attached to email.
•
Built-in Data Loss Prevention (DLP) monitors and prevents sensitive data such as product roadmaps or
customers’ personally identifiable information (PII) from leaving the corporate network via email.
ThreatSeeker Intelligence Cloud™
URL
ANALYSIS
THREAT
DATA
Internet Email
Unfiltered
Outbound Email
Clean and Policy Compliant
CONTENT
ANALYSIS
Malware
Spyware
Filters
Spam
Filters
Unwanted Email Quarantined
PAYLOAD
ANALYSIS
Inbound Email
Clean and Policy Compliant
Adaptive Learning
Network &
Reputation
Analysis
INTERNET
EVENT
CORRELATION
Content
Filters
Outbound Email
Unfiltered
3. Websense Email Security Solutions Overview
Features
The Websense Difference
ACE uses composite scoring with predictive
analysis. Combined with classifiers for real-time
security, data and content analysis — the result of
point to dynamic-IP botnets or web pages that
host dynamic code — two techniques that may
elude even the most robust gateway malware
analysis.
years of research and development — they enable
For example, an email sent at midnight may
ACE to detect more threats than traditional anti-
contain a link to a web page that was harmless on
virus engines every day (the proof is updated
the initial security scan at the gateway. However,
weekly at securitylabs.websense.com). ACE is the
the same web page may include injected
primary engine behind all TRITON solutions, and
malicious code when the recipient clicks on the
is supported by the ThreatSeeker Intelligence
link the following morning. URL Sandboxing
Cloud, which collects data from more than 900
helps thwart web pages hosting dynamic code
million endpoints and analyzes up to 5 billion
injections that have bypassed initial gateway
requests every day.
analysis.
Gateway Threat Analysis
Behavioral File Sandboxing
Advanced Malware Protection
Email File Sandboxing
ACE analyzes inbound and outbound email for
Suspicious file attachments are scanned in a
malware, spyware, and targeted and blended
cloud-based behavioral sandbox to protect
threats. With real-time composite risk scoring,
against the latest, and most dangerous, zero-day
anti-malware engines, and security intelligence
and advanced persistent threats (APTs).
from the ThreatSeeker Intelligence Cloud,
protection is provided against known and
unknown threats within email.
Accurate Spam Detection
Websense provides highly accurate spam
Forensic Reporting
Actionable reports that describe the system
changes made and network communications
used by the malware are automatically delivered
to administrators.
blocking with very low false positives that
is backed by a 99 percent or higher SLA. A
combination of identification technologies is
used, including: sender reputation, connection
management, adaptive learning, URL analysis,
heuristics, suspicious PDF identification and
optical recognition of image spam.
Built-in Data Loss
Prevention (DLP)
Policy Templates and Dictionaries
Pre-defined dictionaries in multiple topics and
languages plus built-in PCI-DSS and data privacy
Point-of-Click Threat
Analysis
templates help you quickly identify and stop
URL Sandboxing
Flexible Encryption
Isolates suspicious links embedded in emails and
Protect sensitive and regulated data by securing
analyzes the payload of the corresponding web
email through TLS encryption for server-to-
page at the recipient’s point-of-click. Modern
server protection. Advanced Email Encryption
phishing attacks succeed primarily because
(optional) secures the email and any attachments
phishing emails now contain embedded links that
from sender to recipient.
email policy violations and meet regulatory
requirements.
4. Websense Email Security Solutions Overview
Deployment Models
Websense offers multiple deployment models for email security, so that you get to choose which
method makes the most sense for your organization.
Cloud
Cloud: An in-the-cloud email security solution saves time and money with
no equipment to install or maintain, built-in resilience, predictable costs
and reduced administrative overhead.
Protecting email with Websense is easy. Simply point MX records to the
Websense data centers and email is cleansed before it reaches your
network, saving bandwidth by removing spam and threats in the cloud.
Websense data centers are
•
Load balanced
•
Redundant
•
Located worldwide
The service provides an SLA-backed availability of 99.999 percent and is
certified to ISO27001 standards to provide the highest degree of global
and localized security, privacy and confidentiality.
Appliance
Appliance: Maximum control of all policies and reporting with an
on-premises appliance.
The Websense V-Series™ appliances are high-performance, preconfigured,
security-hardened hardware platforms designed to support flexible
deployment of the leading Websense web, email, and data security solutions.
The physical appliances are available in two models:
•
Websense V10000:
For headquarters and large office deployments.
•
Websense V5000:
For branch office and medium business deployments.
A virtual appliance is also available:
•
Websense ESGv – Virtual appliance in OVF format.
Hybrid
Hybrid: Integrates in-the-cloud deployment with an appliance for an
optimal balance between scalability and control.