Triton Security Gateway Anywhere

Many security vendors are struggling to deal with the rapid evolution of economic internet usage, but Websense's Triton Security Gateway Anywhere (TSGA) intends to bring order to chaos. It claims to be the primary unified content security solution for web, mail and knowledge security that does not have faith in third-party analysis.

On review is the V10000 appliance which can handle as much as 2,500 users and runs all TSGA components on a single platform. Beyond this user count the varied components are distributed on multiple appliances to bypass impacting performance. For website security, most UTM solutions depend upon a neighborhood URL database or cloud-based services. With Websense's hybrid service you get the correct of both worlds, as filtering is performed inside the cloud and locally at the appliance.

Social networking is now the most important business tool but most UTM solutions can only block or allow access. Not so with TSGA, as Websense's own web site analysis can allow access to those sites but block users from undesirable content. The information security module works with both the internet and mail components to forestall data loss via channels similar to HTTP, HTTPS, FTP and mail. Compliance with data protection regulations is roofed completely, as Websense includes over 4,000 predefined policies for PCI DSS, HIPAA, SOX and more.

For lab testing, we deployed the TSGA appliance in a network containing two Dell PowerEdge servers, with one acting as a Windows Server 2008 R2 domain controller and the opposite hosting internal email services. We used Windows 7 client PCs configured to take advantage of TSGA as their proxy. For email data leakage testing we added a 3rd system providing an external mail domain.

Administration is extremely simple because of the intuitive web interface. Websense has avoided any complexity by grouping the principle modules under three tabs for web, data and email security. Selecting either tab brings up a customisable dashboard showing the present day's detected threats, security risks and policy activity for that express module. You could quickly pull up historical displays, view alerts or audit logs and, for the internet security module, see all activity occurring.

Reporting is accessed from the identical panel where you could select from a listing of predefined web usage reports. Web security policies could be created swiftly and applied to AD users and groups, IP address ranges and individual machines. Each policy contains web category filters, and Websense provides probably the most comprehensive lists we've yet seen. Protocol filters are only as extensive and canopy most IM and P2P apps, file transfer tools, IM file attachment controls and web mail. Individual categories can be blocked or allowed and might have URL keyword searches, file type blocks and skimming time quotas applied. A bandwidth optimiser may be applied to category and protocol filters, so even though they're enabled they are going to be blocked if bandwidth usage goes above a hard and fast percentage. The default mail policy monitors all inbound and out-bound messages for viruses and spam. For the latter, Websense scans the message body, classifies any URLs it finds, runs heuristics, uses its LexiRule scanner to review for specific word patterns and calculates message fingerprints and compares them to its spam database.

Configuring data security is swift, as this tab offers quick setup options for data loss prevention (DLP) policies for mail and web. For mail you're able to enforce size limits, control attachments, look for patterns and phrases and apply predefined dictionaries of unacceptable terms.

Pattern and phrase matching isn't restricted to the message itself as you too can search within attachments. Regulatory compliance is handled well, as you decide on which of them that you have to apply and select the rustic of operation. TSGA determines which regulations are most applicable to your locale and applies them for you.

You could also create fingerprints of sensitive files and, whether just a partial match is located, one could block files from being sent. Websense's PreciseID identifies content in response to a large dictionary of patterns comparable to mastercard numbers, and it could actually even apply image analysis to mail.

DLP web policies can include compliancy checks and pattern matching. File uploads are controlled by type, name, size and the destination website, and you'll stop users posting content over a undeniable size. We tested the mail DLP policies by sending messages across our two domains. Some attachments were Word documents with banned patterns and phrases, and these were successfully blocked. We also tested its analysis capabilities with a number of images and located TSGA proficient at quarantining those who were unacceptable.

DLP activity may be monitored closely using a sizable catalogue of predefined reports and views. For our blocked mail shall we see these inside the incident reports, and choosing one pointed out a forensics window where lets see all of the content of the message, attachment, recipient and sender.

We were impressed with the extent of features on offer, as TSGA appears to have every security angle covered. Websense scores highly for value, and management is neatly centralised.
Dave Mitchell