Triton Security Gateway Anywhere

Many security vendors are struggling to deal with the rapid evolution of economic internet usage, but Websense's Triton Security Gateway Anywhere (TSGA) intends to bring order to chaos. It claims to be the primary unified content security solution for web, mail and information security that does not depend upon third-party analysis.

On review is the V10000 appliance which can handle as much as 2,500 users and runs all TSGA components on a single platform. Beyond this user count the several components are distributed on multiple appliances to prevent impacting performance. For online page security, most UTM solutions depend on a native URL database or cloud-based services. With Websense's hybrid service you get the right of both worlds, as filtering is performed inside the cloud and locally at the appliance.

Social networking is now a vital business tool but most UTM solutions can only block or allow access. Not so with TSGA, as Websense's own website analysis can allow access to those sites but block users from undesirable content. The info security module works with both the net and mail components to forestall data loss via channels reminiscent of HTTP, HTTPS, FTP and mail. Compliance with data protection regulations is roofed completely, as Websense includes over 4,000 predefined policies for PCI DSS, HIPAA, SOX and more.

For lab testing, we deployed the TSGA appliance in a network containing two Dell PowerEdge servers, with one acting as a Windows Server 2008 R2 domain controller and any other hosting internal email services. We used Windows 7 client PCs configured to make use of TSGA as their proxy. For email data leakage testing we added a 3rd system providing an external mail domain.

Administration is intensely simple way to the intuitive web interface. Websense has avoided any complexity by grouping the most modules under three tabs for web, data and email security. Selecting either tab brings up a customisable dashboard showing the present day's detected threats, security risks and policy activity for that exact module. You're able to quickly pull up historical displays, view alerts or audit logs and, for the online security module, see all activity occurring.

Reporting is accessed from a similar panel where you are able to pick from a list of predefined web usage reports. Web security policies may be created swiftly and applied to AD users and groups, IP address ranges and individual machines. Each policy contains web category filters, and Websense provides one of the vital comprehensive lists we've yet seen. Protocol filters are only as extensive and canopy most IM and P2P apps, file transfer tools, IM file attachment controls and web mail. Individual categories can be blocked or allowed and will have URL keyword searches, file type blocks and skimming time quotas applied. A bandwidth optimiser could be applied to category and protocol filters, so although they're enabled they are going to be blocked if bandwidth usage goes above a collection percentage. The default mail policy monitors all inbound and out-bound messages for viruses and spam. For the latter, Websense scans the message body, classifies any URLs it finds, runs heuristics, uses its LexiRule scanner to envision for specific word patterns and calculates message fingerprints and compares them to its spam database.

Configuring data security is swift, as this tab offers quick setup options for data loss prevention (DLP) policies for mail and web. For mail you may enforce size limits, control attachments, look for patterns and phrases and apply predefined dictionaries of unacceptable terms.

Pattern and phrase matching isn't restricted to the message itself as you can even search within attachments. Regulatory compliance is handled well, as you decide which of them you'll want to apply and judge the rustic of operation. TSGA determines which regulations are most applicable on your locale and applies them for you.

You may also create fingerprints of sensitive files and, besides the fact that just a partial match is located, you may block files from being sent. Websense's PreciseID identifies content in line with a massive dictionary of patterns akin to mastercard numbers, and it could even apply image analysis to mail.

DLP web policies can include compliancy checks and pattern matching. File uploads are controlled by type, name, size and the destination website, and you'll stop users posting content over a undeniable size. We tested the mail DLP policies by sending messages across our two domains. Some attachments were Word documents with banned patterns and phrases, and these were successfully blocked. We also tested its analysis capabilities with various images and located TSGA proficient at quarantining those who were unacceptable.

DLP activity may be monitored closely using a giant catalogue of predefined reports and views. For our blocked mail lets see these inside the incident reports, and choosing one pointed out a forensics window where lets see all of the content of the message, attachment, recipient and sender.

We were impressed with the extent of features on offer, as TSGA appears to have every security angle covered. Websense scores highly for value, and management is neatly centralised.
Dave Mitchell