Data Security Solution

web security | data security | email security Websense Confidential © 2010 Websense, Inc. All rights reserved.
Agenda

Market Challenges
TRITON Architecture
Websense DLP Solution
– Identify
– Monitor
– Protect
– Manage
Packaging
Deployment Scenarios
Industry Recognition
Takeaways

Websense Confidential
Challenge of Data Loss Prevention
Ensure uninterrupted business by managing compliance & risks,
preventing data loss and securing business processes

Manage and measure compliance and risks

– Delays in generating audit reports and
compliance requirements
– Difficulty uncovering broken or bad business
processes

Visibility into data stored and in transit

– Unknown types of data
– Uncertain risks for each communication
channels


Securing Business Processes

– Cannot enforce who can send what
– Possible damage to company brand and
reputation




Websense Confidential
3
Cost of Data Breaches

Average Total Per-Incident Cost

Ponemon Institute 5th Annual US Cost of Data Breach Study

Websense Confidential
Cost of Data Breaches

Cost per Compromised Record

Ponemon Institute 5th Annual US Cost of Data Breach Study

Websense Confidential
Threat from Multiple Vectors

87.7% of email messages were spam

85.6% of all unwanted emails in circulation during
this period contained Links

Web is the final destination!

Websense Security Labs State of Internet Security, Q3-Q4, 2009

Websense Confidential
6
Threat Landscape – Half Yearly Report

39% of Malicious Web attacks included Data-

Stealing code
57% of Data-Stealing attacks are conducted over
the Web

Websense Security Labs State of Internet Security, Q3-Q4, 2009

Websense Confidential
7
 Websense Confidential

Websense TRITON

© 2010 Websense, Inc. All rights reserved.

Websense Confidential
Websense TRITON

Industry’s first unified security architecture integrating web,

data and email
Protect against dynamic & blended threats, while easing
administration and providing lowest total cost of ownership

Websense Confidential
Unified Content Security Solution

Unifies Web security, email security

and data loss prevention
Unifies on-premise and SaaS
platforms for TruHybrid deployment
Unifies content analysis across
multiple vectors for modern threat
prevention

Security with unparalleled flexibility and adaptability for

modern threats at the lowest total cost of ownership

Websense Confidential
The TRITON Architecture

Unified
 Web
Security
Data
Security
Email
Security
Solution
Unified Content Security

SaaS Appliance Software

Unified

Platform

Unified
Management

Websense Confidential © 2010 Websense, Inc. All rights reserved.

 Websense Confidential

Websense DLP Solution

© 2010 Websense, Inc. All rights reserved.

Websense Confidential
Websense Data Security Suite
Market-leading Data Loss Prevention technology to
identify, monitor and protect confidential data

Unified Policy Design

– Only offering with unified policy
design
– Manage all facets of effective
Data Loss Prevention policy
– Powerful monitoring capability
to track ever changing data
(stored and in transit)

Low Cost and Complexity

– Modular solution tailors to
specific customer requirements
– Simple deployment and
reduced box-count with tight
feature integration

Websense Confidential
 Websense Confidential

Websense DLP Solution

Identify
© 2010 Websense, Inc. All rights reserved.
Websense Confidential
 Accurate Identification - PreciseID

PreciseID

• Websense User Service
 Statistical Analysis • Websense Web Intelligence

> real-time user I.D. > real-time destination awareness

File Matching

Regular Expressions

Categories / Dictionaries

Websense Confidential
Out-of-Box Classifiers

Robust building blocks

to identify data
Built-in Classifiers
– Patterns
– Dictionaries
– File Properties
– PreciseID NLP
Extensible to create
custom classifiers

Websense Confidential
Network Fingerprinting

Network Fingerprinting
– Database
– Files
– Fileshare/Sharepoint

Streamline Database Fingerprinting

– Simply specify fields to be included
– Connection to database over ODBC
• Fingerprint directly from the database
• Perform incremental fingerprinting as databases grow
• No need to copy content to an external file potentially exposing
sensitive data

Websense Confidential
Endpoint Fingerprinting

Common Fingerprinting Implementation

– Data analysis conducted at Enterprise network
– Require endpoint to be online
– Heavy burden on network
– Possible sensitive data traversing the network

Websense Endpoint Fingerprinting

– Data analyzed at endpoint
• Available online or offline
• No sensitive data traversing the network for analysis
– Light-weight
• 1,000:1 compression (1KB fingerprint to identify 1MB data)

Websense Confidential
Accurate Identification

What is your sensitive data?

– Every customer’s sensitive data will be unique
– Regular expressions by themselves are not sufficient
– Combination of classifiers and rules provide the highest
accuracy in discovering sensitive data

Example of document found on an endpoint

Credit Card #
Customer John Doe 111-22-3333 paid using
2468-1357-3333-4444.
Name Dictionary
Jane Brown asked us to call her back at 408-555-7890.

Social Security # Mike Smith gave us a new card to use: 1111222233334444

for his account 123-44-9999.

Websense Confidential
 Websense Confidential

Websense DLP Solution

Monitor
© 2010 Websense, Inc. All rights reserved.
Websense Confidential
Out-of-the-Box Policies

Over 1,000 Policy

Rules and growing
Built-in templates for
data types and
regulations
Quickly find relevant
templates by region
and industry filters

Generate new policies with few click of the mouse

Websense Confidential
One Policy - Every Channel

A policy can be applied to a single channel of

communication, multiple channels or
– Endpoint Apps all channels
– Email – Browser
– Web – CD Burning Apps
– Network Printer – FTP
– Local Printer – Instant Messenger
– Removable Media – P2P Apps
– LAN Storage
Simplify policy creation and deployment
No need to recreate policy as additional channels
are monitored

Websense Confidential
Monitor Stored/Sent Data

Flexible discovery task scheduling

– Once
– Continuously
– Days of the week
– Hours of the day

Websense Confidential
TruWeb DLP

Native integration of market-leading DLP solution

and Web security
– Full DLP capability for the web channel
Running on Websense V10000 appliance
– Local content analysis engine to inspect all web traffic
Common management UI via TRITON Console
Single box single vendor solution DLP Web

– No need for 3rd party proxy

– Simplify network deployment
Websense V10000 Appliance

Only available from Websense

Websense Confidential
Smart Detection

John Doe 3:01 PM

Detect multiple instances Joe Smith

Customer Information

of small data leaks

John Doe 3:14 PM
Joe Smith
Joe,

Here is a customer
Customerinformation:
Information

– Configure policy spanning

John Doe 3:17 PM
Joe, Joe Smith

specific range of time Here is a customer

Customerinformation:
John Doe
Joe Smith
Joe,
Information
4:45 PM

– Detect results of multiple Here is a customer information:

Customer Information
Joe,
incidents adding up to a Here is a customer information:
Mike McDonald CCN: 1111-2222-3333-4444

potentially large data loss

John Doe 4:50 PM

Administrators can Joe Smith

manage business policies;

Re: Customer Information

Joe,

not just incidents

Here is another customer information:
Jane Brown CCN: 1234-2345-3456-4567

Only available from Websense

Websense Confidential
25
Minimizing False Positives

Accurate policies cannot be mere collection of

regular expressions
Policies must be both content and context-aware
If an email is sent outside the hospital containing a patient name along with
his/her medical condition, we would be in deep trouble.

Destination
Janet@gmail.com

You won’t believe who I saw

Name Dictionary
Janet,

Guess what? Britney Shears just checked into the hospital and she has
Medical Dictionary nasopharyngitis. Can you believe it?!
nasopharyngitis

Tina

Websense Confidential
 Websense Confidential

Websense DLP Solution

Protect
© 2010 Websense, Inc. All rights reserved.
Websense Confidential
Remediation Action – Data Usage

Several built-in remediation actions

– Quarantine available for
various channels – Encrypt
– Permit – Quarantine & Encrypt on release
– Block
– Confirm
Additional actions available
– Remediation scripts
– Logging
– Email to user or others for release/notification

Websense Confidential
Remediation Action - Data Discovery

Remediation Script
– Several predefined scripts available for execution
– Custom scripts for highest flexibility
Common Remediation Action
– Tombstone
– Ransom Note
– Encrypt
– Apply EDRM

Websense Confidential
 Action Plan

Define actions for specific rule violations

– Granular response for each channel
– Extensible and flexible control via scripts
Define different action plans based on severity
– Severity of violation can dictate different responses *

* Severity is user-defined based on number of matches

Websense Confidential
Endpoint Protection
Removable
Media

Internet USB Drives

Local Printer

Network Printer 1

Print
LAN Storage Server
Network Printer 2

Websense Confidential
Endpoint SaaS Protection

SaaS Applications

Enhanced policy settings

for Web applications
– Ensure sensitive data are
uploaded only to trusted and
secure sites
– Restrict download of
sensitive data from trusted
sites to endpoint

Websense Confidential
32
Removable Media File Encryption

Enable secure “sneaker-

netting”
– Enforce policy requiring
select data be encrypted
before copied to USB drive
– Secure transport of data
between endpoints
– Native Websense encryption
technology

Websense Confidential
33
Proven Results and Methodology

Passive Monitoring Notifications Active Enforcement

• • •
Websense Confidential
 Websense Confidential

Websense DLP Solution

Centralized Management and Reporting
© 2010 Websense, Inc. All rights reserved.
Websense Confidential
 Managing Multiple Facets of Data Loss Prevention

Who What Where How Action

Human Resources Source Code Benefits Provider File Transfer Audit

Customer Service Business Plans Personal Web Storage Web Block

Marketing Patient Information Business Partner Instant Messaging Notify

The ONLY solution providing Unified Policy

Finance M&A Plans Blog Peer-to-Peer Remove

Design for effective and efficient control

Accounting Employee Salary Customer Email Encrypt

Sales Financial Statements Spyware Site Print Quarantine

Legal Customer Records USB Removable Media Confirm

Technical Support Technical Documentation Competitor Print Screen

Engineering Competitive Information Analyst Copy/Paste

Websense Confidential
TRITON Console

Web-based common user

interface for Data and Web
Security solution
Manage all DLP deployments
– All channels
– TruWeb DLP (WSGA)
– Individual Modules
– Data Security Suite
Replace prior management
solution based on Microsoft
Management Console

Websense Confidential
37
Streamline Incident Management

Competitor Alerts

Data: HIPAA

Source: 10.14.222.21 Reporting overhead

Channel: Web – Looking up destination IP
Destination: 92.10.219.62 address
– Correlating IP address to user
Websense Alerts
– Approx 10 min
Data: HIPAA & PII, Customer Database Administrators can receive
Source: Tina Doh x1234
tinad@acmehosptial.com 100s of alerts per day
Title: Associate
Dept. Accounting Significant cost just to obtain
Manager: Mike Brown
x2345 readable alerts
mbrown@acmehospital.com
Channel: Web
Destination: gmail.com
Type: Personal webmail site
Location: Mountain View, CA

Websense Confidential
 Websense Confidential

Websense DLP Solution

Packaging
© 2010 Websense, Inc. All rights reserved.
Websense Confidential
 Flexible Offerings
WEBSENSE

Data Security

Suite

D
• ata Endpoint
• Local discovery
• Removable media & CD/
DVD security
• Application controls for copy/
paste, print, print screen, file
access

•Data Protection
• Automated policy
enforcement for all channels
• Destination policy controls
WEBSENSE

Data Protect

•Data Monitoring
•Data Protection • Monitoring for
• Automated policy • Mail
enforcement for all channels • Web / FTP
• Destination policy controls • IM
WEBSENSE
 WEBSENSE
 WEBSENSE

•User defined protocols
Data Discover Data Monitor Data Endpoint • Destination awareness

•Data Discovery •Data Monitoring •Data Monitoring D

• ata Endpoint •Data Discovery
• Monitoring for • Monitoring for • Local discovery
• Network and file discovery • Network and file discovery
• Mail • Mail • Removable media & CD/
for structured and for structured and
• Web / FTP • Web / FTP DVD security
unstructured data unstructured data
• IM • IM • Application controls for copy/
• Automated remediation for • Automated remediation for
• User defined protocols •User defined protocols paste, print, print screen, file
data at rest data at rest
• Destination awareness • Destination awareness access

Websense Confidential
40
 Solutions for Every Customer
Data
Data Data Security
Web DLP Monitor Data Protect Endpoint Data Discover Suite
Data Identification

Central Management

Notifications

Monitor Web

Enforce Web

Monitor Email

Enforce Email

Web Downloads

Outbound LAN

Removable Media

Application Control

Agent Based Discovery

Agent-less Discovery

Available with v7.5

Websense Confidential ©2010 All Rights Reserved. Websense, Inc.
 Websense Confidential

Deployment Scenarios

© 2010 Websense, Inc. All rights reserved.

Websense Confidential
Simple Deployment via Websense
Lower cost and complexity More effective data loss prevention
– Streamlined administration – Greater visibility and control
– Less Hardware – Higher performance and resiliency

Competitor Offering Websense

Multiple Boxes (13), Multiple Vendors 3 Boxes, Single Vendor

DB
 Discovery
 HQ HQ
Server Server
DLP DLP Web
AV

Endpoint
 Manager Network
 Web Security Manager V10000

Server Sniffer

AV Branch 1 AV Branch 2 DLP Web

DLP Web Branch 1 Branch 2

Network
 Network

Sniffer Web Security Sniffer Web Security
V10000

Websense Confidential
43
Onboard Content Analysis Engine

WSGA/V10K V10K
Protector
– Web content analyzed on-box
– No need for ICAP protocol
Protector
– All content analyzed on-box
– No need for separate DSS server Incident & Policy
Efficient Management
– Management sends and receives
policies/incident information only
– No transmission of sensitive data
across network
Management

DSS Server

Websense Confidential
44
ICAP Complexity and Cost
Competitor Web DLP solution require minimum 2-box
– 3rd party proxy
– DLP for content analysis 3rd Party Proxy

Inherent complexity from ICAP

– 3rd party proxy setup and
Traffic Analyzed Traffic
administration
– Network configuration
– Possible 3rd vendor for securing
ICAP traffic ICAP
Transfer
– Redundancy require complete
architecture redesign
Encryption
Vendor

Competitor DLP
Solution

Websense Confidential
45
ICAP Performance Concerns

Increased latency
– Proxy has to send every outbound Web communication for
analysis and wait for a reply
Twice the load
– Every PUT/POST is passed from the gateway over the
network to a DLP analyzer
Twice the hardware
– Redundant hardware required for fault tolerance
– Requires content to be passed over the network
simultaneously to redundant system

Websense Confidential
TruWeb DLP Deployment

Remote
Outbound Traffic Site
V10K
Internet

Outbound Traffic
V10K
Websense
Manager

Management

DSS Server

Content Analysis Engine

Websense Confidential
TruWeb DLP upgrade to DSS

Remote
Outbound Traffic Site
V10K
Internet

Outbound Traffic
V10K
Websense
Manager DSS Server

MTA
Scalability
Management

DSS Server

Discovery Agent

File
Endpoint Agent Server

DSS Server
Content Analysis Engine

Websense Confidential
DSS Deployment

Remote
Outbound Traffic Site
Internet DSS
Protector

Outbound Traffic
DSS Protector

Management
 Scalability
DSS Server

Discovery Agent

File
Endpoint Agent Server

DSS Server
Content Analysis Engine

Websense Confidential
 Websense Confidential

Industry Recognition

© 2010 Websense, Inc. All rights reserved.

Websense Confidential
 Gartner

“Strong network, discovery and

endpoint capabilities, along with
good workflow, offer customers a
very competent and well-rounded
content-aware DLP solution.”

The Gartner Magic Quadrant or Content Monitoring and Filtering and Data Loss Prevention was written by Eric Oullet and Paul E. Proctor and is
copyrighted June 17, 2008 by Gartner, Inc., and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for
a specific time period. It depicts Gartner’s analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner
does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors
placed in the “Leaders” quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner
disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
The Magic Quadrant graphic was published by Gartner, Inc., as part of a larger research note and should be evaluated in the context of the This Magic
entire report. The Gartner report is available upon request from Websense.

Websense Confidential
 Forrester

“Websense alone leads the

content security suite market
because of its current functionality
and suite-oriented product
strategy.”

The Forrester Wave is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave are trademarks of Forrester Research, Inc.
The Forrester Wave is a graphical representation of Forrester's call on a market and is plotted using a detailed spreadsheet with exposed
scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information
is based on best available resources. Opinions reflect judgment at the time and are subject to change.

Websense Confidential
Customers That Trust Websense for DLP
Financial Services Healthcare – Insurance Government

Technology & Manufacturing Media & Telecommunications Retail

Websense Confidential © 2010 Websense, Inc. All rights reserved.

 Websense Confidential

Takeaway

© 2010 Websense, Inc. All rights reserved.

Websense Confidential
Key Takeaways

Reduce Cost and Complexity

TRITON Architecture
– Unified Content Security Solution
Simple Deployment & Management
– Reduced box count single vendor solution
– Context from Web and Data security integration
Lowest Complexity, Lowest TCO
– Less HW
– Common management

Websense Confidential
Websense Confidential