gds international - cio - summit - africa - 11

A Websense® White Paper

UNIFIED CONTENT SECURITY IN PRACTICE


Table of Contents

Executive Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Introducing the Websense® TRITON™ Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 The Strengths and Benefits of a Unified Content Security Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 Guidelines and Best Practices for Maximizing Potential Gains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 General Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 DLP-Specific Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

2


Executive SummaryPart 1 of the Websense® white paper series on unified content security explains why today’s organizations need a unified content security solution: among many other challenges, fast-evolving malware, blended threats, internally initiated data leakage, and an increasingly borderless enterprise have rendered traditional point product approaches less effective while driving up costs and complexity . Part 2 in the series subsequently defines a unified security solution as one that incorporates unified content analysis, a unified platform, and unified management . It also enumerates the capabilities and requirements that must be met by each of these components .

In this third and final installment, we introduce the Websense TRITON™ solution — the industry’s first and only solution to combine industry-leading Web security, email security, and data loss prevention security technologies into one unified architecture . This is followed by a comprehensive treatment of the benefits at-tributable to a unified content security solution, identification of guidelines and recommended practices to help maximize available gains, and real-world examples of organizations using the TRITON solution to successfully conquer their content security challenges .

Introducing the Websense TRITON SolutionThe TRITON solution is the industry’s first and only content security solution that is truly unified . It is designed to slash content security total cost of ownership (TCO) while enabling organizations to safely leverage new communication, collaboration, and social Web tools like Facebook and

Twitter . Organizations achieve the lowest TCO through its unified content security, which consolidates Web security, email security, and data loss prevention (DLP) into a highly flexible and scalable unified architecture; unified platform of on-premise and Security-as-a-Service (SaaS) deployments; unified content analysis with the real-time threat intelligence provided by the Websense Advanced Classification Engine (ACE); and unified management infrastructure . Compared with narrowly focused point solutions, the TRITON solution provides unrivaled visibility into an organization’s computing environment and application traffic, thereby enabling superior flexibility and control . Unified policy management that spans on-premise and cloud-based deployment options further ensures that remote office and mobile workers receive the same high-quality protection consistent with their headquarters-based colleagues .

Leading features and unique capabilities that the Websense TRITON solution offers include the following:

Market-leading Web and email security technologies. Flexible user authentication, application control, antivirus, real-time security scanning, URL filtering, advanced reputation analysis, SSL inspection, real-time updates, and integral Web DLP are all leveraged to protect against malware, improve employee productivity, and help prevent data loss while enabling safe use of dynamic Web 2 .0 resources . Likewise, comprehensive protection is provided for email with a cocktail of antispam, antivirus, reputation analysis, and integral email DLP capabilities .

Enterprise-class DLP. The TRITON solution also offers leading DLP technology designed to identify, monitor, and protect confidential data . By leveraging the unified content analysis of the TRITON solution, Websense Data Security Suite accurately prevents data loss, secures business processes, and helps organizations manage compliance and risk . Both internally and externally initiated data loss scenarios are addressed by a powerful combination of advanced detection techniques and content classifiers, thorough correlation of contextual information, and an extensive set of flexible response mechanisms . Multiple, integrated modules provide comprehensive visibility and control over data in

3


motion, in use, and at rest — while a unified policy framework and numerous manageability features ensure rapid time-to-value . Websense Advanced Classification Engine (ACE). An advanced composite content classification engine, ACE is the TRITON solution component that brings individual analytic services together to deliver truly unified content analysis . ACE is the “fusion” of all the different market-leading Web, security, and DLP analytics Websense has to offer, including real-time security and content classification .

Websense ThreatSeeker® Network. Composed of a dedicated team of cutting-edge security researchers, a collection of more than 50 million monitoring systems that parse over one billion pieces of content daily, and numerous automated analysis routines, the ThreatSeeker Network provides ACE with real-time intelligence about newly discovered threats .

Websense TruHybrid™ deployment. The TRITON solution supports both on-premise deployment via Websense V-Series™ appliances and cloud-based deployment . Organizations can mix and match both options to provide best-fit coverage for all users and facilities and still manage all elements of the solution as if they were one in the same .

Websense TRITON Console. A comprehensive management solution, the TRITON Console unifies the configuration, monitoring, and reporting capabilities for Websense Web, email, and DLP technologies into a single, Web-based interface . Compared to multisystem alternatives, the result is superior visibility, control, and administrative efficiency .

Websense Global Technical Support. Top-quality support personnel with expertise spanning all life cycle phases (e .g ., plan, build, run) provide TRITON solution customers with the technical assistance they need when they need it . In addition, award-winning Websense eSupport enables a self-service approach, providing immediate, online access to a wealth of helpful resources .1

The net result with the TRITON solution is a unified content security solution that provides today’s enterprises with the best protection against modern threats at the lowest TCO .

The Strengths and Benefits of a Unified Content Security SolutionThe true value of a unified content security solution, such as the Websense TRITON solution, comes from the plethora of benefits it provides . To begin with, organizations gain all of the following usual advantages typically associated with a traditional content security solution:

Addison Avenue Says “Yes!” to Web 2.0

For Addison Avenue Federal Credit Union, a full-service financial institution with more than 140,000 members nationwide, finding a balance between safeguarding confidential member information while allowing employees to use the Internet to its fullest potential is essential to business . “We were initially searching for a data loss prevention solution to help us protect confidential member data and prevent it from leaking outside the organization,” said Henry Parker, senior security archi-tect at Addison Avenue . “Once we saw that Websense could also make our Web environment more secure and enable our employees to use Web 2 .0 applications safely, we jumped at the opportunity to deploy an integrated, easy-to-manage solution from a single vendor .”

According to senior security architect, Philip Romero, leading features of the Websense solution that enable Addison Avenue to take a more progressive approach to Web 2 .0 include:

• Robust reporting capabilities, which make it very clear when something needs to be addressed.

• The unified management console, which is a “productivity enabler” and accelerates response time when investigating questionable activities .

• High performance, which allows security inspections to be executed without hindering business operations .

• The overall ease of use of the solution.

“Prior to deploying Websense, employees had limited access to Web 2 .0 applications and social networking sites because we could not risk the potential threats that they bring — even though a good portion of the content on those sites is safe,” adds Parker . “Now, with the real-time scanning provided by the Websense solution, we open up access to these sites while ensuring that malicious content cannot get in, and that our confidential data does not go out.”

4


•Securityrisksarereducedthroughacombinationofproactive(i.e.,limitinguserexposureinthefirst place) and reactive mechanisms (i .e ., threat/attack filtering) .

•Compliancepostureisimproved,particularlywithregardtomeetingstandardsofduecarefor information security and maintaining the privacy of sensitive information .

•Proprietaryinformationisprotectedagainstunwantedexposure,(basedontheabilitytocontrol user’s activities and the presence of integral DLP capabilities) .

•Liabilityprotectionisprovidedasunwaryusersareshieldedfromoffensivecontent.

•Userproductivityisimprovedasspamandnonworkrelatedactivitiesarecurtailed.

•Bandwidthandothercomputingresourcesareconserved,onceagain,asunwantedtrafficand nonessential usage is curtailed .

With a unified content security solution, however, it is not only that these core value propositions are reinforced and maximized, but also that an array of additional benefits are provided for everyone involved, from IT and business management to users .

For IT, the advantages of a unified content security solution are that it: •Provides significantly greater security effectiveness. Not only do CIOs gain greater visibility into how data, applications, and the computing infrastructure in general is being used, but they also get the benefit of being able to prevent the latest generation of blended threats and sophisticated, targeted attacks . In addition, enterprise-class, full-scope DLP functionality maximizes the ability to protect against unwanted exposure of sensitive information .

• Achieves greater coverage. A comprehensive and completely consistent set of content security capabilities is available not just for headquarters personnel, but also for mobile and remote users as well . The Websense TruHybrid deployment option integrates both cloud-based and on-premise platforms, which are managed as one, thereby addressing the need for modern enterprises to extend their network infrastructures beyond a single location .

•Reduces infrastructure complexity and administrative workload. Considerably fewer devices need to be implemented, integrated, and maintained . Ongoing management for all countermeasures, domains, and delivery options can be accomplished via a single, Web-based console that is accessible from anywhere and features a highly unified administrative model .

For business management, a unified content security solution: •Slashes TCO. The ability to consolidate multiple, disparate products cuts costs across the board, while a SaaS delivery option introduces the potential to completely eliminate the need for a physical footprint in any office — not just non-HQ locations . Indeed, the savings attributable to SaaS can often be substantial . As the following graphic illustrates, the annualized TCO of Websense Hosted Email Security at a typical midsize company is less than one-third the cost of a comparable on-premise email security solution .2

5


Another way the availability of SaaS comes into play is based on its role as part of a hybrid implementation . Once again, the savings can be substantial . As illustrated below, compared to an all on-premise Web security solution, a hybrid approach yields a savings of 43 to 45 percent over a period of three years, depending on the size of the organization .3

TCO is slashed in other ways as well . Greater security effectiveness translates into fewer successful attacks and episodes of data loss that require costly remediation and recovery efforts to be undertaken . Because detection accuracy is improved, it also allows IT to take greater advantage of automation capabilities without having to worry about incorrectly preventing legitimate business activities . Finally, extensibility and broad compatibility with other infrastructure maximizes the useful service life of the solution while minimizing the need to invest in “supplementary” products .

6

Cost of Ownership (On-Premise vs . Hosted)

Hybrid Web Security Cost Comparisons


•Enables innovation and growth without compromise. Organizations can fully leverage new communication, collaboration, and Web 2 .0 tools without having to worry about associated threats or losing control over users and data . Because seamless, consistent coverage can cost effectively be established for any user operating in any location, mergers and acquisitions, geographic expansion, telecommuting, and mobility initiatives can also be pursued without concern for being able to protect and control content .

•Ensures compliance with regulatory requirements. With enterprise-class DLP, comprehensive content security coverage for all users in all locations, and superior threat prevention capabilities, sensitive content can be discovered, monitored, controlled, and preserved more thoroughly than ever before .

For users, a unified content security solution:

•Enhances their computing experience. No matter where they are within or outside of a corporate office, users can be treated with the same, consistent set of policies and can operate in the same, consistent manner . Furthermore, the protection that is provided is essentially transparent (i .e ., there’s nothing extra a user has to do to make it work) .

•Removes roadblocks to increased productivity. The ability to thoroughly account for both the dynamic Web and today’s equally dynamic threats means that users gain the freedom to find and take advantage of new sites, services, and tools that can help them get their jobs done more efficiently and effectively .

Guidelines and Best Practices for Maximizing Potential GainsBy this point it should be obvious that a unified content security solution truly has a lot to offer today’s organizations, particularly compared to legacy point product approaches . Fully realizing all the benefits, however, is not something that happens automatically . The general and DLP-specific guidelines and practices described in the following sections are intended to help organizations maximize their gains when making an investment in a unified content security solution .

General Guidelines

Although each of the following items is fairly straightforward, overlooking any one of them can erode the effectiveness of a unified content security implementation:

Manage expectations appropriately. Just because a unified content security solution provides the best protection at the lowest TCO doesn’t mean it’s perfect . No security solution is capable of stopping every threat or catching every potential loss of data . And neither is “set it and forget it” a reasonable expectation, especially in today’s dynamic environments . Accordingly, IT managers should be mindful not to oversell the solution and to ensure that sufficient resources remain available both (a) to continue to develop and staff incident response processes, and (b) to continuously define, configure, audit, and refine associated policies . Extend appropriate use policies. With a unified content security solution opening the door for more widespread use of Web 2 .0 sites and services, it is important to let users know what they can and can’t do . This helps ensure they take advantage of available opportunities and minimizes frustration while providing an extra layer of security assurance .

7


Define key processes in advance of deployment. Policy management and event handling can be tricky because of the potential impacts to the business . This is why it is advantageous to clearly establish who will be making which decisions and how business unit personnel will be involved at the outset .

Pursue a phased implementation. This is not really about physical coverage, since that can be achieved by supplementing a relatively small number of appliances with SaaS . Rather, it involves taking a reasonable approach in terms of logical and functional coverage, by first gaining visibility and then proceeding progressively to refine policies and fix broken business policies that are uncovered . This is followed by increasingly exerting control (e .g ., by blocking more), and taking greater advantage of automation capabilities (e .g ., for event handling and response) .

Find your organization’s balance point. Rarely is it appropriate to block access to all Web 2 .0 and social networking resources, or, conversely, to allow wide open access to everything . Furthermore, every organization has a different tolerance for risk, corporate culture, and availability of resources for implementing a content security strategy . Every organization, therefore, will be different in terms of the investment it makes and the depth of control it attempts to exert . Finding the right balance requires careful negotiation between the IT department and the business units its solutions are intended to serve .

Lather, rinse, repeat. New content is being created and consumed all the time, while the value of existing content often fluctuates over time . Add to this steady changes in user habits, technology, and hacker techniques and it becomes clear that it is inadvisable for a content security implementation to remain static . This is why policies and configuration settings should ideally be reviewed at least quarterly, while available firmware updates for non-SaaS components should be made at least semiannually . A solution’s reporting capabilities and industry threat reports — such as the Websense 2010 Threat Report — are invaluable resources for determining what adjustments need to be made .

(Further) embrace SaaS. As discussed, some of the greatest cost savings available to organizations stem from employing SaaS alone, or as part of hybrid implementation . It makes sense, therefore, for organizations to progressively take advantage of SaaS to a greater extent, particularly as older content security investments are retired .

DLP-Specific Guidelines Compared to Web and email security, DLP is a less mature discipline . Accordingly, these additional DLP-specific guidelines are intended to help organizations avoid the tendency to make gaining control over one’s data more difficult than it has to be .

•Whenitcomestowhichdatatocontrol,startwithobvioushotspotsthatarealsoeasytocorrect(e.g.,outbound flows for major applications that process customer information) . Establishing a handful of quick wins is a critical factor for longer term success .

• RatherthanriskinganalysisparalysisbytryingtoexecuteaformalDLPprocess—withcomprehensivedata classification, enterprise-wide risk assessment, process-by-process review, and documentation of all data flows — consider starting out by simply running DLP technology in monitor-only

8

Ameren Focuses on Flexibility to Enable Employees While Staying Secure

With 3,000 employees located in corporate

offices and another 6,000 spread across

numerous field operations, Ameren Services

is a regional utility company facing a familiar

set of challenges: corporate and customer

information must be protected, applicable

privacy and security regulations must be

met, and protection must be provided

against malware and other modern threats

across a highly distributed computing

environment — all while enabling the

business .

For Ameren, the Websense solution delivers

the right balance of security and flexibility

required to meet these objectives . For

example, Ameren employees can continue

to use USB drives because Websense Data

Security Suite empowers the IT department

with the ability to control what data gets

on those drives in the first place . Likewise,

because the Websense solution provides

strong protection against associated risks,

Ameren is now considering allowing the use

of personal Web-based email solutions and

is also looking forward to becoming more

“open” when it comes to taking advantage of

social media and other Web 2 .0 services .

Strengths of the Websense solution that

Chris Sawall, supervisor of information

security and BCP at Ameren Services, cites

include its integrated policy framework;

having a comprehensive, market-leading

solution from a single vendor; powerful

reporting that allows IT to show individual

business units what’s happening; and

excellent technical support . Sawall explains,

“Another intangible reason that we really

picked Websense was that Websense wanted

to be a partner with us. They didn’t just want

to sell us a product .”


mode to help identify broken business processes, misconfigurations, and other types of vulnerabilities .

•Atleastinitially,focuslessontryingtogetthehorsebackinbarnandmoreontryingto“dothingstheright way” going forward . Removing data from locations where it shouldn’t be is a potentially challenging exercise with a questionable return — at least relative to other steps that can be taken, such as preventing more data from getting to those locations in the future .

• Consistentwiththepreviousguideline,considertakingstepstocontroldatainmotionbeforegoingafterdata in use and data at rest . The relative impact is often much greater — since (a) data in motion is typically data that is imminently departing the organization, (b) control can be established by focusing on relatively few aggregation points in the network, and (c) it inherently provides a measure of protection for data in use and data at rest as well . In addition, the same controls can also be used to help identify the points of origin of potentially misplaced data, thereby allowing more efficient, focused scans for data at rest or in use .

• ConsiderinitiatingallDLPrulesinmonitor-onlymode.Onlyafteraccuracyandeffectivenesshavebeenproven should new rules be put in enforcement mode . Preventing legitimate business transactions is a cardinal sin and can seriously erode future DLP efforts — not to mention IT’s broader security initiatives .

Conclusion Effectively and affordably establishing the level of content protection needed to enable rather than restrict the use of new communication, collaboration, and Web 2 .0 tools requires a unified content security solution — one that features unified content analysis, a unified platform, and unified management . The Websense TRITON solution is the industry’s first and only solution that fully meets these requirements by combining market-leading Web, email, and data loss prevention security technologies into one unified architecture . The benefits of this approach are extensive and include being able to provide significantly greater protection against modern threats, seamlessly achieve comprehensive coverage for today’s borderless enterprises, and enable innovation and growth without compromise — all while slashing content security TCO . However, not all of these benefits are accrued automatically . To ensure potential gains are maximized, organizations should consider embracing the best practice guidelines described herein . These include defining key processes in advance of deployment, pursuing a phased implementation, and progressively tak-ing advantage of SaaS delivery options to a greater extent .

To learn more about unified content security:

1 . Review part 1 of this series: The Need for Unified Content Security . This white paper provides a detailed explanation of the business and technological conditions driving the need for a unified content security solution .

2 . Review part 2 of this series: Unified Content Security Defined . This white paper provides a detailed explanation of the technical capabilities that define a unified content security solution .

3 . Visit www .websense .com

1Received Association of Support Professionals 2010 “Best Web Support” award and achieved certification under the Service Capability & Performance Support Standard in 2009 .

2The Advantages of a Hosted Security Model, Osterman Research, July 2009 .

3The Cost Benefits of a Hybrid Approach to Security, Osterman Research, February 2010 .

9

© 2011 Websense Inc . All rights reserved . Websense is a registered trademark of Websense, Inc . in the United States and certain international markets . Websense has numerous other registered trademarks in the United States and internationally . All other trademarks are the property of their respective owners . 1 .24 .11

gds international - cio - summit - africa - 11

Technology