ENABLING FAST RESPONSES THREAT MONITORING

Similar documents
Comprehensive real-time protection against Advanced Threats and data theft

TRITON APX. Websense TRITON APX

Stop advanced targeted attacks, identify high risk users and control Insider Threats

TRITON AP-WEB COMPREHENSIVE REAL-TIME PROTECTION AGAINST ADVANCED THREATS & DATA THEFT

WEBSENSE TRITON SOLUTIONS

WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

TRITON AP-ENDPOINT STOP ADVANCED THREATS AND SECURE SENSITIVE DATA FOR ROAMING USERS

WEBSENSE SECURITY SOLUTIONS OVERVIEW

When less is more (Spear-Phishing and Other Methods to Steal Data) Alexander Raczyński

Fighting Advanced Threats

Lab Testing Detailed Report DR Competitive Testing of the Websense TRITON Web Security Gateway Anywhere v7.7.3

Web Security Gateway Anywhere

Protecting ip Data From Loss and theft: The ShorTeST PaTh To PrevenTion and risk reduction

A Websense White Paper Implementing Best Practices for Web 2.0 Security with the Websense Web Security Gateway

A New Era of Cybersecurity Neil Mohammed, Sales Engineer

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Defending Against. Phishing Attacks

The Hillstone and Trend Micro Joint Solution

ADVANCED PERSISTENT THREATS AND OTHER ADVANCED ATTACKS:

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Unified Security, ATP and more

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security

Content Security: Protect Your Network with Five Must-Haves

Cisco Advanced Malware Protection

Comprehensive Advanced Threat Defense

SPEAR PHISHING AN ENTRY POINT FOR APTS

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Hosted Web Security

Websense Messaging Security Solutions. Websense Security Websense Hosted Security Websense Hybrid Security

Web Security Gateway Solutions

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks

Concierge SIEM Reporting Overview

The Cloud App Visibility Blindspot

+ web + DLP. Secure 1, 2, or all 3 with one powerful solution. The best security you can get for one or for all.

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Securing Office 365 with Symantec

Cisco Advanced Malware Protection for Endpoints

SANS Top 20 Critical Controls for Effective Cyber Defense

Finding Security in the Cloud

High End Information Security Services

Advanced Persistent. From FUD to Facts. A Websense Brief By Patrick Murray, Senior Director of Product Management

INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

What Next Gen Firewalls Miss: 6 Requirements to Protect Web Applications

The Symantec Approach to Defeating Advanced Threats

Sophistication of attacks will keep improving, especially APT and zero-day exploits


Websense Data Security Solutions

A Buyer's Guide to Data Loss Protection Solutions

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

I D C A N A L Y S T C O N N E C T I O N

Trend Micro Cloud App Security for Office 365. October 27, 2015 Trevor Richmond

Key Findings. Websense Triton Security Gateway Anywhere

End-user Security Analytics Strengthens Protection with ArcSight

Threat Containment for Facebook

Bio-inspired cyber security for your enterprise

INTRODUCING isheriff CLOUD SECURITY

SafeNet Content Security. esafe SmartSuite - Security that Thinks. Real-time, Smart and Simple Web and Mail Security Solutions.

Analyzing HTTP/HTTPS Traffic Logs

Defending Against Cyber Attacks with SessionLevel Network Security

Cisco Advanced Malware Protection for Endpoints

White Paper. Time for Integrated vs. Bolted-on IT Security. Cyphort Platform Architecture: Modular, Open and Flexible

Symantec Advanced Threat Protection: Network

Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

You ll learn about our roadmap across the Symantec and gateway security offerings.

Kaspersky Fraud Prevention platform: a comprehensive solution for secure payment processing

SECURITY ANALYTICS MOVES TO REAL-TIME PROTECTION

Integrating MSS, SEP and NGFW to catch targeted APTs

Cisco Cloud Web Security

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

Carbon Black and Palo Alto Networks

A Modern Framework for Network Security in Government

Advanced Threat Protection with Dell SecureWorks Security Services

Overcoming Five Critical Cybersecurity Gaps

How To Manage Security On A Networked Computer System

Malware, Zero Day and Advanced Attack Protection Analysis Zscaler Internet Security and FireEye Web MPS

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

Protect Your Business and Customers from Online Fraud

Breaking the Cyber Attack Lifecycle

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Vulnerability Management

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

Advanced Persistent Threats

24/7 Visibility into Advanced Malware on Networks and Endpoints

Practical Threat Intelligence. with Bromium LAVA

SourceFireNext-Generation IPS

FROM PRODUCT TO PLATFORM

Transcription:

ENABLING FAST RESPONSES TO Security INCIDENTS WITH THREAT MONITORING

Executive Summary As threats evolve and the effectiveness of signaturebased web security declines, IT departments need to play a bigger, more hands-on role in web security than ever before. To combat today s cybercriminals, IT managers need to gain insight into advanced threats and improve their responsiveness to the threats that most current defenses are missing. They need a tool that can provide visibility into infected systems, blended attacks, call-home communications, data exfiltration and other advanced threats via network threat monitoring and file sandboxing and such a tool needs to generate actionable data in ready-to-use dashboards and reports. Websense TRITON RiskVision is an unmatched threat monitoring solution. It combines real-time advanced threat defenses, global security intelligence, file sandboxing and data loss/data theft detection into a single appliance that is easy to deploy via a network TAP or SPAN port. TRITON RiskVision provides immediate visibility into advanced threats, data exfiltration and infected systems by unifying four key defenses into one platform: Websense ACE (Advanced Classification Engine) Websense ThreatSeeker Intelligence Cloud Websense Data Loss Prevention (DLP) Engine Websense Web File Sandboxing (ThreatScope) Websense TRITON ThreatScope TRITON RiskVision also includes robust business reporting, threat dashboards and forensic reporting. The Need for Network/Threat Monitoring An Invisibly Enemy Is Impossible to Fight The Websense 2013 Threat Report reveals a disturbing trend: the web became significantly more malicious in 2012, both as an attack vector and as the primary support element of other attack trajectories (e.g., social, mobile, email). Websense recorded a nearly six-fold increase in malicious sites overall, 85 percent of which were found on legitimate web hosts that had been compromised. More alarming were security executives reporting most threats were bypassing their traditional controls, and they feel unprepared to meet emerging threats such as spearphishing. This growth in threats and malicious web content has created a growing market for threat analysis, and stands in stark contrast to the decreasing effectiveness of most web security solutions deployed today. Industry analysts estimate traditional security defense technologies only protect against 30 50 percent of today s threats, making them increasingly ineffective. Signature generation and traditional defenses simply can t keep up with the growth of new threats and advanced attacks. To take appropriate countermeasures, IT departments need the ability to see advanced threats and attacks that are invisible to their current defenses. Network and threat monitoring solutions can provide such a solution as long as they meet three key requirements: Advanced Threat Detection Data Theft or Data Loss Detection Forensic and Behavioral Analysis Key Requirement 1: Advanced Threat Detection Most current web security solutions provide signaturebased anti-virus (AV) or URL database defenses, with no additional analysis. The problem is the worldwide increase in threats makes the development 1 http://www.websense.com/assets/reports/websense-2013-threat-report.pdf

of effective signatures and databases almost impossible, leaving organizations vulnerable to attacks by advanced threats that don t have a signature. Dynamic redirects, exploit kits or other innovative technologies deployed by hackers can therefore escape notice and easily find their way into corporate networks. The abilities to see these threats and respond to them efficiently are crucial for today s IT professional. Web traffic requires analysis with powerful analytics that can expose previously invisible threats. Key Requirement 2: Data Theft or Data Loss Detection The question is not if an attacker will break through a network s defenses, but when. Once inside a network, most attackers are looking to steal valuable data. Unfortunately, most web security defenses today are focused only on inbound threats, and unable to effectively combat or even alert IT professionals of outbound data theft. with malware in a safe environment to see how it would behave in a company s network is quickly becoming a key requirement for many IT professionals. A solution that incorporates file sandboxing, and does so automatically, can offer security teams valuable insights about potential remedies. Introducing Websense TRITON RiskVision TRITON RiskVision combines realtime advanced threat defenses, global security intelligence, file sandboxing and data loss/ data theft detection into a single appliance. Easily deployed via a network TAP or SPAN port, it provides immediate visibility into advanced threats, data exfiltration and infected systems by unifying four key defenses into one The ability to detect suspicious activity or data theft as it happens provides IT departments with extremely valuable actionable insights into threat levels. platform: Websense ACE (Advanced Classification Engine) uses seven defense assessment areas with over 10,000 analytics to provide real-time threat analysis of web traffic. Websense ThreatSeeker Intelligence Cloud unites over 900 million endpoints and analyzes 3-5 billion requests per day, providing global threat... The ability to detect suspicious activity or data theft as it happens provides IT departments with extremely valuable actionable insights into threat levels. Advanced Threat Defenses Global Threat Intelligence File/Object Sandboxing Data Loss/Theft Detection WWW Key Requirement 3: Forensic and Behavioral Analysis File sandboxing the ability to play Figure 1: Four key technologies set apart TRITON RiskVision from competitors. 2 Market Analysis: Worldwide Specialized Threat Analysis and Protection: 2013 2017 Forecast and 2012 Vendor Shares. IDC #242346, Volume 1, p. 13. August 2013. 3 http://www.websense.com/assets/white-papers/whitepaper-websense-reality-check-report.pdf

awareness and vital defense analytics to ACE. The Websense data loss prevention (DLP) engine is recognized by analysts as an industry leader. It includes geo-location destination awareness and OCR of text within images, and detection of: data exfiltration for registered and described data; criminal-encrypted uploads; password file data theft; and slow data leaks. Websense TRITON ThreatScope online sandbox analyzes behavior of web files to uncover advanced threats and communications and provides forensic reporting. TRITON RiskVision Core Technologies Websense ACE Labs, provides the core collective security intelligence for TRITON RiskVision. It unites more than 900 million endpoints, including inputs from Facebook. In conjunction with ACE, ThreakSeeker Intelligence Cloud analyzes 3-5 billion requests per day. This expansive awareness of security threats enables ThreatSeeker Intelligence Cloud to offer real-time security updates that detect advanced threats, malware, phishing attacks, lures and scams, and provide the latest web ratings. ThreatSeeker Intelligence Cloud is unmatched in size and in its use of ACE real-time defenses to analyze collective inputs. Websense DICE (Data Identification and Classification Engine) Websense DICE combines rich classifiers with real-time contextual awareness of user, data and destination to provide high accuracy and consistent DLP for TRITON RiskVision. DICE supports three data categories: described, registered and learned. Figure 2: Third-party research proves ACE detects more threats than other technologies. ACE is the primary defense behind TRITON RiskVision, providing realtime, inline, contextual defenses for web, email, data and mobile security by using composite risk scoring and predictive analytics to deliver the most effective detection capabilities available. It analyzes inbound and outbound traffic with data-aware defenses for data theft protection. Classifiers for real-time security, data and content analysis enable ACE to detect more threats than traditional anti-virus engines every day. ACE is supported by the ThreatSeeker Intelligence Cloud. Websense ThreatSeeker Intelligence Cloud ThreatSeeker Intelligence Cloud, managed by Websense Security Described data includes regular expressions, dictionaries, natural language classifiers and over 1700 policies and templates. Registered data includes fingerprinting, which can be compressed and stored on the endpoint for off-network protection. Learned data is enabled by advanced machine learning 4 Gartner Names Websense a Leader in the Magic Quadrant for Content-Aware Data Loss Prevention 5 The proof is updated daily at securitylabs.websense.com

technology that analyzes small samples of data to fill the gap between described and registered data for higher accuracy and efficiency. Data theft protection capabilities include OCR of text within images; detection of custom encrypted files, password file theft and slow data leaks; and geo-location awareness. File Sandboxing The file sandboxing capability of TRITON RiskVision is provided by the TRITON ThreatScope sandboxing solution. Using ACE analytics, TRITON ThreatScope monitors all malware activity and generates a detailed report including: The infection process. Post-infection activities including network communications. System-level events and processes. TRITON ThreatScope also correlates observed behavior with known threats to provide valuable information for even zero-day threats. Using TRITON RiskVision Policy Setting TRITON RiskVision enables unified web policy creation and management with the ability to control inbound and outbound security, advanced URL monitoring, and over 125 network applications and protocols. Security threats are grouped in different categories, such as phishing or bot networks. The real-time security scanning engine inside ACE goes beyond traditional AV analysis to identify script-based and other advanced attacks against web browsers and vulnerable applications. Figure 3: Policy creation is easy and intuitive with TRITON RiskVision.

Advanced Threat Dashboard with Forensic Reporting The TRITON RiskVision Advanced Threat Dashboard is organized in four tabs: Threats, Risks, Web Usage and Systems. The Threats tab presents front bumper visibility into the inbound and outbound advanced malware events that were detected, such as who was attacked, how, where the attack was destined, and what data was targeted. This provides actionable forensic data that allows users to quickly understand threat severity and take appropriate remediation steps. Severity alerts gauge the severity of each incident and enable users to separate critical events from less important ones. This dashboard displays the top events by geo-location, blocked events by categories and a tabular listing of events with details including severity, user, hostname, security category and other information. (This table is easily customizable as well.) Altogether, the Threats dashboard provides clear actionable information about malware incidents and guidance on possible remediation steps. The Risks tab displays a number of charts that provide different views of the security events. The Web Usage tab provides various charts and information on web activities, as well as a summary of policy monitoring results. The Systems tab provides a centralized view of system health events and monitoring service status. Figure 4: The advanced threat dashboard provides answers to who was impacted, where the data was destined to go, what data was impacted, and how the attacked was planned. It also links to forensic details.

Data Loss Prevention (DLP) Engine TRITON RiskVision includes DICE, a built-in enterprise-class DLP engine for monitoring and controlling communication of sensitive corporate data. This web DLP capability is managed through the TRITON Unified Security Center. Extensive policy wizards provide a prescription for implementing best practice compliance controls for a wide range of regulations worldwide by country and industry, and offers over 1,700 policies and templates kept current by Websense. Predefined data patterns deliver best-in-class accuracy without the need to manually craft and tune patterns with keywords or regular expressions. TRITON RiskVision also includes the latest data theft technologies, such as OCR for detecting data theft through images containing sensitive data. Other advanced capabilities include the detection of custom encrypted uploads, password file data theft, and slow data loss prevention (or Drip DLP), and awareness of geo-location destination. All of these DLP defenses are aimed at providing the greatest possible insight into data theft attempts or data loss. File Sandboxing Analysis The file sandbox included in TRITON RiskVision emulates typical endpoint environments. Files are executed just as they would in an actual victim s environment, providing the IT professional valuable feedback on system vulnerabilities. The behavioral analysis includes pre- and post-infection activity such as communications for botnet, data theft and other activities. Figure 4: The ThreatScope Analysis Report shows results of behavioral analysis in an easy-to-read format.

Reporting and Alerts TRITON RiskVision provides more than 60 predefined reports covering the full range of business and technical information. New reports can be generated and delivered with just a few clicks, and automatically generated and distributed. Customizable chart formats make it easy to communicate important information on workforce behavior to non-technical business stakeholders. To complement the presentation reports capabilities, investigative reports deliver detailed information for forensic analysis of an attack or policy violation. These also support ad hoc reporting for customers requiring special information. Customizable alerts can be set up to notify administrators about suspicious activity. These alerts can be a valuable tool for quickly addressing any threats detected in the network. Figure 7: Administrators can select to receive alerts via email. This example shows an alert about a possible slow data leak.

Conclusion Faced with an evolving threat landscape, most existing web security solutions only protect against threats known to signature databases, leaving many unknown and invisible threats free to steal sensitive data or cause other damage. Visibility into previously unknown threats is crucial to harden network security and respond to attacks. TRITON RiskVision provides valuable insight into advanced threats with industry-leading technology and features. It enables IT professionals to respond to advanced threats and data theft attempts in a timely manner. Four key defense areas set TRITON RiskVision apart from network monitoring solutions. These technologies provide advanced threat detection, global threat awareness, built-in DLP functionality and file sandboxing services. To learn more about threat monitoring or the TRITON RiskVision solution, please visit www.websense.com/riskvision. TRITON STOPS MORE THREATS. WE CAN PROVE IT. Learn More at www.websense.com + 1 800.723.1166 info@websense.com 2013 Websense, Inc. All rights reserved. Websense, TRITON and the Websense logo are registered trademarks of Websense, Inc. in the United States and various countries. All other trademarks are the properties of their respective owners. 08-28-2013-EN

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information