Websense has unveiled an updated Triton defense system which covers every stage of the targeted threat kill-chain to give organisations greater protection from targeted attacks.
The Triton 7.8 enhancement includes advanced threat protection with expanded ThreatScope, inline sandboxing, malware isolation to heighten data loss prevention, end-user phishing education and new platform support for pervasive deployment.
Websense A/NZ managing director, Gerry Tucker, said the new offering extended Websense’s capabilities to the entire kill-chain to allow organisations to better identify malware.
“It’s about providing an organisation with a greater level of visibility and awareness of what’s happening on their network. It’s about better identifying and isolating malware.
Websense Advanced Classification Engine delivers real-time security ratings to all Websense Triton products.
Its eight assessment areas and composite scoring capabilities enable Triton solutions to detect threats that other security solutions may miss, according to a company statement.
The predictive security engines can see developing trends and use contextual assessments to ensure accuracy and counter evasion techniques.
ThreatScope enables an additional capability within ACE to automatically intercept files for behavioural sandboxing and forensic reporting.
Organisations can also manually upload files to the on-demand sandbox and input links to a cloud-based URL analysis service. Each action generates detailed reports to support forensic investigations and threat mitigation.
It also marks suspicious email links for supplemental scrutiny through email URL sandboxing.
Real-time analysis of links occurs at point-of-click, which in some cases, can be long after the initial email arrives.
In addition to the inline ThreatScope sandboxing enhancements to ACE, Triton 7.8 includes advancements to data loss prevention identification and phishing education.
Tucker said the enhancements would allow users to see what a spearphishing email looks like without taking the user to the compromised host when they click on the link.
“The end user doesn’t understand what that behaviour looks like,” he said. “But we allow them (spearphishing emails) to go to the end user to educate them.”
Tucker said more companies were starting to take security seriously.
“What we are seeing in the channel is a consolidation of security infrastructure where people are looking to get more bang for their buck,” he said.
“It’s driving higher service revenue for the partner. They are able to combine these elements together to a managed service offering. So we are getting partners to do risk assessments and then they are selling solutions to the clients.”
Websense customers now also have access to the new i500 cloud-assist appliance to increase network traffic speed and control what traffic is sent to the Cloud.
It intelligently determines if traffic requires additional content scanning for policy or security reasons. If needed, content is redirected to Websense Cloud resources for advanced analysis.