Websense Security Suite Lockdown Edition
January 01, 2007
- Ease of Use:
- Value for Money:
- Overall Rating:
Quality web-content filtering, suite components neatly integrated into a single management console
End-point security functions, such as removable media controls, are fairly limited in their capabilities
There'll be no more internet misuse in the workplace with Websense Enterprise behind the scenes. This complete suite adds extra levels of filtering and security functions.
Websense has always offered one of the most comprehensive web-content filtering solutions. The latest Web Security Suite - Lockdown Edition uses Websense Enterprise as a foundation and builds on this with extra capabilities and end-point security.
The suite comprises three main components, with Websense Enterprise delivering all web content filtering functions. It now includes protocol filtering capabilities, which function at the network and transport layers, allowing it to monitor and block applications such as IM, P2P and Skype. The Web Security Suite (WSS) component provides additional web-content filtering capabilities and focuses on areas such as phishing attacks, Trojans and spyware. It also has tools to stop instant messaging applications sending file attachments and can poll the Websense update servers every five minutes to automatically download and apply updates. ThreatSeeker technology is used to identify new threats and update the suite components. WSS also includes three web protection services: SiteWatcher monitors company websites for infections, BrandWatcher looks out for phishing attacks that use a company's own website as the bait, and ThreatWatcher monitors corporate websites and reports on potential security breaches.
The Lockdown Edition component tackles end-point security using a locally deployed agent. It can manage application usage and integrates with the Windows firewall, where it uses policies to determine its behaviour. The removable media lockdown facility allows you to block access to writeable devices such as USB Flash memory sticks and CD/DVD-RW drives. Remote URL filtering enforces web-browsing controls when a user is off-site, as the agent contacts the Websense server to check whether they are allowed to access a requested URL.
Websense Enterprise operates in two modes: it either integrates with existing proxy servers, firewalls and cache engines or functions in standalone mode. For the latter, it runs on a Windows or Linux server and employs packet sniffing to monitor web traffic.
All components are neatly integrated into the Websense Manager, which uses policies to determine what users can access. These contain category sets for blocked sites, with time periods that determine when they are active. Central to Websense is its master database, which currently lists around 21 million websites organised into some 90 categories. Policies are highly versatile as each can contain multiple category sets and time periods. Support for NT authentication, LDAP and Active Directory services allows policies to be easily assigned to specific users and groups, but you can also declare networks or individual IP addresses.
Protocol filtering is included in the same policies and covers a wide range of options, such as FTP, IM and chat applications plus P2P file sharing. There's not much to do here as you decide whether they are to be allowed or blocked, although you can log usage as well. Any changes to a category or protocol set will be automatically propagated across all policies that use them. Users who try to access a banned site can have a customisable warning web page thrust at them and you may decide to allow access if a password is entered.
Client security settings are accessed from the desktop tab in the Websense Manager. The agent can be easily deployed as an MSI package or pushed to specific users directly from the console. You can decide what sets of applications are to be allowed or denied. Once again, policies make light work of configuration and these contain information on custom firewall rules, application sets and removable media controls. For the latter you decide whether to block all removable media from being mounted or only writeable media. You can't fine-tune this to be applied to specific ports as you simply select a user, group or network from the list and apply a complete lockdown.
Reporting needs to be good, and Websense Reporter offers a wealth of tools for keeping track of internet usage. It presents a secure web portal, and a new feature is the ability to limit the size of the SQL database by closing it down and creating a new one after a specific interval for quicker searches and report generation.
Despite the extensive range of features, we found the suite very easy to use as everything runs from a single management console. The web content filtering has impeccable credentials and although some of the additional components don't have the same level of features as many point solutions, they do make this a versatile security solution that looks particularly good value
Sign up to our newsletters
SC Magazine Articles
- Malware on Lime Crime website, payment cards compromised
- State breakdowns: Anthem breach by the numbers
- Florida law enforcement docs show widespread stingray use, secrecy
- After Superfish-Lenovo incident, Facebook probes larger issue of SSL-sniffing adware
- Botnet of Joomla servers furthers DDoS-for-hire scheme
- State breakdowns: Anthem breach by the numbers
- Carbanak APT campaign made off with $1B from banks globally
- BMW issues security patch for bug allowing attackers physical access into vehicles
- NIST requests final comments on ICS security guide
- Disconnect yawns between CISOs, exec leadership, study says