Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

The battle for data protection
SECURITY

The battle for data protection 

Designed to provide protection while leveraging the latest technologies and working practices, version 8.0 of Websense’s TRITON APX platform provides businesses with an improved defence against threats and data theft across the entire kill chain. The platform also delivers feedback to users in real time, and enables them to head future hazards off at the pass.

IT in Canada spoke with Bob Hansmann, director of product marketing for Websense about how deploying this new platform can arm companies with the protection they need in the battle against hackers.

IT in Canada: What are the primary functions of the TRITON APX 8.0 platform?
Hansmann: The actual foundation architecture of TRITON is not terribly new. It’s been around for a while, and we’ve had a number of analysts support our direction for integrating Web and email (protection), particularly because today, there is no such thing as an email or Web threat. There are threats, and they tend to use both (channels). If you’ve got both solutions on the Web and email channel, having it not integrated is making increasingly less sense as time goes on.

The TRITON architecture was designed to unify Web and email security, but also to unify inbound and outbound so it can correlate events. We even integrate with security information management (SIM) solutions because sometimes you want this data combined with what you’re seeing with the firewall, the IPS and other solutions we don’t provide. But for the solutions we do provide, we have built-in security information and event management (SIEM) solutions with SIM capabilities of correlating data and being able to provide a broader perspective for analysis.

ITIC: Why is now the time to introduce a product like this?
BH: Part of it is the fact that we’ve had tremendous success with our TRITON product line. It’s been the fastest-growing (product) in the last three years, year-over-year. Customers are rapidly moving to a more integrated platform, but one of the concerns they’ve had is that they can’t do it all at once. They want to buy (the solution) in pieces.

With this release, the architecture has been broken up into a more modular, component-like set of skews. They can purchase what they need and deploy it over time. The key benefit we’re seeing here is a lot of customers have a security issue that they’re trying to deal with that’s on keeping AP threats out. They will buy our Web security solution, AP-WEB piece and the File Sandbox because that’s what they’ve budgeted for.

ITIC: How has the platform been able to stay up-to-date with cloud-reliant programs and software?
BH: The attack surface has grown dramatically because of the cloud. This has long been a focus for us. We have been securing (companies) like Salesforce.com and other specialized business applications and environments in the cloud for quite some time. We also recently added Office 365, Box Enterprise, and the iCloud. As the options grow within any of these environments, especially within the enterprise segment, we are continuing to add support (for them).

When you think of cloud use, we’re talking about mobile users who are taking their laptops and working from anywhere because we share files in the cloud. But how do you secure data, particularly when you’re dealing with endpoints that are Macs? Hardly anyone today provides endpoint data loss prevention (DLP) for Macs, but we’ve been doing it for over a year now. We tend to watch those trends and monitor them very closely.

As we are adding support for new threats, we’re also continuing that support for new platforms. For us, supporting new technology so that businesses can grow, as well as being able to support the new landscape are equal focuses.

ITIC: Despite widespread adoption of the cloud, why is there a deficit in cloud security skills and personnel?
BH: A lot of it has to do with the growing focus on just malware. No one will ever be 100 per cent effective at catching malware. But why aren’t (enterprises) spending time on other aspects of an APP?

There are several opportunities to prevent this, but all of the skills tend to be focused around how malware works, how a sandbox works, and how the malware can be caught and identified. We think the focus simply isn’t balanced enough. It requires network expertise. Are they configured properly to be able to identify a botnet?

A lot of people have the tools, but they might not even work properly because the network is not architected to support them, or the network may simply be too open. Properly configured networks and firewalls are still listed as some of the top reasons for breaches (as a result). We think that the expertise problem is a broad topic, and too many people are considering themselves as “specialized.”

ITIC: Why is it important for businesses to have kill chain management in place?
BH: In today’s environment, no one security solution is ever going to be 100 per cent effective. Once we admit that to ourselves, we start to (add) multiple layers of defence. If you identify a multi-stage kill chain, you need to break it into multiple stages and take a look at your defences. If you have all of them on one or two stages, it’s probably time to consider shifting that funding to catch it elsewhere.

The (hackers) can craft some pretty advanced (malware). They can design it to specifically invade all of the common solutions out there. It’s a lot of work to do that at every stage of the attack, so if you’ve got coverage throughout the kill chain, you are more likely to identify that part. No matter how well-crafted the malware is, you will catch the email that gets you to download the malware.

Related posts