GDS International - CIO - Summit - Africa - 11


Published on

Unified Content Security In Practice

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

GDS International - CIO - Summit - Africa - 11

  2. 2. UNIFIED CONTENT SECURITY IN PRACTICETable of ContentsExecutive Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Introducing the Websense® TRITON™ Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 . .The Strengths and Benefits of a Unified Content Security Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Guidelines and Best Practices for Maximizing Potential Gains. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7General Guidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7DLP-Specific Guidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2
  3. 3. UNIFIED CONTENT SECURITY IN PRACTICEExecutive SummaryPart 1 of the Websense® white paper series on unified content security explains why today’s organizationsneed a unified content security solution: among many other challenges, fast-evolving malware, blendedthreats, internally initiated data leakage, and an increasingly borderless enterprise have rendered traditionalpoint product approaches less effective while driving up costs and complexity. Part 2 in the seriessubsequently defines a unified security solution as one that incorporates unified content analysis, a unifiedplatform, and unified management. It also enumerates the capabilities and requirements that must be metby each of these components.In this third and final installment, we introduce the Websense TRITON™ solution — the industry’s first andonly solution to combine industry-leading Web security, email security, and data loss prevention securitytechnologies into one unified architecture. This is followed by a comprehensive treatment of the benefits at-tributable to a unified content security solution, identification of guidelines and recommended practicesto help maximize available gains, and real-world examples of organizations using the TRITON solution tosuccessfully conquer their content security challenges.Introducing the Websense TRITON Solution The TRITON solution is the industry’s first and only content security solution that is truly unified. It is designed to slash content security total cost of ownership (TCO) while enabling organizations to safely leverage new communication, collaboration, and social Web tools like Facebook andTwitter. Organizations achieve the lowest TCO through its unified content security, which consolidates Websecurity, email security, and data loss prevention (DLP) into a highly flexible and scalable unifiedarchitecture; unified platform of on-premise and Security-as-a-Service (SaaS) deployments; unified contentanalysis with the real-time threat intelligence provided by the Websense Advanced Classification Engine(ACE); and unified management infrastructure. Compared with narrowly focused point solutions, theTRITON solution provides unrivaled visibility into an organization’s computing environment and applicationtraffic, thereby enabling superior flexibility and control. Unified policy management that spans on-premiseand cloud-based deployment options further ensures that remote office and mobile workers receive thesame high-quality protection consistent with their headquarters-based colleagues.Leading features and unique capabilities that the Websense TRITON solution offers include the following:Market-leading Web and email security technologies. Flexible user authentication, application control,antivirus, real-time security scanning, URL filtering, advanced reputation analysis, SSL inspection, real-timeupdates, and integral Web DLP are all leveraged to protect against malware, improve employeeproductivity, and help prevent data loss while enabling safe use of dynamic Web 2.0 resources. Likewise,comprehensive protection is provided for email with a cocktail of antispam, antivirus, reputation analysis,and integral email DLP capabilities.Enterprise-class DLP. The TRITON solution also offers leading DLP technology designed to identify,monitor, and protect confidential data. By leveraging the unified content analysis of the TRITON solution,Websense Data Security Suite accurately prevents data loss, secures business processes, and helpsorganizations manage compliance and risk. Both internally and externally initiated data loss scenarios areaddressed by a powerful combination of advanced detection techniques and content classifiers, thoroughcorrelation of contextual information, and an extensive set of flexible response mechanisms. Multiple,integrated modules provide comprehensive visibility and control over data in 3
  4. 4. UNIFIED CONTENT SECURITY IN PRACTICEmotion, in use, and at rest — while a unified policy framework and numerousmanageability features ensure rapid time-to-value. Addison Avenue Says “Yes!” to Web 2.0Websense Advanced Classification Engine (ACE). An advanced composite For Addison Avenue Federal Creditcontent classification engine, ACE is the TRITON solution component that Union, a full-service financial institution with more than 140,000 membersbrings individual analytic services together to deliver truly unified content nationwide, finding a balance betweenanalysis. ACE is the “fusion” of all the different market-leading Web, security, safeguarding confidential member information while allowing employees toand DLP analytics Websense has to offer, including real-time security and use the Internet to its fullest potential iscontent classification. essential to business. “We were initially searching for a data loss preventionWebsense ThreatSeeker® Network. Composed of a dedicated team of solution to help us protect confidential member data and prevent itcutting-edge security researchers, a collection of more than 50 million from leaking outside the organization,”monitoring systems that parse over one billion pieces of content daily, and said Henry Parker, senior security archi-numerous automated analysis routines, the ThreatSeeker Network provides tect at Addison Avenue . “Once we saw that Websense could also make our WebACE with real-time intelligence about newly discovered threats. environment more secure and enable our employees to use Web 2 .0 applicationsWebsense TruHybrid™ deployment. The TRITON solution supports both safely, we jumped at the opportunity toon-premise deployment via Websense V-Series™ appliances and cloud-based deploy an integrated, easy-to-manage solution from a single vendor .”deployment. Organizations can mix and match both options to providebest-fit coverage for all users and facilities and still manage all elements of According to senior security architect, Philip Romero, leading features of thethe solution as if they were one in the same. Websense solution that enable Addison Avenue to take a more progressiveWebsense TRITON Console. A comprehensive management solution, the approach to Web 2 .0 include:TRITON Console unifies the configuration, monitoring, and reporting • Robust reporting capabilities, whichcapabilities for Websense Web, email, and DLP technologies into a single, make it very clear when somethingWeb-based interface. Compared to multisystem alternatives, the result is needs to be addressed.superior visibility, control, and administrative efficiency. • The unified management console, which is a “productivity enabler”Websense Global Technical Support. Top-quality support personnel with and accelerates response time when investigating questionable activities .expertise spanning all life cycle phases (e.g., plan, build, run) provideTRITON solution customers with the technical assistance they need when • High performance, which allows security inspections to be executedthey need it. In addition, award-winning Websense eSupport enables a without hindering businessself-service approach, providing immediate, online access to a wealth of operations .helpful resources.1 • The overall ease of use of the solution.The net result with the TRITON solution is a unified content security solution “Prior to deploying Websense, employees had limited access to Web 2 .0that provides today’s enterprises with the best protection against modern applications and social networking sitesthreats at the lowest TCO. because we could not risk the potential threats that they bring — even though aThe Strengths and Benefits of a Unified good portion of the content on those sites is safe,” adds Parker . “Now, with the real-Content Security Solution time scanning provided by the Websense solution, we open up access to these sites while ensuring that malicious contentThe true value of a unified content security solution, such as the Websense cannot get in, and that ourTRITON solution, comes from the plethora of benefits it provides. To begin confidential data does not go out.”with, organizations gain all of the following usual advantages typicallyassociated with a traditional content security solution: 4
  5. 5. UNIFIED CONTENT SECURITY IN PRACTICE • Security risks are reduced through a combination of proactive (i.e., limiting user exposure in the first place) and reactive mechanisms (i.e., threat/attack filtering). • Compliance posture is improved, particularly with regard to meeting standards of due care for information security and maintaining the privacy of sensitive information. • Proprietary information is protected against unwanted exposure, (based on the ability to control user’s activities and the presence of integral DLP capabilities). • Liability protection is provided as unwary users are shielded from offensive content. • User productivity is improved as spam and nonwork related activities are curtailed. • Bandwidth and other computing resources are conserved, once again, as unwanted traffic and nonessential usage is curtailed.With a unified content security solution, however, it is not only that these core value propositions arereinforced and maximized, but also that an array of additional benefits are provided for everyone involved,from IT and business management to users.For IT, the advantages of a unified content security solution are that it: • Provides significantly greater security effectiveness. Not only do CIOs gain greater visibility into how data, applications, and the computing infrastructure in general is being used, but they also get the benefit of being able to prevent the latest generation of blended threats and sophisticated, targeted attacks. In addition, enterprise-class, full-scope DLP functionality maximizes the ability to protect against unwanted exposure of sensitive information. • Achieves greater coverage. A comprehensive and completely consistent set of content security capabilities is available not just for headquarters personnel, but also for mobile and remote users as well. The Websense TruHybrid deployment option integrates both cloud-based and on-premise platforms, which are managed as one, thereby addressing the need for modern enterprises to extend their network infrastructures beyond a single location. • Reduces infrastructure complexity and administrative workload. Considerably fewer devices need to be implemented, integrated, and maintained. Ongoing management for all countermeasures, domains, and delivery options can be accomplished via a single, Web-based console that is accessible from anywhere and features a highly unified administrative model.For business management, a unified content security solution: • Slashes TCO. The ability to consolidate multiple, disparate products cuts costs across the board, while a SaaS delivery option introduces the potential to completely eliminate the need for a physical footprint in any office — not just non-HQ locations. Indeed, the savings attributable to SaaS can often be substantial. As the following graphic illustrates, the annualized TCO of Websense Hosted Email Security at a typical midsize company is less than one-third the cost of a comparable on-premise email security solution. 2 5
  6. 6. UNIFIED CONTENT SECURITY IN PRACTICE Cost of Ownership (On-Premise vs. Hosted) Another way the availability of SaaS comes into play is based on its role as part of a hybrid implementation. Once again, the savings can be substantial. As illustrated below, compared to an all on-premise Web security solution, a hybrid approach yields a savings of 43 to 45 percent over a period of three years, depending on the size of the organization. 3 Hybrid Web Security Cost Comparisons TCO is slashed in other ways as well. Greater security effectiveness translates into fewer successful attacks and episodes of data loss that require costly remediation and recovery efforts to be undertaken. Because detection accuracy is improved, it also allows IT to take greater advantage of automation capabilities without having to worry about incorrectly preventing legitimate business activities. Finally, extensibility and broad compatibility with other infrastructure maximizes the useful service life of the solution while minimizing the need to invest in “supplementary” products. 6
  7. 7. UNIFIED CONTENT SECURITY IN PRACTICE • Enables innovation and growth without compromise. Organizations can fully leverage new communication, collaboration, and Web 2.0 tools without having to worry about associated threats or losing control over users and data. Because seamless, consistent coverage can cost effectively be established for any user operating in any location, mergers and acquisitions, geographic expansion, telecommuting, and mobility initiatives can also be pursued without concern for being able to protect and control content. • Ensures compliance with regulatory requirements. With enterprise-class DLP, comprehensive content security coverage for all users in all locations, and superior threat prevention capabilities, sensitive content can be discovered, monitored, controlled, and preserved more thoroughly than ever before.For users, a unified content security solution: • Enhances their computing experience. No matter where they are within or outside of a corporate office, users can be treated with the same, consistent set of policies and can operate in the same, consistent manner. Furthermore, the protection that is provided is essentially transparent (i.e., there’s nothing extra a user has to do to make it work). • Removes roadblocks to increased productivity. The ability to thoroughly account for both the dynamic Web and today’s equally dynamic threats means that users gain the freedom to find and take advantage of new sites, services, and tools that can help them get their jobs done more efficiently and effectively.Guidelines and Best Practices for Maximizing Potential Gains By this point it should be obvious that a unified content security solution truly has a lot to offer today’s organizations, particularly compared to legacy point product approaches. Fully realizing all the benefits, however, is not something that happens automatically. The general and DLP-specific guidelines and practices described in the following sections are intended to help organizations maximize their gains when making an investment in a unified content security solution.General GuidelinesAlthough each of the following items is fairly straightforward, overlooking any one of them can erode theeffectiveness of a unified content security implementation:Manage expectations appropriately. Just because a unified content security solution provides the bestprotection at the lowest TCO doesn’t mean it’s perfect. No security solution is capable of stopping everythreat or catching every potential loss of data. And neither is “set it and forget it” a reasonable expectation,especially in today’s dynamic environments. Accordingly, IT managers should be mindful not to oversell thesolution and to ensure that sufficient resources remain available both (a) to continue to develop and staffincident response processes, and (b) to continuously define, configure, audit, and refine associated policies.Extend appropriate use policies. With a unified content security solution opening the door for morewidespread use of Web 2.0 sites and services, it is important to let users know what they can and can’t do.This helps ensure they take advantage of available opportunities and minimizes frustration while providingan extra layer of security assurance. 7
  8. 8. UNIFIED CONTENT SECURITY IN PRACTICEDefine key processes in advance of deployment. Policy management andevent handling can be tricky because of the potential impacts to the business. Ameren Focuses on Flexibility toThis is why it is advantageous to clearly establish who will be making which Enable Employees While Staying Securedecisions and how business unit personnel will be involved at the outset. With 3,000 employees located in corporatePursue a phased implementation. This is not really about physical coverage, offices and another 6,000 spread acrosssince that can be achieved by supplementing a relatively small number of numerous field operations, Ameren Services is a regional utility company facing a familiarappliances with SaaS. Rather, it involves taking a reasonable approach in set of challenges: corporate and customerterms of logical and functional coverage, by first gaining visibility and then information must be protected, applicableproceeding progressively to refine policies and fix broken business policies that privacy and security regulations must beare uncovered. This is followed by increasingly exerting control (e.g., by blocking met, and protection must be provided against malware and other modern threatsmore), and taking greater advantage of automation capabilities (e.g., for event across a highly distributed computinghandling and response). environment — all while enabling the business.Find your organization’s balance point. Rarely is it appropriate to blockaccess to all Web 2.0 and social networking resources, or, conversely, to allow For Ameren, the Websense solution delivers the right balance of security and flexibilitywide open access to everything. Furthermore, every organization has a different required to meet these objectives . Fortolerance for risk, corporate culture, and availability of resources for example, Ameren employees can continueimplementing a content security strategy. Every organization, therefore, will be to use USB drives because Websense Data Security Suite empowers the IT departmentdifferent in terms of the investment it makes and the depth of control it attempts with the ability to control what data getsto exert. Finding the right balance requires careful negotiation between the IT on those drives in the first place . Likewise,department and the business units its solutions are intended to serve. because the Websense solution provides strong protection against associated risks,Lather, rinse, repeat. New content is being created and consumed all the time, Ameren is now considering allowing the usewhile the value of existing content often fluctuates over time. Add to this steady of personal Web-based email solutions and is also looking forward to becoming morechanges in user habits, technology, and hacker techniques and it becomes clear “open” when it comes to taking advantage ofthat it is inadvisable for a content security implementation to remain static. This social media and other Web 2 .0 services .is why policies and configuration settings should ideally be reviewed at least Strengths of the Websense solution thatquarterly, while available firmware updates for non-SaaS components should Chris Sawall, supervisor of informationbe made at least semiannually. A solution’s reporting capabilities and industry security and BCP at Ameren Services, citesthreat reports — such as the Websense 2010 Threat Report — are invaluable include its integrated policy framework; having a comprehensive, market-leadingresources for determining what adjustments need to be made. solution from a single vendor; powerful(Further) embrace SaaS. As discussed, some of the greatest cost savings reporting that allows IT to show individual business units what’s happening; andavailable to organizations stem from employing SaaS alone, or as part of excellent technical support . Sawall explains,hybrid implementation. It makes sense, therefore, for organizations to “Another intangible reason that we reallyprogressively take advantage of SaaS to a greater extent, particularly as picked Websense was that Websense wanted to be a partner with us. They didn’t just wantolder content security investments are retired. to sell us a product .”DLP-Specific GuidelinesCompared to Web and email security, DLP is a less mature discipline. Accordingly, these additionalDLP-specific guidelines are intended to help organizations avoid the tendency to make gaining controlover one’s data more difficult than it has to be.• When it comes to which data to control, start with obvious hot spots that are also easy to correct (e.g., outbound flows for major applications that process customer information). Establishing a handful of quick wins is a critical factor for longer term success.• Rather than risking analysis paralysis by trying to execute a formal DLP process — with comprehensive data classification, enterprise-wide risk assessment, process-by-process review, and documentation of all data flows — consider starting out by simply running DLP technology in monitor-only 8
  9. 9. UNIFIED CONTENT SECURITY IN PRACTICE mode to help identify broken business processes, misconfigurations, and other types of vulnerabilities.• At least initially, focus less on trying to get the horse back in barn and more on trying to “do things the right way” going forward. Removing data from locations where it shouldn’t be is a potentially challenging exercise with a questionable return — at least relative to other steps that can be taken, such as preventing more data from getting to those locations in the future.• Consistent with the previous guideline, consider taking steps to control data in motion before going after data in use and data at rest. The relative impact is often much greater — since (a) data in motion is typically data that is imminently departing the organization, (b) control can be established by focusing on relatively few aggregation points in the network, and (c) it inherently provides a measure of protection for data in use and data at rest as well. In addition, the same controls can also be used to help identify the points of origin of potentially misplaced data, thereby allowing more efficient, focused scans for data at rest or in use.• Consider initiating all DLP rules in monitor-only mode. Only after accuracy and effectiveness have been proven should new rules be put in enforcement mode. Preventing legitimate business transactions is a cardinal sin and can seriously erode future DLP efforts — not to mention IT’s broader security initiatives.ConclusionEffectively and affordably establishing the level of content protection needed to enable rather than restrictthe use of new communication, collaboration, and Web 2.0 tools requires a unified content security solution— one that features unified content analysis, a unified platform, and unified management. The WebsenseTRITON solution is the industry’s first and only solution that fully meets these requirements by combiningmarket-leading Web, email, and data loss prevention security technologies into one unified architecture. Thebenefits of this approach are extensive and include being able to provide significantly greaterprotection against modern threats, seamlessly achieve comprehensive coverage for today’s borderlessenterprises, and enable innovation and growth without compromise — all while slashing content securityTCO. However, not all of these benefits are accrued automatically. To ensure potential gains are maximized,organizations should consider embracing the best practice guidelines described herein. These includedefining key processes in advance of deployment, pursuing a phased implementation, and progressively tak-ing advantage of SaaS delivery options to a greater extent.To learn more about unified content security:1. Review part 1 of this series: The Need for Unified Content Security. This white paper provides a detailed explanation of the business and technological conditions driving the need for a unified content security solution.2. Review part 2 of this series: Unified Content Security Defined. This white paper provides a detailed explanation of the technical capabilities that define a unified content security solution.3. Visit www.websense.com1Received Association of Support Professionals 2010 “Best Web Support” award and achieved certification under the Service Capability & Performance SupportStandard in 2009.2 The Advantages of a Hosted Security Model, Osterman Research, July 2009.3 The Cost Benefits of a Hybrid Approach to Security, Osterman Research, February 2010. 9© 2011 Websense Inc. All rights reserved. Websense is a registered trademark of Websense, Inc. in the United States andcertain international markets. Websense has numerous other registered trademarks in the United States and internationally.All other trademarks are the property of their respective owners. 1.24.11