Websense Data Security Suite

The solution allows the client organizations to guarantee security of confidential information in the course of its storage, use and transfer. One of the most noticeable advantages of the software of Websense Data Security Suite is its close integration with the new gateway of security Websense Web Security Gateway. The combination of these two solutions will allow the enterprises to set comprehensive control over outgoing data.

Unlike traditional solutions which try to classify content by a key word and under-exploit other effective techniques, the products Websense apply the innovative technology of digital fingerprints of PreciseID to the solution of this task. This patent development provides the enhanced accuracy of detection of confidential data on any of endpoints and simplifies acceptance of effective measures on its protection. Websense Data Discover

Not always it is known what information is confidential, and where exactly it is located. The product Websense Data Discover provides network detection and classification of confidential data on computers of users, mobile computers, the file servers, etc. without installation of agents. Depending on the place of detection of confidential data different politicians can be applied. The product can be purchased as separately, and as a part of the integrated packet of Websense Data Security Suite.

Confidential data protection from deliberate and accidental information losses is one of the most important problems of business and IT of security which the set of the companies daily faces. The main component of this problem is that security and Information Security Service should protect confidential data of the company, despite pressure of regulatory and corporate compliances, pressure of clients and competitors.

The complex of prevention of information losses is a solution of the problem of data loss which provides complete awareness on a status and information, allowing the administrator to solve who can send what sort information where and as. Using agentless search tools (Discovery) which are based on technology of dactyloscopy of information, a complex of prevention of information losses automatically investigates workstations in network – including servers and final carriers and also data which are stored there. The solution of prevention of information losses is ahead of solutions which are used by a key word and templates. The product is equipped with technology of deep control of content (Deep Content Control™) for search of control and confidential data protection, including personal information identification (Personally Identifiable Information) and protection of intellectual property (IP), irrespective of types or file formats.

Detection

The solution of prevention of information losses contains function of data retrieval in network: in data warehouses, on shared resources (File shares) and also on any servers and final carriers. Arming with knowledge of storage location of data, the organization can identify violations business of processes, is effective adjust office-work and set politicians for confidential data protection.

The PreciseID technology is included in a complex of prevention of information losses and is third generation of technologies of dactyloscopy of data which costs far ahead of the technologies based on identifications on a key word, templates, and expressions. The PreciseID technology is capable to create dactyloscopic prints of all information types as the structured should it is dependent on type or the file format.

The complex of prevention of information losses Websense creates prints of databases and analyzes hundreds of megabytes in a minute. This difficult algorithm can define accessory of a credit card number to the client or the employee, permitting the organizations to implement politicians of data protection who are relevant only to the process defined business. Complex of prevention of information losses

Websense also covers a broad spectrum not of structured data, including financial information, sources of codes of application programs, business plans, and designs of products.

Monitoring

The complex of prevention of information losses Websense provides monitoring of the confidential data in real time which are on the server or on the final carrier, copied on USB or an optical disk, sent by mail, FTP,HTTP or printed. The complex of prevention of information losses Websense passively monitors the majority business of communications in both directions - both entering and outgoing, including a broad spectrum of protocols, such as mail, network the printer, FTP, HTTP and HTTPS and also instant - messaging (IM). Administrators using the centralized management console and the reporting can precisely identify data which are used and also where also by whom are transferred.

The complex of prevention of information losses Websense can protect data in use using preset the politician. Politicians can be set on automatic blocking, enciphering, notification or a quarantine.

The complex of prevention of information losses Websense has a possibility of data protection of SMTP and HTTP of traffic in the active (in-line) mode - the blocking mode. Politicians can be set on the strengthened management of information security automatically. It means that the product can automatically request data encryption from certain users, request authorization from owners of information on its use, etc.

Using technology of deep control Websense, administrators receive the high accuracy of identifications, spending less time for false operations. Websense Data Security Suite is integrated with Web Intelligence solutions for establishment the politician in the direction of content. For example, the administrator can block all connections c by the unreliable websites, to chats, and \or Web to the mail websites one click on the predetermined category, or after all to allow users access to these websites for the legitimate reason. The administrator can also create "black and white lists", objyavlyatspetsifichesky politicians for specific users or information. Websense Data Security Suite provides to the organizations the active solution of data protection easy in use with flexible configurations of work not protivostavlyayushchy need of data protection existing business requirements.

On the basis of the analysis of types of confidential data and functional duties of employees in a system user groups decide on the different rights to dissemination of confidential information in the organization and out of its limits.

For example, to the accountant responsible for interaction with auditors, the right to exchange certain confidential information, but only via the channel of corporate e-mail with the selected addressees of auditors can be granted.

Reaction of a system to violation of policy depends on the channel of leak and can be completely automatic or require intervention of the authorized employee.

Websense DSS supports the following reactions:

• Blocking – transfer is blocked and located in a quarantine (function of a quarantine is implemented only for e-mail).
• The notification – goes e-mail notification to the employee of service cybersecurity.
• The notification with the permission to release of the message – to the employee goes special e-mail notification about violation of policy of cybersecurity, the answer to which will unblock the message and lets out him from a quarantine.
• Enciphering (only e-mail) – the message is redirected on the ciphering gateway.
• Start of the program – is started the user program to which XML-data of an incident are transferred.

Here several possible scenarios for e-mail:

• Blocking of e-mail with control of service cybersecurity: all messages breaking policy are delayed and located in a quarantine. The employee of service cybersecurity analyzes incidents and can permit delivery of separate messages.
• Email delivery with confirmation of intentions: the message breaking policy is blocked; e-mail request on confirmation of intentions, the answer to which will unblock delivery, is sent to the sender.
• E-mail delay before authorization of delivery by the head: transfer of the message breaking policy is blocked; to the head of the sender go e-mail request to permission of delivery, the answer to which will unblock delivery.
• Enciphering of confidential information: all messages containing confidential information in open form are redirected on an external system of enciphering and go to receivers in encrypted form (is implemented by integration with external systems of enciphering).