Websense Updates Malware Protections
Could the spear phishing attack against RSA last year have been prevented? Maybe if they had some of the tools available today. Unified web security and email security and data loss prevention specialist Websense (NASDAQ: WBSN) has announced 10 new advanced malware and data theft defenses including spear phishing protection with cloud sandboxing that could have prevented an attack like the one last year against RSA, according to Tom Clare, senior director of product marketing management at Websense. The update also includes a forensic reporting dashboard with in-depth security intelligence – think business intelligence meets security. Here’s a closer look.
“Most defenses that are provided tend to be forward facing,” Clare told MSPmentor. That means that they protect from the threat before the breach happens. But another important component of any security strategy is containment of the damage of a breach once it happens. Of Websense’s 10 new defenses, seven of them are outbound while three of them are inbound or forward facing.
Clare says Websense can, for instance, identify a non-standard cipher and combine that with its new Geolocation feature to detect encrypted data going to Eastern Block Countries.
In terms of spear phishing protection, the standard these days is for email to be scanned for links that lead to malicious sites. But what if the email is sent over the weekend and the malicious code is not uploaded to the site in question until Monday at 8 am? The cloud sandboxing feature in Websense’s spear phishing protection takes care of that, rescanning when the user clicks on the link.
Another growing threat comes during corporate presentations. Clare points out that when he presents during conferences the screens have a legal disclaimer about confidentiality. And yet there are people there pulling out their phones and photographing the slides.
“We can use the OCR capability to pull text out of images and apply that to data theft and data loss rules,” Clare said.
Other new defenses include the following:
Detection of criminal encrypted uploads, advanced malware payloads and command-and-control recognition;
Optical character recognition (OCR) of text within images for data-in-motion;
Drip (stateful) DLP detection;
Password file theft detection; and
Several of these are powered by Websense’s embedded enterprise DLP engine, part of the Websense TRITON architecture.
In addition to these new protections, Websense is introducing the TRITON Advanced Malware Threat dashboard. Which profiles security incidents, provides in-depth forensics and data theft capture. The tool lets Websense users know who was attacked, how the attacks function, where those communications were being sent and most importantly, what data was targeted.