Site icon IT World Canada

Websense zeros in on threat kill chain

Cybercriminals continue to get more sophisticated and this has led to more successful luring of victims. San Diego-based Websense, Inc. is addressing this concern with its updated Triton defense version 7.8 that attempts to quell every stage of the targeted threat kill chain.

Shawn Pearson, vice president of global channels for Websense, said there are three main areas of advanced persistent threats or ATPs that the security-focus solution provider needs to focus on that will mitigate risks for the customer along with enhance his or her own services leading to more up-sell opportunities.

The new Triton 7.8 has addressed this level of cyber sophistication by providing sandboxing for URL and email attacks. There are also new forensic reporting systems, threat monitoring and a proof of concept area that enables solution providers to show the value of the new defense.

Pearson added that today’s cybercriminal is more than likely a part of a nation-state and has become very patient in his or her approach. For example, they will wait two years surveying a large defense contractor, trying to lure workers in by redirecting Web sites just to get at the data they are looking for. Triton 7.8 has an expanded ThreatScope technology with inline sandboxing, malware isolation to data loss prevention, end-user phishing education and new platform support for pervasive deployment.

“Typically with sandboxing someone will click on a malicious url or email and then someone else has to do something about it to mitigate the impact or make sure they are not identified someone? That may down all traffic or prevent them from getting at the data. We approach it by make it 100 per cent sure. We send it to a sandbox so no one will be hit with the same malicious code and it’s in real time. Then we decide if we should block it or let the user go with it. It validates verses someone having an issue and getting hacked into,” Pearson said.

Through Advanced Classification Engine or ACE Triton delivers real-time security ratings to all products. ACE’s eight assessment areas and composite scoring capabilities enable Triton to detect threats before it gets to the user. The predictive security engines can see developing trends and use contextual assessments to ensure accuracy and counter evasion techniques.

The Triton 7.8 release has not led to any channel program changes. However, Pearson did say that the company has started to work on new areas of the program to bring in more profitability and marketing plans that deliver better return on investment for channel partners.

“We typically train internal resources with one set of content and then the partners with something that is slightly different. With this launch, we trained both at the same time and with the same content to get better alignment,” Pearson said.

Websense customers also have access to the new i500 cloud-assist appliance to increase network traffic speed and control what traffic is sent to the cloud.

 

Exit mobile version