By Cameron Sturdevant  |  Posted 2004-11-22 Print this article Print

In Websense Inc.s Websense Enterprise Version 5.5, the Internet access control vendor has effectively added real-time Internet attack protection to its list of dos and donts.

Websense Enterprise 5.5 was released last month. Although the real-time database updates, along with a mobile client for laptops, are new, the foundation of Websense Enterprise 5.5 has been around for some time.

Websense Enterprise 5.5 is priced starting at $15 per year per seat for Web and protocol filtering. Add-on modules—including Security PG (Premium Groups), Productivity PG, Bandwidth PG, Bandwidth Optimizer, Real-time Security Updates and IM (instant messaging) Attachment Manager—are each $5 per year per seat. The Websense Client Policy Manager desktop client is priced at $25 per year per seat.

IT managers who have used Websense products should consider an upgrade to the latest version as part of a defense-in-depth strategy.

A defense-in-depth scheme involves implementing security products at different points in the network and in applications that may or may not communicate with a central management console. Defense in depth is a new role for Websense, and our tests show that the product is quite effective at parlaying Internet access monitors into security controls.

The most interesting example is the way Websense Enterprise 5.5 interferes with phishing attacks. We installed Security PG on the test network, then accessed our e-mail system. Weve been getting a lot of eBay phish (e-mail that purports to be from eBay Inc. but is really an identity thief cruising for marks), so we attempted to go to the site to "update our account information."

Websense Enterprise 5.5 caught and blocked access to every phishing site that we attempted to visit during more than three days of testing. This is a good example of the defense-in-depth technique at work because even though the two anti-spam systems we use are good at filtering out most of the phish, some always make it through. That Websense Enterprise 5.5 was able to block access to the fraudulent Web sites significantly reduced our exposure.

New measures against phishing attacks may be gaining traction. Click here to read more. Websense Enterprise 5.5 competes closely with SurfControl plc.s family of Web Filter, E-Mail Filter and Instant Message Filter software packages. Both companies provide large databases of categorized URLs, along with a long list of third-party products with which they integrate to provide Internet access control.

We recommend that IT managers test the level of integration with Internet proxy servers, firewalls and other network infrastructure devices such as routers to see which is the best fit. Although we had no trouble getting Websense Enterprise 5.5 up and running in the lab, integration with our Microsoft Corp. ISA (Internet Security and Acceleration) Server required several hours of intricate work.

In addition, getting Websense Enterprise 5.5 fully integrated with our Microsoft Active Directory domain led to a finicky session with Microsoft Group Policy to change the log-on scripts so that Websense Enterprise 5.5 could identify machines as users logged in. Websense Enterprise 5.5 can also identify machines using a variety of directories, including Novell Inc.s eDirectory, and just by watching the network.

Technical Director Cameron Sturdevant can be reached at cameron_sturdevant@ziffdavis.com.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

Cameron Sturdevant Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at csturdevant@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel