Websense Data Security 7.7

Similar documents
ForeScout Extended Module for Symantec Endpoint Protection

ForeScout Extended Module for Tenable Vulnerability Management

Avanan for G Suite. Technical Overview. Copyright 2017 Avanan. All rights reserved.

Fingerprint - Database Fingerprinting

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

Copyright 2012 Trend Micro Incorporated. All rights reserved. Protected by U.S. Patent No. 7,516,130 and U.S. Patent No. 7,747,642.

: Administration of Symantec Endpoint Protection 14 Exam


Seqrite Endpoint Security

Microsoft Exchange Server 2007 Implementation and Maintenance

McAfee Network Data Loss Prevention Administration

Features - SRM Windows File System Agent

What s new in ProactiveWatch 2.0!

Tanium Connect User Guide. Version 4.8.3

Executive Summary SOLE SOURCE JUSTIFICATION. Microsoft Integration

IBM Security SiteProtector System User Guide for Security Analysts

Resolution: The DataChannel servlet no longer stops working, regardless of the state of the DataChannel extension.

Netwrix Auditor. Release Notes. Version: 9.6 6/15/2018

DiskPulse DISK CHANGE MONITOR

McAfee Data Loss Prevention Endpoint

IBM Security Access Manager Version 9.0 October Product overview IBM

DASH COPY GUIDE. Published On: 11/19/2013 V10 Service Pack 4A Page 1 of 31

ObserveIT 7.1 Release Notes

File Reputation Filtering and File Analysis

Technical Note. FortiMail Best Practices Version 3.0 MR4.

Netwrix Auditor Competitive Checklist

BlueCielo Meridian Enterprise Server Quick start for application administrators

Core Component Installation

MOVE AntiVirus page-level reference

McAfee Network Security Platform 8.3

TECHNICAL DESCRIPTION

HPE Storage Optimizer Software Version: 5.4. Best Practices Guide

CounterACT Check Point Threat Prevention Module

ForeScout CounterACT. Configuration Guide. Version 2.2

Extended Search Administration

1.0. Quest Enterprise Reporter Discovery Manager USER GUIDE

McAfee Data Loss Prevention Prevent 11.1.x Release Notes

CounterACT IOC Scanner Plugin

Don t just manage your documents. Mobilize them!

WatchGuard Dimension v2.0 Update 2 Release Notes. Introducing New Dimension Command. Build Number Revision Date 13 August 2015

Installation and Deployment Guide for HEAT Service Management

Informatica Developer Tips for Troubleshooting Common Issues PowerCenter 8 Standard Edition. Eugene Gonzalez Support Enablement Manager, Informatica

Managing Roaming User Data Deployment Guide Windows 2008

Hitachi Data Instance Manager Software Version Release Notes

ForeScout CounterACT. Resiliency Solutions. CounterACT Version 8.0

CounterACT VMware vsphere Plugin

Server Edition USER MANUAL. For Mac OS X

Dell FluidFS Version 6.0. FS8600 Appliance. Firmware Update Guide

Angelo Gentili Head of Business Development, EMEA Region, PartnerNET

Interface Reference. McAfee Application Control Windows Interface Reference Guide. Add Installer page. (McAfee epolicy Orchestrator)

Tanium Integrity Monitor User Guide

SonicWALL Security Software

Ivanti Patch for Windows Servers 9.3 Standard/Advanced Release Notes. Overview. Documentation

UNCLASSIFIED. Mimecast UK Archiving Service Description

ForeScout CounterACT Resiliency Solutions

provides several new features and enhancements, and resolves several issues reported by WatchGuard customers.

Annexure E Technical Bid Format

McAfee Network Security Platform

ForeScout Extended Module for Bromium Secure Platform

Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.2

Administering isupport

Managing Roaming User Data Deployment Guide Windows 2008 R2

McAfee VirusScan and McAfee epolicy Orchestrator Administration Course

SentinelOne Technical Brief

Installing SQL Server 2016 Cluster

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.1

What s New in Version 3.5 Table of Contents

Vendor: Citrix. Exam Code: 1Y Exam Name: Managing Citrix XenDesktop 7 Solutions Exam. Version: Demo

McAfee Application Control 6.2.0

AlienVault USM Appliance for Security Engineers 5 day course outline. Module 2: USM Appliance Basic Configuration and Verifying Operations

McAfee Data Loss Prevention 9.3.3

Symbols INDEX > 12-14

IBM Global Technology Services May IBM Internet Security Systems Proventia Management SiteProtector system version 2.0, SP 7.

OnCommand Unified Manager 6.1

McAfee Advanced Threat Defense 3.4.4

Symantec Endpoint Protection Integration Component User's Guide. Version 7.0

Configuring Cisco TelePresence Manager

Administering vrealize Log Insight. September 20, 2018 vrealize Log Insight 4.7

VMware Mirage Web Manager Guide

Desktop & Laptop Edition

Centerity Monitor 4.0. Administration Guide

Netwrix Auditor for Active Directory

1. Initial Setting and Installation of ActiveVisor... 1

IronSync File Synchronization Server. IronSync FILE SYNC SERVER. User Manual. Version 2.6. May Flexense Ltd.

Product overview. McAfee Web Protection Hybrid Integration Guide. Overview

NETVAULT BACKUP SYSTEM ADMINISTRATION COMPLETE - INSTRUCTOR LED TRAINING

Administration GUIDE. OnePass Agent for Exchange Mailbox. Published On: 11/19/2013 V10 Service Pack 4A Page 1 of 177

VMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway

Office and Express Print Release High Availability Setup Guide

CXS Citrix XenServer 6.0 Administration

ForeScout Extended Module for Palo Alto Networks Next Generation Firewall

Transport Gateway Installation / Registration / Configuration

70-414: Implementing an Advanced Server Infrastructure Course 01 - Creating the Virtualization Infrastructure

Installing Acronis Backup Advanced Edition

vsphere Update Manager Installation and Administration Guide 17 APR 2018 VMware vsphere 6.7 vsphere Update Manager 6.7

Monitoring SharePoint 2007/ 2010/ 2013 Server using EventTracker

Service Manager. Ops Console On-Premise User Guide

Deploying the hybrid solution

Agenda. Today s IT Challenges. Symantec s Collaborative Architecture. Symantec TM Endpoint Management Suite. Connecting Symantec Technologies Today

McAfee Web Gateway

Transcription:

Websense Data Security 7.7 New Features and Best Practices

Operating system support TRITON management server Windows 2008 R2 only Supplemental Data Security servers Same as v7.6 Windows 2003 R2 (32bit) Windows 2008 R2 Data Security agents Same as v7.6 Crawler Windows 2003 R2 32bit Windows 2008 R2 64bit Printer agent Windows 2003 (& R2) 32bit ISA\TMG Agent Windows 2003 (& R2) 32bit Windows 2008 R2 64bit SMTP Agent Windows 2003 (& R2) 32bit and 64bit (with no Policy Engine) 2

Upgrade The 7.7 upgrade is a simple installer-based upgrade (as opposed to the export/import process in 7.5 7.6) Servers Management server TRITON unified installer 7.6.x 7.7 If you re upgrading the OS, system backup and restore is needed. You can either 1) upgrade the system in place and backup the upgraded setup or 2) backup the current 7.6.x setup, restore it on the new OS, and upgrade it to 7.7. Data Security servers 7.6.x 7.7 Protector 7.6 7.7 Endpoints 7.6.x 7.7 Backward compatibility: Incidents are still reported to the 7.7 management server The entire endpoint profile can be switched to monitoring only mode (Settings Endpoint Settings Upgrade) 3

New features Fingerprint repository sync over disconnected networks High availability / failover Support SQL high-availability solution (cluster) Support management server failover Supervised machine learning Incident escalation improvements OCR capabilities Email-based incident workflow management Network communication ports consolidation Resource resolver optimizations for large user directories Cumulative DLP Proprietary Excel and Word 2007/2010 extractors LDAP attributes enhancements Incidents and reporting Policy creation Advanced Persistent Threat protection 4

FPR sync over disconnected networks FPR = fingerprint repository Feature request driven by customer requests (mostly government/military) Beneficial for customers who have 2 or more separate networks for example, internal and top secret where there s a need to protect top secret content on the internal network where there s no actual access to these files Introduces ability to export fingerprints created by a classifier on one manager and import them as a new classifier to another manager Requires 2 separate v7.7 management servers More detailed information can be found here: http://www.websense.com/content/support/library/data/v77/he lp/ch%2010-define%20content.13.55.aspx 5

FPR sync over disconnected networks

High availability / failover Active-Passive managers Based on backup\restore functionality Once restore is done, deploy settings routes all Data Security servers to the new manager 7

Supervised Machine Learning Introduces ability to learn the characteristics of a similar set of documents for example, financial documents of a specific company Unlike fingerprints, any new document that are created (financial documents in this example) are protected Positive and negative examples must be provided to train the classifier More detailed information is available here: http://www.websense.com/content/support/library/data/v77/he lp/mach_learning.aspx and here: http://www.websense.com/content/support/library/data/tips/m achine_learning/introduction%20to%20machine%20learning. pdf 8

Supervised Machine Learning

Supervised Machine Learning Positive Examples Negative Examples All Documents (optional)

Incident escalation improvements System variables and default text for the incident email escalation operation 11

Optical Character Recognition Added OCR capabilities for text extraction from images containing text (scanned documents, for example) Applies to network email, discovery, and Web channels only Can be installed only on secondary Windows Data Security servers Filter in the Policy Engine decides which images should go through OCR text extraction 12

Email-based incident workflow management Email notifications can now include actions (links in the notification message) that administrators can do without logging into the TRITON Console When an administrator clicks an action, a new message is opened with a workflow code This email is sent to a system mailbox Tomcat periodically checks for new action messages in the system mailbox and operates according to the workflow code POP3\IMAP is used Force release is still supported in the previous format 13

Network communication port consolidation Most ports are now in consecutive numbering (starting 17500 by default ending at 17515) You must configure your firewall to leave these ports open Added ability to configure the port s range beginning This can be done during installation Configuration can be done per Data Security server 14

Resource resolver improvements Improved support for large user directory imports Tested up to 400,000 objects Significant resource resolver database creation performance improvements Significant reduction in system resources utilization (CPU, memory, disk) during resource resolver database creation 15

Cumulative DLP policies Detection of data leaks over time (for example, 10 CCNs total from the same source in a 3-day time period) Feature existed in 7.6.x for specific rules, but is now available in the TRITON Console and can be configured for every rule 16

Proprietary Excel and Word extractors Improves mega breaches detection Applies to Microsoft Word and Excel 2007/2010 files larger than 1 MB Significant improvement in text extraction time over previous text extraction methods Existed in v7.6.3 as well but was disabled by default This means that this feature was already tested in production by some customers already with positive results 17

LDAP attributes improvements Ability to create LDAP query-based groups (populated during user directory import) 18

Advanced Persistent Threat A new threat protection feature was added to the Websense Data Security product The feature is based on a set of pre defined policies, ready to use in the Web DLP policies The feature is also available for use in WSG, this is built in the product and does not require DSS in addition

Best Practices Installation and Configuration 20

Installation and Configuration Avoid using the TRITON management server for running crawler tasks and being an endpoint server Use an off-box SQL server to reduce load on the management server Make sure Antivirus, Firewall and other security applications are configured to exclude TRITON files and processes Use the same user every time the installation package is run In the event of a problem during installation: Copy installation logs to safe location for future technical review Install logs are located in %temp% This temp folder is deleted during restart. Installation logs may help troubleshooting problems that arise later in the process. 21

Best Practices Policy Configuration 22

Policies configuration Optimize the policies used for best performance and reasonable incident in-flow Select policies by region Reduce a policy s number of incidents by: Fine-tuning thresholds Filtering by channel, source or destination Adding exceptions for rules Using cumulative DLP Prefer predefined policy templates over custom-defined policies Predefined policies use spheres and pipes which cannot be configured in user defined rules and policies. Prefer dictionaries over numerous key phrases Malicious Concealment policies may cause false positives and hamper performance and should be used with caution in production mode 23

Best Practices Fingerprinting 24

Unstructured fingerprints Maximum file system size tested: 15 TB Every X hashes increase processing time by Y Too many hashes can cause processing time to exceed timeout thresholds For optimal accuracy, there should be at least one paragraph of text in files to be fingerprinted Consider using machine learning Especially good for documents of same type. For example, contracts, financial statements, source code Machine Learning tasks provide an accuracy percentage. Use it to decide if the Machine Learning classifier should be used When using OCR, a different layout from the original document may cause a false negative 25

Structured fingerprints Maximum number of records tested: Network channels 12M records Endpoint channels 12M records (5 columns) On endpoint channels, use more than one column in the rule and increase the threshold for better accuracy Database fingerprinting classifiers with one row can support about 250 KB entries. Above that, the risk for false positives increases When a database is very large (more than 1 MB), consider using predefined policies instead of fingerprints for standard data (SSN s, CCN s names, etc.) When fingerprinting people s names, fingerprint first and last name as one column to avoid false positives Some field types are not supported: BLOBs (binary large objects) Dates Database proprietary fields 26

Best Practices Data Endpoint Agent 27

Data Endpoints Avoid using the TRITON management server as an endpoint server Each endpoint server supports around 15 KB endpoint clients Endpoint update check intervals affect the number of endpoints a server can handle For load balancing, 2 or more servers should be configured as primary Secondary servers are only accessed when all primary servers fail Avoid using file access and process monitoring rules File access and process monitoring have a considerable impact on the machine s overall performance Use these rules judiciously and apply selectively for applications that use channels that are not otherwise monitored for data leakage 28

Webinar Announcement Title: Upgrading a V-Series appliance to version 7.7 Date: October 24, 2012 Upcoming Webinar Time: 8:30 A.M. PDT (GMT -8) How to register: http://www.websense.com/content/ SupportWebinars.aspx 29

Customer Training Options To find Websense classes offered by Authorized Training Partners in your area, visit: http://www.websense.com/findaclass Websense Training Partners offer classes online and onsite at your location. For more information, please send email to: readiness@websense.com

Questions 31

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback