Cybercriminals continue to get more sophisticated and this has led to more successful luring of victims. San Diego-based Websense, Inc. is addressing this concern with its updated Triton defense version 7.8 that attempts to quell every stage of the targeted threat kill chain.
Shawn Pearson, vice president of global channels for Websense, says there are three main areas of advanced persistent threats or ATPs to concentrate efforts in on in order to mitigate risks.
The new Triton 7.8 has addressed this level of cyber sophistication by providing sandboxing for URL and email attacks. There are also new forensic reporting systems, threat monitoring and a proof of concept area that shows the value of the new defense.
Pearson added that today’s cyber-criminal is more than likely a part of a nation-state and has become very patient in his or her approach. For example, they will wait two years surveying a large defense contractor, trying to lure workers in by redirecting Web sites just to get at the data they are looking for.
Triton 7.8 has an expanded ThreatScope technology with inline sandboxing, malware isolation to data loss prevention, end-user phishing education, and new platform support for pervasive deployment.
“Typically with sandboxing someone will click on a malicious url or email and then someone else has to do something about it to mitigate the impact or make sure they are not identified someone? That may down all traffic or prevent them from getting at the data. We approach it by make it 100 per cent sure. We send it to a sandbox so no one will be hit with the same malicious code and it’s in real time. Then we decide if we should block it or let the user go with it. It validates verses someone having an issue and getting hacked into,” Pearson said.
Through Advanced Classification Engine or ACE Triton delivers real-time security ratings to all products. ACE’s eight assessment areas and composite scoring capabilities enable Triton to detect threats before it gets to the user. The predictive security engines can see developing trends and use contextual assessments to ensure accuracy and counter evasion techniques.
Websense customers also have access to the new i500 cloud-assist appliance to increase network traffic speed and control what traffic is sent to the cloud.