Data Security Release Notes v7.6.3

Key features in this release

Version 7.6.3 of Websense Data Security focuses on a major new feature: email data loss prevention for mobile devices. In addition, v7.6.3 offers IBM Lotus Domino discovery and fingerprinting, numerous endpoint enhancements, reporting features, and more. Key features in v7.6.3 include:

• Data loss prevention for mobile devices
• IBM Lotus Domino fingerprinting and discovery
• Enhancements to endpoints
• Enhancements to reporting
• Support for Linux remediation scripts

To download this version, visit the Data Security Product Support page, and click Get Product in the Downloads and Hotfixes box.

Click View Complete Document for more.

Deployment and Installation Center

Upgrading Websense Software to v7.6.3

This section of the Websense Technical Library explains how to upgrade to the latest version of Websense software in the v7.6 series. For Web Security, Web Filter, and Email Security Gateway, the latest version is v7.6.2. For Data Security, it is v7.6.3.

- For Web Security and Web Filter, you can upgrade directly from v7.1.x, 7.5.x to v7.6.2. If you're running an earlier version of Web Security or Web Filter, you should upgrade to v7.1 and then upgrade to v7.6.x.

- For Data Security you must be at v7.6.0 or v7.6.2 before upgrading to v7.6.3. See Upgrading to Data Security 7.6.0 for information on upgrading Data Security from earlier versions, such as v7.1 or v7.5, to v7.6.0. 

- For Email Security Gateway you must be running v7.6.0 or v7.6.1 before upgrading to v7.6.2. See Email Security Gateway (V10000 G2) or Email Security Gateway (V5000 G2) for information on installing and deploying Email Security v7.6.0.

 

Considerations for upgrading to v7.6.3 and later:

- Unless instructed otherwise by Websense Technical Support, your system must be functional prior to upgrade. 

- For best practice, perform a backup of your system before performing an upgrade.

- The upgrade process guides you through upgrading all TRITON security modules that you have installed to the latest version. You cannot choose which modules to upgrade. Partial upgrades are not supported. 

- With the exception of the TRITON infrastructure, if one of the component's upgrade fails, you can continue to upgrade the rest of the components, or you can exit the process and modify component settings.

- You cannot continue if the infrastructure upgrade fails, and you cannot rollback a component that was upgraded successfully.

- After upgrade, your system has the same configuration as before the upgrade. The upgrade process does not allow you to change your configuration or settings. 

- The upgrade process guides you on the correct upgrade sequence across machines. Where critical, it verifies that the upgrade was performed in the correct order. 

Click View Complete Document for more.

Websense Data Security Deployment and Installation Materials

Upgrading to Data Security 7.6

Websense Data Security Suite 7.1 and Data Security 7.5 can be upgraded to Data Security 7.6. (Note: Data Security Suite was the former name of Websense Data Security prior to version 7.5.)

Important: When upgrading from Data Security Suite 7.1, only incident data and forensics are upgraded. 7.1 policies, profiles, and settings will not be available post-upgrade. See Upgrade Notes and Exceptions for more information.

See the following topics:

Preparing for upgrade of Data Security
Upgrading Data Security Management Server
Upgrading a supplemental Data Security server or standalone agents
Upgrading a Data Security Protector
pgrading Content Gateway with Data Security
Upgrading Data Security endpoints
Upgrade Notes and Exceptions

Click View Complete Document for more.

Web DLP Quick Start

Websense Data Security enables you to control how and where users upload or post sensitive data over HTTP or HTTPS connections. TRITON - Web Security is automatically configured to work with TRITON - Data Security. The Web Security module registers with the Data Security Management Server when you install it. A quick-start Web data loss prevention (DLP) policy is provided.You just need to configure it.

To get started with your Web DLP policy

1. Define user directories for Data Security users and other policy resources such as devices and networks. (See Configuring user directory server settings, page 2.)
2. Set up email properties for alerts (See.Setting up email properties, page 3.)
3. Select and enable the Web attributes to monitor—for example uploaded file type. Configure properties for those attributes. When the settings you configure are matched, the policy is triggered. See Configuring Web attributes, page 4 for instructions on completing the fields.
4. Specify specific Web sites where you do not want your data sent. See Selecting Web destinations, page 6 for instructions.
5. Identify an owner for the policy. See Defining policy owners, page 8 for instructions.
6. Deploy your settings. (See Deploying your settings, page 8.)

Click View Complete Document for more.

Email DLP Quick Start

TRITON - Email Security is automatically configured to work with TRITON - Data Security. The Email Security module registers with the Data Security Management Server when you install it, and Data Security policies are enabled by default in TRITON - Email Security.

A quick-start email data loss prevention (DLP) policy is provided.You just need to configure it.

To get started with your email DLP policy

1. Define user directories for Data Security users and other policy resources such as devices and networks. (See Configuring user directory server settings, page 2.)
2. Set up email properties for alerts (See Setting up email properties, page 3.)
3. Select and enable the attributes to monitor in outgoing email messages—for example message size or attachment type. Configure properties for those attributes. When the settings you configure are matched, the policy is triggered. (See Select the attributes to monitor for outbound and inbound email, page 4.)
4. Select and enable the attributes to monitor in inbound email messages—for example questionable images. Configure properties for those attributes.
5. Identify an owner or owners for the policy. See Defining policy owners, page 8 for instructions.

Click View Complete Document for more.

Deployment and Installation Center

Data Security

In this topic

Overview
Deployment
Installation
Initial configuration

Overview

This section of the Websense Technical Library contains information and instructions for installing Websense Data Security (Data Security). Data Security is a comprehensive data loss prevention (DLP) system that discovers, monitors, and protects your critical information holdings, whether that data is stored on your servers, currently in use or located in off-network endpoints. Data Security protects against data loss by quickly analyzing data and enforcing customized policies automatically, whether users are on the network or offline. Administrators manage who can send what information, where, and how. Data Security can also work as a part of Websense TRITON Enterprise to protect the whole of your enterprise. The basic components of Websense Data Security are:

The Data Security Management Server
Optional Data Security servers
The protector
Agents

Click View Complete Document for more.

Deployment and Installation Center

Planning Data Security Deployment

Before you begin setting up your data security system, it is important to analyze your existing resources and define how security should be implemented to optimally benefit your specific organization. Plan your deployment by:

1. Deciding what data to protect
2. Determining where your confidential data resides
3. Determining your information flow
4. Defining the business owners for the data
5. Deciding who will manage incidents
6. Planning access control
7. Analyzing network structure
8. Planning network resources
9. Planning a phased approach (monitor only, monitor and notify, or protect)

Click View Complete Document for more.

Deployment and Installation Center

Data Security

In this topic

Overview
Deployment
Installation
Initial configuration

Overview

This section of the Websense Technical Library contains information and instructions for installing Websense Data Security (Data Security). Data Security is a comprehensive data loss prevention (DLP) system that discovers, monitors, and protects your critical information holdings, whether that data is stored on your servers, currently in use or located in off-network endpoints. Data Security protects against data loss by quickly analyzing data and enforcing customized policies automatically, whether users are on the network or offline. Administrators manage who can send what information, where, and how. Data Security can also work as a part of Websense TRITON Enterprise to protect the whole of your enterprise. The basic components of Websense Data Security are:

The Data Security Management Server
Optional Data Security servers
The protector
Agents

Click View Complete Document for more.

Deployment and Installation Center

Choosing and Deploying Data Security Agents

Websense Data Security monitors and protects data by using a series of agents that are deployed according to your organization's needs.

These agents are installed on the relevant servers (ISA agent on the ISA server, printer agent on the print server, etc.) to enable Data Security to access the data necessary to analyze the traffic from these servers. Agents, such as the Data Endpoint, enable administrators to analyze content within a user's working environment (PC, laptop, etc.) and block or monitor policy breaches.

This chapter is designed to help you decide which agents to deploy and to instruct you on how to deploy them.

Below is a summary of the Data Security agents.

Protector - The protector is a standard part of Websense Data Security deployments. It is a soft appliance with a policy engine and a fingerprint repository, and it supports analysis of SMTP, HTTP, HTTPS, FTP, plain text, and IM traffic (chat and file transfer). The protector is also an integration point for third-party solutions that support ICAP (when Websense Content Gateway is not used for this purpose). Note: For HTTPS traffic, the protector works with a Web proxy such as Websense Content Gateway. See Protector for more information.

SMTP agent - SMTP is the protocol used for sending email to recipients outside the organization. The SMTP agent monitors SMTP traffic. It receives all outbound email from the mail server and forwards it to the Data Security policy engine. It then receives the analyzed email back from the policy engine, and blocks or forwards it to the mail gateway as directed See SMTP agent for more information.

Click View Complete Document for more.

Deployment and Installation Center

Integrating Data Security with Existing Infrastructure

Websense Data Security is an integral piece of your network architecture, and can be combined with your existing systems to ensure seamless Web and email protection. See the following for information about integrating Websense Data Security with existing systems.

Working with existing email infrastructure
Working with Web proxies
Working with shared drives
Working with user directory servers

Click View Complete Document for more.

TRITON - Data Security Help

Scaling Data Security

As your network (and the security needs of your network) grows, Websense Data Security can grow with it. Our software is architected for scalability, even for networks with massive traffic and complex topologies. The sections below address network growth issues such as recognizing when system loads demand system expansion, single and multi-site configuration and how to deal with the growth of the various information repositories.

When does your system need to grow?

Adding modules to your deployment

Click View Complete Document for more.

Deployment and Installation Center

Data Security Protector CLI

Overview

A command-line interpreter (also known as a command-line shell) is a computer program that reads lines of text entered by a user and interprets them in the context of a given operating system or programming language.

Command-line interpreters allow users to issue various commands in a very efficient way. This requires the user to know the names of the commands and their parameters, and the syntax of the language that is interpreted.

This chapter describes the command line interpreter (CLI) for the Linux-based Data Security Protector.

The CLI can be used after initial installation to modify the settings configured by the wizard as well as configure other protector parameters. Log in using the admin or root user (other users can also be defined). Note that admin users are limited and not all Linux shell commands are available to them.

Accessing the CLI

Access the CLI through a direct terminal or via a serial port console.

If using a serial port console, configure your terminal application, such as HyperTerminal or TeraTerm, as follows:

19200 baud, 8 data bits, no parity, 1 stop bit, no flow control.

In addition, the protector allows access via SSH connection.

Connect to port 22 with the SSH tool of your choice and use the credentials you set to access the protector CLI. It is impossible to access the protector using SSH before running the wizard for the first time, as it has irrelevant default network settings.

Click View Complete Document for more.

Web Security Gateway Anywhere Getting Started Guide v7.5 

Preparing for Web DLP

One of the key features of Websense Web Security Gateway Anywhere is that it includes Websense data security technologies to prevent data loss over the Web.

This means that you can protect whatever data you deem vital from leaving your organization by the Web—this includes HTTP, HTTPS, FTP, and FTP-over-HTTP.

For example, you may want to prevent employees from sending customer information to an FTP site where it can be retrieved by unauthorized users. Or you may be required to prevent social security numbers or credit card numbers from moving around your enterprise, even over secure HTTP. (Data compliance is a growing concern among enterprises across industries.)

Websense Web Security Gateway Anywhere provides such data loss prevention (DLP) capabilities. Depending on your needs, you can monitor or block the unwanted transmission of vital data, and you can send notifications and alerts when policy breaches occur.

In addition, you can create DLP policies that base rules on URL categories. For example, in TRITON - Data Security, you can define a rule that credit card numbers cannot be posted to known fraud sites.

Click View Complete Document for more.

Web Security Gateway Anywhere Getting Started Guide v7.5

Registering with the Data Security Management Server

1. Ensure that Content Gateway and Data Security Management Server systems are running and accessible, and that their system clocks are approximately synchronized.
2. Ensure the Content Gateway machine has a fully qualified domain name (FQDN) that is unique in your network. Host name alone is not sufficient.
3. If Content Gateway is deployed as a transparent proxy, ensure that traffic to and from the communication interface ("C" on a V-Series appliance) is not subject to transparent routing. If it is, the registration process will be intercepted by the transparent routing and will not complete properly.
4. Make sure that the IPv4 address of the eth0 NIC on the Content Gateway machine is available (not required if Content Gateway is located on a V-Series appliance). eth0 is the NIC used by the Data Security Management Server during the registration process.
5. After registration, the IP address can move to another network interface on the same machine; however, that IP address is used for configuration deployment and must be available as long as the 2 modules are registered.
6. From the Content Gateway Manager, select Configure　> Basic　> General.

Click View Complete Document for more.

Deployment and Installation Guide v7.5.3

Overview

Welcome to Websense Data Security. Data Security is a comprehensive data loss prevention (DLP) system that discovers, monitors, and protects your critical information holdings, whether that data is stored on your servers, currently in use or located in off-network endpoints. Websense Data Security protects against data loss by quickly analyzing data and enforcing customizable policies automatically, whether users are on the network or offline. Administrators manage who can send what information, where, and how. Data Security can also work as a part of a larger Essential Information Protection (EIP) solution to protect the whole of your enterprise.

This guide provides clear, step-by-step processes to assess the data security levels you’ll need, where to apply them, and how to deploy and integrate relevant system components. Once the system is deployed, the TRITON - Data Security Help system supplies assistance in configuring and managing the system.

Protecting essential information is complicated, but our attention is directed to making it easier. Websense Data Security is a robust system that provides unparalleled visibility into communications, compliance auditing, and the risk of data loss—and the powerful means to prevent that loss. You can control the secure use of your data, and the information in this guide arms you with the knowledge and practical application of secure and manageable data protection.

Click View Complete Document for more.

Installation Organizers

Websense Web Security Gateway Anywhere v7.5

An installation organizer is a checklist to help you gather hardware, network, and deployment information necessary to install a product. This document contains several organizers to help you prepare to install and configure Websense Web Security Gateway Anywhere, version 7.5.

The following organizers are included in this document:

1. V-Series Appliance

2. Web Security or Web Filter

3. Content Gateway

4. Data Security

Web Security Gateway Anywhere can be deployed based on a V-Series appliance (filtering and proxy functions provided by an appliance) or based on software (all components installed as software across networked machines). If you have an appliance, complete organizers 1 and 4. If you are installing Web Security Gateway Anywhere as software, complete organizers 2-4.

Data Security

Data Security Management Server provides the Web DLP functions of Web Security Gateway Anywhere. It is typically installed on its own machine. Complete the following forms to prepare for your Data Security installation.

Click View Complete Document for more.

TRITON - Data Security Help

Policies Overview

Once you have installed Websense Data Security software and configured system settings, the next step is to create a policy.

Data Loss Prevention (DLP) policies enable you to monitor and control the flow of sensitive data throughout your organization. Depending on your Data Security configuration, you can set up policies to monitor information sent via email and over HTTP and HTTPS channels, and ensure all communications are in line with regulations and compliance laws as required. You can also monitor email being sent to users' mobile devices.

There are 5 kinds of DLP policies:

- Email policy. You can enable a single email DLP policy that contains all attributes you wish to monitor in inbound and outbound messages. For each attribute (for example, the appearance of a defined key phrase), you define whether to permit or quarantine the message, and whether a notification should be sent. For more information, refer to Configuring the Email Data Loss Prevention Policy.

- Web policy. You can enable a single Web DLP policy that contains all attributes you wish to monitor in HTTP, HTTP, and FTP channels, and also specify Web sites to which sensitive data cannot be sent. For more information, refer to Configuring the Web Data Loss Prevention Policy.

- Mobile policy. You can enable a single mobile DLP policy that contains all attributes you wish to monitor in email being sent to users' mobile devices. For each attribute (for example, the appearance of a defined key phrase), you define whether to permit or quarantine the message, and whether a notification should be sent. For more information, refer to Configuring the Mobile Data Loss Prevention Policy.

- Regulatory and compliance policy. Websense Data Security comes with a rich set of predefined policies that cover the data requirements for a variety of regulatory agencies (such as GLBA, HIPAA, and Sarbanes-Oxley) all over the globe. For each policy, there is a template that was composed in accordance to specific regulations or acts. The template is an XML document that defines policy content. 

For more information, refer to Creating DLP Policies for Regulatory & Compliance. To create your first regulatory and compliance policy, refer to Viewing policies.

- Custom policy. Once you've had an opportunity to run your regulatory policies for a while and monitor the results, you might want to create custom policies. For more information, refer to Creating Custom DLP Policies.

 

Click View Complete Document for more.

TRITON - Data Security Help v7.6.2

Policies Overview

Once you have installed Websense Data Security software and configured system settings, the next step is to create a policy. Data Loss Prevention (DLP) policies enable you to monitor and control the flow of sensitive data throughout your organization. Depending on your Data Security configuration, you can set up policies to monitor information sent via email and over HTTP and HTTPS channels, and ensure all communications are in line with regulations and compliance laws as required. There are 4 kinds of DLP policies:

- Email policy. You can enable a single email policy that contains all attributes you wish to monitor in inbound and outbound messages. For each attribute (for example, the appearance of a defined key phrase), you define whether to permit or quarantine the message, and whether a notification should be sent. 

- Web policy. You can enable a single Web policy that contains all attributes you wish to monitor in HTTP, HTTP, and FTP channels, and also specify Web sites to which sensitive data cannot be sent. 

- Regulatory and compliance policy. Websense Data Security comes with a rich set of predefined policies that cover the data requirements for a variety of regulatory agencies (such as GLBA, HIPAA, and Sarbanes-Oxley) all over the globe. For each policy, there is a template that was composed in accordance to specific regulations or acts. The template is an XML document that defines policy content.

- Custom policy. Once you’ve had an opportunity to run your regulatory policies for a while and monitor the results, you might want to create custom policies. 

Click View Complete Document for more.

TRITON - Data Security Help v7.6

Policies Overview

Once you have installed Websense Data Security software and configured system settings, the next step is to create a policy. Data Loss Prevention (DLP) policies enable you to monitor and control the flow of sensitive data throughout your organization. Depending on your Data Security configuration, you can set up policies to monitor information sent via email and over HTTP and HTTPS channels, and ensure all communications are in line with regulations and compliance laws as required. There are 4 kinds of DLP policies:

- Email policy. You can enable a single email policy that contains all attributes you wish to monitor in inbound and outbound messages. For each attribute (for example, the appearance of a defined key phrase), you define whether to permit or quarantine the message, and whether a notification should be sent. 

- Web policy. You can enable a single Web policy that contains all attributes you wish to monitor in HTTP, HTTP, and FTP channels, and also specify Web sites to which sensitive data cannot be sent. 

- Regulatory and compliance policy. Websense Data Security comes with a rich set of predefined policies that cover the data requirements for a variety of regulatory agencies (such as GLBA, HIPAA, and Sarbanes-Oxley) all over the globe. For each policy, there is a template that was composed in accordance to specific regulations or acts. The template is an XML document that defines policy content.

- Custom policy. Once you’ve had an opportunity to run your regulatory policies for a while and monitor the results, you might want to create custom policies. 

Click View Complete Document for more.

TRITON - Data Security Help v7.6

What's in a policy?

In Websense Data Security, policies contain rules, exceptions, conditions (defined by content classifiers), and resources. This is true of predefined and custom policies.

These components are the building blocks of a policy. When you create a policy from a policy template, it already contains rules, exceptions, classifiers, sources, destinations, and actions. When you create a policy from scratch, wizards prompt you for such information. Discovery policies also contain discovery tasks. These describe where to perform the discovery. On networks, this may include a file system, SharePoint directory, database or Outlook PST file. If you’re performing endpoint discovery, it includes the exact computers to scan.

Click View Complete Document for more.

TRITON - Data Security Help v7.6

Viewing policies

Select Main > Policy Management > DLP Policies or Discovery Policies, then click Manage Policies to view a list of policies that have been defined for your organization.

Policies appear in a tree-view structure in alphabetical order under their assigned level, if any. You can add policies any time. Each policy consists of a set of rules and a possible set of exceptions.

The branches in the tree can be expanded to display the items relevant to that component. Under levels, there are policies. Under policies, there are rules. And under rules, there are exceptions. To expand a branch, click the plus sign (+) next to the desired component. To collapse a branch, click the minus sign (-) next to the desired component.

Select a policy, rule, or exception to view descriptive information about it in the Details pane. A policy description and a description of the rules that the policy contains display. Scroll down to view all the information that is available. Click Advanced to see what the sources and destinations are.

When you select a rule, the right pane displays a description, the condition, and exceptions.

And when you select an exception, it displays a description, the condition, and the action.

Click View Complete Document for more.

 

TRITON - Data Security Help v7.6

Configuring the Email DLP Policy

Websense Data Security enables you to control how sensitive data moves through your organization via email. Depending on your deployment, you can protect outbound, inbound, or internal email from data loss, or all three. To monitor email for sensitive data, you must have either the TRITON - Email Security module, the SMTP agent, or the Data Security protector. Note that the email DLP policy applies to network channels only. To monitor email on endpoint machines, such as laptops that are off-network, create a custom policy.

Click View Complete Document for more.

TRITON - Data Security Help v7.6

Configuring the Web DLP Policy

Websense Data Security lets you to control how and where users upload or post sensitive data over HTTP or HTTPS connections. To monitor HTTP and HTTPS channels for sensitive data, you must have either the TRITON Web Security module, the Data Security protector, or the ISA agent (which supports Forefront TMG). Note that the Web DLP policy applies to network channels only. To monitor HTTP/HTTPS on endpoint machines, such as laptops that are off-network, create a custom policy.

Click View Complete Document for more.

TRITON - Data Security Help v7.6

Creating Regulatory and Compliance Policies

Websense Data Security comes with a rich set of predefined policies that cover the data requirements for a variety of regulatory agencies (such as GLBA, HIPAA, and Sarbanes-Oxley) all over the globe. For each policy, there is a template that was composed in accordance to specific regulations or acts. You can use the predefined policies as applicable for your industry and region, or you can refine the policies to meet your needs.

Click View Complete Document for more.

TRITON - Data Security Help v7.6

Creating Custom Policies

To create a custom policy, do the following: 1. From the Main tab, select Policy Management > DLP Policies > Create Custom Policy if you want to create a policy to govern data in motion across your network or on endpoint machines.

Click View Complete Document for more.

TRITON - Data Security Help v7.5.3

What is a policy?

In Websense Data Security, policies contain rules, exceptions, conditions (defined by content classifiers), and resources. This is true of predefined and custom policies.

These components are the building blocks of a policy. When you create a policy from a policy template, it contains rules, exceptions, classifiers, sources, destinations, and actions already. When you create a policy from scratch, wizards prompt you for such information.

Data discovery policies also contain data discovery tasks. These describe where to perform the discovery. On networks, this may include a file system, SharePoint directory, database, or Exchange server. If you’re performing endpoint discovery, it includes the exact computers to scan.

Click View Complete Document for more.

TRITON - Data Security Help

PreciseID fingerprinting

One of the ways that you can classify data in your organization is by “fingerprinting” it using the Websense patented PreciseID™ technology. (Other ways include identifying key phrases, regular expression patterns, dictionaries, or file types. See Classifying Content.)

The power of PreciseID techniques is its ability to detect sensitive information despite manipulation, reformatting, or other modification. Fingerprints enable the protection of whole or partial documents, antecedents, and derivative versions of the protected information, as well as snippets of the protected information whether cut and pasted or retyped.

PreciseID technology can fingerprint 2 types of data: structured and unstructured.

Structured fingerprinting defines what tables and what data inside the table should be fingerprinted. (To set this up, select Main > Policy Management > Content Classifiers > Database Fingerprinting.)

Unstructured fingerprinting defines files and folders that should be fingerprinted. (To set this up, select Main > Policy Management > Content Classifiers > File Fingerprinting.)

These classifiers not only define what to fingerprint, but when and how often to run the fingerprinting scan. That way, if files or data change after fingerprinting, Data Security stays up to date.

Click View Complete Document for more.

TRITON - Data Security Help

PreciseID fingerprinting

One of the ways that you can classify data in your organization is by “fingerprinting” it using the Websense patented PreciseID™ technology. (Other ways include identifying key phrases, regular expression patterns, dictionaries, or file types. See Classifying Content.)

The power of PreciseID techniques is its ability to detect sensitive information despite manipulation, reformatting, or other modification. Fingerprints enable the protection of whole or partial documents, antecedents, and derivative versions of the protected information, as well as snippets of the protected information whether cut and pasted or retyped.

PreciseID technology can fingerprint 2 types of data: structured and unstructured.

Structured fingerprinting defines what tables and what data inside the table should be fingerprinted. (To set this up, select Main > Policy Management > Content Classifiers > Database Fingerprinting.)

Unstructured fingerprinting defines files and folders that should be fingerprinted. (To set this up, select Main > Policy Management > Content Classifiers > File Fingerprinting.)

These classifiers not only define what to fingerprint, but when and how often to run the fingerprinting scan. That way, if files or data change after fingerprinting, Data Security stays up to date.

Click View Complete Document for more.

TRITON - Data Security Help

PreciseID fingerprinting

One of the ways that you can classify data in your organization is by “fingerprinting” it using the Websense patented PreciseID™ technology. (Other ways include identifying key phrases, regular expression patterns, dictionaries, or file types. See Classifying Content.)

The power of PreciseID techniques is its ability to detect sensitive information despite manipulation, reformatting, or other modification. Fingerprints enable the protection of whole or partial documents, antecedents, and derivative versions of the protected information, as well as snippets of the protected information whether cut and pasted or retyped.

PreciseID technology can fingerprint 2 types of data: structured and unstructured.

Structured fingerprinting defines what tables and what data inside the table should be fingerprinted. (To set this up, select Main > Policy Management > Content Classifiers > Database Fingerprinting.)

Unstructured fingerprinting defines files and folders that should be fingerprinted. (To set this up, select Main > Policy Management > Content Classifiers > File Fingerprinting.)

These classifiers not only define what to fingerprint, but when and how often to run the fingerprinting scan. That way, if files or data change after fingerprinting, Data Security stays up to date.

Click View Complete Document for more.

TRITON - Data Security Help

File fingerprinting

The presence of content intended for external recipients may indicate that classified information is being distributed via email and/or attachments. Websense Data Security enables you to block the distribution of this information by fingerprinting files and directories and scanning data in motion for those fingerprints.

Websense Data Security can protect SharePoint directories as well as any network file system or file shares.

To view or manage a PreciseID file or directory fingerprinting classifier:

1. Click Main > Policy Management > Content Classifiers.
2. Select Fingerprints > File Fingerprinting. A fingerprint list appears. You can expand the right pane to view more details, such as last run time and next run time, or you can collapse it to show fewer. Click the links in the details pane to learn more about the fingerprinted files and folders. (See Details pane for a description of the details pane.) You can also start, stop, or pause a fingerprinting task using buttons on the toolbar.
3. To create a fingerprinting classifier click New > File System Fingerprinting or New > SharePoint Fingerprinting from the menu bar. A wizard opens. There are 6 pages in the wizard:

Click View Complete Document for more.

TRITON - Data Security Help

Database fingerprinting

Websense Data Security lets you quickly connect to a database, retrieve records, and fingerprint them. Websense Data Security uses PreciseID technology to detect exact fields from a protected database. For example, PreciseID can detect the first name, last name, and Social Security number occurring together in a message and corresponding to a specific record from the customer database.

Websense Data Security can also fingerprint a salesforce.com database that is hosted “in the cloud.”

In addition, Websense Data Security enables you to quickly import and fingerprint CSV files (UTF-8 encoded) that contain records.

You can also create a condition that combines record fingerprints and dictionary matches. A dictionary typically contains unique words or codes that are of classified nature, such as “Platinum,” “Gold,” “Silver,” and “Bronze.”

The presence of data and/or unique words or codes in content intended for external recipients may indicate that classified information is being distributed via email and/or attachments. Websense Data Security enables you to block the distribution of this information by defining database record fingerprints.

Click View Complete Document for more.

TRITON - Data Security Help

Connecting to data sources

In order to fingerprint a database, the Data Security server must be able to connect to the data source over a supported interface. Websense Data Security supports the following database connection interfaces:

--Open Database Connectivity (ODBC)—Websense has certified support for the following ODBC-compliant databases:
    - Oracle 10g (ODBC driver 10.1.0.2.0) 
    - Microsoft SQL Server 2000, 2005, and 2008 (SQL Server 2008 ODBC driver) 
    - Microsoft SQL Server Express (SQL Server Express ODBC driver) 
    - IBM DB2 9.5 (ODBC driver 8.2.9) 
    - IBM Informix Dynamic Server 11.50 (IBM Informix ODBC driver 3.50) 
    - MySQL 5.1 (ODBC driver 5.1.5) Due to MySQL limitations, you must define
      “string” columns with UTF-8 encoding to fingerprint them. 
    - Sybase ASE 15.0 (Sybase ODBC driver 15.0.0.152) 
    - Salesforce.com
--CSV files (UNC path needs to be specified. For example, \\server\share\path_to_file.csv)

You can define flexible content policies for each data source. In each policy, you can configure detection rules by combining columns and indicating match thresholds.

Click View Complete Document for more.

TRITON - Data Security Help

Preparing for fingerprinting

Before creating a database fingerprinting classifier, there are several steps you can take to streamline the process and optimize your results. This includes:

1. Creating a Data Source Name (DSN) in Windows
2. Creating a validation script
3. Selecting the data to fingerprint

Click View Complete Document for more.

TRITON - Data Security Help v7.5

PreciseID Fingerprinting

* Structured fingerprinting defines what tables and what data inside the table should be fingerprinted. (To set this up, select Main > Policy Management > Content Classifiers > PreciseID Fingerprinting - Database Records.) * Unstructured fingerprinting defines files and folders that should be fingerprinted. (To set this up, select PreciseID Fingerprinting - Files & Directories.)

Click View Complete Document for more.

TRITON - Data Security Help

Creating Discovery Policies

Note: This chapter applies only to customers with Websense Data Discover. It does not apply to those with Websense Web Security Gateway Anywhere.

Discovery is the act of determining where sensitive content is located in your enterprise. A discovery policy might say, for instance: every Sunday, scan all the computers in the network looking for financial documents containing the keyword “Confidential”. Log what is discovered and send a notification to the Finance manager.

If you want to monitor what is done with those financial records or stop them from leaving the building, you need to create a network or endpoint policy.

Discovery enables you to find data at rest on your network and identify the endpoint machines that represent the greatest risk. This allows you to prioritize actions taken on the files and machines.

Performing discovery is comprised of 2 basic steps:

1. Creating a discovery policy
2. Scheduling Discovery Tasks

Structurally, discovery policies are the same as data loss prevention policies. Both are comprised of rules, exceptions, content classifiers, and resources. Rather than specifying destination channels to scan such as FTP, SMTP, and printers, however, you create a discovery task that describes where and when to perform the discovery, including specific network and endpoint computers to scan. On networks, this may include a file system, SharePoint directory, database, or Outlook PST file.

Click View Complete Document for more.

TRITON - Data Security Help

Creating Discovery Policies

Note: This chapter applies only to customers with Websense Data Discover. It does not apply to those with Websense Web Security Gateway Anywhere.

Discovery is the act of determining where sensitive content is located in your enterprise. A discovery policy might say, for instance: every Sunday, scan all the computers in the network looking for financial documents containing the keyword “Confidential”. Log what is discovered and send a notification to the Finance manager.

If you want to monitor what is done with those financial records or stop them from leaving the building, you need to create a network or endpoint policy.

Discovery enables you to find data at rest on your network and identify the endpoint machines that represent the greatest risk. This allows you to prioritize actions taken on the files and machines.

Performing discovery is comprised of 2 basic steps:

1. Creating a discovery policy
2. Scheduling Discovery Tasks

Structurally, discovery policies are the same as data loss prevention policies. Both are comprised of rules, exceptions, content classifiers, and resources. Rather than specifying destination channels to scan such as FTP, SMTP, and printers, however, you create a discovery task that describes where and when to perform the discovery, including specific network and endpoint computers to scan. On networks, this may include a file system, SharePoint directory, database, or Outlook PST file.

Click View Complete Document for more.

TRITON - Data Security Help

Creating Discovery Policies

Note: This chapter applies only to customers with Websense Data Discover. It does not apply to those with Websense Web Security Gateway Anywhere.

Discovery is the act of determining where sensitive content is located in your enterprise. A discovery policy might say, for instance: every Sunday, scan all the computers in the network looking for financial documents containing the keyword “Confidential”. Log what is discovered and send a notification to the Finance manager.

If you want to monitor what is done with those financial records or stop them from leaving the building, you need to create a network or endpoint policy.

Discovery enables you to find data at rest on your network and identify the endpoint machines that represent the greatest risk. This allows you to prioritize actions taken on the files and machines.

Performing discovery is comprised of 2 basic steps:

1. Creating a discovery policy
2. Scheduling Discovery Tasks

Structurally, discovery policies are the same as data loss prevention policies. Both are comprised of rules, exceptions, content classifiers, and resources. Rather than specifying destination channels to scan such as FTP, SMTP, and printers, however, you create a discovery task that describes where and when to perform the discovery, including specific network and endpoint computers to scan. On networks, this may include a file system, SharePoint directory, database, or Outlook PST file.

Click View Complete Document for more.

TRITON - Data Security Help

Performing endpoint discovery

To perform discovery on endpoint systems:

1. Create a discovery policy. (See Creating a discovery policy for instructions.)
2. Select Main > Policy Management > Discovery Policies.
3. Under Endpoint Discovery Tasks, select Add endpoint task.
4. Complete the fields on the screen and click Next to proceed through a wizard. For details on each screen, see the sections below:
   a. Endpoint Discovery Task Wizard - General
   b. Endpoint Discovery Task Wizard - Endpoints
   c. Endpoint Discovery Task Wizard - Scheduler
   d. Endpoint Discovery Task Wizard - Policies
   e. Endpoint Discovery Task Wizard - File Filtering
   f. Endpoint Discovery Task Wizard - Advanced
   g. Endpoint Discovery Task Wizard - Finish
5. Deploy your changes by clicking Yes when prompted.
6. Discovery will take place at the time and day you scheduled in step 5c.
7. To view and respond to discovery results, click Main > Reporting > Discovery. See Viewing the incident list for information on reading these screens.

Click View Complete Document for more.

TRITON - Data Security Help

Performing Outlook PST discovery

PST files are Microsoft Outlook files that contain all the mail users get as well as all their contacts, calendar meetings, tasks, etc. PST files can contain data for more than 1 user.

To perform discovery on email on Outlook PST data files:

1. Create a discovery policy. (See Creating a discovery policy for instructions.)
2. Select Main > Policy Management > Discovery Policies.
3. Under Network Discovery Tasks, select Add network task > Outlook PST Task from the drop-down list.
4. Complete the fields on the screen and click Next to proceed through a wizard. For details on each screen, see the sections below:
   a. Outlook Discovery Task Wizard - General
   b. Outlook Discovery Task Wizard - Scanned Folder
   c. Outlook Discovery Task Wizard - Scheduler
   d. Outlook Task Discovery Wizard - Policies
   e. Outlook Discovery Task Wizard - Filtering
   f.  Outlook Discovery Task Wizard - Advanced
   g. Outlook Discovery Task Wizard - Finish
5. Deploy your changes by clicking Yes when prompted.
6. Discovery will take place at the time and day you scheduled in step 5c. To start it immediately, click Start. A message indicates when the scan finishes.
7. To view and respond to discovery results, click Main > Reporting > Discovery. See Viewing the incident list for information on reading these screens.

Click View Complete Document for more.

TRITON - Data Security Help

Performing Exchange discovery

To perform discovery on email on a Microsoft Exchange server:

1. Create a discovery policy. (See Creating a discovery policy for instructions.)
2. Select Main > Policy Management > Discovery Policies.
3. Under Network Discovery Tasks, select Add network task >Exchange Task from the drop-down list.
4. Complete the fields on the screen and click Next to proceed through a wizard. For details on each screen, see the sections below: 
   a. Exchange Discovery Task Wizard - General
   b. Exchange Discovery Task Wizard - Mailboxes & Folders
   c. Exchange Discovery Task Wizard - Exchange Servers
   d. Exchange Discovery Task Wizard - Scheduler
   e. Exchange Discovery Task Wizard - Policies
   f.  Exchange Discovery Task Wizard - Filtering
   g. Exchange Discovery Task Wizard - Advanced
   h. Exchange Discovery Task Wizard - Finish

Click View Complete Document for more.

TRITON - Data Security Help

Performing database discovery

To perform discovery on a database:

1. Create a discovery policy. (See Creating a discovery policy for instructions.)
2. Select Main > Policy Management > Discovery Policies.
3. Under Network Discovery Tasks, select Add network task > Database Task from the drop-down list.
4. Complete the fields on the screen and click Next to proceed through a wizard. For details on each screen, see the sections below:
   a. Database Discovery Task Wizard - General
   b. Database Discovery Task Wizard - Data Source Name
   c. Database Discovery Task Wizard - Scheduler
   d. Database Discovery Task Wizard - Policies
   e. Database Discovery Task Wizard - Table Filtering
   f. Database Discovery Task Wizard - Advanced
   g. Database Task Wizard - Finish
5. Deploy your changes by clicking Yes when prompted.

Click View Complete Document for more.

TRITON - Data Security Help

Performing SharePoint discovery

To perform discovery on SharePoint folders:

1. Create a discovery policy. (See Creating a discovery policy for instructions.)
2. Select Main > Policy Management > Discovery Policies.
3. Under Network Discovery Tasks, select Add network task > SharePoint Task on the toolbar.
4. Complete the fields on the screen and click Next to proceed through a wizard. For details on each screen, see the sections below:
   a. SharePoint Discovery Task Wizard - General
   b. SharePoint Discovery Task Wizard - Site Root
   c. SharePoint Discovery Task Wizard - Scanned Documents
   d. SharePoint Discovery Task Wizard - Scheduler
   e. SharePoint Discovery Task Wizard - Scheduler
   f. SharePoint Discovery Task Wizard - File Filtering
   g. SharePoint Discovery Task Wizard - Advanced
   h. SharePoint Discovery Task Wizard - Finish
5. Deploy your changes by clicking Yes when prompted.

Click View Complete Document for more.

TRITON - Data Security Help

Performing file system discovery

To perform discovery on a network file system:

1. Create a discovery policy. (See Creating a discovery policy for instructions.)
2. Select Main > Policy Management > Discovery Policies.
3. Under Network Discovery Tasks, select Add network task > File System Task.
4. Complete the fields on the screen and click Next to proceed through a wizard. For details on each screen, see the sections below:
   a. File System Discovery Task Wizard - General
   b. File System Discovery Task Wizard - Networks
   c. File System Discovery Task Wizard - Scanned Folders
   d. File System Discovery Task Wizard - Scheduler
   e. File System Discovery Task Wizard - Policies
   f.  File System Discovery Task Wizard - File Filtering
   g. File System Discovery Task Wizard - Advanced
   h. File System Discovery Task Wizard - Finish
5. Deploy your changes by clicking Yes when prompted.

Click View Complete Document for more.

TRITON - Data Security Help

Scheduling Discovery Tasks

Note: This chapter applies only to customers with Websense Data Discover. It does not apply those with Websense Web Security Gateway Anywhere

There are 2 types of discovery tasks:

Network discovery tasks - used to set up discovery on network file systems, shared (SharePoint) directories, databases, Outlook PST data files, and Exchange servers.

Endpoint discovery tasks - used to set up discovery on endpoint hosts.

To configure a discovery task:

1. Select Main > Policy Management > Discovery Policies. The sections Network Discovery Tasks and Endpoint Discovery Tasks display.
2. Select either Add endpoint task or Add network task . If you select Add network task, then select a task type (SharePoint, Exchange, etc).

Sorting and filtering tasks

You can sort, group, and filter tasks by the column name. Click the down arrow by any column name and choose an option:

Sort Ascending - Select this option to sort the table by the active column in ascending alphabetical order.

Sort Descending - Select this option to sort the table by the active column in descending alphabetical order.

Filter by (column) - Select this option to filter the data in the table by the type of information in the active column, such as by description or task name.

Clear filter - Select this option to clear the filter and display all tasks.

Click View Complete Document for more.

TRITON - Data Security Help v7.5.3

Performing discovery

Discovery is the act of determining where sensitive content is located in your enterprise. A data discovery policy might say, for instance: every Sunday, scan all the computers in the network looking for financial documents containing the keyword “Confidential”. Log what is discovered and send a notification to the Finance manager. If you want to monitor what is done with those financial records or stop them from leaving the building, you need to create a network or endpoint policy. Discovery enables you to find data at rest on your network and identify the endpoint machines that represent the greatest risk. This allows you to prioritize actions taken on the files and machines. Performing discovery is comprised of 2 basic steps: On networks, this may include a file system, SharePoint directory, database, or Exchange server. If you’re performing endpoint discovery, it includes the exact devices to scan.

Click View Complete Document for more.

TRITON - Data Security Help

Viewing Incidents and Reports

To view incidents and reports on incidents, select Main > Reporting > Data Loss Prevention or Discovery. Here you can view an incident list and details for individual incidents, or you can choose from a catalog of reports. Several built-in reports are provided. The ones you’ve viewed most recently are displayed on the main Reporting page in a section called Recent Reports. The order of these reports changes with use.

Listed below are the most common reports.

Note: What you can see depends on your permissions. See Setting reporting preferences for instructions on configuring settings for incidents and reports.

Report Catalog See a list of all the reports that are available, both built-in and user-defined.

Data loss prevention reports

Incidents (last 3 days) or (last 30 days) - View a list of all the incidents for the last 3 or 30 days. See detailed information on each incident. Investigate the violated policies and the actions taken by Websense software. Evaluate whether policy changes are needed. Select this report when you want to manage incident workflow, remediation, and escalation.

Dashboard (last 7 days) - This report provides an overview of information leaks in the system, what actions are being taken on them, which channels are problematic, and what kind of violations are being made.

Top Violated Policies (last 7 days) - Find out which policies were violated most frequently over the last 7 days. Assess the security risk to your organization.

All Violations by Severity & Action (last 7 days) - See incidents by the actions (permit, block, notify) and severities applied to them. Compare the ways Websense software enforces policies, and gain insight into potential policy changes.

Top Sources & Destinations (last 7 days) - Find out who are the top violators involved in data leakage and the top domains where sensitive data was posted. This report contains information from the last 7 days.

Incident Trends (this quarter) - View incident statistics for this quarter. Find out if the number of violations in your organization reduces over time.

Incident Status (last 7 days) - View the status of all incidents from the last 7 days.

Discovery reports

Incidents - View a list of recent incidents, with detailed information on each incident. Evaluate whether policy changes are needed. Select this report when you want to manage incident workflow, remediation, and escalation.

Sensitive data on file servers and SharePoint servers - Find out what vulnerable data was most violated and where it is stored. Assess the security risk to your organization.

Sensitive data in private mailboxes - Find out which policies were violated most, and in which mailboxes the violations occurred. Assess the security risk to your organization.

Sensitive data in databases - Find out which policies were violated most, and in which databases the violations are located. Assess the security risk to your organization.

Mailboxes with sensitive data - View which mailboxes contain sensitive data, and assess any violated policies in each mailbox.

Hosts with sensitive data - Find out which hosts contain sensitive information, and assess any violated policies on each host.

Databases with sensitive data - Find out which databases contain sensitive information, and assess any violated policies on each database.

Dashboard - Provides an at-a-glance view of system metrics for information leaks in the system and the actions being taken on them.

Click View Complete Document for more.

TRITON - Data Security Help

Viewing Incidents and Reports

To view incidents and reports on incidents, select Main > Reporting > Data Loss Prevention or Discovery. Here you can view an incident list and details for individual incidents, or you can choose from a catalog of reports. Several built-in reports are provided. The ones you’ve viewed most recently are displayed on the main Reporting page in a section called Recent Reports. The order of these reports changes with use.

Listed below are the most common reports.

Note: What you can see depends on your permissions. See Setting reporting preferences for instructions on configuring settings for incidents and reports.

Report Catalog See a list of all the reports that are available, both built-in and user-defined.

Data loss prevention reports

Incidents (last 3 days) or (last 30 days) - View a list of all the incidents for the last 3 or 30 days. See detailed information on each incident. Investigate the violated policies and the actions taken by Websense software. Evaluate whether policy changes are needed. Select this report when you want to manage incident workflow, remediation, and escalation.

Dashboard (last 7 days) - This report provides an overview of information leaks in the system, what actions are being taken on them, which channels are problematic, and what kind of violations are being made.

Top Violated Policies (last 7 days) - Find out which policies were violated most frequently over the last 7 days. Assess the security risk to your organization.

All Violations by Severity & Action (last 7 days) - See incidents by the actions (permit, block, notify) and severities applied to them. Compare the ways Websense software enforces policies, and gain insight into potential policy changes.

Top Sources & Destinations (last 7 days) - Find out who are the top violators involved in data leakage and the top domains where sensitive data was posted. This report contains information from the last 7 days.

Incident Trends (this quarter) - View incident statistics for this quarter. Find out if the number of violations in your organization reduces over time.

Incident Status (last 7 days) - View the status of all incidents from the last 7 days.

Discovery reports

Incidents - View a list of recent incidents, with detailed information on each incident. Evaluate whether policy changes are needed. Select this report when you want to manage incident workflow, remediation, and escalation.

Sensitive data on file servers and SharePoint servers - Find out what vulnerable data was most violated and where it is stored. Assess the security risk to your organization.

Sensitive data in private mailboxes - Find out which policies were violated most, and in which mailboxes the violations occurred. Assess the security risk to your organization.

Sensitive data in databases - Find out which policies were violated most, and in which databases the violations are located. Assess the security risk to your organization.

Mailboxes with sensitive data - View which mailboxes contain sensitive data, and assess any violated policies in each mailbox.

Hosts with sensitive data - Find out which hosts contain sensitive information, and assess any violated policies on each host.

Databases with sensitive data - Find out which databases contain sensitive information, and assess any violated policies on each database.

Dashboard - Provides an at-a-glance view of system metrics for information leaks in the system and the actions being taken on them.

Click View Complete Document for more.

TRITON - Data Security Help

Viewing Incidents and Reports

To view incidents and reports on incidents, select Main > Reporting > Data Loss Prevention or Discovery. Here you can view an incident list and details for individual incidents, or you can choose from a catalog of reports. Several built-in reports are provided. The ones you’ve viewed most recently are displayed on the main Reporting page in a section called Recent Reports. The order of these reports changes with use.

Listed below are the most common reports.

Note: What you can see depends on your permissions. See Setting reporting preferences for instructions on configuring settings for incidents and reports.

Report Catalog See a list of all the reports that are available, both built-in and user-defined.

Data loss prevention reports

Incidents (last 3 days) or (last 30 days) - View a list of all the incidents for the last 3 or 30 days. See detailed information on each incident. Investigate the violated policies and the actions taken by Websense software. Evaluate whether policy changes are needed. Select this report when you want to manage incident workflow, remediation, and escalation.

Dashboard (last 7 days) - This report provides an overview of information leaks in the system, what actions are being taken on them, which channels are problematic, and what kind of violations are being made.

Top Violated Policies (last 7 days) - Find out which policies were violated most frequently over the last 7 days. Assess the security risk to your organization.

All Violations by Severity & Action (last 7 days) - See incidents by the actions (permit, block, notify) and severities applied to them. Compare the ways Websense software enforces policies, and gain insight into potential policy changes.

Top Sources & Destinations (last 7 days) - Find out who are the top violators involved in data leakage and the top domains where sensitive data was posted. This report contains information from the last 7 days.

Incident Trends (this quarter) - View incident statistics for this quarter. Find out if the number of violations in your organization reduces over time.

Incident Status (last 7 days) - View the status of all incidents from the last 7 days.

Discovery reports

Incidents - View a list of recent incidents, with detailed information on each incident. Evaluate whether policy changes are needed. Select this report when you want to manage incident workflow, remediation, and escalation.

Sensitive data on file servers and SharePoint servers - Find out what vulnerable data was most violated and where it is stored. Assess the security risk to your organization.

Sensitive data in private mailboxes - Find out which policies were violated most, and in which mailboxes the violations occurred. Assess the security risk to your organization.

Sensitive data in databases - Find out which policies were violated most, and in which databases the violations are located. Assess the security risk to your organization.

Mailboxes with sensitive data - View which mailboxes contain sensitive data, and assess any violated policies in each mailbox.

Hosts with sensitive data - Find out which hosts contain sensitive information, and assess any violated policies on each host.

Databases with sensitive data - Find out which databases contain sensitive information, and assess any violated policies on each database.

Dashboard - Provides an at-a-glance view of system metrics for information leaks in the system and the actions being taken on them.

Click View Complete Document for more.

 

TRITON - Data Security Help

The report catalog

To see a catalog of all the incident reports that are available:

1. Select Main > Reporting > Data Loss Prevention or Discovery.
2. From the Reports main page, select View Catalog.

The resulting screen lists all of the reports that are available—both built-in and user-defined.

Click a folder to expand it and see a list of related reports. Reports with this icon are detail reports of incident lists. Reports with this icon are graphical summaries.

Click the Expand All or Collapse All buttons to expand or collapse all folders, or click New Folder to create a new folder. You can also click the Edit button to edit a folder name or Delete to delete a folder. Predefined folders cannot be edited.

Click a report to read a description about it. When you select a report, a menu bar appears. Using the report’s menu bar, you can run, edit, or copy the report, export it to PDF or CSV file, schedule it to be delivered.

Note: The operations you can perform on folders and reports in the catalog depend on your privileges. Superusers can perform these functions on all user-defined reports and folders. Other users can perform these functions only on reports and folders they created.

Click View Complete Document for more.

TRITON - Data Security Help

Viewing the incident list

To view a list of data loss prevention incidents from the last 3 days, and their details:

1. Select Main > Reporting > Data Loss Prevention.
2. From Recent Reports, select Incidents (last 3 days).

To view a list of discovery incidents and their details:

1. Select Main > Reporting > Discovery.
2. From Recent Reports, select Incidents.

The top portion of the resulting screen lists incidents, their status, the action taken, and many more details.

The incidents list is a table displaying all data loss prevention or discovery incidents. By default, incidents are sorted by their incident time, but you can sort them (ascending or descending) by any of the columns in the table. For each incident, a quick preview of the data is provided. You can customize the types of details shown. (See Editing table properties.)

Click the down arrow on column header to sort, filter, or group incidents by that column. (See Applying a column filter for more information.) Or click Table Properties to change the columns that are displayed, their order, and their width. Refer to Table Properties tab for a description of each property.

Use the radio controls to jump to the first, last, previous, or next incident in the list.

Click View Complete Document for more.

TRITON - Data Security Help

Setting reporting preferences

By going to Main > Reporting, you can view all of the incidents that Websense Data Security has discovered in your organization over time. On the Settings tab you can set preferences for those reports.

For example, for data loss prevention incidents, you can define attachment size and forensics settings. For discovery incidents, you can set database thresholds. You can also define general settings, like filtering and printing, that apply to all types of incidents.

To set preferences for incidents and reports:

1. Select Settings > General > System.
2. Select the Reporting option from the System pane.
3. Complete the General, Data Loss Prevention, and Discovery Incidents tabs as described in the following sections.

Click View Complete Document for more.

TRITON - Data Security Help

Viewing Status and Logs

TRITON - Data Security enables you to keep track of Websense Data Security traffic and events through a number of status and log screens. You can use this information to assess the performance of the system, and decide whether you need to fine-tune policy configuration.

The status and log screens are available on the Main tab, under Status.

Filtering data

Filtering enables you to view only the items in a list that match the criteria you specify. This narrows down the available information and makes it easier to find the data you want. For example, you can set up a filter in the audit log that displays the actions of a particular administrator on a certain date.

In most screens, you can sort, group, and filter items by column name. For example, on the endpoint status screen, you can sort endpoint hosts by IP address.

To sort or filter the table items on a status or log screen, click the down arrow by any column name and choose an option:

Sort Ascending - Select this option to sort the table by the active column in ascending alphabetical order.

Sort Descending - Select this option to sort the table by the active column in descending alphabetical order.

Filter by (column) - Select this option to filter the data in the table by the type of information in the active column, such as by description or task name.

Clear filter Select this option to clear the filter and display all tasks.

To view the current filters in use, click the information icon next to Column Filtering Activated.

Columns using a filter have a funnel icon next to the column name.

To clear a filter from a column, click the down arrow by any column name and select Clear filter. Additionally, many screens have a Filter button: clicking this button enables you to clear a single filter or all filters.

If there are too many items to fit on the screen, you can also browse the list using the Next, Previous, First, and Last buttons.

Printing and exporting logs

On many of the status and log screens, you have the option to print or export to PDF or CSV file. These buttons appear in the upper right of the menu bar.

To print logs or status screens, click the Print Preview button.

Click View Complete Document for more.

 

What is an archive?

On occasion, you may want to place forensics records in an archive to free storage space for new records. In TRITON - Data Security, you can manually request that records be archived, or you can set a threshold (maximum repository size) that, when surpassed, automatically triggers the archiving process.

Select Settings > Archive

Select Settings > System > Archive Storage to configure the threshold.

Related topics:

- Automatic archiving

- Manual archiving

 

Archiving Incident Forensics

What is an archive?

On occasion, you may want to place forensics records in an archive to free storage space for new records. In TRITON - Data Security, you can manually request that records be archived, or you can set a threshold (maximum repository size) that, when surpassed, automatically triggers the archiving process.
Select Settings > Archive to archive, restore, or delete a partition.

Select Settings > System > Archive Storage to configure the threshold.

Related topics:

• Automatic archiving
  
• Manual archiving

TRITON - Data Security Help

Viewing incidents and reports

To view incidents and reports on incidents, select Main > Incidents & Reports > Data Usage or Data Discovery. Here you can view an incident list and details for individual incidents or you can choose from a catalog of reports. Several built-in reports are provided. The ones you’ve viewed most recently are displayed on the main Incidents & Reports page in a section called Recent Reports. The order of these reports changes with use.

Summary reports are graphical and contain colorful executive charts. To view one of the most common reports, click its name on the relevant Incidents & Reports main page.

To see one of the other built-in reports, open the Data Usage Report Catalog or Data Discovery Report Catalog, select a report from the list, and select Run from the report’s toolbar.

You can create your own report any time. Just open an existing report, for example Incidents - last 3 days, click Manage Report > Edit Filter to change the filters, then click Manage Report > Save As. Custom reports appear in the report catalog along with the built-in reports.

Click View Complete Document for more.

TRITON - Data Security Help

Configuring System Settings

In Websense Data Security, many system settings are configurable. You can:

• Setting reporting preferences
• Backing up the system
• Exporting incidents to a file
• Configuring endpoints
• Configuring mobile device settings
• Configuring user directory settings
• Configuring remediation
• Configuring alerts
• Configuring the incident archive
• Entering subscription settings
• Configuring URL categories and user names

*These options are not included with Websense Web Security Gateway Anywhere.

Access the system settings screens by selecting Settings > General > System.

Click View Complete Document for more.

TRITON - Data Security Help

Configuring System Settings

In Websense Data Security, many system settings are configurable. You can:

Set preferences for reports
Back up and restore the Data Security system
Define parameters for exporting incidents to a file*
Configure endpoint hosts*
Configure user directory settings
Configure remediation*
Configure alerts
Configure the incident archive
Enter subscription details
Configure URL categories and user name resolution

*These options are not included with Websense Web Security Gateway Anywhere.

Access the system settings screens by selecting Settings > General > System.

Click View Complete Document for more.

TRITON - Data Security Help

Configuring System Settings

In Websense Data Security, many system settings are configurable. You can:

Set preferences for reports
Back up and restore the Data Security system
Define parameters for exporting incidents to a file*
Configure endpoint hosts*
Configure user directory settings
Configure remediation*
Configure alerts
Configure the incident archive
Enter subscription details
Configure URL categories and user name resolution

*These options are not included with Websense Web Security Gateway Anywhere.

Access the system settings screens by selecting Settings > General > System.

Click View Complete Document for more.

TRITON - Data Security Help

Configuring endpoints

Note: This section applies only to customers with Websense Data Endpoint. If you have Websense Web Security Gateway Anywhere, it does not apply to you.

In this section, you can configure parameters for endpoints, such as how often to test connectivity and check for updates, how much disk space to use for system files, and the action to take when user confirmation is required but not attained.

1. Select Settings > General > System.
2. Select the Endpoint option from the System pane.
3. Complete the fields as follows.

Click View Complete Document for more.

TRITON - Data Security Help

Configuring user directory settings

In the TRITON Unified Security Center, you define the LDAP user directory or directories to use when adding and authenticating TRITON administrators with network accounts. (Select TRITON Settings from the TRITON toolbar, then select User Directories.)

On the Data Security tab, you define the user directory to use for Data Security users and other policy resources such as devices and networks.

By defining user directories such as Microsoft Active Directory or Lotus Domino servers for these purposes, you do not have to enter directory entries manually, and you know that you have the most current information available.

To configure user directories in TRITON - Data Security:

1. Select Settings > General > System.
2. Click the User Directories option in the System pane.

You can add a new directory server, delete an existing directory server, rearrange servers according to priority, or import user information.

Click View Complete Document for more.

TRITON - Data Security Help

Configuring alerts

In the system settings, you can define when you want to trigger alerts and whether the alerts should be sent to the syslog or emailed to an administrator. If an alert is to be sent by email, you can define the sender, recipient(s), subject, and mail server.

1. Select Settings > General > System.
2. Click the Alerts option in the System pane.
3. Complete the General and Email Properties tabs as described in the following sections.

Click View Complete Document for more.

TRITON - Data Security Help

Remediation scripts

Use this screen (Resources > Remediation Scripts) to define an external script to run when various breaches are discovered.

Note: If you have Websense Web Security Gateway Anywhere, this section does not apply to you.

Warning: To avoid degrading system performance, it is highly recommended you consult with Technical Support before adding a remediation script.

There are 3 types of remediation scripts:

Endpoint Script - used for endpoint incidents. When a breach is discovered on an endpoint, this script is run automatically. Because the script is run on an endpoint device, it should have minimal CPU and disk space requirements. In addition, it should not assume the endpoint computer is part of the network.

Incident Management Script - this script is not executed automatically. To activate this script, open an incident under Main > Reporting > Data Loss Prevention > Incidents, then click Remediate > Run Remediation Script on the menu bar and select which script to run on that incident.

Policy Script - used for data loss prevention and discovery incidents. When a breach is discovered on a usage or discovery transaction, this script is run automatically. Because it’s associated with the network server, it can be larger and more demanding of CPU resources, and it can be based on other tools in network.

All 3 of these commands are configured the same way. For policy scripts, however, you’ll notice 2 tabs: Windows and Linux. This enables you to add separate commands for Windows and Linux operating environments.

Click View Complete Document for more.

Creating Remediation Scripts

This document describes how discovery and data loss prevention (DLP) incidents are created. It also provides examples of how to write and use discovery remediation scripts so you can write your own remediation scripts or remediation programs for discovery or DLP incidents. 

Click View Complete Document for more.

TRITON - Data Security Help

Action plans

Use this page to define the plan of action to take when various breaches are discovered. Four action plans are provided by default.

Audit only - This action plan, the default, is designed for mild breaches. It permits all activity on all channels and logs incidents in the audit log. If configured, it also generates notifications.

Audit and Notify - Audit incidents from all channels, and if configured, generate notifications.

Block all - This action plan is designed for severe breaches. It blocks all incidents on all channels, audits them, and if configured, generates notifications. It requires a subscription to Websense Data Protect.

Drop Email Attachments - Drop email attachments that breach policy.

Note: The predefined action plans use the Default notification. You can edit the action plans to use a different notification—see Notifications and Adding a new message for details.

When you add rules or exceptions to a policy, you select the action plan to use.

To create a new action plan, click New. To delete an action plan, select it and click Delete.

Click View Complete Document for more.

TRITON - Data Security Help

Notifications

Use this screen to define whom to notify when a breach is discovered. Websense Data Security offers built-in notification templates, Default notification, Email policy violation, and Web policy violation, that you can edit as required.

Click a message name to see its contents and define its recipients. You can edit the predefined notifications, or create a new one.

Data Security gathers notifications for individual users according to templates and combines them into a single notification. So if an incident contains 10 different rules, each with a different action plan but the same template, the user receives a single notification with the details of all the breaches.

On the other hand, if there is only one breach and the action plan includes 2 different notification templates, the user would receive 2 separate notifications, assuming he’s a member of both recipient lists.

Click View Complete Document for more.

Websense Web Security Gateway Anywhere Getting Started Guide v7.5

Configuring linking between Web and data security

To get the full benefit of Web DLP, you need to configure linking between the Web and data security modules. Linking provides 2 benefits:

It gives administrators access to TRITON - Web Security and TRITON - Data Security from the same unified console. (Identical administrator credentials must be configured in both managers for this to work.

Access to the Websense Linking Service that was installed on a Windows machine along with Web Security’s other Windows-only components. The Websense Linking Service provides IP address to user name resolution for HTTP incidents. With this service, the Data Security module is able to display user names in incident reports rather than IP addresses.

In addition, the Linking Service allows Data Security to import Web Security’s preset and custom URL categories so you can add them as resources in your DLP policies.

Click View Complete Document for more.

Websense Web Security Gateway Anywhere v7.5

What’s the difference between linking and the Linking Service?

Problem description

What's the difference between linking and enabling Websense Linking Service?

Resolution

In Websense Web Security Gateway Anywhere, "linking" is the act of connecting the TRITON - Web Security machine with the Data Security Management Server. You can configure linking in either user interface by providing the IP address of the other manager machine. (See TRITON - Web Security or TRITON - Data Security Help for information.) "Websense Linking Service" is a software component installed with Websense Web Security.

Linking automatically gives data security software access to Websense Linking Service. This:

Provides access to user and group information gathered by User Service, extending IP address to user name resolution into the Data Security module for DLP Web incidents. This enables TRITON - Data Security to display user names in incident reports rather than IP addresses.

Click View Complete Document for more.

TRITON - Data Security Help v7.5.3

Configuring system settings

In Websense Data Security, many system settings are configurable. You can:

* Set preferences for incidents and reports

* Back up and restore the Data Security system

* Define parameters for exporting incidents to a file**

* Configure endpoint hosts**

* Configure user directory settings

* Configure remediation**

* Configure alerts

* Configure archive storage

* Enter subscription details

* Link data and Web security

**These options are not included with Websense Web Security Gateway Anywhere.

Access the system settings screens by selecting Settings > Configuration > System.

Click View Complete Document for more.

Data Endpoint User Guide

Using Websense Data Endpoint Client Software

Your organization uses Websense Data Endpoint to protect sensitive information stored on your computer when it is disconnected from the network. Depending on your corporate policy, data could be quarantined or encrypted when you try to email it, print it, or copy it to a thumb drive.

Data Endpoint includes server software installed on corporate servers and client software installed on your computer.

This guide tells you how to use the endpoint client software to view status information, set encryption passwords, release files from quarantine, and view logs. It also tells you how to disable the client in extreme cases and update the client software to the latest version.For information on what end users see on their machine, refer to Using the endpoint client software.

Click View Complete Document for more.

 

Deployment and Installation Center v7.6.x

Unified endpoint package

Websense, Inc., offers solutions for securing client workstations, laptops, and other endpoint devices from data loss and inbound Web threats when the devices are outside the corporate network.

The solutions are endpoint client software applications that run on the endpoint devices to block, monitor, and log transactions (like Internet requests) according to the organization's security and acceptable use policies. Administrators can create policies that provide full visibility into inbound and outbound traffic, but that don't restrict use of the device.

Click View Complete Document for more.

 

Automatic updates for Websense data endpoints

Endpoint auto-update is a feature that lets a network server push an endpoint installation package to client machines and silently install the package in the background. By doing so, the network server controls the version of the endpoint running on client machines. Note that the endpoint auto-update feature does not support the initial deployment of the agent — it only supports existing agents.

Click View Complete Document for more.

 

 

TRITON - Data Security Help

Configuring Endpoint Deployment

Deploying endpoint systems in your network is comprised of the following basic steps:

1. Installing the Data Security Management Server as described in the Websense Data Security Deployment Guide.
2. Building a package for the endpoint client and deploying it on users’ computers (PC, laptops, etc.) as described in the deployment guide.
3. Adding an endpoint profile to TRITON - Data Security or using the default. A default profile is automatically installed with the client package. (Settings > Deployment > Endpoint.)
4. Rearranging endpoint profiles. (Settings > Deployment > Endpoint.)
5. Configuring endpoints’ settings. (Settings > General > System > Endpoint, or Settings > Deployment > Endpoint, Settings button.)
6. Creating endpoint resources. (Main > Policy Management > Resources > Endpoint Devices / Endpoint Applications / Endpoint Application Groups.)
7. Creating or modifying a rule for endpoint channels. (Main > Policy Management > DLP / Discovery Policies, Destination tab.) See Selecting endpoint destination channels to monitor.
8. Defining the type of endpoint machines to analyze, as well as the network location. (Main > Policy Management > DLP / Discovery Policies, Custom Policy Wizard - Source tab.) Use the Network Location field to define the behavior of the endpoint on and off the network.
9. Deploying endpoint configuration settings. (Deploy button.)
10. Viewing the status of endpoint systems. (Main > Status > Endpoint Status.) See Viewing endpoint status.
11. Viewing incidents detected by endpoints, and taking a number of actions on them, including editing the incident details, changing the severity of the incident, or escalating the incident to a manager. (Main > Reporting > Data Loss Prevention.) See Viewing the incident list.

In special circumstances, you can also bypass an endpoint client—that is, stop monitoring or protecting it for a period of time. See Bypassing endpoint clients for more information on this capability.

For information on what end users see on their machine, refer to Using the endpoint client software.

Click View Complete Document for more.

TRITON - Data Security Help

Configuring Endpoint Deployment

Deploying endpoint systems in your network is comprised of the following basic steps:

1. Installing the Data Security Management Server as described in the Websense Data Security Deployment Guide.
2. Building a package for the endpoint client and deploying it on users’ computers (PC, laptops, etc.) as described in the deployment guide.
3. Adding an endpoint profile to TRITON - Data Security or using the default. A default profile is automatically installed with the client package. (Settings > Deployment > Endpoint.)
4. Rearranging endpoint profiles. (Settings > Deployment > Endpoint.)
5. Configuring endpoints’ settings. (Settings > General > System > Endpoint, or Settings > Deployment > Endpoint, Settings button.)
6. Creating endpoint resources. (Main > Policy Management > Resources > Endpoint Devices / Endpoint Applications / Endpoint Application Groups.)
7. Creating or modifying a rule for endpoint channels. (Main > Policy Management > DLP / Discovery Policies, Destination tab.) See Selecting endpoint destination channels to monitor.
8. Defining the type of endpoint machines to analyze, as well as the network location. (Main > Policy Management > DLP / Discovery Policies, Custom Policy Wizard - Source tab.) Use the Network Location field to define the behavior of the endpoint on and off the network.
9. Deploying endpoint configuration settings. (Deploy button.)
10. Viewing the status of endpoint systems. (Main > Status > Endpoint Status.) See Viewing endpoint status.
11. Viewing incidents detected by endpoints, and taking a number of actions on them, including editing the incident details, changing the severity of the incident, or escalating the incident to a manager. (Main > Reporting > Data Loss Prevention.) See Viewing the incident list.

In special circumstances, you can also bypass an endpoint client—that is, stop monitoring or protecting it for a period of time. See Bypassing endpoint clients for more information on this capability.

For information on what end users see on their machine, refer to Using the endpoint client software.

Click View Complete Document for more.

Deployment and Installation Center

Endpoint agent

In this topic
Overview
When to use the Data Endpoint
Deploying the endpoint agent
Deployment options
Linux deployment
Uninstalling the endpoint agent
Creating and distributing the endpoint using SMS

Overview

The Websense Data Endpoint is a comprehensive, secure and easy-to-use endpoint data loss prevention solution. The Websense Data Endpoint monitors real-time traffic and applies customized security policies over application and storage interfaces, as well as for data discovery.

The Websense Data Endpoint allows security administrators to either block or monitor and log files that present a policy breach. The data endpoint creates forensic monitoring that allows administrators to create policies that don't restrict device usage, but allow full visibility of content traffic.

You can monitor user activity inside endpoint applications, such as the cut, copy, paste, print, and print screen operations. You can also monitor endpoint Web activities and know when users are copying data to external drives and endpoint devices.

Working with data endpoints entails configuring endpoint profiles via TRITON - Data Security. The configuration settings defined in TRITON - Data Security regulate the behavior of the endpoint agents. The endpoint agents analyze content within a user's working environment (PC, laptop and variants) and block or monitor policy breaches as defined by the endpoint profiles.

Click View Complete Document for more.

Deployment and Installation Center

Endpoint agent

In this topic
Overview
When to use the Data Endpoint
Deploying the endpoint agent
Deployment options
Linux deployment
Uninstalling the endpoint agent
Creating and distributing the endpoint using SMS

Overview

The Websense Data Endpoint is a comprehensive, secure and easy-to-use endpoint data loss prevention solution. The Websense Data Endpoint monitors real-time traffic and applies customized security policies over application and storage interfaces, as well as for data discovery.

The Websense Data Endpoint allows security administrators to either block or monitor and log files that present a policy breach. The data endpoint creates forensic monitoring that allows administrators to create policies that don't restrict device usage, but allow full visibility of content traffic.

You can monitor user activity inside endpoint applications, such as the cut, copy, paste, print, and print screen operations. You can also monitor endpoint Web activities and know when users are copying data to external drives and endpoint devices.

Working with data endpoints entails configuring endpoint profiles via TRITON - Data Security. The configuration settings defined in TRITON - Data Security regulate the behavior of the endpoint agents. The endpoint agents analyze content within a user's working environment (PC, laptop and variants) and block or monitor policy breaches as defined by the endpoint profiles.

Click View Complete Document for more.

Deployment and Installation Center

Endpoint agent

In this topic
Overview
When to use the Data Endpoint
Deploying the endpoint agent
Deployment options
Linux deployment
Uninstalling the endpoint agent
Creating and distributing the endpoint using SMS

Overview

The Websense Data Endpoint is a comprehensive, secure and easy-to-use endpoint data loss prevention solution. The Websense Data Endpoint monitors real-time traffic and applies customized security policies over application and storage interfaces, as well as for data discovery.

The Websense Data Endpoint allows security administrators to either block or monitor and log files that present a policy breach. The data endpoint creates forensic monitoring that allows administrators to create policies that don't restrict device usage, but allow full visibility of content traffic.

You can monitor user activity inside endpoint applications, such as the cut, copy, paste, print, and print screen operations. You can also monitor endpoint Web activities and know when users are copying data to external drives and endpoint devices.

Working with data endpoints entails configuring endpoint profiles via TRITON - Data Security. The configuration settings defined in TRITON - Data Security regulate the behavior of the endpoint agents. The endpoint agents analyze content within a user's working environment (PC, laptop and variants) and block or monitor policy breaches as defined by the endpoint profiles.

Click View Complete Document for more.

TRITON - Data Security Help

Configuring Endpoint Deployment

Deploying endpoint systems in your network is comprised of the following basic steps:

1. Installing the Data Security Management Server as described in the Websense Data Security Deployment Guide.
2. Building a package for the endpoint client and deploying it on users’ computers (PC, laptops, etc.) as described in the deployment guide.
3. Adding an endpoint profile to TRITON - Data Security or using the default. A default profile is automatically installed with the client package. (Settings > Deployment > Endpoint.)
4. Rearranging endpoint profiles. (Settings > Deployment > Endpoint.)
5. Configuring endpoints’ settings. (Settings > General > System > Endpoint, or Settings > Deployment > Endpoint, Settings button.)
6. Creating endpoint resources. (Main > Policy Management > Resources > Endpoint Devices / Endpoint Applications / Endpoint Application Groups.)
7. Creating or modifying a rule for endpoint channels. (Main > Policy Management > DLP / Discovery Policies, Destination tab.) See Selecting endpoint destination channels to monitor.
8. Defining the type of endpoint machines to analyze, as well as the network location. (Main > Policy Management > DLP / Discovery Policies, Custom Policy Wizard - Source tab.) Use the Network Location field to define the behavior of the endpoint on and off the network.
9. Deploying endpoint configuration settings. (Deploy button.)
10. Viewing the status of endpoint systems. (Main > Status > Endpoint Status.) See Viewing endpoint status.
11. Viewing incidents detected by endpoints, and taking a number of actions on them, including editing the incident details, changing the severity of the incident, or escalating the incident to a manager. (Main > Reporting > Data Loss Prevention.) See Viewing the incident list.

In special circumstances, you can also bypass an endpoint client—that is, stop monitoring or protecting it for a period of time. See Bypassing endpoint clients for more information on this capability.

For information on what end users see on their machine, refer to Using the endpoint client software.

Click View Complete Document for more.

TRITON - Data Security Help

Adding an endpoint profile

A default endpoint profile is automatically installed on the endpoint client, and you can add more profiles as needed. To view a list of existing endpoint profiles, select Settings > Deployment > Endpoint.

From this screen, you can add a new profile, delete an existing profile, rearrange

1. To create a new profile, select New. (To edit an existing profile, click a profile name in the list.).
   Note: Websense Data Security includes a default profile. This profile is automatically applied to all endpoints not assigned to a specific endpoint profile. You can edit parts of the default profile, but you cannot delete it.
2. Complete the General, Servers, Properties, and Encryption tabs as described in the following sections.
3. Click OK when finished.

Click View Complete Document for more.

TRITON - Data Security Help

Using the endpoint client software

This section is for end users of a machine where the endpoint client is installed.

When the Websense endpoint client is installed, an icon appears on the endpoint machine’s task bar.

The end user can click this icon for status information:

On this screen you can:

--see whether the machine is connected to an endpoint server, and check the IP
   address of the Data Security server
--view the endpoint profile name, and when it was last updated
--determine if the endpoint protection is enabled or bypassed
--view the discovery status, and details of the last and next discovery scans

Note: This screen is available only if you selected Interactive mode when creating the endpoint build package.

Click View Complete Document for more.

If you try to install Web Endpoint on a machine where Data Endpoint is already installed, the installation process will not work. To deploy both endpoints on a single machine, first uninstall the Data Endpoint, then follow the instructions below to create a joint deployment package.

Note: The Web and Data Endpoints can only be deployed together on Windows operating systems.

Click View Complete Document for more.

 

To deploy Data Endpoint and Remote Filtering Client on a single machine for version 7.6, first ensure that any previous versions of Data Endpoint and Remote Filtering Client have been uninstalled, then follow the instructions in this article to create a joint deployment package.

Click View Complete Document for more.

Data Security Deployment and Installation Guide v7.5.3

Endpoint agent

The Websense Data Endpoint is a comprehensive, secure and easy-to-use endpoint data loss prevention solution. The Websense Data Endpoint monitors real-time traffic and applies customized security policies over application and storage interfaces, as well as for data discovery.

The Websense Data Endpoint allows security administrators to either block or monitor and log files that present a policy breach. The data endpoint creates forensic monitoring that allows administrators to create policies that don’t restrict device usage, but allow full visibility of content traffic.

You can monitor user activity inside endpoint applications, such as the cut, copy, paste, print, and print screen operations. You can also monitor endpoint Web activities and know when users are copying data to external drives and endpoint devices.

Working with data endpoints entails configuring endpoint profiles via TRITON - Data Security. The configuration settings defined in TRITON - Data Security regulate the behavior of the endpoint agents. The endpoint agents analyze content within a user’s working environment (PC, laptop and variants) and block or monitor policy breaches as defined by the endpoint profiles.

When to use the Data Endpoint

The data endpoint is designed for organizations with off-network machines such as corporate laptops. It is for those concerned about data loss originated at the endpoint, whether malicious or inadvertant. For example, if you want to prevent employees from taking sensitive data home on their laptops and printing it, posting to the Web, copy and pasting it, etc., you need the endpoint agent.

Click View Complete Document for more.

TRITON - Data Security Help v7.5.3

Deploying the endpoint

Deploying endpoint systems in your network is comprised of the following basic steps:

1. Installing the Data Security Management Server as described in the Websense Data Security Deployment Guide.
2. Building a package for the endpoint client and deploying it on users’ computers (PC, laptops, etc.) as described in the deployment guide.
3. Addng an endpoint profile to TRITON - Data Security or using the default. A default profile is automatically installed with the client package. (Settings > Deployment > Endpoint.)
4. Rearranging endpoing profiles. (Settings > Deployment > Endpoint.)
5. Configuring endpoints' settings. (Settings > Configuration > System > Endpoint, or Settings > Deployment > Endpoint, Settings button.)
6. Creating endpoint resources. (Main > Policy Management > Resources > Endpoint Devices / Endpoint Applications / Endpoint Application Groups.)
7. Creating or modifying a rule for endpoint channels. (Main > Policy Management > Data Usage / Data Discovery Policies, Destination tab.)
8. Defining the type of endpoint machines to analyze, as well as the network location. (Main > Policy Management > Data Usage / Data Discovery Policies, Rule Wizard - Source tab.) Use the Network Location field to define the behavior of the endpoint on and off the network. LI>Deploying endpoint configuration settings. (Deploy button.)
9. Viewing the status of endpoint systems. (Main > Status & Logs > Endpoint Status.)
10. Viewing incidents detected by endpoints, and taking a number of actions on them, including editing the incident details, changing the severity of the incident, or escalating the incident to a manager. (Main > Incidents & Reports > Data Usage.)

In special circumstances, you can also bypass an endpoint client—that is, stop monitoring or protecting it for a period of time.

Click View Complete Document for more.

Deployment and Installation Center v7.6.x

Overview

The protector is an essential component of Websense Data Security, providing monitoring and blocking capabilities, preventing data loss and leaks of sensitive information. Using PreciseID technology, the protector can be configured to accurately monitor sensitive information-in-transit on any port.

• When to use the protector
• Deploying the protector
• Installing the protector
• Configuring the protector

When to use the protector

The protector works in tandem with the Data Security server. The Data Security server provides advanced analysis capabilities, while the protector sits on the network, intercepts traffic and can either monitor or block the traffic, as needed. The protector supports analysis of SMTP, HTTP, FTP, plain text, IM traffic (e.g., Yahoo, MSN, chat, and file transfer). The protector is also an integration point for third-party solutions that support ICAP. The protector fits into your existing network with minimum configuration and necessitates no network infrastructure changes. If you want to monitor SMTP traffic, the protector is your best choice. You configure a span port to be connected to the protector. This span contains your SMTP traffic.

Click View Complete Document for more.

TRITON - Data Security Help

Configuring protector services

There are several services that the protector can monitor. To configure the services, go to System Modules, select the protector, select the Services tab, and click the service you want to configure:

SMTP
HTTP
FTP
Chat
Plain text

Click View Complete Document for more.

TRITON - Data Security Help

Configuring the protector

Once registration is established between the protector and the Data Security Management Server, clicking on the protector lets you set up advanced parameters.

To configure the protector, select it on the System Modules screen and the Edit Protector window appears.

There are 4 tabs in the Edit Protector window:

General tab
Networking tab
Local Networks tab
Services tab

Tip: You can also use the protector CLI to configure the protector. See the Deployment Guide, Appendix A for details on the CLI.

Click View Complete Document for more.

TRITON - Data Security Help

Configuring protector services

There are several services that the protector can monitor. To configure the services, go to System Modules, select the protector, select the Services tab, and click the service you want to configure:

SMTP
HTTP
FTP
Chat
Plain text

Click View Complete Document for more.

Deployment and Installation Center

Protector

In this topic

Overview
When to use the protector
Deploying the protector
Installing the protector
Configuring the protector

Overview

The protector is an essential component of Websense Data Security, providing monitoring and blocking capabilities, preventing data loss and leaks of sensitive information. Using PreciseID technology, the protector can be configured to accurately monitor sensitive information-in-transit on any port.
When to use the protector
Deploying the protector
Installing the protector
Configuring the protector

When to use the protector

The protector works in tandem with the Data Security server. The Data Security server provides advanced analysis capabilities, while the protector sits on the network, intercepts traffic and can either monitor or block the traffic, as needed. The protector supports analysis of SMTP, HTTP, FTP, plain text, IM traffic (e.g., Yahoo, MSN, chat, and file transfer). The protector is also an integration point for third-party solutions that support ICAP.

The protector fits into your existing network with minimum configuration and necessitates no network infrastructure changes.

If you want to monitor SMTP traffic, the protector is your best choice. You configure a span port to be connected to the protector. This span contains your SMTP traffic.

Click View Complete Document for more.

Deployment and Installation Center

Protector

In this topic

Overview
When to use the protector
Deploying the protector
Installing the protector
Configuring the protector

Overview

The protector is an essential component of Websense Data Security, providing monitoring and blocking capabilities, preventing data loss and leaks of sensitive information. Using PreciseID technology, the protector can be configured to accurately monitor sensitive information-in-transit on any port.
When to use the protector
Deploying the protector
Installing the protector
Configuring the protector

When to use the protector

The protector works in tandem with the Data Security server. The Data Security server provides advanced analysis capabilities, while the protector sits on the network, intercepts traffic and can either monitor or block the traffic, as needed. The protector supports analysis of SMTP, HTTP, FTP, plain text, IM traffic (e.g., Yahoo, MSN, chat, and file transfer). The protector is also an integration point for third-party solutions that support ICAP.

The protector fits into your existing network with minimum configuration and necessitates no network infrastructure changes.

If you want to monitor SMTP traffic, the protector is your best choice. You configure a span port to be connected to the protector. This span contains your SMTP traffic.

Click View Complete Document for more.

Deployment and Installation Center

Protector

In this topic

Overview
When to use the protector
Deploying the protector
Installing the protector
Configuring the protector

Overview

The protector is an essential component of Websense Data Security, providing monitoring and blocking capabilities, preventing data loss and leaks of sensitive information. Using PreciseID technology, the protector can be configured to accurately monitor sensitive information-in-transit on any port.
When to use the protector
Deploying the protector
Installing the protector
Configuring the protector

When to use the protector

The protector works in tandem with the Data Security server. The Data Security server provides advanced analysis capabilities, while the protector sits on the network, intercepts traffic and can either monitor or block the traffic, as needed. The protector supports analysis of SMTP, HTTP, FTP, plain text, IM traffic (e.g., Yahoo, MSN, chat, and file transfer). The protector is also an integration point for third-party solutions that support ICAP.

The protector fits into your existing network with minimum configuration and necessitates no network infrastructure changes.

If you want to monitor SMTP traffic, the protector is your best choice. You configure a span port to be connected to the protector. This span contains your SMTP traffic.

Click View Complete Document for more.

Data Security Deployment and Installation Guide v7.5.3

Protector

The protector is an essential component of Websense Data Security, providing monitoring and blocking capabilities, preventing data loss and leaks of sensitive information. Using PreciseID technology, the protector can be configured to accurately monitor sensitive information-in-transit on any port.

When to use the protector

The protector works in tandem with the Data Security server. The Data Security server provides advanced analysis capabilities, while the protector sits on the network, intercepts traffic and can either monitor or block the traffic, as needed. The protector supports analysis of SMTP, HTTP, FTP, plain text, IM traffic (chat and file transfer), Yahoo and MSN. The protector is also an integration point for third-party solutions that support ICAP.

The protector fits into your existing network with minimum configuration and necessitates no network infrastructure changes.

If you want to monitor SMTP traffic, the protector is your best choice. You configure a span port to be connected to the protector. This span contains your SMTP traffic.

If you want email blocking capabilities, you can use either the protector’s inline MTA mode or the SMTP agent (see below). Websense recommends the SMTP agent for blocking, because it’s easier to configure, monitor, and debug.

We do not recommend that you use both options for the same traffic, although some companies prefer monitoring one point and enforcing policies on another, due to differences in network traffic content and load.

If you want to monitor or block HTTP or HTTPS traffic, you can use the protector to do so, or you can integrate Data Security with the Websense Content Gateway or another Web proxy.

If you want to monitor FTP, plain text, or IM traffic, you should use the protector. (The protector cannot block traffic on these channels, however.)

The first decision that needs to be made when installing a protector is its location on the network. You can deploy the protector in SPAN/mirror port mode or in inline mode.

Click View Complete Document for more.

TRITON - Data Security Help v7.5.3

Configuring the protector

Once registration is established between the protector and the Data Security Management Server, clicking on the protector lets you set up advanced parameters.

To configure the protector, select it on the System Modules screen and the Edit Protector window appears.

There are 4 tabs in the Edit Protector window:

* General tab

* Networking tab

* Local Networks tab

* Services tab

TIP: You can also use the protector CLI to configure the protector. See the Deployment Guide, Appendix A for details on the CLI.

Click View Complete Document for more.

Protector and TLS Enabled Postfix for Explicit MTA

The protector component in Websense Data Security v7.5.x includes a Postfix release compiled with Transport Layer Security (TLS) support. Configuring Postfix allows you to enable TLS support. Although TLS is not officially supported, Postfix is available to allow for individual customer configurations.

This document provides a simple example TLS configuration for use as a test case and as a reference for future deployments. The sample configuration is stored on the protector in /etc/postfix/main.cf.

Click View Complete Document for more.

Deployment and Installation Center v7.6.x

Mobile DLP agent using cluster solutions

The mobile data loss prevention (DLP) agent is a solution that lets you secure content (such as email messages, calendar events, or tasks) synced to a mobile device.

This document describes 2 cluster solution techniques you can use to improve the stability and performance on machines using the mobile DLP agent.

  -  2-node high-availability solution

  -  4-node high-availability and load-distribution solution

When the mobile DLP agent is configured for high-availability, it has the capacity to operate seamlessly and continuously, especially in the event of a system outage (such as a hardware or software failure). This enables mobile devices to be continuously protected against data leak without experiencing a system downtime, or causing any disruption to the user.

This document describes how you can set up a mobile agent for high-availability (HA) by using a 2-node proxy cluster, or for load-distribution (LD) by using a 4-node proxy cluster. Neither methods require you to install any additional hardware.

Click View Complete Document for more.

 

Deployment and Installation Center v7.6.x

Overview

The mobile agent is a Linux-based appliance that lets you secure the type of email content that is synchronized to users' mobile devices when they connect to the network. This includes content in email messages, calendar events, and tasks.

The mobile agent analyzes content when users synchronize their mobile devices to your organization's Exchange server. If content or data being pushed to their device breaches the organization's mobile DLP policy, it is quarantined or permitted accordingly.

Deploying the mobile agent

In your network, the appliance connects to the Data Security Management Server and to your Microsoft Exchange agent to provide this function. DLP analysis is done on the appliance or on other Data Security servers (rather than on the management server) to optimize performance and balance the load. Outside your DMZ, the mobile agent connects to any Microsoft ActiveSync-compatible mobile device over 3G and wireless networks, such as i-pads, Android mobile phones, and i-phones. (ActiveSync is a wireless communication protocol used to push resources, such as email, from applications to mobile devices.) Unlike the protector, the mobile agent appliance acts as a reverse proxy, because it retrieves resources, such as email, from the Exchange server on behalf of the mobile device. The following diagram illustrates the system architecture of a typical mobile agent deployment. Depending on your network and security requirements, you can also go through an edge device, such as a Microsoft ISA Server, that acts as a reverse proxy to the mobile agent.

Click View Complete Document for more.

 

TRITON - Data Security Help

Configuring Modules

If you have Websense Web Security Gateway Anywhere, you may never need to configure modules. The Data Security servers are given a default configuration when they’re installed that usually suffices.

If you’re running a full Websense Data Security deployment, in most cases, the only module that you must configure after installation is the protector. This is covered in Chapter 3: Initial Setup in the section Configuring the protector. However, if you’re deploying an ISA agent, this may need to be configured as well.

Either way, you are welcome to customize your configuration settings any time to meet your needs.

To configure a Data Security module: 1. Select Settings > Deployment > System Modules. 2. Click the module of interest. 3. Complete the fields as shown in the sections below:

Note: If you have Websense Web Security Gateway Anywhere, not all of these options apply to you.

Configuring the management server
Configuring a supplemental Data Security Server
Configuring the SMTP agent
Configuring the fingerprint repository
Configuring the endpoint server
Configuring the crawler
Configuring the forensics repository
Configuring the policy engine
Configuring the protector
Configuring ICAP
Configuring the Web Content Gateway module
Configuring the Email Security Gateway module
Configuring the ISA agent
Configuring the printer agent
Configuring the integration agent
Configuring protector services

Click View Complete Document for more.

Deployment and Installation Center

Protector

In this topic
Overview
When to use the protector
Deploying the protector
Installing the protector
Configuring the protector

Overview

The protector is an essential component of Websense Data Security, providing monitoring and blocking capabilities, preventing data loss and leaks of sensitive information. Using PreciseID technology, the protector can be configured to accurately monitor sensitive information-in-transit on any port.

When to use the protector
Deploying the protector
Installing the protector
Configuring the protector

When to use the protector

The protector works in tandem with the Data Security server. The Data Security server provides advanced analysis capabilities, while the protector sits on the network, intercepts traffic and can either monitor or block the traffic, as needed. The protector supports analysis of SMTP, HTTP, FTP, plain text, IM traffic (e.g., Yahoo, MSN, chat, and file transfer). The protector is also an integration point for third-party solutions that support ICAP. The protector fits into your existing network with minimum configuration and necessitates no network infrastructure changes. If you want to monitor SMTP traffic, the protector is your best choice. You configure a span port to be connected to the protector. This span contains your SMTP traffic.

Click View Complete Document for more.

Deployment and Installation Center

SMTP agent

The Websense Data Security SMTP agent is installed on a Data Security server or on another Windows server equipped with Microsoft Internet Information Services (IIS) v6. The server must be running Windows Server 2003 standard R2 edition (32- or 64-bit).

It receives all outbound email from the mail server and forwards it to a Websense Data Security Policy Engine. The SMTP agent then receives the analyzed email back from the policy engine. Depending on the analysis, SMTP agent blocks the email or forwards it to the mail gateway. When installed on the Data Security Management server or supplemental Data Security server, the SMTP agent uses the local policy engine of those servers to analyze email, unless load balancing has been configured, in which case it uses the specified policy engine. The SMTP agent supports permit, block, and encrypt actions.

Websense recommends you use the SMTP agent whenever you want the ability to block SMTP traffic in a production environment. (If you need only monitor SMTP traffic, the protector may be a better choice for you.)

To use the SMTP agent, you need to configure your corporate email server to route email to it. (The agent becomes a MTA, accepting responsibility for delivery of mail.)

When the agent is installed on a Data Security server, the SMTP traffic is analyzed by the local policy engine. When it is installed as a stand-alone agent, email messages that are sent to the agent are sent to a Data Security server for analysis (whichever server the SMTP agent is registered with). You can configure Websense Data Security to block or quarantine flagged messages.

If an SMTP email transaction was blocked or quarantined, the administrator responsible for handling this incident can release this incident to those recipients originally blocked from receiving the content.

Click View Complete Document for more.

Deployment and Installation Center

Microsoft ISA/TMG agent

The ISA/TMG agent receives all Web connections from a Microsoft ISA Server or Forefront TMG network and forwards them to the Data Security policy engine. It then receives the analyzed information back from the policy engine and forwards it to the recipients on the Web. Microsoft ISA 2004 and 2006 are supported on Windows Server 2003 standard R2 edition (32-bit). Forefront TMG is also supported, on Windows Server 2008 R2 platforms (64-bit). Note that Forefront TMG supports analysis of HTTPS traffic as well as HTTP.

The ISA/TMG agent supports the permit and block actions, and it receives authentication information from the client on its way to the proxy to identify users.

If you are using the ISA agent on an ISA array, be sure to install it on every member of the array; otherwise the configuration will be out of sync and ISA may become non-functional. Install ISA agent using the Websense installer. See Installing Data Security Components for more information.

Installing the TMG agent

A separate 64-bit version of the Websense Data Security Installer is used to install TMG agent.

Click View Complete Document for more.

Deployment and Installation Center

Endpoint agent

In this topic
Overview
When to use the Data Endpoint
Deploying the endpoint agent
Deployment options
Linux deployment
Uninstalling the endpoint agent
Creating and distributing the endpoint using SMS

Overview

The Websense Data Endpoint is a comprehensive, secure and easy-to-use endpoint data loss prevention solution. The Websense Data Endpoint monitors real-time traffic and applies customized security policies over application and storage interfaces, as well as for data discovery.

The Websense Data Endpoint allows security administrators to either block or monitor and log files that present a policy breach. The data endpoint creates forensic monitoring that allows administrators to create policies that don't restrict device usage, but allow full visibility of content traffic.

You can monitor user activity inside endpoint applications, such as the cut, copy, paste, print, and print screen operations. You can also monitor endpoint Web activities and know when users are copying data to external drives and endpoint devices.

Working with data endpoints entails configuring endpoint profiles via TRITON - Data Security. The configuration settings defined in TRITON - Data Security regulate the behavior of the endpoint agents. The endpoint agents analyze content within a user's working environment (PC, laptop and variants) and block or monitor policy breaches as defined by the endpoint profiles.

Click View Complete Document for more.

Deployment and Installation Center

Printer agent

In this topic
Overview
Detecting the printer driver
ABBYY FineReader configuration settings for non-English text
Printer agent performance

Overview

The Data Security printer agent is required when you want to monitor what is printed on your organization's network printers.

The printer agent supports 32-bit Windows Server 2003 standard and R2 environments, and it supports permit and block actions.

When a user on the network prints a file, it is routed to the Microsoft Windows printer spooler service, where the printer agent intercepts it and sends it to the Data Security policy engine. After analysis of the content, the Data Security system enforces the policy as necessary: either auditing, monitoring or blocking the print job from being printed, in which case the sender (the user who printed the document) receives a notification that the print job was blocked.

The printer agent is capable of identifying the user that submitted the print job, because these credentials are included in the print job.

Websense Data Security generates forensics reports that list the blocked print files along with other blocked transmissions.

You install the printer agent on a Windows print server. It includes optical character recognition (OCR) capabilities. The OCR service (ABBYY FineReader) is required in printer agent installations for better analysis in different printer drivers. Installation without the OCR service is limited and should be performed only after receiving verification from Websense Technical Support that your organization's specific printer driver is supported.

Click View Complete Document for more.

TRITON - Data Security Help

Configuring Modules

If you have Websense Web Security Gateway Anywhere, you may never need to configure modules. The Data Security servers are given a default configuration when they’re installed that usually suffices.

If you’re running a full Websense Data Security deployment, in most cases, the only module that you must configure after installation is the protector. This is covered in Chapter 3: Initial Setup in the section Configuring the protector. However, if you’re deploying an ISA agent, this may need to be configured as well.

Either way, you are welcome to customize your configuration settings any time to meet your needs.

To configure a Data Security module: 1. Select Settings > Deployment > System Modules. 2. Click the module of interest. 3. Complete the fields as shown in the sections below:

Note: If you have Websense Web Security Gateway Anywhere, not all of these options apply to you.

Configuring the management server
Configuring a supplemental Data Security Server
Configuring the SMTP agent
Configuring the fingerprint repository
Configuring the endpoint server
Configuring the crawler
Configuring the forensics repository
Configuring the policy engine
Configuring the protector
Configuring ICAP
Configuring the Web Content Gateway module
Configuring the Email Security Gateway module
Configuring the ISA agent
Configuring the printer agent
Configuring the integration agent
Configuring protector services

Click View Complete Document for more.

Data Security Deployment and Installation Guide v7.5.3

Choosing and Deploying Agents

Websense Data Security monitors and protects data by using a series of agents that are deployed according to your organization’s needs.

These agents are installed on the relevant servers (Exchange agent on the Exchange server, printer agent on the print server, etc.) to enable Data Security to access the data necessary to analyze the traffic from these servers. Agents, such as the Data Endpoint, enable administrators to analyze content within a user’s working environment (PC, laptop, etc.) and block or monitor policy breaches.

This chapter is designed to help you decide which agents to deploy and to instruct you how to deploy them.

Click View Complete Document for more.

TRITON - Data Security Help

Adding modules to your deployment

If network and security requirements dictate that you need to add new agents or other modules to your deployment, go to the machine where you want to install them and run the Data Security installation wizard.

When you install the module, you are asked to provide the FQDN of the TRITON management server and the credentials for a TRITON administrator with Data Security system modules permissions. When you do, the module is automatically registered with the management server.

If you accept the default configuration, all you have to do is click the Deploy button in TRITON - Data Security (on the management server) to complete the process. If you want to customize the configurations, go into the System Modules screen and click the module to edit.

Only a management user with system modules permissions can install new network elements.

For information on adding and configuring modules, see Managing System Modules > Adding modules in the TRITON - Data Security Help.

Value of additional policy engines

Policy engines analyze transactions sent from various agents and protectors. The protector monitors network traffic and sends transactions to policy engines for analysis. The CPU load on the protector is much lighter than on a policy engine; therefore, when scaling up, you should add more policy engines (not protectors) and load-balance the analysis between them.

Assessing the need for additional policy engines

Check the number of transactions analyzed by the policy engine by selecting Main > Status > System Health and clicking on a policy engine.

Click View Complete Document for more.

 

 

TRITON - Data Security Help

Adding modules to your deployment

If network and security requirements dictate that you need to add new agents or other modules to your deployment, go to the machine where you want to install them and run the Data Security installation wizard.

When you install the module, you are asked to provide the FQDN of the TRITON management server and the credentials for a TRITON administrator with Data Security system modules permissions. When you do, the module is automatically registered with the management server.

If you accept the default configuration, all you have to do is click the Deploy button in TRITON - Data Security (on the management server) to complete the process. If you want to customize the configurations, go into the System Modules screen and click the module to edit.

Only a management user with system modules permissions can install new network elements.

For information on adding and configuring modules, see Managing System Modules > Adding modules in the TRITON - Data Security Help.

Value of additional policy engines

Policy engines analyze transactions sent from various agents and protectors. The protector monitors network traffic and sends transactions to policy engines for analysis. The CPU load on the protector is much lighter than on a policy engine; therefore, when scaling up, you should add more policy engines (not protectors) and load-balance the analysis between them.

Assessing the need for additional policy engines

Check the number of transactions analyzed by the policy engine by selecting Main > Status > System Health and clicking on a policy engine.

Click View Complete Document for more.

TRITON - Data Security Help

Scaling Data Security

As your network (and the security needs of your network) grows, Websense Data Security can grow with it. Our software is architected for scalability, even for networks with massive traffic and complex topologies. The sections below address network growth issues such as recognizing when system loads demand system expansion, single and multi-site configuration and how to deal with the growth of the various information repositories.

When does your system need to grow?

Adding modules to your deployment

Click View Complete Document for more.

TRITON - Data Security Help

When does your system need to grow?

There are numerous triggers that might prompt your system expansion. Among them:

Performance issues

You may or may not be aware of performance issues affecting your system. If you are experiencing slow discovery or fingerprinting scans, for example, this could be an indication of an overworked crawler. You may benefit from an additional crawler or Data Security server. If user are experiencing slow Web or email transactions, you may benefit from an additional policy engine. Even if you are not aware of performance issues, your system resources may not be fully optimized. To see how your system is performing, open TRITON - Data Security and select Main > Status > System Health. You can expand each module and view statistics on the load, the number of transactions, the latency, and more. Before adding modules, try balancing the load between your existing Data Security servers (policy engines). To do this, go to Settings > Deployment > System Modules, and click the Load Balancing button. Select a service and indicate which policy engine you'd like to assign to that service.

Note: Websense recommends that you do not distribute the load to the TRITON Management Server.

The number of users grows

In a typical small organization (1–500 users), you might only need a TRITON Management Server and a protector to monitor traffic. A larger organization (500–2,500 users) might have a TRITON Management Server, a supplemental Data Security server, and a protector, with load balancing between the protector and supplemental server. (You cannot balance the load with the management server.) As your number of users grows, so does your need for a Data Security server.

Click View Complete Document for more.

TRITON - Data Security Help

Adding modules to your deployment

If network and security requirements dictate that you need to add new agents or other modules to your deployment, go to the machine where you want to install them and run the Data Security installation wizard.

When you install the module, you are asked to provide the FQDN of the TRITON management server and the credentials for a TRITON administrator with Data Security system modules permissions. When you do, the module is automatically registered with the management server.

If you accept the default configuration, all you have to do is click the Deploy button in TRITON - Data Security (on the management server) to complete the process. If you want to customize the configurations, go into the System Modules screen and click the module to edit.

Only a management user with system modules permissions can install new network elements.

For information on adding and configuring modules, see Managing System Modules > Adding modules in the TRITON - Data Security Help.

Value of additional policy engines

Policy engines analyze transactions sent from various agents and protectors. The protector monitors network traffic and sends transactions to policy engines for analysis. The CPU load on the protector is much lighter than on a policy engine; therefore, when scaling up, you should add more policy engines (not protectors) and load-balance the analysis between them.

Assessing the need for additional policy engines

Check the number of transactions analyzed by the policy engine by selecting Main > Status > System Health and clicking on a policy engine.

Click View Complete Document for more.

Data Security Deployment and Installation Guide v7.5.3

When does your system need to grow?

There are numerous triggers that might prompt your system expansion. Among them:

Performance issues

You may or may not be aware of performance issues affecting your system. If you are experiencing slow discovery or fingerprinting scans, for example, this could be an indication of an overworked crawler. You may benefit from an additional crawler or Data Security server. If user are experiencing slow Web or email transactions, you may benefit from an additional policy engine. Even if you are not aware of performance issues, your system resources may not be fully optimized.

To see how your system is performing, open TRITON - Data Security and select Main > Status & Logs > System Health. You can expand each module and view statistics on the load, the number of transactions, the latency, and more.

Before adding modules, try balancing the load between your existing Data Security servers (policy engines). To do this, go to Settings > Configuration > System Modules, and click the Load Balancing button. Select a service and indicate which policy engine you’d like to assign to that service.

Click View Complete Document for more.

TRITON - Data Security Help

What can I protect?

Websense Data Security lets you control or monitor the flow of data throughout your organization. You can define:

Who can move and receive data

What data can and cannot be moved

Where the data can be sent

How the data can be sent

What action to take in case of a policy breach

With a full subscription, Websense Data Security secures:

Network and endpoint email - You can monitor or prevent sensitive information from being emailed in or outside of your domain from both network and endpoint computers.

Web channels

FTP - You can monitor or prevent sensitive information from being uploaded to file transfer protocol (FTP) sites.

Chat - You can monitor sensitive information going out via instant messenger applications such as Yahoo! Messenger.

Plain text -You can monitor or prevent sensitive information from being sent via plain text (unformatted textual content).

HTTP/HTTPS - You can monitor or prevent sensitive information from being posted to a Web site, blog, or forum via HTTP. You can also prevent users from downloading sensitive data from the Web. Endpoint

HTTP/HTTPS - You can monitor or protect endpoint devices such as laptops from posting or downloading sensitive data over the Web.

Network and endpoint printing - You can monitor or prevent sensitive data from being printed on any printer in your network.

Endpoint applications - You can monitor or prevent sensitive data from being copied and pasted from one application to another on Windows endpoint clients. This is desirable, because endpoint clients are often disconnected from the corporate network and can pose a security risk.

Endpoint removable media - You can monitor or prevent sensitive information from being written to a removable device such as a USB flash drive, CD/DVD, or external hard disk. All removable media is supported on Windows endpoints. All but CD/DVD devices are supported on Linux endpoints.

Endpoint LANs - Users commonly take their laptops home and then copy data through a LAN connection to a network drive/share on another computer.

Click View Complete Document for more.

TRITON - Data Security Help

What can I protect?

Websense Data Security lets you control or monitor the flow of data throughout your organization. You can define:

Who can move and receive data

What data can and cannot be moved

Where the data can be sent

How the data can be sent

What action to take in case of a policy breach

With a full subscription, Websense Data Security secures:

Network and endpoint email - You can monitor or prevent sensitive information from being emailed in or outside of your domain from both network and endpoint computers.

Web channels

FTP - You can monitor or prevent sensitive information from being uploaded to file transfer protocol (FTP) sites.

Chat - You can monitor sensitive information going out via instant messenger applications such as Yahoo! Messenger.

Plain text -You can monitor or prevent sensitive information from being sent via plain text (unformatted textual content).

HTTP/HTTPS - You can monitor or prevent sensitive information from being posted to a Web site, blog, or forum via HTTP. You can also prevent users from downloading sensitive data from the Web. Endpoint

HTTP/HTTPS - You can monitor or protect endpoint devices such as laptops from posting or downloading sensitive data over the Web.

Network and endpoint printing - You can monitor or prevent sensitive data from being printed on any printer in your network.

Endpoint applications - You can monitor or prevent sensitive data from being copied and pasted from one application to another on Windows endpoint clients. This is desirable, because endpoint clients are often disconnected from the corporate network and can pose a security risk.

Endpoint removable media - You can monitor or prevent sensitive information from being written to a removable device such as a USB flash drive, CD/DVD, or external hard disk. All removable media is supported on Windows endpoints. All but CD/DVD devices are supported on Linux endpoints.

Endpoint LANs - Users commonly take their laptops home and then copy data through a LAN connection to a network drive/share on another computer.

Click View Complete Document for more.

TRITON - Data Security Help

What can I protect?

Websense Data Security lets you control or monitor the flow of data throughout your organization. You can define:

Who can move and receive data

What data can and cannot be moved

Where the data can be sent

How the data can be sent

What action to take in case of a policy breach

With a full subscription, Websense Data Security secures:

Network and endpoint email - You can monitor or prevent sensitive information from being emailed in or outside of your domain from both network and endpoint computers.

Web channels

FTP - You can monitor or prevent sensitive information from being uploaded to file transfer protocol (FTP) sites.

Chat - You can monitor sensitive information going out via instant messenger applications such as Yahoo! Messenger.

Plain text -You can monitor or prevent sensitive information from being sent via plain text (unformatted textual content).

HTTP/HTTPS - You can monitor or prevent sensitive information from being posted to a Web site, blog, or forum via HTTP. You can also prevent users from downloading sensitive data from the Web. Endpoint

HTTP/HTTPS - You can monitor or protect endpoint devices such as laptops from posting or downloading sensitive data over the Web.

Network and endpoint printing - You can monitor or prevent sensitive data from being printed on any printer in your network.

Endpoint applications - You can monitor or prevent sensitive data from being copied and pasted from one application to another on Windows endpoint clients. This is desirable, because endpoint clients are often disconnected from the corporate network and can pose a security risk.

Endpoint removable media - You can monitor or prevent sensitive information from being written to a removable device such as a USB flash drive, CD/DVD, or external hard disk. All removable media is supported on Windows endpoints. All but CD/DVD devices are supported on Linux endpoints.

Endpoint LANs - Users commonly take their laptops home and then copy data through a LAN connection to a network drive/share on another computer.

Click View Complete Document for more.

Releasing blocked email in Data Security

Applies To: Websense Data Security v7.1.x
Websense Data Security v7.5.x
Websense Data Security v7.6.x

SMTP violations with the quarantine action are held in the Data Security forensics repository. Depending on their role, administrators can release quarantined messages from TRITON - Data Security by clicking Remediate > Release on the Incident report's toolbar.

In addition, administrators can configure Data Security to notify users when email messages are blocked because of policy. It can be configured to notify administrators or end users.

If desired, you can allow recipients to release blocked messages by replying to the notifications they receive.

To activate this capability, you must create and configure a force release mailbox.

To configure a force release mailbox, you must:

1. Configure Data Security settings.
2. Configure the internal Exchange server or other mail gateway. This document discusses Active Directory with Microsoft Exchange, but the concepts are universal.

What is Web DLP?

Problem description

I'm interested in the Web DLP feature of Web Security Gateway Anywhere, but I'm not fully sure I know how it works.

Do I need Web and data policies for this?

Resolution

Web mail, Instant Messaging and personal networking sites are some of the most common means by which corporate data is leaked. The Web DLP (Data Loss Prevention) functionality included in Web Security Gateway Anywhere is able to detect and block such leaks- even if the connection is encrypted. The Websense PreciseID technology provides accurate fingerprinting of content to support this process.

Click View Complete Document for more.

TRITON - Data Security Help v7.5.3

What can I protect?

Websense Data Security lets you control or monitor the flow of data throughout your organization. You can define:

* Who can move and receive data

* What data can and cannot be moved

* Where the data can be sent

* How the data can be sent

* What action to take in case of a policy breach

Websense Data Security secures:

* Network printers - You can monitor or prevent sensitive data from being printed on any printer in your network.

* Endpoint applications - You can monitor or prevent sensitive data from being copied and pasted from one application to another on endpoint clients. This is desirable, because endpoint clients are often disconnected from the corporate network and can pose a security risk.

* Endpoint removable media - You can monitor or prevent sensitive information from being written to a removable device such as a USB flash drive, CD/DVD, or external hard disk.

* Endpoint LANs - Users commonly take their laptops home and then copy data through a LAN connection to a network drive/share on another computer.

* You can specify a list of IPs, hostnames or IP networks of computers that are allowed as a source or destination for LAN copy.

* You can intercept data from an endpoint client.

* You can set a different behavior according to the endpoint type (laptop/other) and location (connected/not connected).

Note that Endpoint LAN control is applicable to Microsoft sharing only.

* Email systems - You can monitor or prevent sensitive information from being emailed in or outside of your domain.

* Web channels

* FTP - You can monitor or prevent sensitive information from being uploaded to file transfer protocol (FTP) sites.

* Chat - You can monitor sensitive information going out via instant messenger applications such as Yahoo! Messenger.

* Plain text -You can monitor or prevent sensitive information from being sent via plain text (unformatted textual content).

* HTTP/HTTPS - You can monitor or prevent sensitive information from being posted to a Web site, blog, or forum via HTTP. You can also prevent users from downloading sensitive data from the Web.

* Endpoint HTTP/HTTPS - You can monitor or protect endpoint devices such as laptops from posting or downloading sensitive data over the Web.

By such comprehensive monitoring of these channels, you can prevent data from leaving your organization by the most common means.

Click View Complete Document for more.