Nuevas características con TRITON

Presentación del tema: "Nuevas características con TRITON"— Transcripción de la presentación:

1 Nuevas características con TRITON
WEBSENSE WEB SECURITY GATEWAY Anywhere y DLP versión 7.5 Nuevas características con TRITON Mayo 10 de 2011 Demostraciones por: Omar Becerra Director Técnico Especialista en Telemática Preparado por: Armando Carvajal Arquitecto de soluciones Msc Seguridad informática

2 Situación Actual

3 Las aplicaciones y datos se mueven a la WEB 2.0
   Corporate Webmail Instant Messaging Hosted Applications Blogs Local Weather File Sharing YouTube Videos Networking

4 Todo ha cambiado La interconexión de negocios a través de sitios complejos con predominancia de contenidos generados por usuarios Los empresarios toman ventaja de estos nuevos sitios web para alcanzar nuevos mercados. Los datos ahora se mueven a través de redes externas, aún más si usas aplicacions SaaS El objetivo de los criminales es Robar datos y comercializarlos Utilizan ataques combinados a través de múltiples vectores

5 Qué significa “Web 2.0?”… Buscamos en Wikipedia?
La nueva “Web 2.0” Qué significa “Web 2.0?”… Buscamos en Wikipedia? « está comúnmente asociado con un fenómeno social, basado en la interacción que se logra a partir de diferentes aplicaciones en la web, que facilitan el compartir información, la interoperabilidad, el diseño centrado en el usuario o D.C.U. y la colaboración en la World Wide Web.» Web 2.0 User-generated Content Mashups and Web Services Consumer and Enterprise Worlds Convergence Diversity of Client Software Complexity and Asynchronous Operation

6 Web 1.0 vs Web 2.0 Composición HTML Tamaño 71.2 KB Scripts Ninguno
Archivos 4 Fuentes 1 - Google Composición DHTML, Flash, Java Tamaño 1.26 MB Scripts 8 Java Scripts (924KB) Archivos 22 Fuentes Más de 1,000

7 Seguridad Web 1.0 vs. Web 2.0 Technology Effective Filtro URLs Yes
Antivirus Reputación Technology Effective Filtro URLs No – Not going to block Google Antivirus No – Ineffective against exploits and scripts Reputación No – Google has a good reputation

8 El acceso a las redes sociales es importante para los negocios
“Si el acceso a redes sociales como Myspace y Facebook es bloqueado, cómo impacta a su organización?” 69% piensa que bloquear las redes sociales impacta de forma negativa sus negocios Fuente: Forrester Consulting, Next-Generation Secure Web Gateway Trends and Requirements, Diciembre, 2008

9 Tendencias 70 % del top 100 de sitios Web se han visto envueltos en
Actividades maliciosas en los últimos 6 meses Web Dinámica Cambia constantemente el contenido Millones de páginas variadas por sitio Sitios legítimos comprometidos Sistemas de seguridad obsoletos Requiere análisis de contenido en tiempo real La Web Desconocida Basura, personales, adultos, etc. Millones de sitios nuevos aparecen diariamente Reputación y bases de datos de URLs poco efectivas Requiere análisis de contenido en tiempo real y análisis de seguridad La Web conocida Eventos, sitios regionales y generales Menos contenido generado por usuarios Reputación, bases de datos de URLs poco efectivas Trafico WEB Top 100 de sitios Siguiente 1 millon de sitios Siguientes 100 millones de sitios Requiere Análisis en tiempo real en línea Requiere categorización proactiva y análisis de reputación

10 1. China: 1,332,060,000 2. India: 1,166,900,000 3. Facebook: 400,000,000 4. U.S.A.: 307,010,000 5. Indonesia: 230,781,846 6. Brazil: 191,594,000 Supera a E.E.U.U y a Brasil como el tercer “pais” más grande del mundo ….

11

12 El poder de la Red Social
Miles de marcas corporativas en Facebook 2,261,579 fans 7,219,611 fans

13 Redes Sociales YouTube es el segundo motor de busquedas más grande en el mundo 80% de las compañías usan redes sociales para búsqueda de personal, 95% son encontrados en LinkedIn 34% de “bloggers” publican información sobre lo que opinan al respecto de productos y marcas 78% de los consumidores confían en las recomendaciones de las demás personas Que significa esto para las malas experiencias de los clientes?

14 Actualidad: ataques combinados
Los ataques son sofisticados y dirigidos Los datos son el objetivo La web y los correos son usados para extraer muchos tipos de datos Archivos adjuntos y HTML son usados para iniciar ataques combinados Estos ataques simplemente se saltan las soluciones de seguridad tradicionales “SEO poisoning” envenamiento de Optimizadores de motores de búsqueda y falsos antivirus crecieron fuera de control en 2010

15 Filtrado estático de URLs no es suficiente
El control estático por URLs ya no es efectivo para el control de acceso a la Web. Usted debe entender el contenido de la página.

16 De soluciones estáticas a Problemas dinámicos
Static URL Databases Do not address web 2.0 and dynamic web Cure versus prevention and huge volume problem Traditional / OEM AV No coverage for compromises (70% bad sites) Reputation Systems Parallel Scanning Lacks shared knowledge and context False positive and false negative problems with no context DLP-LITE Limited access to properties, detectable, and very slow (500MS +) Cloud Classification

17 Los empleados encontrarán la manera…
Bloquear la infraestructura no es una estrategia válida Al menos el 50% de los administradores de TI admiten que sus usuarios tratan de saltar las políticas

18 Retos en los negocios Planeación Estratégica Planeación de negocio
“Cómo reduzco el costo de aseguramiento contra cada nueva amanezana y obtener el mejor retorno de inversión?” Planeación de negocio “Cómo puedo ampliar el acceso a más clientes sin aumentar el riesgo de malware y pérdida de datos?” Administrador de Infraestructura “Cómo permitir que mis socios accedan recursos internos sin riesgos?” “Cómo puedo proteger empleados remotos de pérdida de información cuando están fuera de la oficina?” Administración de Seguridad “Cómo protejo mi compañía contra amenazas modernas que utlilizan múltiples vectores?” © 2010 Websense, Inc. All rights reserved.

19 Problemática de hoy…

20 Los negocios están adoptando la
“Web 2.0” Convergencia de empresas y consumidores Contenido generado por los usuarios Diversidad de software de usuario Marketing y ventas nos pediran acceso al web 2.0 para aumentar las ventas y bajar costos    Corporate Webmail Instant Messaging Hosted Applications Blogs Local Weather File Sharing YouTube Videos Networking User-generated Content In contrast to the static nature of Web 1.0, Web 2.0 systems rely heavily upon user generated content. In fact, Web 2.0 has been described as the “participatory Web.” For example blogs and photo sharing services enable consumers to add and update their own content. Other systems such as community mapping or wikis mash the information from multiple users to create a single database. Mashups and Web Services Open sharing of information implies the open sharing between disparate systems. To do this, Web 2.0 systems include interfaces that allow other Web 2.0 systems to communicate with them, usually using a common API based on XML and known as Web Services. A “mashup” is an element that combines information from multiple systems using Web Services to provide a aggregate service. Personal home pages are an example of a mashup that combines information from disparate sources to a single, personalized web page. Another example is the use of public mapping services to embed specific maps within web sites. Consumer and Enterprise Worlds Convergence By focusing on the individual rather than the organization, Web 2.0 blurs the border separating an organization from the outside world. For example, people’s blogs often contain elements of both their personal life and their professional life, and social networks incorporate both professional contacts and personal friends (e.g. LinkedIn and Facebook). Services available to an organization from public sources through web services represent an opportunity for an organization to increase efficiency and streamline operations. Services no longer need to be provided strictly by enterprise software installed within the data center, but rather, they can be provided by both internal systems, augmented by external systems running as a service (i.e. SaaS). As an example, today many organizations use publicly-available Google Maps to provide a geographical overlay to their existing applications. Another key contributor to the convergence of consumer and enterprise worlds is the proliferation of highly-portable computing platforms, such as “netbooks” and web-enabled mobile phones; two devices that people use for both work and personal purposes. Diversity of Client Software Mashup and syndication services dictate that information and software functions are available across many different display technologies and environments. The diversity of platforms needed to support these services extends to: • A wide variety of hardware platforms such as computers running different operating systems and mobile phones • Software clients running outside of the browser such as a desktop widgets • Shared browser windows such as personal home pages. Complexity and Asynchronous Operation Despite the huge benefits afforded by Web 2.0; they do not come without a cost. To enable increased user interaction, integration APIs and web applications need to be more complex and they need to support an ever-increasing set of clients. The most profound technical complexity introduced by Web 2.0 applications is the asynchronous request, often referred to as AJAX (for “Asynchronous JavaScript and XML”). As the name implies, AJAX requests may be triggered automatically and not as the result of user interaction, for example in order to repaint just the portion of a screen that changed, rather than the entire screen. In contrast, traditional applications issue requests to a server when a user presses a control or a link and the request results in a display of a new page. Source: Top Web 2.0 Security Threats, 2009 Industry Report, Secure Enterprise Forum

21 Amenazas de la Nueva “Web 2.0”
Insufficient Authentication Controls Cross Site Scripting (XSS) Cross Site Request Forgery (CSRF) Phishing Data Leakage Injection Flaws Information Integrity Insufficient Anti-automation Secure Enterprise 2.0 Forum, 2009 industry report Top Web 2.0 Security Vulnerabilities In the latest report, the Forum has identified the top Web 2.0 security vulnerabilities as follows: 1. Insufficient Authentication Controls In many Web 2.0 applications, content is trusted in the hands of many users, not just a select number of authorized personnel. That means there's a greater chance that a less-experienced user will make a change that will negatively affect the overall system. This change in a system's design can also be exploited by hackers who now have access to a greater number of "administrative" accounts whose passwords can often be easily cracked if the correct security controls are not in place. The systems also may have insufficient brute-force controls, permit clear text passwords, or have been tied together in a single-sign-on environment, making an attack that much riskier. 2. Cross Site Scripting (XSS) In a stored cross site scripting (XSS) vulnerability, malicious input sent by an attacker is stored in the system then displayed to other users. Systems that allow users to input formatted content - like HTML for example - are especially susceptible to this attack. At risk are blogs, social networks, and wikis. An example of this attack from last year was the Yahoo HotJobs XSS vulnerability exploit, where hackers obfuscated JavaScript to steal session cookies of victims. Last year and in previous years, XSS worms were also to blame for attacks on Orkut, MySpace, Justin.tv. 3. Cross Site Request Forgery (CSRF) In CSRFs, victim visit what appear to be innocent-looking web sites, but which contain malicious code which generates requests to a different site instead. Due to heavy use of AJAX, Web 2.0 applications are potentially more vulnerable to this type of attack. In legacy apps, most user-generated requests produced a visual effect on the screen, making CSRF easier to spot. Web 2.0 systems' lack of visual feedback make this attack less apparent. A recent example of a CSRF involved a vulnerability in Twitter in which site owners could get the Twitter profiles of their visitors. 4. Phishing Although phishing isn't just a risk associated with Web 2.0 technologies by any means, the multitude of dissimilar client software in use makes it harder for consumers to distinguish between the genuine and the fake web sites. That enables more effective phishing attacks.  5. Information Leakage Web 2.0 combined with our "work-from-anywhere" lifestyle has begun to blur the lines between work and private life. Because of this psychological shift, people may inadvertently share information their employer would have considered sensitive. Even if individuals aren't sharing the equivalent of trade secrets, the accumulation of the small "non-sensitive" items they share can allow a business's competitors to gain intelligence about what's going on and being worked on at that company. 6. Injection Flaws Web 2.0 technologies tend to be vulnerable to new types of injection attacks including XML injection, XPath injection, JavaScript injection, and JSON injection for no other reason beyond the fact that the Web 2.0 applications tend to use and rely on those technologies. With increased use, comes increased risk. In addition, because Web 2.0 apps often rely on client side code, they more often perform some client-side input validation which an attacker can bypass. 7. Information Integrity Data integrity is one of the key elements of data security. Although a hack could lead to loss of integrity, so can unintentional misinformation. A great example of this in the public arena is a mistaken edit on Wikipedia which is then accepted as fact by many of the site's visitors. In a business environment, having systems open to many users allows a malicious or mistaken user or users to post and publish inaccurate information which destroys the integrity of the data. 8. Insufficient Anti-automation Programmatic interfaces of Web 2.0 applications let hackers automate attacks easier. In addition to brute force and CSRF attacks, other examples include the automated retrieval of a large amount of information and the automated opening of accounts. Anti-automation mechanisms like Captchas can help slow down or thwart these types of attacks.

22 Crecimiento de Amenazas “Web 2.0”
Desde Enero de 2008 hasta Enero de 2009, el número de sitios Web con código malicioso creció en un 46% 77% se los sitios Web con código malicioso son sitios legítimos que han sido comprometidos Sitios con buena Reputación le sirven a los pícaros como canal de distribución de malware During the second half of 2008, the volume of legitimate Web sites compromised with malicious code continued to surpass the number of sites created by attackers specifically for malicious purposes. More than 77 percent of the Web sites Websense classified as malicious were actually sites with seemingly “good” reputations that had been compromised by attackers. This represents a minor two percent increase over the last six months. In August, Websense was the first to discover that CNET Networks, a media company owned by CBS Corporation was compromised when malicious code implanted on its site infected unsuspecting visitors. In addition, highly visible sites like BusinessWeek.com, BillOreilly.com and the New York Times faced serious Web attacks that unknowingly served up exploits to themselves and their visitors. Additionally, Digg, MSNBC, Newsweek, and MSN Norway were hit by a series of malicious third party banner ads, which led some visitors to rogue security software sites and others having their clipboard hijacked. One of the vulnerabilities exploited was a one-year old integer overflow in Adobe Flash (CVE )

23 WEBSITES IN THIS MIRROR ARE MORE DANGEROUS THAN THEY APPEAR
Como se trata la Web 2.0 WEBSITES IN THIS MIRROR ARE MORE DANGEROUS THAN THEY APPEAR Usando tecnologías obsoletas (Ej: Squid = OpenSource) Deciden sobre un sitio entero basado en su reputación pasada – no en su contenido El contenido de los sitios Web 2.0 son considerados “buenos” o “malos” en su totalidad Facebook = MALO, bloquee todas las páginas Wikipedia = BUENO, permita acceso irrestricto Simplista, políticas no granulares pueden generar bloqueos exagerados, frustración y baja productividad Nos ganamos enemigos del negocio gratis… YES NO MAYBE ?

24 El reto en la Seguidad Web
Permitir que el negocio use la tecnología Web 2.0 en sitios como LinkedIn, Facebook, Salesforce… pero sin riesgos… Cumplimiento de normas y evitar fugas de información vía Web: Web mail Participación en redes sociales Malware basado en Web: AV no puede con el contenido dinámico ni con los scripts, además de ser reactivo Es un vector adicional para la fuga de datos Clasificación de contenido Web 2.0: Mezcla de contenido y sitios protegidos por password es una mejor solución que el tradicional filtrado de contenido Contenido dinámico necesita análisis en tiempo real Llevar la seguridad Web al mejor TCO Manejar múltiples marcas, proveedores y productos Soportar oficinas distribuidas Salida PII, CC#, SSN, salud, financiero Entrada Mezcla de contenido, malicioso y scripts The Web security challenge today is not about preventing access to sites , but enabling secure access. Stated simply, the challenge is to ENABLE broad business use of the Web, from Social Media to cloud computing applications .... without the risks. The key risks relate to both inbound and outbound communications and can be broken into four basic areas. At the top of the list is outbound data loss. The increasing ability of employees to post data outbound to interactive Web 2.0 sites has transformed the Web into a primary channel for sensitive data loss and regulatory compliance violations. Web mail is commonly used to distribute business information to personal accounts Social media and blogs provide opportunities for users to accidently expose proprietary information to the public. So it’s become clear that controls are needed to monitor and enforce data confidentiality policy for these outbound Web communications. The second issue is malware. The Web has replaced as the primary distribution channel for malware and antivirus technology, while useful for a certain attacks, cannot keep pace with the majority of the Web threatscape. Web threats have become too dynamic for antivirus solutions driven by databases of known attacks. During the time it takes for a threat for an AV vendor to identify a new threat, develop protections, and distribute them to customers, the attacks have changed. The Websense security labs detect hundreds of new viruses not covered by top AV engines each day. Also antivirus solutions, which focus on binary executable files, do not apply to script-based attacks that have come to dominate the Web. Malicious scripts, also known as drive-by-downloads, are silently delivered to employees who simply visit a compromised Web site – they don’t have to click a link or install software to become infected. The bottom line for many organizations with regards to Web malware, is that it represents a criminal outbound data loss vector that goes beyond to the accidental employee data loss scenarios described above. The motivation behind Web malware is not typically denial of service or IT vandalism, but data theft. Another inbound security issue is Web 2.0 content classification. Traditional URL filtering cannot accurately classify objectionable content within frequently visited Web sites like Facebook, LinkedIn, Twitter, and iGoogle. The iGoogle example we discussed previously illustrated this problem well. A single site like iGoogle mixes valuable business information with content that violates policy like gambling. A traditional URL filter has no way to separate the good from the bad. Facebook provides another, even more challenging example. Not only does Facebook mix good and bad content, but much of the content is hidden behind passwords making it invisible to the Web crawlers the create URL databases. In the end, the business is forced into the decision to either block all access to Web 2.0 sites or allow wide open access to those sites - and accept the resulting drain on employee productivity and increased malware risk. Finally, the need to protect distributed office locations and remote users combines with a diversity of technical challenges to create a level of complexity that is driving security total cost of ownership out of control. Organizations are being asked to manage stacks of AV, Web filtering, scanning and DLP boxes from multiple vendors at offices spread all over the world. In many cases, the business does not have the IT resources to simply rack appliances in remote locations, much less install and troubleshoot security software. So there are a clear need to consolidate the various elements of Web security and simplify management across the distributed enterprise. AV, Filter, DLP © 2010 Websense, Inc. All rights reserved.

25 Solución: Web Security Gateway
En línea, debemos hacer clasificación en tiempo real de todo el contenido, a cualquier nivel dentro del sitio Exhaustiva protección ante el malware de la Web 2.0: Amenazas Dinámicas, scripts maliciosos, Objetos Web infectados, Aplicaciones basadas en browser Controles de políticas granurales basados en el contenido actual – no en la reputación del pasado Permitir que las compañías concedan el acceso a los sitios Web 2.0 prohibiendo el contenido no deseado (malware) YES MAYBE NO

26 Control Total Internet Aplicaciones Datos Sensibles

27 Websense – Essential Information Protection

28 Seguridad del Contenido Unificada
Unifica la seguridad Web, DLP y Unifica las plataformas localmente y SaaS para un despliege TruHybrid Unifica el análisis de contenido para controlar los distintos vectores de amenzas modernas Provée flexibilidad y adaptabilidad sin paralelo, con la mejor seguridad para las amenzas modernas al menor Costo de Propiedad

29 Content Security Center Consola de administración única
Seguridad Unificada Content Security Center Consola de administración única Políticas Reportes © 2010 Websense, Inc. All rights reserved.

30

31 Seguridad unificada = TRITON
Software, appliance o en la nube total cubrimiento para la infraestructura del negocio Mobile Worker Branch Office Websense Global SAAS Infrastructure Mayor resiliencia al cambio tecnológico Data Data Data Web Web Web Web v10000 v5000 Aprovechar las tecnologías de virtualización combinar todas las opciones de plataforma Headquarters & Large Branch Office No importa la plataforma. Permitimos que los usuarios decidan que es lo mejor para sus requerimientos. Con un mayor costo/beneficio

32 Arquitectura unificada TRITON

33 Seguridad en las redes sociales
Solo Websense ofrece seguridad en el uso de redes sociales y otras plataformas web 2.0 Websense Facebook Classification Competitive Facebook Classification 1% 99.57% .43% - other 2% 1% 2% 2% 8% Entertainment Society & Lifestyles Sports Business & Economy Objectionable Shopping Blogs & Personals Sports Entertainment Search Engines & Portals Government 3% 4% 5% 51% 21% *Top 4000 Facebook Pages, Websense Permite polítics de uso aceptable dentro de las redes sociales Los usuarios no ven el contenido oculto en las redes sociales

34 Websense Web Security Es una solución de seguridad que protege a las organizaciones de las amenazas emergentes y actuales basadas en la Web 2.0 Usa la tecnología líder de la industria Websense ThreatSeeker Protege contra amenazas cambiantes (blended) Códigos malicioso Ataques de phishing Bots Impide comunicación de Spyware Keylogging Spyware por software

35 Websense Web Security Gateway
Visibilidad y control del contenido dinámico y de la perdida de datos salientes, incluido el trafico SSL encriptado Protección contra las amenazas de la Web 2.0 Controles avanzados de aplicaciones para IM, P2P, etc Administración e informes centralizados y faciles de usar Proxy y cache Web integradas

36 Control efectivo del contenido dinámico
Controla “contenido personal” como iGoogle Contenido visible después autenticación Múltiples fuentes y categorías en una sola página Websense permite usar los beneficios de Web 2.0 Permite contenido apropiado y bloquea el inadecuado Real-time content analysis Pass content through ~2000 algorithms Dynamically determine category of content Apply defined policy

37 Protección dinámica de amenazas
ThreatSeeker protege de zero-day VULNERABILIDADES Identificación y protección de amenazas dinámicas Protección antivirus (en v7.1) JavaScript Active X Code analyzed – malicious intent blocked Active X Executable Files Executable Files Applets Applets

38 Control Avanzado de Protocolos
Desarrollo y uso de protocolos de red para aplicaciones IM, P2P etc pueden funcionar sobre SSL para evitar detección Websense Web Security Gateway controla más de 130 protocolos de red Previene la entrada de amenazas Previene la fuga de datos confidenciales Conserva el ancho de banda para aplicaciones de negocio

39 Control con políticas flexibles
Creación políticas flexible Categorías 95 URL Controles para permitir, confirmar, Cuotas Políticas para grupos e individuos Integración con servicios de autenticación Reportes detallados

40 Control por Categorías
Cuenta con una categoría de seguridad Cuenta con controles Bloqueo por palabra Bloqueo por tipo de archivo (.zip, .rar, MP3, etc) Bloqueo con optimización de ancho de banda

41 Visibilidad de todo el tráfico
Aumento del tráfico SSL Más aplicaciones Web lo utilizan Vuelve el contenido ¨invisible¨ Utilizado por tecnología “proxy avoidance” Visibilidad completa elimina los puntos ciegos Control sobre datos entrantes y salientes Integración con modulo Data Security para permitir DLP sobre los canales web, ftp y https

42 A que categoría pertenece mi sitio?

43 Web Proxy y Cache integrados
Proxy carrier-class y plataforma de cache Permite visibilidad y administración sobre tráfico web y SSL Permite filtrar HTTPS Disminuye latencia de descargas de páginas estáticas Aumenta el desempeño Permite realizar el análisis del contenido del trafico Web en tiempo real

44 Control sobre contenido saliente
Limita el riesgo generado por pérdida de datos Previene la fuga de información confidencial Análisis de tráfico Web y SSL Reduce la exposición de datos confidenciales a través del análisis de contenido y contexto Control de protocolos

45 Dashboard centralizado
Health check Security Stats Workflow Fully customizable click-through reports

46 Administración según funciones
Tareas de administración disponibles en todas las páginas Reduce tiempo de aprendizaje Ahorro de tiempo y recursos para administración Simplifica tareas de revisión sin intervención de usuario

47 Reportes Interfaz de administración y reportes integrados
55 reportes incluidos Reportes Drill-down Reportes Granulares Reportes basados en 1200 elementos/variables Crear reportes por usuarios o grupos Diferentes opciones de generación de reportes (gráficos, excel, PDF, etc) Generación rápida Visibles directamente desde el Dashboard

48 Administracion integrada
Reportes Administracion integrada y reportes

49 Reportes Muchas opciones de reportes

50 Reportes Reportes de Drill-down

51 Web Security Gateway Anywhere
La mejor seguridad Web Previene fuga de datos y asegura cumplimiento de normas Clasificación de contenido Web 2.0 Protección contra malware dinámico Entrega solución flexible, manejable con una política simple y unificada Al menor costo total de propiedad Consolida múltiples productos y plataformas en una sola solución unificada Menos cajas, menos costo, mejor manejo de sistemas, proveedores y soporte Web DLP clase mundial Escaneo en tiempo real Antimalware/Antivirus integrado Filtrado líder mundial Descifrado de SSL The Web Security Gateway Anywhere is the industry’s leading Web Security solution. It’s deliver’s on our promise to deliver the industry’s best Web security at the lowest cost of ownership. It’s the only Web security solution with native integration of enterprise class data loss prevention (DLP) to prevent data loss and ensure compliance over Web channels. Unlike competitive Web security products whose DLP capabilities are limited to keywords or require complex third-party integrations, this solution is a complete implementation of Websense’s market leading DLP solution – but optimized for the Web . For organizations with longer term plans for DLP, WSGA also provides solid investment protection. A simple subscription upgrade is all that is needed to extend control beyond the Web to include other traffic types ( , IM, P2P), endpoints, and data at rest (e.g., databases, file shares, Exchange, Share Point). Real-time scanning provides Web 2.0 content classification and protection against a wide range of dynamic threats – including malicious scripts that otherwise evade traditional antivirus products. Using proprietary analytics, Real Time Scanning identifies malicious and objectionable content “on the fly” without the need to reference a database history of known URLs or viruses. These advanced DLP and real-time scanning capabilities are augmented with integrated antivirus, our market leading URL database (which includes Web reputation services) and SSL decryption for visibility into encrypted SSL traffic. Applications Controls block or limit bandwidth for hundreds of protocols and applications. These controls operate on both port 80 Web traffic and non-Web protocols on other ports. And finally, our TruHybrid deployment platform allows you to deploy via on-premise appliances or in the cloud uses our SaaS Web security platform while management both from a single unified policy and reporting system. No other vendors allows you to manage hybrid on-premise/SaaS deployments from a single management system – they all require you to absorb the cost of managing completely independent systems. This leads us to the final key point on this slide which is lowest TCO. The Web Security Gateway Anywhere lowers the operational costs of managing enterprise Web security by consolidating multiple products and deployment platforms to a single unified solution. You have fewer boxes to deploy, fewer management systems, and fewer vendors to support. Controles de aplicación Entrega REAL hibrida Appliance SaaS © 2010 Websense, Inc. All rights reserved.

52 Conclusión hasta aquí Websense Ofrece Cobertura fuera y dentro de la red: Los Clientes fuera de la red tienen protección de datos en documentos mediante Políticas Personalizadas Websense ofrece personalización y entiende las necesidades particulares de las organizaciones Websense ofrece Unificación de Protección de Contenido: Tanto a través del acceso a Internet, dispositivos externos como fuera de la red Websense es la única solución que integra la protección del contenido ofreciendo, con el menor Costo Total de Propiedad y la inteligencia necesaria en la toma de decisiones estratégicas

53 Problemática de hoy: DLP

54 Problemática alrededor de los datos confidenciales
Es un hecho real que las amenazas cambiantes buscan aprovecharse de las vulnerabilidades de mis usuarios y tecnologías Cómo proteger mis listas de precios, lista de clientes, formulas químicas de mi negocio?

55 Cuán resiliente soy como organización?
Es la medida o grado de superación de la organización frente a la adversidad de pérdida de datos sensibles que tienden a impactar el patrimonio de los socios con probabilidad de cerrar mi negocio Armando Carvajal, Msc Seguridad Informatica

56 ESSENTIAL INFORMATION
Que debemos proteger? DISCOVER MONITOR CLASSIFY PROTECT Internal Data External Threats WHERE WHAT WHO HOW CUSTOMER LIST NEW DESIGN CONFIDENTIAL Classify ESSENTIAL INFORMATION PROTECTION Discover The best way to understand Websense’s unique value is to ask simple questions around “who, what, where, and how”. No other security vendor provides Websense depth or breadth in controlling all these elements. Web Intelligence: Websense has unrivaled knowledge of the Internet – where malicious code resides, and where users should be allowed to go online. Content Intelligence: Websense’s data protection technology leads the market in identifying exactly what information should be protected. User Intelligence: Websense fine-grained policy controls over users and groups – controlling who is allowed to access specific control, or sensitive data, and how that content or data should be communicated. Websense ties this all together with integrated policy controls, giving organizations powerful, and flexible controls over all content security. Only Websense delivers integrated web, messaging, and data security solutions to protect an organization's most essential information like their customer information, financial data, employee information and IP – wherever (Web, ) and whenever. Websense enables organizations to maximize business opportunities while minimizing risk and exposures. Websense is Essential Information Protection™. Monitor

57 Control Inteligente: Reglas del negocio
Who What Where How Human Resources Source Code Benefits Provider File Transfer Customer Service Business Plans Internet Auction Web Marketing Customer Information Business Partner Instant Messaging Finance M&A Plans Blog Peer-to-Peer Accounting Patient Information Customer Sales Financial Statements Spyware Site Network Printing Legal Customer Records North Korea Technical Support Technical Documentation Competitor Engineering Competitive Information Analyst Control Inteligente: Reglas del negocio

58 Control de Aplicaciones
Aplicaciones Pre-clasificadas y categorizadas Controles de datos y politicas de usuario para aplicaciones individuales o categorizadas

59 Ejemplo de un incidente
Incidente Interceptado por Websense Usuarios que acceden inormación Archivo con lista de Clientes y lista de precios Usuario comprime el archivo Enviado por correo a un grupo de Yahoo Here’s a great example why locking down the infrastructure is not a great idea. When you first put in data loss prevention solutions you find interesting things like this. Now this is an real life incident that triggered off one of the 800 or so built in policies that are built in, come ready made if you like, into our data loss prevention module. What we see here is a file of passwords for a good many systems which was zipped and encrypted by a user who then went on to send the zipped file to yahoo mail. Now that incident, quite frankly, at first blush looks quite malicious. Somebody is sending the passwords to your systems to a yahoo mail account and they are obscuring it by zipping the file so maybe they don’t want anybody to see what they are doing. The reason why we like this example is that it is very illustrative of a few concepts. The most important concept is, do you know who caused this problem? Not as you might think the person who actually sent the , this was inadvertently caused by the IT organization and policies that created this. The company in question had a policy that you couldn’t have distribution lists in the system with external people on them, since that might allow data to leak. They also had another policy to rotate the passwords every 30 days, which is a great way to encourage sticky notes and password leakage but that was the policy. However this person had to get the passwords to all the [CLICK] business partners who needed these passwords to gain access to all the back end systems so they could conduct business with them. The couldn’t use their own system because the IT policy forbade external addresses, so to prove the point that business will find a way, the enterprising employee was using yahoo mail, created a distribution list to circumvent this restriction and send the passwords to all his business partners. They were doing this for a couple of years before we put our [CLICK] system in and found this going on. So it’s very illustrative and shows how IT security policies that say lock things down can create opportunity for people to work around these restrictions to get their jobs done and in doing so create some pretty significant risks for their organizations. It also shows that once you transact in this open manner, the IT department could lock down web mail and the employee would find another way, maybe as Facebook or LinkedIn friends or similar and use that as a distribution mechanism. So the morale is we really need to be able to get a hold of the CONTENT that is transiting our networks here.

60 Visibilidad del riesgo
A donde van sus Usuarios A donde van sus datos Donde está su riesgo

61 Websense PreciseID Application Control Statistical Analysis
Most Accurate Precise ID™ Websense User Service > real-time user I.D. Statistical Analysis Websense Web Intelligence > real-time destination awareness File Matching Regular Expressions Categories / Dictionaries Least Accurate Application Control

62 Reportes y Administración Management & Reporting
Administrator Rights Full access privileges, including configuration, administration, settings, incident management, and reporting. Data at Rest File Servers Databases Desktops Laptops Administrator Incident Mgr. Rights Access to incident management and reporting, as well as trend analysis. Data in Use Management & Reporting USB CD/DVD Copy/Paste Application Print Management and reporting is configurable for the user Simple and intuitive for the user Powerful for the administrator Role-based administration and control User self-remediation Quarantining Notification Automated Enforcement Block Encrypt Advanced Workflow Auto Alerting Auto Reports Auto Encryption Auto Removal Incident Manager= Duenio Proceso Auditor Rights Data in Motion Web Network Print FTP Instant Message P2P Custom Channels View only permissions to policies applied and specific incident types (e.g., PCI incidents), with no access to view forensic details. Auditor

63 Cualquier servicio en cualquier parte
Software-as-a-Service (SaaS) ThreatSeeker Network Inteligencia en tiempo real y compartida DLP Web Security Security Data Security Any Service, Anywhere Real-time Intelligence Sharing ThreatSeeker Cloud Service Defensio Phishing Fraud SPLOG Consolidating logical, functional, and physical coverage Combining Web and security in cloud-based SaaS Embedding its DLP engine into its Security products – both on premise and hosted service Leveraging virtualization technology on premise to build the V-Series platform to combine Web and protocol coverage on a single appliance platform First to consolidate Web security coverage Soon to consolidate Web and Data security coverage embedding its DLP engine into its Web Security Gateway, hosted and on premise Later to consolidate Web, Data, and coverage Phase 3 benefits to the business Consolidation saves time and money and brings simplicity and savings Added benefit of increased visibility into business processes (bad or broken) w/ content aware coverage Greater, more measurable security value… i.e., No longer just measured on the blocked threats – now realizing benefits of securing the saleable assets Reducing risk and bringing compliance Enabling a more effective and secure enterprise… but which is also more efficient Websense is currently in transition from phase 3 to 4, where we’ll bring together not only our product capabilities, but their delivery across platforms V-Series Appliances Web Security DLP Security DLP V5000 Web Security DLP V10000 Data Security © 2010 Websense, Inc. All rights reserved.

64 Directorio Cosporativo Actualizaciones de Amenazas
Arquitectura propuesta: WESG DSS Mail Servidores de Correo Directorio Cosporativo Impresoras Actualizaciones de Amenazas Usuarios Internos

65 Atáques modernos requieren soluciones seguras y modernas:
Atáques multivectores Atáques que evaden los antivirus (AV) Crecimiento de script vs. uso de ejecutables Se aprovechan de zero-day vulnerabilities Usan métodos complejos de evasion y ofuscación Un ataque dirigido multi-vector en todos los silos de contenidos Spoofed sent containing link to compromised web site Web “Drive by” attack exploits “0 day” vulnerability in Internet Explorer DLP “Trojan horse” installed, encrypted data sent to attacker If we examine the challenges that most companies are facing today when it comes to security, the first area to note is that the threats and risks associated with have changed significantly over the last few years. Today security and Web security have converged. Today we are seeing that over 85% of unwanted contains an embedded link to a Web site. In today’s modern threats is typically the lure to a Web site that delivers the attack. And more often than not, the Web site itself is a legitimate site that has been recently compromised. This makes it nearly impossible for legacy signature and reputation-based security to provide adequate protection. It also underscores the importance of dynamic Web security intelligence in stopping security threats. Protecting against the risks associated with data loss and acceptable use have become critical for most business. Loss of sensitive data can damage a company’s reputation and lead to significant financial impact. And the vast majority of data loss is inadvertent or unintentional. With being one of the top channels for the loss of sensitive data, it has become critical to have strong data loss prevention capabilities within security solutions. IT today is now more than ever laser focused on high priority projects that enable the business and help drive revenues. And while security is mission critical to every organization, it is rarely strategic to an organization. Business simply don’t gain strategic advantage based on how well they implement and manage their security, which makes it a perfect candidate to move to SaaS.

66 Email Security Gateway Any…
Protección contra Malware ThreatSeeker Network prevents day-zero attacks Advanced Classification Engine (ACE) combines Web, , and data analytics Unmatched coverage against blended attacks DLP Enterprise Tru DLP provides accurate detection without complex tuning No 3rd party integration or deployment of additional hardware Maxima Resiliencia y rendimiento TruHybrid deployment combines power of pre-filtering in the cloud with control of an onsite appliance Plataforma unificada y centralizada TRITON provides single console for consistent policy management across , Web, and data Fewer boxes, management systems, and vendors to support Advanced Classification Engine ThreatSeeker Network Tru DLP TruHybrid Deployment Appliance SaaS TRITON Console The Web Security Gateway Anywhere is the industry’s leading Web Security solution. It’s deliver’s on our promise to deliver the industry’s best Web security at the lowest cost of ownership. It’s the only Web security solution with native integration of enterprise class data loss prevention (DLP) to prevent data loss and ensure compliance over Web channels. Unlike competitive Web security products whose DLP capabilities are limited to keywords or require complex third-party integrations, this solution is a complete implementation of Websense’s market leading DLP solution – but optimized for the Web . For organizations with longer term plans for DLP, WSGA also provides solid investment protection. A simple subscription upgrade is all that is needed to extend control beyond the Web to include other traffic types ( , IM, P2P), endpoints, and data at rest (e.g., databases, file shares, Exchange, Share Point). Real-time scanning provides Web 2.0 content classification and protection against a wide range of dynamic threats – including malicious scripts that otherwise evade traditional antivirus products. Using proprietary analytics, Real Time Scanning identifies malicious and objectionable content “on the fly” without the need to reference a database history of known URLs or viruses. These advanced DLP and real-time scanning capabilities are augmented with integrated antivirus, our market leading URL database (which includes Web reputation services) and SSL decryption for visibility into encrypted SSL traffic. Applications Controls block or limit bandwidth for hundreds of protocols and applications. These controls operate on both port 80 Web traffic and non-Web protocols on other ports. And finally, our TruHybrid deployment platform allows you to deploy via on-premise appliances or in the cloud uses our SaaS Web security platform while management both from a single unified policy and reporting system. No other vendors allows you to manage hybrid on-premise/SaaS deployments from a single management system – they all require you to absorb the cost of managing completely independent systems. This leads us to the final key point on this slide which is lowest TCO. The Web Security Gateway Anywhere lowers the operational costs of managing enterprise Web security by consolidating multiple products and deployment platforms to a single unified solution. You have fewer boxes to deploy, fewer management systems, and fewer vendors to support. Advanced Encryption Archiving Image Control & Filtering

67 Refuerza políticas de uso aceptable de correos
Análisis de imágenes en tiempo real Algoritmos avanzados para analizar las imágenes incrustadas o adjuntas en los correos electrónicos en tiempo real La puntuación de probabilidad de que la imagen es potencialmente pornográfica Without Websense Image Filtering With Websense Image Filtering We also incorporate sophisticated image composition analysis to scan all incoming and outgoing and attachments to identify, control and block inappropriate images such as pornography from entering or leaving your network, Helping your business enforce an appropriate acceptable usage policy, protecting your business from some of the legal implications of misuse brand damage, and lost productivity.

68 Websense Email Security Gateway Anywhere Websense V-Series Appliance
TruHybrid Combina el poder de estar en la nube con el aplliance local Inbound Threats Spam Viruses Malicious URLs Websense Security Gateway Anywhere SaaS Offload all inbound processing Maximize resiliency by queuing inbound in the cloud Reduces network and bandwidth load The TruHybrid deployment model enables you to offload all inbound s to a Websense data center. This allows the Websense Advanced Classification Engine (ACE) to analyze the traffic and work its magic… Outbound Data leaks Acceptable use Compliance Websense V-Series Appliance Tru DLP Unified Policy Control and Reporting Across , Web, and Data V-Series Appliance

69 Email Security Gateway Anywhere
Optional Add-On Optional Add-On Optional Add-On Encripción avanzada Archiving Filtro y control de imágenes Websense Security Gateway Anywhere Antispam/ Anti-Virus Advanced Classification Engine TruHybrid Tru DLP TRITON consola de admon centralizada

70 Resumen Diferentes Versiones
Websense Evolution As a company with our roots deeply immersed in Web filtering, we have been able to build and innovate throughout for the last 15 years and move with the future needs of our customers. No-one knows the Web like Websense and that’s lead us to be able to develop from being a classic Web filtering vendor right the way through to becoming a leading provider of Web, and data security solutions enabling businesses to protect against invisible and unknown Web threats and most importantly, protect their most valuable asset - their data. Today's threats are so interlinked that you need a solution that secures your Web and environments whilst protecting your data – but in addition, the technology needs to be fully integrated to provide the level of protection needed for the most comprehensive security. For example, stopping today’s threats requires expert technology in both and Web security – not forgetting ensuring that company confidential data hasn’t been leaked. Furthermore, customers want that security delivered in a way that suits their business strategy – whether cloud-based, appliance or software. Websense provides a unique level of flexibility, offering all three delivery options in a truly integrated hybrid approach. Investment and Innovation We’ve invested over $500 million just in last three years and have tripled our R&D investment over the last 2 and a half years representing more than a 10% increase in 2009 and that has enabled us to continue our roadmap for innovation, driven by our customer needs. Major investments have included our technology acquisitions such as PortAuthority and SurfControl, that have enabled us to develop a security solution for data loss and offer cloud-based security. GLOABL DEVELOPMENT TEAM Our innovation success can be attributed to a number of factors including our development team, based across 5 sites globally, and our Global security research team that make up the Websense Security Labs. And we’re continually investing to make sure we are one step ahead. A famous American ice-hockey star once said “Skate to where the puck is going to be….” -- and that’s what we’ve always tried to do – and we’re doing it again with the new products we have coming out this year (2010) where we’re launching the industry’s only unified content security solution, giving you the best protection against modern threats for the lowest total cost of ownership.

71 Servicios en la Nube Email Security

72 Implementación en la nube
10 Centros de datos en el mundo Instalacionse con seguridad física de alto nivel Alta redundancia con Fail-Over SLA con % de disponibilidad Escalabilidad ilimitada Certificado ISO 27001 Más de Millones de correos procesados por mes Websense Hosted Security Data Center Inbound Threats Spam Viruses Malicious URLs Outbound Risks Data leaks Acceptable use Compliance © 2010 Websense, Inc. All rights reserved.

73 Multi-Layered Anti-Virus
Websense Hosted Security Costos reducidos y baja complejidad No se requieren equipos Facil administración Costos predecibles Protección mejorada Detenga spam, virus y amenazas combinadas Evite la pérdida de información y violación de regulaciones Respaldado por los mejores SLAs - Control Perosnalización flexible de políticas, configuración cuarentenas y reportes Visibilidad, para correos cuarentenas y registros Acceso y soprote 24 x 7 Spam Detection >99.5% Multi-Layered Anti-Virus Stop Blended Threats Data Loss Prevention Acceptable Use Encryption La única solución de correo con seguridad web y de protección de datos embebido

74 Ejemplo: comparación de costos
1000 Usuarios (Costo Anual) Fuente: “The Advantages of a Hosted Security Model” white paper Osterman Research, July 2009 © 2010 Websense, Inc. All rights reserved.

75 Websense SaaS Email Security Encrypted Communication
Cifrado Transport Layer Security (TLS) Aseguramiento en las comunicaciones “enterprise-to-enterprise” Cifrado forzado o negociado Administración de certificados Cifrado Ad-hoc Seguridad “individual-to-individual” No se requiere software adicional en los clientes, accesible a través de un navegador por HTTPS Cifrado basado en política o con una palabra clave Websense SaaS Security Virus Filters Spam Filters Content Encrypted Communication

76 Servicios en la Nube Web Security

77 TruHybrid Seguridad en oficinas principales con appliances
Combine modelos de seguridad con appliances y SaaS para mayor flexibilidad Seguridad en oficinas principales con appliances Cubrimiento de oficinas remotas y usuarios móviles con SaaS Administre un único sistema de políticas y reportes Headquarters SaaS Branch Office SaaS Mobile Workers Large Branch Office

78

79 CONCLUSIONES (1/2) Dentro del concepto de DLP existen diferentes aproximaciones, diferentes formas de abordar el problema. Cada una con diferentes componentes tecnológicos que protegen los datos. Esta es la interpretación mas completa de Data Loss Prevention: “Productos que, basados en políticas centralizadas de la Organización identifican, monitorean y protegen datos mediante el análisis profundo del contenido” DLP de Websense es el set de componentes mas robusto y confiable para proteger los datos confidenciales en la grandes organizaciones.

80 CONCLUSIONES (2/2) DLP de Websense Identifica y descubre información sensitiva, la monitorea cuando se esta usando, y la protege del abuso por parte de usuarios inescrupulosos o de errores involuntarios acorde con las políticas corporativas DLP de Websense monitorea la red, explora su almacenamiento de archivos y lleva pistas de auditoría del “endpoint” mediante el análisis profundo de datos en su contenido y contexto DLP de Websense aumenta la resiliencia de la organización para enfrentar la inseguridad de la información, alinearse a la gobernabilidad y mantener la continuidad del negocio

81 Preguntas y aportes