Content Gateway Analysis

Administrator Help | TRITON AP-WEB | Version 8.0.x

Related topics:

Configuring Content Gateway analysis

Configuring content categorization

Configuring tunneled protocol detection

Configuring content security

Configuring file analysis

Content Gateway outbound security analysis

Content Gateway advanced analysis options

Configuring exceptions to Content Gateway analysis

Data files used with Content Gateway analysis

Reporting on advanced analysis activity

SSL decryption bypass

Advanced analysis and SSL decryption bypass features are available with TRITON AP-WEB. These features are not available with Web Filter & Security.

Websense Content Gateway performs advanced analysis of web traffic as it flows through the on-premises proxy. Only sites that are not already blocked, based on the active policy, are analyzed.

Configuring content categorization categorizes content from URLs that are not in the Websense Master Database and from sites with dynamic content, as identified by Websense Security Labs. Analysis returns a category for use in policy enforcement.

Configuring tunneled protocol detection analyzes traffic to discover protocols tunneled over HTTP and HTTPS. Such traffic is reported to Filtering Service for protocol policy enforcement. Analysis is performed on both inbound and outbound traffic.

Configuring content security analyzes inbound content to find security threats such as malware, viruses, phishing, URL redirection, web exploits, proxy avoidance, and others.

Configuring file analysis can apply as many as 3 methods of inspection to detect security threats.

Websense Advanced Detection to discover malicious content, such as viruses, Trojan horses, and worms, returning a threat category for policy enforcement.

Traditional antivirus (AV) definition files to find virus-infected files.

File Sandboxing uploads suspicious files to a cloud-hosted sandbox for analysis and emails an alert to the administrator when a file is found to contain malicious content.

When either Advanced Detection or Antivirus Scanning is enabled, you can also optionally analyze:

Rich Internet applications, such as Flash files, to detect and block malicious content.

FTP files to detect and block malicious content.

The File Type Options settings determine which types of files are analyzed for malicious content, including executable and unrecognized files. Individual file extensions may also be specified. This setting does not apply to File Sandboxing.

Content Gateway outbound security analysis provides 2 types of outbound analysis. The first performs outbound content analysis that mirrors your inbound Security Threats content analysis and file analysis configuration. The second performs data theft analysis, looking for and blocking outbound custom encrypted files, password files, and other sensitive data.

The Content Categorization and Scanning Sensitivity control allows you to tune the Content Categorization and Content Analysis sensitivity thresholds (Content Gateway advanced analysis options).

For large, streaming, or slow transactions, the Content Delay Handling option provides some control over how long to wait before releasing a portion of buffered content to the client (Content Gateway advanced analysis options).

The Scanning Timeout, File Size Limit and Content Stripping Advanced Options apply to all traffic transiting the proxy (Content Gateway advanced analysis options).

Several presentation reports can provide details about how advanced analysis features protect your network from attempts to access sites containing threats. See Reporting on advanced analysis activity.

SSL decryption bypass options support the specification of clients, websites, and website categories that are not subject to decryption and analysis as they flow through the proxy. These options apply only if SSL support is enabled in Content Gateway. See SSL decryption bypass.

Scanning exceptions are lists of hostnames or URLs that are always analyzed or never analyzed. The type of analysis to always or never perform is specified per hostname/URL or group of hostnames/URLs. A list of client IP addresses whose content is never analyzed can also be specified. See Configuring exceptions to Content Gateway analysis.

Enabling analysis and SSL decryption bypass features

Administrator Help | TRITON AP-WEB | Version 8.0.x

To enable the advanced analysis and SSL decryption bypass features that are available with TRITON AP-WEB, an appropriate subscription key must be entered in the TRITON Manager. You can enter the key:

In the Initial Setup Checklist

On the Settings > General > Account page

On the Settings > General > Policy Servers page, after selecting a Policy Server instance to edit.

Review current key information on the Account or Policy Servers page.

The key is automatically passed to all Content Gateway instances associated with the current Policy Server. See Reviewing Policy Server connections and Managing Content Gateway connections for more information.

For information about configuring advanced analysis options, see Configuring Content Gateway analysis. For information about SSL decryption bypass options, see SSL decryption bypass.