Prepare for the Most Advanced, Targeted Zero-Day Threats and APTs.
Mass-market attacks have given way to more tailored threats ranging from phishing to custom malware. Websense® TRITON® ThreatScope™ provides additional defenses for the most advanced, targeted zero-day threats and advanced persistent threats (APTs) that may attack through web or email channels. Organizations can also become more proactive through behavioral sandbox forensics and phishing activity reports with actionable insights.
TRITON ThreatScope offers unrivaled protection enhancements to Websense web and email security defenses. Integrated behavioral sandboxing results are considered along with other Websense ACE (Advanced Classification Engine) analytics to counter innovative, emerging evasion techniques and ensure accurate identification of threats. Networked and mobile users enjoy real-time feedback regarding suspicious email communications, even when working remotely. And detailed sandbox forensics and phishing reports provide insights to help organizations assume a more proactive security posture against future attacks.
TRITON ThreatScope enhances defenses in five areas:
- File sandboxing for web. Monitor web traffic for real-time code analysis in a behavioral sandbox for advanced threat identification.
- File sandboxing for email. Intercept attachments in real-time for additional threat analysis in a behavioral sandbox.
- Email URL sandboxing. Embedded links are disarmed and analyzed in real time at point of click.
- Detailed forensic reporting. Use sandbox results to guide any necessary response or proactive measures against future attacks.
- Phishing education and reporting. Increase phishing awareness at both the user and network levels to drive effective change.
Detailed Forensic Reporting
TRITON ThreatScope provides an online sandbox environment for safely testing potential malware. Using ACE analytics, all activity is monitored and documented in a detailed report including:
- The infection process and post-infection activity.
- System-level events and changes to files, processes, registry, etc.
- Network communications including connections/methods used and destination.
Observed behavior is correlated with known threats to provide valuable, actionable insights.