The world's largest information security intelligence network.

The Websense® ThreatSeeker® Intelligence Cloud seeks out threats contained within web, social media and email content. It’s up to the task: it unites more than 900 million endpoints and, with the help of Websense ACE (Advanced Classification Engine), analyzes the content of 3–5 billion requests per day.

Content Collection

The ThreatSeeker Intelligence Cloud collects content in all its online forms: web pages, documents, executables, streaming media, emails, mobile applications and other Internet traffic. It processes this massive amount of data to identify trends in online threats. In turn, this intelligence informs further types of content to collect.

The ThreatSeeker Intelligence Cloud:

  • Assesses popular websites to see if they’ve been hijacked.
  • Uses hot news and social media topics to identify additional websites to assess.
  • Monitors viral sites and content.
  • Tracks geographical hot spots.

The ThreatSeeker Intelligence Cloud is greatly enhanced by our relationship with Facebook. It broadens our awareness of emerging threats, and helps us predict where users might face online threats.

Content Identification

The ThreatSeeker Intelligence Cloud uses all seven ACE defense assessment areas, plus a series of out-of-band analyses. These might include developments in or adjustments to existing ACE analytics, all performed under the careful watch of Websense Security Labs™ researchers.

In fact, the threat intelligence and other services performed by the ThreatSeeker Intelligence Cloud complement ACE and often improve its performance. These services include:

  • Big Data Analysis. Proprietary big data analysis tools enable automated assessment of key trends and indicators. Security Labs researchers investigate anomalous activity that may lead to the identification of new threats, or further understanding of emerging threats.
  • In-the-Cloud Sandboxing. Sandbox analysis is difficult to perform in real time, since malware samples can take a few minutes to activate. The ThreatSeeker Intelligence Cloud can generate many different online sandbox environments to simulate various target platforms.
  • Mobile App Profiling. This sandbox performs traditional malware tests and monitors the permission-related activities of mobile apps, which are a strong indicator of malicious intent. Results are used to maintain the “Mobile Malware” and “Unauthorized Mobile Marketplaces” security categories with Websense security products.