Installing Data Security Solutions

Deployment and Installation Center | Data Security Solutions | Version 7.7.x

Applies to:

In this topic:

Data Security, v7.7.x

Deployment

Installation

Data Security is a comprehensive data loss prevention (DLP) system that discovers, monitors, and protects your critical information holdings, whether that data is stored on your servers, currently in use or located in off-network endpoints. Data Security protects against data loss by quickly analyzing data and enforcing customized policies automatically, whether users are on the network or offline. Administrators manage who can send what information, where, and how. Data Security can also work as a part of Websense TRITON Enterprise to protect the whole of your enterprise.

The basic components of Websense Data Security are:

The Data Security Management Server

Optional Data Security servers

The protector

Agents

Endpoints

The Data Security Management Server, which resides on the TRITON management server, is the core of the system, providing complete data loss prevention analysis to the network. In addition, the Data Security Management Server gathers and stores all management statistics. For load balancing purposes, analysis can be shared among a number of Data Security servers. The protector can provide added blocking capabilities to the loss-prevention system.

Optionally, the protector works in tandem with the Data Security Management Server. The Data Security Management Server performs discovery (performed by Crawler) and provides advanced analysis capabilities. The protector sits in the network, intercepts and analyzes traffic, and can either monitor or block traffic as needed. The protector supports analysis of SMTP, HTTP, FTP, Generic Text and IM traffic (chat and file transfer). The protector is also an integration point for third-party solutions that support ICAP.

The protector fits into your existing network with minimum configuration and necessitates no network infrastructure changes.

Websense Data Security agents are also an integral part of the system. These agents are installed on the relevant servers (the ISA agent on the Microsoft ISA server, printer agent on the print server, etc.) to enable Data Security to access the data necessary to analyze the traffic from these servers. Agents, such as the Data Endpoint, enable administrators to analyze content within a user's working environment (PC, laptop, etc.) and block or monitor policy breaches.

Deployment

A basic deployment might have just one management server and one protector. The protector includes several agents, including SMTP, HTTP, FTP, IM, and ICAP. The servers are easily configurable to simply monitor or monitor and protect sensitive data. It is ideal for small to medium businesses with a single Internet egress point. The following illustration is a high-level diagram of a basic deployment of Data Security. Such a deployment is ideal for a smaller- to medium-sized organization with a single Internet egress point. Note that this illustration is intended to show the general distribution of components and does not include network details (such as segmenting, internal firewalls, routing, switching, and so forth).

The following illustration is a high-level diagram of a larger deployment of Data Security.

This shows the extended capabilities of Data Security incorporated into a more complex network environment. It shows an extra Data Security server and several additional agents deployed for businesses with larger transaction volumes and numbers of users. Such a deployment is suited for large organizations with multiple Internet egress points distributed over multiple geographical locations. Very large deployments can have multiple Data Security servers and protectors.

For diagrams of the most common customer deployments, see Most common deployments.

Before you deploy your Data Security system, it is important to analyze your existing resources and define how security should be implemented to optimally benefit your specific organization. Plan your deployment by:

Deciding what data to protect

Determining where your confidential data resides

Determining your information flow

Defining the business owners for the data

Deciding who will manage incidents

Planning access control

Analyzing network structure

Planning network resources

Planning a phased approach

For additional deployment information, see:

Integrating Data Security with Existing Infrastructure

Scaling Data Security

Installation

For best practice, before installing Websense Data Security, you should obtain and install Microsoft SQL Server (Obtaining Microsoft SQL Server) and read the considerations described in Preparing for installation.

Data Security installation involves 3 basic steps.

Installing TRITON Unified Security Center

This includes the TRITON infrastructure and TRITON Console. When you reach the Installation Type screen of the Websense installer, select Data Security (under TRITON Unified Security Center). Note that you can install the other modules if you want, but TRITON - Data Security is the only one necessary for a Data Security deployment.

Installing TRITON - Data Security. You are automatically prompted to do this when you install the TRITON Unified Security Center with Data Security selected.

This includes the Data Security Management Server—a policy engine, crawler, fingerprint repository, and when applicable, an SMTP agent, and endpoint server.

Installing Data Security components. If desired, you can install one or more optional components for monitoring things like print servers, ISA/TMG servers, endpoint machines. You can also install extra Data Security servers and crawlers for system scaling.

Websense Data Security supports installations over Virtual Machines (VM), but Microsoft SQL Server must be present to support the incident and policy database. See Installing Data Security on a virtual machine for details.