Websense Web Security Gateway Anywhere v7.5: Web DLP : What is Web DLP?

What is Web DLP?

Topic 45048 / Updated: 17-June-2010

Applies To:

Websense Web Security Gateway Anywhere v7.5 Websense Data Security v7.5

Problem description

I'm interested in the Web DLP feature of Web Security Gateway Anywhere, but I'm not fully sure I know how it works.

Do I need Web and data policies for this?

Resolution

Web mail, Instant Messaging and personal networking sites are some of the most common means by which corporate data is leaked. The Web DLP (Data Loss Prevention) functionality included in Web Security Gateway Anywhere is able to detect and block such leaks- even if the connection is encrypted. The Websense PreciseID technology provides accurate fingerprinting of content to support this process.

Web DLP provides all the DLP capabilities of the full Websense Data Security Suite but for the Web channel only. It includes all of the detection capabilities, all of the reporting capabilities, all of the incident management and workflow capabilities of the full Websense Data Security solution the Web, but only for HTTP, encrypted Web (HTTPS), and FTP.

All the DLP analysis capabilities are built into Web Security Gateway Anywhere and performed on the Content Gateway machine, most commonly the V-Series appliance. The only additional requirement to deploy Web DLP is a Data Security Management Server.

Web DLP policies

In order to monitor your vital data, you must set up one or more data security policies in addition to your Web security policies. This is done in the TRITON - Data Security user interface. Most often, you use a policy wizard to create policies from predefined regulatory templates. This is a fast and accurate way to get started. Later, you may choose to create custom policies.

Data security policies typically define the source of the traffic to monitor (for example, the network or IP range), the conditions to watch for (for example, 5 or more 9-digit numbers with the text "SSN"), and the action to take in case of a breach (block or permit). By default, all HTTP, HTTPS, FTP, and FTP-over-HTTP destinations are monitored.

Policy creation is described in detail in the TRITON - Data Security Help.

How data policies differ from Web policies

In the Web security portion of your Websense software, policies govern user Internet access. A Web policy is made up of:

Category filters – Used to apply actions (permit, block) to Web site categories

Limited access filters – Used to permit access to only a restricted list of Web sites

Protocol filters – Used to apply actions to Internet protocols

Schedule – Determines when each category or limited access filter and protocol filter is enforced

In the data security portion of your Websense software, policies govern data usage. Data policies contain:

Rules – Provide the logic for the policy. They are the conditions that govern the behavior of the policy. When should something be blocked? When should managers be notified?

Exceptions – Define the conditions that should be exempt from the rules.

Content classifiers – Describe the data to be governed. You can classify data by file properties, key phrases, dictionaries, natural language processing (NLP), a database record fingerprint, a directory fingerprint, and/or a file fingerprint.

Resources – Describe the source and destination of the data you want to protect, the endpoint device or application that may be in use, and the remediation or action to take when a violation is discovered (such as block or notify).

Websense Web Security Gateway Anywhere includes predefined policies for both Web and data security. You can use these policies or create custom policies as needed.

Websense Web Security Gateway Anywhere v7.5: Web DLP : What is Web DLP?