Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Content Gateway Analysis
Content Gateway Analysis
Web Security Help | Web Security Solutions | Version 7.8.x
Related topics:
Advanced analysis and SSL decryption bypass features are available with Websense Web Security Gateway and Web Security Gateway Anywhere.
Websense Content Gateway performs advanced analysis of web traffic as it flows through the on-premises proxy. Only sites that are not already blocked, based on the active policy, are analyzed.
*
Content categorization categorizes content from URLs that are not in the Websense Master Database and from sites with dynamic content, as identified by Websense Security Labs. Analysis returns a category for use in policy enforcement.
*
Tunneled protocol detection analyzes traffic to discover protocols tunneled over HTTP and HTTPS. Such traffic is reported to Filtering Service for protocol policy enforcement. Analysis is performed on both inbound and outbound traffic.
*
Security threats: Content security analyzes inbound content to find security threats such as malware, viruses, phishing, URL redirection, web exploits, proxy avoidance, and others.
*
Security threats: File analysis can apply as many as 3 methods of inspection to detect security threats.
*
Websense Advanced Detection to discover malicious content, such as viruses, Trojan horses, and worms, returning a threat category for policy enforcement.
*
Traditional antivirus (AV) definition files to find virus-infected files.
*
Websense ThreatScope Analysis uploads suspicious files to a cloud-hosted sandbox for analysis and emails an alert to the administrator when a file is found to contain malicious content.
When either Advanced Detection or Antivirus Scanning is enabled, you can also optionally analyze:
*
Rich Internet applications, such as Flash files, to detect and block malicious content.
*
FTP files to detect and block malicious content.
The File Type Options settings determine which types of files are analyzed for malicious content, including executable and unrecognized files. Individual file extensions may also be specified. This setting does not apply to ThreatScope analysis.
*
Outbound security provides 2 types of outbound analysis. The first performs outbound content analysis that mirrors your inbound Security Threats content analysis and file analysis configuration. The second performs data theft analysis, looking for and blocking outbound custom encrypted files, password files, and other sensitive data.
*
The Content Categorization and Scanning Sensitivity control allows you to tune the Content Categorization and Content Analysis sensitivity thresholds (Advanced options).
*
For large, streaming, or slow transactions, the Content Delay Handling option provides some control over how long to wait before releasing a portion of buffered content to the client (Advanced options).
*
The Scanning Timeout, File Size Limit and Content Stripping Advanced Options apply to all traffic transiting the proxy (Advanced options).
Several presentation reports can provide details about how advanced analysis features protect your network from attempts to access sites containing threats. See Reporting on advanced analysis activity.
SSL decryption bypass options support the specification of clients, websites, and website categories that are not subject to decryption and analysis as they flow through the proxy. These options apply only if SSL support is enabled in Content Gateway. See SSL decryption bypass.
Scanning exceptions are lists of hostnames or URLs that are always analyzed or never analyzed. The type of analysis to always or never perform is specified per hostname/URL or group of hostnames/URLs. A list of client IP addresses whose content is never analyzed can also be specified. See Scanning exceptions.
Enabling scanning and SSL decryption bypass features
Web Security Help | Web Security Solutions | Version 7.8.x
To enable the advanced analysis and SSL decryption bypass features that are available with Websense Web Security Gateway and Gateway Anywhere, an appropriate subscription key must be entered in the Web Security manager. You can enter the key:
*
*
On the Settings > General > Account page
*
On the Settings > General > Policy Servers page, after selecting a Policy Server instance to edit.
Review current key information on the Account or Policy Servers page.
The key is automatically passed to all Content Gateway instances associated with the current Policy Server. See Reviewing Policy Server connections and Managing Content Gateway connections for more information.
For information about configuring advanced analysis options, see Scanning options. For information about SSL decryption bypass options, see SSL decryption bypass.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Content Gateway Analysis
Copyright 2016 Forcepoint LLC. All rights reserved.