Technical Library
|
Support
Working With Web DLP
Working With Web DLP
Help | Content Gateway | Version 8.1.x
Related topics:
Registering and configuring TRITON AP-DATA
Configuring the ICAP client
ICAP failover and load balancing
When Websense Content Gateway is deployed with the Web DLP module, the TRITON AP-WEB solution is extended to include:
Web data loss prevention (DLP)
Enhanced forensic data in the Threats dashboard in the Web module of the TRITON Manager.
When Content Gateway is deployed without the Web DLP module, your deployment still benefits from some data theft forensic data on the Threats dashboard.
TRITON AP-WEB with the Web DLP module
When TRITON AP-WEB is deployed with the Web DLP module, capabilities include forensics data in the Threats dashboard and data loss prevention (DLP) over Web channels such as HTTP, HTTPS, FTP, and FTP over HTTP. (A full TRITON AP-DATA deployment can extend data loss prevention to include channels such as mobile devices, removable media, and printers. For a complete description of TRITON AP-DATA, visit the Products page at
www.websense.com
.)
Web DLP, as well as extended data protection configurations, require separate installation of TRITON AP-DATA. Before configuring Content Gateway to work with TRITON AP-DATA, see the deployment and installation information hosted in the
Websense Technical Library
.
Content Gateway supports 2 methods of working with TRITON AP-DATA:
Preferred: Some components installed with Content Gateway.
Over ICAP using TRITON AP-DATA components located on a separate host. This is intended for use with legacy Data Security Suite versions 7.1 and earlier.
Only one method can be used at a time.
How Web DLP works
In addition to the Web DLP data flow described below, enabling a special analytic engine called the Policy Engine, causes outbound traffic to be analyzed for data theft. In the Web module of the TRITON Manager, see the
Outbound security
options on
Scanning > Scanning Options
.
Web DLP data flow works as follows:
1.
The proxy intercepts outbound content and provides that content to TRITON AP-DATA.
2.
TRITON AP-DATA analyzes the content to determine if the Web posting or FTP upload is allowed or blocked.
The determination is based on TRITON AP-DATA Web DLP policy.
The disposition is communicated to the proxy.
TRITON AP-DATA logs the transaction.
3.
The proxy acts on the TRITON AP-DATA determination.
a.
If the content is blocked, it is not transmitted to the remote host and TRITON AP-DATA returns a block page to the sender.
b.
If the content is allowed, it is forwarded to its destination.
Note
When a request is blocked and the DLP server sends a block page in response:
Content Gateway forwards the block page to the sender in a 403 Forbidden message.
The block page must be larger than 512 bytes or some user agents (e.g., Internet Explorer) will substitute a generic error message.
The block page can be customized. See
Customizing
TRITON AP-ENDPOINT DLP client messages
.
Transactions over HTTP, HTTPS, FTP, and FTP over HTTP can be examined.
Transaction details are logged by TRITON AP-DATA, per its configuration.
TRITON AP-DATA components on-box with Content Gateway
When Content Gateway is installed, a small number of TRITON AP-DATA components are installed on the same box. Content Gateway registers with TRITON AP-DATA components when it's first configured and then checks the registration status whenever it's restarted, automatically re-registering if necessary. For more information about TRITON AP-DATA registration, see
Registering and configuring TRITON AP-DATA
.
After policies have been created and deployed in the DATA module of TRITON Manager, Content Gateway sends content, such as postings and uploads, to TRITON AP-DATA for analysis and policy enforcement.
Content Gateway collects and displays Web DLP transaction statistics, such as:
The total number of posts
The total number of posts analyzed
The number of FTP uploads analyzed
The number of blocked requests
more
These statistics can be viewed in the Content Gateway manager by navigating to
Monitor > Security > Web DLP
. For a complete list of statistics, see
Web DLP
.
TRITON AP-DATA over ICAP
When the Web DLP policy engine is located on a separate host, Content Gateway can communicate with TRITON AP-DATA over ICAP v1.0. For configuration details, see
Configuring the ICAP client
. Note that integration with on-box components is the preferred deployment.
Working With Web DLP
Copyright 2016 Forcepoint LLC. All rights reserved.