BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Editor's Note: This Websense malware sandbox overview is part of a series on buying network security products for the enterprise. The series explores the evolution of network security and lays out some major use cases. It also looks at the buying criteria for network security products and compares the leading network security vendors in the market.
Websense sandbox products are built on a single architecture called Triton. Within the Triton platform, there are various security applications and modules. Products such as Triton AP-Web and Triton AP-Email are Websense's secure Web gateway (SWG) and email security products, respectively. Triton AP-Data is a data loss prevention (DLP) product. Websense also incorporates all these features into a unified product called Triton APX Enterprise Core. A supplement, the Websense Sandbox Module, adds malware sandboxing features into the core AP-Web and AP-Email applications. As long as you have one or both of these applications, you can add the corresponding sandboxing features. The module monitors Web traffic, and email URLs and attachments that flow through AP-Web and AP-Email. It also performs behavior analysis to catch advanced threats that might otherwise go unseen.
Malware sandbox platform options: The Triton Websense sandbox can be deployed as a hardware appliance, as a software virtual machine (VM) or as a cloud service. Enterprises can deploy multiple platforms in a hybrid security architecture for maximum flexibility. All platforms can be managed with a single policy and reporting system.
Websense Triton appliance options: The Triton series has three primary appliances. The V-Series supports AP-Web, AP-Email and AP-Data (three of the most popular applications) in a single appliance. The X-Series appliances support AP-Web and AP-Email, while the I-Series complements the Websense Triton AP-Web cloud deployment option by accelerating many of the processes and providing more granular controls.
Websense Triton VM options: Websense sandbox VMs are flexible and they can be placed on host virtual machine hardware already in operation at a user's data center. Virtual machine software supports AP-Web, but not AP-Email or AP-Data.
Websense Triton cloud options: The Triton cloud service enables fast deployments, easier management and robust scalability compared to appliance and VM options. Backed by a 99.999% uptime service-level agreement, it's a great option if you are going the cloud security tool route. Triton cloud supports AP-Web and AP-Email, but not AP-Data.
Pricing and support:
Triton application pricing is based on a per-user model and can range widely -- depending on how the applications are deployed and whether a physical or virtual appliance is used. Resellers -- which can also assist with implementations -- dictate the final price.
Websense offers several different tiers of support; all provide phone and email response, hardware replacement, as well as access to software updates. More advanced tiers offer faster access to support services and senior-level support staff. There are also options for quarterly, semi-annual and annual proactive health checks and, for those enterprises with a worldwide network presence, the ability to have a single global account manager assigned as a point of contact.
Learn about the benefits of cloud-based malware analysis
Learn how smart sandboxes differ from traditional sandboxes
Explore how some malware can beat sandboxes
Discover how malware adapts to virtual machines