This content is part of the Buyer's Guide: Network security basics: A Buyer's Guide
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Triton AP: Websense sandbox product overview

Websense sandbox products come as physical appliances, software virtual machines, and cloud services. They also integrate with Websense's Web gateways and email security tools.

Editor's Note: This Websense malware sandbox overview is part of a series on buying network security products for the enterprise. The series explores the evolution of network security and lays out some major use cases. It also looks at the buying criteria for network security products  and compares the leading network security vendors in the market.

Websense sandbox products are built on a single architecture called Triton. Within the Triton platform, there are various security applications and modules. Products such as Triton AP-Web and Triton AP-Email are Websense's secure Web gateway (SWG) and email security products, respectively. Triton AP-Data is a data loss prevention (DLP) product. Websense also incorporates all these features into a unified product called Triton APX Enterprise Core. A supplement, the Websense Sandbox Module, adds malware sandboxing features into the core AP-Web and AP-Email applications. As long as you have one or both of these applications, you can add the corresponding sandboxing features. The module monitors Web traffic, and email URLs and attachments that flow through AP-Web and AP-Email. It also performs behavior analysis to catch advanced threats that might otherwise go unseen.

Malware sandbox platform options: The Triton Websense sandbox can be deployed as a hardware appliance, as a software virtual machine (VM) or as a cloud service. Enterprises can deploy multiple platforms in a hybrid security architecture for maximum flexibility. All platforms can be managed with a single policy and reporting system.

Websense Triton appliance options: The Triton series has three primary appliances. The V-Series supports AP-Web, AP-Email and AP-Data (three of the most popular applications) in a single appliance. The X-Series appliances support AP-Web and AP-Email, while the I-Series complements the Websense Triton AP-Web cloud deployment option by accelerating many of the processes and providing more granular controls.

Websense Triton VM options: Websense sandbox VMs are flexible and they can be placed on host virtual machine hardware already in operation at a user's data center. Virtual machine software supports AP-Web, but not AP-Email or AP-Data.

Websense Triton cloud options: The Triton cloud service enables fast deployments, easier management and robust scalability compared to appliance and VM options. Backed by a 99.999% uptime service-level agreement, it's a great option if you are going the cloud security tool route. Triton cloud supports AP-Web and AP-Email, but not AP-Data.

Pricing and support:  

Triton application pricing is based on a per-user model and can range widely -- depending on how the applications are deployed and whether a physical or virtual appliance is used. Resellers -- which can also assist with implementations -- dictate the final price.

Websense offers several different tiers of support; all provide phone and email response, hardware replacement, as well as access to software updates. More advanced tiers offer faster access to support services and senior-level support staff. There are also options for quarterly, semi-annual and annual proactive health checks and, for those enterprises with a worldwide network presence, the ability to have a single global account manager assigned as a point of contact.

Next Steps

Learn about the benefits of cloud-based malware analysis

Learn how smart sandboxes differ from traditional sandboxes

Explore how some malware can beat sandboxes

Discover how malware adapts to virtual machines

This was last published in November 2015

Dig Deeper on Network Security Best Practices and Products