Websense Express 1.0
December 01, 2007
- Ease of Use:
- Value for Money:
- Overall Rating:
Excellent value, very easy to install and deploy, massive category database, good application filtering and reporting features
Requires a dedicated server
Websense delivers an industrial-strength web content and protocol filtering solution that's a cinch to deploy and priced just right for SMEs
SMEs have traditionally been poorly served with web-content filtering solutions. Websense aims to buck the trend and has taken its Enterprise solution as the foundation for its latest Express product.
A key feature of Websense Express (WSX) is that it uses the same filtering database as the Enterprise version, which at the time of review contained more than 24 million websites organised into around 90 categories - far more than the majority of competing products. On top of that, WSX delivers extensive protocol-filtering abilities that function at Layer 2 and 3 and allow problem applications such as IM, P2P and Skype to be monitored and blocked.
WSX is designed to run on a single system, which must have Windows Server 2003 SP1 or R2 installed, along with 2GB of memory and 160GB of hard-disk space. For testing we opted for a Supermicro dual 3GHz Xeon 5160 server. A key feature of WSX is its transparency, which makes installation especially easy, as it doesn't require any extra client-browser configuration.
The WSX system needs a couple of network interfaces: one to monitor traffic, the other for blocking clients where it employs packet spoofing. Two deployment options are supported, and we went for the zero-downtime method. For this, we simply implemented port-mirroring on our HP ProCurve switch, causing our internet traffic to be sent to the WSX monitoring port as well. The other method is to connect your internet feed and WSX monitoring port to a basic Ethernet hub. To make sure you get your connections right, WSX includes a useful network-monitoring tool that provides a complete rundown on all the LAN clients it can see.
Software installation only takes a few minutes, then you follow a wizard that asks what roles you want each network interface to play, along with details of a Windows domain account. Your next task is to download the master database, which weighed in at some 300MB and took 90 minutes to retrieve. This is a one-off download, as all further updates are incremental. It's worth noting that your LAN isn't completely naked during this phase as the installation routine preloads a segment of the database to protect against major threats during the download.
It's easy to see what's occurring with WSX, as its home page opens with a pile of chunky graphs showing general network activity, bandwidth usage by web category, server status and details on the top security risks. WSX enforces a default policy immediately so you have filtering against malicious websites straight out of the box along with blocking actions against key messaging applications.
Policies are easy enough to create and are accessed from an Explorer-style tree menu. Each policy can contain a mixture of web content and application filters, along with lists of approved websites. Support for Windows directory services means you can apply policies at the domain, group and user level, but smaller sites running as a work group can apply them to IP address ranges or individual addresses.
We had no problems integrating WSX with the lab's Windows Server 2003 R2 domain controller, where we could import organisational units, domains, groups and users. The provided schedule allows you to decide when a policy is active. If you make any changes to a category, these will be propagated immediately to any policy that uses it.
We found policy creation simple enough, as you can use existing ones as templates and decide which categories to block or allow. The Continue option could prove useful as you can allow access to certain sites but only for a limited period after which all further access will be blocked. Specific file extensions can be blocked from download and you can apply a URL keyword list. To enforce a strict policy, you can use a white list, so WSX will block web access to any site not included.
For the protocol filters, you select an application and decide whether to block, allow or merely log its usage. Testing the filters across a range of applications, we could easily stop our test clients using FTP apps or logging in to their Windows Messenger accounts. We found general accuracy for web-content filtering to be extremely good, with very few sites slipping through the net.
WSX is particularly strong on reporting, and a double click on any of the home page graphs takes you directly to the Websense Explorer tool, which provides a wealth of information on the selected data. You can drill down into each one to view information about URLs, the number of hits for each one and even the bandwidth consumed and the time spent browsing a site.
Websense Express shows that small businesses on a tight budget no longer have to rely on scaled-down web-content filtering solutions. The additional application filtering features make it even better value.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report