Websense Triton security architecture

Triton provides enterprises with the deep protection, forensics and visibility necessary to understand which individuals are subject to attacks, cybercrime tactics and methods, attack communications and destinations, and what data is being targeted.

The real-time, inline ACE (Advanced Classification Engine) security engine has 10 new defences that stop data theft and loss. These include detecting criminal encrypted uploads; advanced malware payloads and command-and-control recognition; optical character recognition (OCR) of text within images for data-in-motion; drip (stateful) DLP detection; password file theft detection; and geolocation awareness.

The product provides spear phishing protection with cloud sandboxing. Cybercriminals frequently target specific users with spear phishing email attacks. Many of these attacks load malware and threats onto websites after initial email gateway security inspection. Cloud sandboxing capability identifies suspicious links in emails for real-time analysis. Once email recipients click on an embedded URL, the product analyses the website content and browser code in real time, in a cloud environment, to help ensure safety in any location.

A malware threat dashboard profiles security incidents and provides forensics. It reports severity levels and includes the ability to export incidents to SIEM solutions.