Forcepoint: Difference between revisions

Websense, Inc.

Company type	Privately held company
Industry	information security
Founded	1994
Headquarters	San Diego, California
Key people	John Carrington, Chairman John McCormack, CEO
Products	TRITON Enterprise, TRITON Security Gateway Anywhere, TRITON Security Gateway, Web Security Gateway Anywhere, Cloud Web Security Gateway, Web Security Gateway, ACE in the Cloud, Email Security Gateway Anywhere, Cloud Email Security and Content Control, Email Security Gateway, Data Security Suite, Data Security Gateway, TRITON Mobile Security
Revenue	$361.5 million
Number of employees	1,600
Parent	Vista Equity Partners
Website	http://www.websense.com

Websense is a San Diego-based company specializing in computer security software,^[1] which is used by businesses and government institutions to protect their networks from cybercrime, malware, stop data theft, prevent users from viewing sexual or other inappropriate content, and discourage employees from spending time browsing non business-related websites.^[2] Websense uses a combination of classification engines, filtering categories, data fingerprints and word filters designated by a company’s network administrator policy.

In the past, these policies have been criticized because it can block innocent websites or content protected by free speech, like sexual education websites.^[3] This can be done on purpose as internet censorship, or simply by accident due to over-reaching categories.^[3] This has led some to call it "censorware". While countries have used it for country-wide blocking of ideologies that the government disapproves of,^[3] Websense expressly prohibits using their software in this manner.^[4] The company also allows the public to ask for security details and categorization, or request a re-categorization through email.^[5]

History

Websense was founded by Phil Trubey in 1994, and went public in the year 2000.^[6] According to Gartner the company is one of the five companies leading the Secure Web Gateway (SWG) market,^[7] and one of of six companies leading the Content Aware Data-Loss Prevention (DLP) market. The company provides Websense TRITON security solutions, which are software-based, appliance-based and cloud-based web security, email security, mobile security and data loss-prevention technology.^[8]

Apart from web filtering, the company provides software-based, appliance-based and cloud-based email security, and data loss-prevention technology.^[7]

Products through acquisition

In December 2006, Websense bought PortAuthority for $90 million. Announcing the takeover, Websense said that it was "committed to maintaining the company's research and development presence in Israel."^[9]

UK company SurfControl was acquired by Websense on October 3, 2007. Websense has indicated it will continue the Surfcontrol business with a full staff until at least 2011.^{[needs update]}

On January 27, 2009, Websense acquired Defensio, a security company specializing in blog plugins that help to fight spam and malicious links in the comment sections of blogs. At the time it was reported that this would help expand Websense's ThreatSeeker Network (now ThreatSeeker Intelligence CLoud, and could be used by webmasters to warn as soon as suspicious content is posted to their websites.^[10][11]

Partnership with Facebook

On October 3, 2011, Facebook and Websense announced a partnership in order to protect Facebook's users from dangerous links that lead to malicious websites and malware sites. According to TechCrunch, “Going forward, when a Facebook user clicks on a link, the new system will first check the link against Websense’s system to determine whether or not it’s safe. If it’s not, a message is displayed warning the user that the link is potentially harmful and suggests you return to the previous page.”^[12]

Takeover target

In March 2012, Bloomberg reported that Websense was the target of a takeover bid by Quest Software.^[13]

On May 20, 2013, Websense was acquired by Vista Equity Partners and taken private for $24.75 per share,^[14] for a total purchase price of $906M.^[15] With the closing of the transaction, Websense stock was delisted from NASDAQ and is no longer a publicly traded company.[

Security software

Websense may be implemented as a software application, computer appliance or cloud-based service operating at the transport layer as a transparent proxy, or at the application layer as a web proxy.^[16] In each scenario, the effect is that it can inspect network traffic to or from the internet for a target group of people.

Websense allowed system administrators to block access to websites and other protocols based on categories.^[17] These contain lists of sites that may be blocked at will, either at specified times or permanently.^[18]

In the early years of the company, Websense’s software, Websense Enterprise, was best known for its URL filtering capabilities. Many businesses used Websense Enterprise technology to implement Employee Internet Management (EIM) solutions. However, over the course of the years, Websense began to evolve its product line by offering more security-focused technology.

In 2010, Websense launched the Websense TRITON solution and became the first security company to integrate the real-time web content analysis and malware protection of the Web Security Gateway, Websense Data Security Suite and Websense Email Security products to protect organizations and their information from advanced threats and data loss ^[19]

According to the United States Department of Health and Human Services, “Websense helps us defend against millions of online attacks each month and has significantly reduced malware infections. It’s scalable, reliable, and is providing very effective web security for our systems. It helps us balance security with powerful productivity opportunities on the web and in social media, cloud computing, and mobility.”^[20]

Policies can be produced that control either previously identified information that contains "tags" such as account numbers, credit card records or any combination of many variables. A score is assigned based on a predefined set of rules and an action applied. The process can be entirely automated but relies upon either preset policy templates or bespoke rule sets that are developed in house.

In companies, it can prevent the access to sites known to be infected with malicious content, it can prevent malicious programs from connecting to outside sites, and it can limit the amount of bandwidth used by individual computers in a network.^[21] The mere knowledge that web access is controlled can cause employees to stop using Internet during work hours for personal purposes, out of fear (that they may be caught misusing Internet).^[21]

The software also tracks individual internet usage for the purpose of collecting and reporting on any browsing deviating from the standards set by the library, government or other employer, and its reports can be data drilled by "risk class, category, URL, application, user, workstation, dates, and more."^[22]

Research and Development

Websense maintains R&D facilities in San Diego and Los Gatos, CA; Reading, England; Sydney, Australia; Raanana, Israel; and Beijing, China. With 500 R&D employees, the Websense research and development department includes content operations, security research, software development, quality assurance, and documentation.^[23]

Blocking Errors

A comparative study was made in 2002, to study how the blocking of pornography websites affected the search of legitimate health-related information. When configured at the least-restrictive settings (only blocking sites in the category of pornography), all blocking software blocked the least number of health-related sites, and blocked most of the pornography. As they tested more restrictive settings, the health-related searches were considerably impeded, and the efficiency of blocking pornographic websites increased only marginally. Websense had similar results to the other programs.^[24]

In a 2005 report the Rhode Island branch of the American Civil Liberties Union called Websense a deeply flawed technology.^[25] It further notes that, although the blocking technology has improved over the years since 2002, it still remains a "blunt instrument" and that in public libraries equipped with Websense people of all ages "are still denied access to a wide range of legitimate material." ^[25]

A 2006 report by Brennan Center for Justice says that web filtering programs used in schools were error-prone. For Websense, it discovered that a page discussing pornographic content had been blocked despite not containing any pornography, and a whole website had been blocked because one of its pages had sexual content.^[26]

In 2007 Norman Finkelstein^[27] and Noam Chomsky^{[citation needed]}'s websites were blocked by network administrators blocking the 'racism/hate speech' category for approximately 24 hours until Finkelstein complained.

A 2008 study on the use of Websense within the Technical Colleges of Georgia found that only two categories were blocked in all of the colleges surveyed, and that 39 categories out of the 43 listed were blocked by some, but not all, colleges, with numbers ranging from two colleges blocking a given category to 23 out of the 24 respondents.^[28] The software offers clients an optional continue button which permits users to access an otherwise blocked category if it is work related.^[18]

For approximately 24 hours in 2009, Websense classified router company Cisco's website under 'hack sites'.^[29] Websense has a submission form on the website to report mistaken categorization, although it is only available with an account.^[30]

In 2011 it was reported by a blogger that Websense would block pages that contained pornographic links anywhere in its content, even in the comments section; "a malicious attacker could get your whole site blocked at any time by the simple procedure of leaving dangerous, malicious or pornographic links in a blog's comments".^[31]

The blocking categories can contain errors, and blocking of certain categories can be used, accidentally or on purpose, to prevent people from seeing legitimate content. For example, Websense categories include, amongst others, the following: "Professional and Worker Organizations", "Social and Affiliation Organizations", "Political Organizations", "Advocacy Groups", "Gay or Lesbian or Bisexual Interest", "Sex education", "Traditional Religions" and "Non-traditional Religions and Occult and Folklore".^[3] In response to a complaint from the American Civil Liberties Union in 2011, Websense clarified its definition of the "Gay or Lesbian or Bisexual Interest" category, after it became apparent that some administrators mistakenly believed that this category had to be enabled to ensure that sexually explicit websites were blocked in schools.^[32]

Usage by Governments

See also: Internet censorship

The ability for public libraries, governments or other employers to block content based on ideology has proved controversial due to the subjects being blocked being controlled by an individual organization or even a single individual. The blocking of sites can exceed that which is required by bodies responsible for the oversight of these institutions, and, in the case of educational institutions, criticism has been leveled at the decision making process.^[28]

Due to these problems, a report issued in 2002 referred to Websense as "censorware,"^[33] although this is not upheld by assessments by organizations such as Electronic Frontier Foundation, OpenNet Initiative, OpenNet Initiative, Global Network Initiative and Global Network Initiative and Bolo Bhi,^[34] as of October 2013.

In 2004 Amnesty International listed Websense as one of several foreign companies that had reportedly provided technology that was used to censor and control the use of the Internet in China.^[35]

The OpenNet Initiative reported in 2004 that Websense technology was used by the government in Yemen to enforce censorship of the Internet.^[36]

In 2008 it was denounced again by the Yemen Times.^[37] The company has a policy of not doing business with governments that force censorship of the Internet or oppress rights. The only exceptions are for preventing minors from watching adult content and for child pornography.^[4] In 2009 it issued a statement about how it was discontinuing the database downloads to the Yemeni ISP, due to the violation of its stated policy.^[38][39] but reporters from ONI infer that Websense software was still being used by Yemen’s ISP, YemenNet, to censor Internet access as late as August 2010.^[40] Websense was finally discontinued in Yemen sometime around January 2011 ^[40] and apparently it is no longer being used in any Middle East or North Africa country.^[31]

On November 1, 2011, Websense General Counsel, Michael Newman, released a public letter to “challenge all other American technology vendors to join us in prohibiting repressive regimes from using American technology to prevent open communications.”^[41] The letter’s call for action included, “If you are an executive at a security company that makes software that can be used to censor Internet activity in repressive regimes, we ask that you support the right course of action and stop selling repressive tools to oppressive regimes.”^[41] The company joined the Global Network Initiative the same year.^[42]

In response, the Electronic Frontier Foundation (EFF) noted, “Websense is pointing the technology sector in the direction of promoting freedom; BlueCoat represents the aiding oppressors. The choice for other tech companies is clear, and kudos to Websense for leading the way.”^[43] In March 2012, the EFF also praised Websense for denouncing Pakistan's censorship plans.^[42]

See also

• Cisco
• Blue Coat Systems
• McAfee
• Zscaler^[7]
• Fireeye

References

1. Nidhi Subbaraman, Websense Plugs Data Leaks, Plays Malware Guard On Mobiles For The Office= Fast Company
2. Ken Presti, Websense Updates Malware, Data Theft Defenses = CRN
3. "West Censoring East: The Use of Western Technologies by Middle East Censors, 2010-2011y". OpenNet Initiative. 2011-03. Retrieved 2012-01-28. {{cite web}}: Check date values in: |date= (help)
4. "Legal Information. Important Information Regarding the Websense Website". Websense. Retrieved 2013-03-20. Websense does not sell to governments or Internet Service Providers (ISPs) that are engaged in government-imposed censorship. (...) "global filtering" projects where the government mandated policy (1) prohibits minors from accessing pornography and/or (2) prohibits child pornography (...) If the government requires ISPs to block adult content from all users, but permits an adult user to gain access to that content after providing proof of age, this would be in compliance with our stated policy. Websense, however, does not engage in any arrangements with foreign governments (or government-imposed arrangements) that could be viewed as oppressive of rights. Cite error: The named reference "legal info" was defined multiple times with different content (see the help page).
5. "What you can do if you feel a website has been incorrectly categorized". Websense. Retrieved 2013-03-20. Ask your Help Desk or IT administrator to change a website's category (they can override the Websense category). You can also suggest that Websense researchers reevaluate a categorization by e-mailing suggest (at) websense.com.
6. "He's All Business On the Internet, Phil Trubey Unveils His Latest Venture Even Though He Could Retire Today". San Diego Business Journal. 2000-12-11. Retrieved 2008-08-04.
7. Orans, Lawrence; Firstbrook, Peter (25 May 2011). (Report). Gartner via McAfee http://www.mcafee.com/ca/resources/reports/rp-gartner-magic-quadrant-secure-web-gateway.pdf. Retrieved 27 March 2012. {{cite report}}: Missing or empty |title= (help)
8. Eric Ouellet, Gartner (2013-01-13). "Magic Quadrant for Content-Aware Data Loss Prevention" (PDF). [ComputerLinks].
9. Robert McMillan, IDG News Service (2006-12-20). "Websense to buy PortAuthority". InfoWorld. Retrieved 2008-08-04.
10. Websense acquires Canadian blog-spam fighting security company, Maxine Cheung, itbussiness.ca, 2009-02-04
11. Robert McMillan, IDG News Service (2009-01-27). "With Acquisition Websense to Silence Comment Spam". PCWorld.
12. Sarah Perez (3 October 2011). "Facebook Partners With Websense To Protect Users From Malicious Sites And Malware". Retrieved 30 March 2012.
13. Peter J Brennan (10 Mar 2012). "Websense Rises After Quest Buyout Bid: Los Angeles Mover". Retrieved 30 Mar 2012.
14. "Websense Signs Definitive Agreement to be Acquired by Vista Equity Partners". 20 May 2013. Retrieved 21 May 2013.
15. Jolie O'Dell (20 May 2013). "Websense, publicly traded since 2000, goes private in $906M buyout". Retrieved 21 May 2013.
16. "Explicit and Transparent Proxy Deployments". Websense. 2010. Retrieved 30 March 2012.
17. "URL Categories". Websense. 2012. Retrieved 2012-04-10.
18. "The Websense Master Database". Websense.com. Retrieved February 18, 2012.
19. "Websense Unveils Triton Architecture". InfoWorld. ChannelPro. 11 February 2010. Retrieved 04 Sept. 2013. {{cite news}}: Check date values in: |accessdate= and |date= (help)
20. "U.S. Department of Health and Human Services". 11 February 2010.
21. "Information Highway Patrol", ComputerWorld, vol. 38, no. 22, pp. 28–29, May 31, 2004
22. Websense: reporting tools.
23. Michael A. Newman, Chief Financial Officer (2012-12-31). "UNITED STATES SECURITIES AND EXCHANGE COMMISSION, FORM 10-K, Websense".
24. Richardson, Caroline R.; Resnick, Paul J.; Hansen, Derek L.; Derry, Holly A.; Rideout, Victoria J. (2002). "Does Pornography-Blocking Software Block Access to Health Information on the Internet". Journal of the American Medical Association. 288 (22): 2887–2894.
25. The Rhode Island affiliate, American Civil Liberties Union (April 2005). "R.I. ACLU releases report on "troubling" internet censorship in public libraries". Archived from the original on 2008-12-08. {{cite web}}: |archive-date= / |archive-url= timestamp mismatch; 2008-12-05 suggested (help)
    * full report.
26. Marjorie Heins, Christina Cho, Ariel Feldman (2006), Internet filters: a public policy report (PDF), Brennan Center for Justice, pp. 38–39 intro
27. Websense filtering out this site, official website of Norman Finkelstein, "Reader letters: reply from Websense stating that www.normanfinkelstein.com has been reviewed and now categorized as 'News and Media'"
28. Stanley, Carol; Jerry, Stovall (2008). "The Blocked Blog (or Websense and the Technical Colleges' Fight for Academic Freedom)". Georgia Library Quarterly. 45 (1). Retrieved February 16, 2012.
29. John Leyden (2009-03-20). "Websense mistakes Cisco.com for hack site". The Register.
30. "Tools and Policies". Websense. Retrieved February 19, 2012.
31. West Censoring East: Or Why Websense Thinks My Blog is Pornography, Jilian C. York (coauthor of the 2010-2011 ONI report), March 28, 2011 "I will say that Yemen has stopped using Websense and we’re not aware of any other countries–at least in the Middle East and North Africa–that use the software."
32. "Don't Filter Me!" (PDF). American Civil Liberties Union. 10 November 2011. Retrieved 2011-04-10.
33. Peacefire WebSENSE Examined
34. Sana Saleem, CEO, Bolo Bhi (2012-03-02). "Thank You Websense, From Pakistan".
35. China: Controls tighten as Internet activism grows "Cisco Systems, Microsoft, Nortel Networks, Websense and Sun Microsystems", citing Amnesty International: People’s Republic of China: State Control of the Internet in China, ASA, 17/007/2002, November 2002.
36. Internet Filtering in Yemen in 2004–2005: A Country Study. OpenNet Initiative.
37. Jane Novak (6–9 March 2008). "Internet censorship in Yemen". Yemen Times. No. 1135 (volume 8). The government ISP automatically denies Internet requests from Yemeni users by using Websense and Antlabs to filter Internet content. Websense enables the government to block websites by category and to define specific Internet sites to block
38. Websense Issues Statement on Use of its URL Filtering Technology by ISPs in Yemen "Since we were informed about the potential use of our products by Yemeni ISPs based on government-imposed Internet restrictions in Yemen, we have investigated this potential non-compliance with our anti-censorship policy. Because our product operates based on a database system, we are able to block updated database downloads to locations and to end users where the use of our product would violate law or our corporate policies. We believe that we have identified the specific product subscriptions that are being used for Web filtering by ISPs in Yemen, and in accordance with our policy against government-imposed censorship and compliance review policies (http://www.websense.com/content/censorship-policy.aspx), we have taken action to discontinue the database downloads to the Yemeni ISPs"
39. Websense Sets the Record Straight on its Anti-Censorship Policy, Websense General Counsel Mike Newman, 20 August 2009, "The simple answer is that we don’t want or need that kind of business. The purpose of our Web filtering and Web security products is to make the Internet a safer place to do business, ensuring security and organizational productivity, while limiting legal liability for employers. Government censorship is not on our product roadmap."
40. West Censoring East: The Use of Western Technologies by Middle East Censors, 2010-2011 , March 2011, Helmi Noman and Jillian C. York. "From this we may infer, but not definitively establish, that Websense categorizations were still being received and updated in Yemen as of August 2010."
41. Newman, Michael (2011-11-01). "Websense Statement on Improper Use of Technology for Suppression of Rights and in Violation of Trade Sanctions". Websense. Retrieved 2012-03-27.
42. Jillian C York. "Filtering Software Companies Should Follow Websense's Lead". Electronic Frontier Foundation. Retrieved 2012-03-30.
43. Sutton, Maira; Timm, Trevor (2011-11-07). "This Week in Internet Censorship Egypt Imprisons Alaa, Other Pro-democracy Bloggers". Electronic Frontier Foundation. Retrieved 2012-03-27.

Further reading

• Access Denied: The Practice and Policy of Global Internet Filtering, Ronald Deibert, John G. Palfrey, Rafal Rohozinski, Jonathan Zittrain, MIT Press, 2008. ISBN 0-262-54196-3, ISBN 978-0-262-54196-1

External links

• Official website