Miercom Report - Websense Competitive Testing
Transcription
Miercom Report - Websense Competitive Testing
Lab Testing Detailed Report DR131118 January 2014 Competitive Testing of Web Security Devices Websense TRITON Web Security Gateway Anywhere Blue Coat ProxySG 900-20 Secure Web Gateway, Proxy Edition Check Point 12200 Appliance Next-Generation Threat Protection McAfee WG-5500-B Web Gateway Palo Alto Networks PA-2020 Next-Generation Firewall Miercom www.miercom.com Contents 1.0 Executive Summary ..............................................................................................................3 2.0 Products Tested ....................................................................................................................4 2.1 Websense TRITON Web Security Gateway Anywhere (WSGA) .................................... 4 2.2 Blue Coat ProxySG 900-20 Secure Web Gateway, Proxy Edition .................................. 4 2.3 Check Point 12200 Appliance Next-Generation Threat Protection .................................. 4 2.4 McAfee WG-5500-B Web Gateway ................................................................................ 5 2.5 Palo Alto Networks PA-2020 Next-Generation Firewall .................................................. 5 3.0 Hardware and Software Used in Testing ...............................................................................6 4.0 Overall Results......................................................................................................................7 5.0 Web Security Effectiveness Testing ......................................................................................8 6.0 Web Security Effectiveness by Individual Categories ..........................................................10 6.1 Drive-By Installers .........................................................................................................10 6.2 Exploits .........................................................................................................................12 6.3 Phishing ........................................................................................................................14 6.4 Malicious Redirects .......................................................................................................16 7.0 Risk Web Filtering Testing ..................................................................................................18 8.0 Risk Web Filtering Testing, Results of Individual Categories ...............................................20 8.1 Adult ..............................................................................................................................20 8.2 Gambling .......................................................................................................................22 8.3 Hacking .........................................................................................................................24 8.4 Proxy Avoidance ...........................................................................................................26 9.0 Conclusion ..........................................................................................................................28 Websense TRITON WSGA Copyright © 2014 Miercom Page 2 23 January 2014 DR131118 1.0 Executive Summary Miercom conducted an independent third-party validation of the Websense TRITON Web Security Gateway Anywhere (WSGA) and four competing web security products: the Blue Coat ProxySG 900-20 Secure Web Gateway, the Check Point 12200 Appliance Next-Generation Threat Protection, the McAfee WG-5500-B Web Gateway and the Palo Alto Networks PA-2020 Next-Generation Firewall. Two types of testing were conducted to evaluate the ability of the appliances to block threats and certain types of risky web content using a URL sample set sourced independently by Miercom that was unknown to any of the vendors. Web Security Effectiveness testing verified the detection, classification and blocking of multiple web threats: drive-by-installers, complex exploits, phishing and malicious redirects. Risk Web Filtering testing verified the ability to detect and block various types of risky web content, such as sexual material, gambling, proxy avoidance and hacking. Blocking these types of web content is an important aspect of controlling online access to minimize loss of user productivity, manage bandwidth costs, prevent potentially malicious content from entering the enterprise network and meet compliance requirements. In both portions of testing, products that employ real-time dynamic content analysis tended to outperform those that rely on static database lookups for URL matching and/or threat signatures. We were pleased with the overall performance of the Websense TRITON WSGA solution, particularly its malware blocking and its real-time defense effectiveness. The Advanced Classification Engine (ACE) is a key component of Websense TRITON, employing advanced machine learning to quickly and accurately classify pages in real time based on contextual assessment of content including images, multimedia and links. The Websense TRITON WSGA solution demonstrated its ability to protect against both known and emerging threats. Key results validated that it had: • The highest overall blocking rate, 98.1% (15,991 of 16,307 samples in eight categories) • The highest blocking rate in both portions of testing, 98.2% in web security effectiveness and 98.0% in risk web filtering • The highest blocking rate in all eight categories • A blocking rate of more than 94% in seven of the eight categories The Websense TRITON WSGA solution demonstrated the ability to provide some of the most advanced real-time threat protection and content classification we have observed in testing to date. Therefore, it has earned the Miercom Performance Verified Certification. Rob Smithers CEO Miercom Websense TRITON WSGA Copyright © 2014 Miercom Page 3 23 January 2014 DR131118 2.0 Products Tested 2.1 Websense TRITON Web Security Gateway Anywhere (WSGA) Part of the TRITON unified security platform, Websense TRITON Web Security Gateway Anywhere (WSGA) provides content analysis of web and SSL traffic in real time, ensuring safe use of the Internet. The Websense TRITON WSGA solution can analyze new sites and dynamic content in real time while proactively discovering security risks and blocking unsafe malware. Its Advanced Classification Engine (ACE) detects, blocks or strips malicious code before it enters the network. The WSGA dashboards offer feedback on network security, threat detection, traffic loads and user activity for both inbound and outbound traffic. The primary defense of all Websense TRITON solutions, ACE provides real-time, inline, contextual defense for web, email, data and mobile security by using composite risk scoring and predictive analysis on inbound and outbound web traffic. ACE works in conjunction with a proprietary cloud-based threat intelligence security network, the Websense ThreatSeeker Intelligence Cloud, which collects data from more than 900 million endpoints and analyzes up to 5 billion web requests every day. The Websense TRITON management console can be used to configure web security, data loss prevention (DLP) and email security on a single, easy-to-manage appliance. It offers both on-premise and unified hybrid cloud security that protects remote and mobile end users or entire offices. The hardware portion of the Websense TRITON WSGA solution tested was the 1U Websense V10000 appliance. Designed for headquarters locations and large branch offices, the V10000 has 24GB RAM and 6 1GB Base-T network interface ports and supports up to 7,500 users. 2.2 Blue Coat ProxySG 900-20 Secure Web Gateway, Proxy Edition A 1U web control product, the Blue Coat ProxySG 900-20, Proxy Edition enables branch users to have the same security coverage as those in a main office or headquarters location. URL filtering is part of the functionality that provides protection and control of web traffic. ProxySG appliances deployed with Blue Coat WebFilter automatically include Web Pulse and Blue Coat Proxy Client for remote user protection, filtering and acceleration. The ProxySG 900-20 is intended to serve up to 6,000 employees. Built-in ports are as follows: two 10000Base-T with bypass and two 1000-BaseT (no bypass), onboard SSL. It also has two 1TB SAS hard drives. 2.3 Check Point 12200 Appliance Next-Generation Threat Protection There are four possible security configurations for the Check Point 12200 appliance depending on the software modules used. In addition to Next-Generation Threat Protection, the others are Next-Generation Firewall, Next-Generation Data Protection and Secure Web Gateway. The 12200 tested had the URL Filtering software module as part of the Next-Generation Threat Protection configuration, which provides multi-layer protection against web-borne malware. The Next-Generation Threat Protection is the most robust of the four since it has 11 of a possible 12 software modules as standard. In addition to URL filtering, the other modules active in the Next-Generation Threat Protection configuration are Firewall, Identity Awareness, IPsec VPN, Advanced Networking & Clustering, Application Control, Mobile Access, IPS, Antivirus, Anti-Spam and Email Security, and Anti-Bot. The firmware utilized was R76. Websense TRITON WSGA Copyright © 2014 Miercom Page 4 23 January 2014 DR131118 The basic hardware configuration of the 12200 appliance includes 8 10/100/1000Base-T ports, one network card expansion slot, 4 GB memory and a 500GB hard drive. 2.4 McAfee WG-5500-B Web Gateway McAfee Web Gateways protect the enterprise network from inbound and outbound Web-borne threats. The WG-5500-B is the high-end model in the McAfee family of medium- and enterprisecapacity appliances. Specifications include 12GB of memory, four copper 10/100/1000 network interface ports and RAID-10. The URL filtering functionality of McAfee Web Gateways is McAfee Global Threat Intelligence (GTI), which filters on reputation and category. The following is from the McAfee data sheet: “McAfee GTI creates a profile of all Internet entities – websites, email, and IP addresses – based on hundreds of different attributes gathered from the massive global data collection capabilities of McAfee Labs. It then assigns a reputation score based on the security risk posed, enabling administrators to apply very granular rules about what to permit or deny.” 2.5 Palo Alto Networks PA-2020 Next-Generation Firewall The PA-2020 Next-Generation Firewall from Palo Alto Networks is designed for use as a highspeed Internet gateway, providing network security and threat prevention in large branch offices and medium-sized enterprises. URL filtering functionality for the PA-2020 is available via subscription. The functionality is based on an on-box customizable database that can include up to 76 categories and 20 million URLs. The user can customize categories, allowable content, block lists and block pages. The maximum number of policies that can be created is 2,500. Specifications include a 180-watt power supply, a 160GB hard drive and 12 10/100/1000, 2 gigabit SFP. The SFP transceivers are sold separately. Websense TRITON WSGA Copyright © 2014 Miercom Page 5 23 January 2014 DR131118 3.0 Hardware and Software Used in Testing Source: Miercom, January 2014 Product Name Function Software Version Websense TRITON WSGA Secure web gateway TRITON 7.8.1 Blue Coat ProxySG 900-20 Secure web gateway SGOS 6.5.2.1 Proxy Edition Check Point 12200 Next-Generation Threat Protection R76 firmware McAfee WG-5500-B Web gateway Web Gateway 7 (7.2.0.9.0) Palo Alto Networks PA-2020 Next-generation firewall 5.0.7 Mu Dynamics Mu-8000 Security testing appliance Spirent Studio Security Security testing software Ixia XM12 Primary traffic generator BreakingPoint FireStorm Alternate traffic generator and security test system Apache JMeter Load testing tool Miercom client URL Filtering Client Ubuntu Linux 12.04LTS The Ixia XM12 was the primary traffic generator. Ixia (www.ixiacom.com) is an industry leader in performance testing of networking equipment. Real-world traffic was generated by the test platform and test applications, principally IxAutomate for Layer 2-3 switching and routing traffic. The BreakingPoint FireStorm was the alternate traffic generator. Websense TRITON WSGA Copyright © 2014 Miercom Page 6 23 January 2014 DR131118 4.0 Overall Results The Websense TRITON WSGA made the best overall performance of the five web security products tested. Its 98.1% blocking rate, shown in Table 1 and Figure 1 is the result of blocking 15,991 of 16,307 in the eight categories. Also, Websense TRITON WGSA had the highest blocking rate in all eight categories and in both portions of testing, 98.2% in web security effectiveness and 98.0% in web risk filtering. Table 1: Overall Blocking Rate, URLs in Eight Categories Vendor Product Sample Size Number Retrieved Number Blocked Percentage Blocked Websense TRITON WSGA 16,307 316 15,991 98.1% Check Point 12200 NGTP 16,307 1,176 15,131 92.8% Blue Coat SG900-20 16,307 3,638 12,669 77.7% McAfee WG-5500-B 16,307 3,696 12,611 77.3% Palo Alto Networks PA-2020 16,307 5,242 11,065 67.9% 16,307 2,813.6 13,477.4 82.6% Average Figure 1: Overall Blocking Rate, URLs in Eight Categories 100 Percentage Blocked (%) 98.1 92.8 75 77.7 77.3 67.9 50 25 0 Websense Check Point TRITON 12200 NGTP WSGA Blue Coat SG900-20 McAfee WG-5500-B Palo Alto Networks PA-2020 Source: Miercom Web Security Industry Assessment, January 2014 Websense TRITON WSGA Copyright © 2014 Miercom Page 7 23 January 2014 DR131118 5.0 Web Security Effectiveness Testing Description This series of tests assessed the ability of each security appliance to analyze and block realworld threats sourced by Miercom from an unbiased sample set of live Internet targets. The threats were drive-by installers, complex exploits, phishing and malicious redirects. Configuration and Procedure A sample set of thousands of live malicious web targets was used. A generic diagram of the test bed, direct path, is below. Figure 2: Direct Path Testing Each security appliance had the latest software and database(s) as well as access to the latest cloud lookup services. Default security policies, including anti-malware engines, as well as settings required to filter URLs in a specific category were enabled. The Miercom client, Apache JMeter, sent an HTTP “GET” request to the target web server via the web gateway, the router and the Internet. The client was configured to wait up to 20 seconds for the web gateway to render a decision, block or pass. The 20 seconds was intended to remove the possibility of a temporary Internet issue from interfering with a block or pass decision. The composition of the sample set is shown in Table 2. Table 2: Sample URLs in Each Web Security Effectiveness Category Category Websense TRITON WSGA Copyright © 2014 Miercom Number of URLs Drive-by Installers 37 Exploits 108 Phishing 3,536 Redirects 44 Total 3,725 Page 8 23 January 2014 DR131118 Expected Results The expectation was that each web security product would detect and filter or block drive-by installers, exploits, phishing and malicious redirect URLs. Overall Results The Websense TRITON WSGA made the best overall performance, finishing first in all four categories and recording a blocking rate of 98.2% (3,657 of 3,725 samples) as shown in Table 3 and Figure 3 below. Table 3: Overall Blocking Rate Web Security Effectiveness in Four Categories Vendor Product Sample Size Number Retrieved Number Blocked Percentage Blocked Websense TRITON WSGA 3,725 68 3,657 98.2% McAfee WG-5500-B 3,725 417 3,308 88.8% Check Point 12200 NGTP 3,725 867 2,858 76.7% Blue Coat SG900-20 3,725 1,916 1,809 48.6% Palo Alto Networks PA-2020 3,725 3,612 113 3.0% 3,725 1,434.0 2,349.0 63.1% Average Figure 3: Overall Blocking Rate Web Security Effectiveness, URLs in Four Categories 100 98.2 Percentage Blocked (%) 88.8 75 76.7 50 48.6 25 3.0 0 Websense TRITON WSGA McAfee Check Point WG-5500-B 12200 NGTP Blue Coat SG900-20 Palo Alto Networks PA-2020 Source: Miercom Web Security Industry Assessment, January 2014 Websense TRITON WSGA Copyright © 2014 Miercom Page 9 23 January 2014 DR131118 6.0 Web Security Effectiveness by Individual Categories 6.1 Drive-By Installers Configuration Websense TRITON WSGA was configured to block all available security categories. Blue Coat ProxySG 900-20, Proxy Edition was configured to block all available security categories. Check Point 12200 NGTP was configured to block all available security categories as well as high risk and critical risk categories. McAfee WB-5500-B was configured to block all available security categories. Palo Alto Networks PA-2020 was configured to block all available security categories. Each product was configured with the latest versions of software/firmware and databases. All were also configured to utilize their AV engine(s) as well as cloud lookup services. The log information from the management interface was used to see all categories assigned per sample blocked. This log was compared to the Miercom scripts log for better accuracy. Results The Websense WSGA had the highest blocking rate, 94.6%, as shown in Table 4 below and Figure 4 on the following page. Table 4: Blocking Rate, Drive-by Installer URLs Vendor Product Sample Size Number Retrieved Number Blocked Percentage Blocked Websense TRITON WSGA 37 2 35 94.6% McAfee WG-5500-B 37 16 21 56.8% Blue Coat SG900-20 37 20 17 45.9% Check Point 12200 NGTP 37 27 10 27.0% Palo Alto Networks PA-2020 37 37 0 0.0% 37 20.4 16.6 44.9% Average Websense TRITON WSGA Copyright © 2014 Miercom Page 10 23 January 2014 DR131118 Figure 4: Blocking Rate, Drive-by Installer URLs 100 Percentage Blocked (%) 94.6 75 56.8 50 45.9 25 0 27.0 0.0 Websense TRITON WSGA McAfee WG-5500-B Blue Coat SG900-20 Check Point 12200 NGTP Palo Alto Networks PA-2020 Source: Miercom Web Security Industry Assessment, January 2014 The category, Drive-by Installers, had the smallest sample set in the test. The Websense TRITON WSGA was the winner by a large margin, blocking 35 of the 37 URLs for a blocking rate of 94.6%. The runner-up failed to block 16 URLs. Websense TRITON WSGA Copyright © 2014 Miercom Page 11 23 January 2014 DR131118 6.2 Exploits Configuration Websense TRITON WSGA was configured to block all available security categories. Blue Coat ProxySG 900-20, Proxy Edition was configured to block all available security categories. Check Point 12200 NGTP was configured to block all available security categories as well as high risk and critical risk categories. McAfee WB-5500-B was configured to block all available security categories. Palo Alto Networks PA-2020 was configured to block all available security categories. Each product was configured with the latest versions of software/firmware and databases. All were also configured to utilize their AV engine(s) as well as cloud lookup services. The log information from the management interface was used to see all categories assigned per sample blocked. This log was compared to the Miercom scripts log for better accuracy. Results The Websense WSGA had the highest blocking rate, 99.1, as shown in Table 5 below and Figure 5 on the following page. The blocking rate of the runner-up was more than 30% adrift. Table 5: Blocking Rate, Exploit URLs Vendor Product Sample Size Number Retrieved Number Blocked Percentage Blocked Websense TRITON WSGA 108 1 107 99.1% Blue Coat SG900-20 108 36 72 66.7% McAfee WG-5500-B 108 46 62 57.4% Check Point 12200 NGTP 108 67 41 38.0% Palo Alto Networks PA-2020 108 100 8 7.4% 108 50.0 58.0 53.7% Average Websense TRITON WSGA Copyright © 2014 Miercom Page 12 23 January 2014 DR131118 Figure 5: Blocking Rate, Exploit URLs Percentage Blocked (%) 100 99.1 75 66.7 57.4 50 38.0 25 0 7.4 Websense TRITON WSGA Blue Coat SG900-20 McAfee Check Point WG-5500-B 12200 NGTP Palo Alto Networks PA-2020 Source: Miercom Web Security Industry Assessment, January 2014 In terms of blocking percentage, the performance of the Websense TRITON WSGA in the Exploits Category was the best in the entire test. The Websense solution blocked all but one of the 108 samples, earning a blocking rate of 99.1%. Websense TRITON WSGA Copyright © 2014 Miercom Page 13 23 January 2014 DR131118 6.3 Phishing Configuration Websense TRITON WSGA was configured to block phishing and all available security categories. Blue Coat ProxySG 900-20, Proxy Edition was configured to block phishing and all available security categories. Check Point 12200 NGTP was configured to block phishing, as well as all available security, high risk and critical risk categories. McAfee WB-5500-B was configured to block phishing and all available security categories. Palo Alto Networks PA-2020 was configured to block phishing and all available security categories. Each product was configured with the latest versions of software/firmware and databases. All were also configured to utilize their AV engine(s) as well as cloud lookup services. The log information from the management interface was used to see all categories assigned per sample blocked. This log was compared to the Miercom scripts log for better accuracy. Results The Websense WSGA had the highest blocking rate, 98.2%, as shown in Table 6 and Figure 6 on the following page. Table 6: Blocking Rate, Phishing URLs Vendor Product Sample Size Number Retrieved Number Blocked Percentage Blocked Websense TRITON WSGA 3,536 64 3,472 98.2% McAfee WG-5500-B 3,536 331 3,205 90.6% Check Point 12200 3,536 743 2,793 79.0% Blue Coat SG900-20 3,536 1,832 1,704 48.2% Palo Alto Networks PA-2020 3,536 3,434 102 2.9% 3,536 1,280.8 2,255.2 63.8% Average Websense TRITON WSGA Copyright © 2014 Miercom Page 14 23 January 2014 DR131118 Figure 6: Blocking Rate, Phishing URLs 100 98.2 Percentage Blocked (%) 90.6 75 79.0 50 48.2 25 0 2.9 Websense TRITON WSGA McAfee Check Point WG-5500-B 12200 NGTP Blue Coat SG900-20 Palo Alto Networks PA-2020 Source: Miercom Web Security Industry Assessment, January 2014 Phishing was the category with the largest gap between the blocking rate of the leader and the last-place finisher. The leader, the Websense TRITON WSGA, had a blocking rate of 98.2%, 95.3% clear of the Palo Alto Networks PA-2020. Websense TRITON WSGA Copyright © 2014 Miercom Page 15 23 January 2014 DR131118 6.4 Malicious Redirects Configuration Websense TRITON WSGA was configured to block malicious redirects and all available security categories. Blue Coat ProxySG 900-20, Proxy Edition was configured to block all available security categories. Check Point 12200 NGTP was configured to block all available security categories as well as high risk and critical risk categories. McAfee WB-5500-B was configured to block all available security categories. Palo Alto Networks PA-2020 was also configured to block all available security categories. Each product was configured with the latest versions of software/firmware and databases. All were also configured to utilize their AV engine(s) as well as cloud lookup services. The log information from the management interface was used to see all categories assigned per sample blocked. This log was compared to the Miercom scripts log for better accuracy. Results The Websense WSGA had the highest blocking rate, 97.7%, as shown in Table 7 and Figure 7 on the following page. Table 7: Blocking Rate, Malicious Redirects Vendor Product Sample Size Number Retrieved Number Blocked Percentage Blocked Websense TRITON WSGA 44 1 43 97.7% McAfee WG-5500-B 44 24 20 45.4% Blue Coat SG900-20 44 28 16 36.4% Check Point 12200 NGTP 44 30 14 31.8% Palo Alto Networks PA-2020 44 41 3 6.8% 44 24.8 19.2 43.6% Average Websense TRITON WSGA Copyright © 2014 Miercom Page 16 23 January 2014 DR131118 Figure 7: Blocking Rate, Redirects 100 Percentage Blocked (%) 97.7 75 50 45.4 36.4 25 31.8 6.8 0 Websense TRITON WSGA McAfee WG-5500-B Blue Coat SG900-20 Check Point 12200 NGTP Palo Alto Networks PA-2020 Source: Miercom Web Security Industry Assessment, January 2014 The Websense solution blocked all but one of the 44 malicious redirects, earning a blocking rate of 97.7%. The McAfee WG-5500-B took second place by blocking less than half of the sample set, reaching a 45.4% blocking rate. Websense TRITON WSGA Copyright © 2014 Miercom Page 17 23 January 2014 DR131118 7.0 Risk Web Filtering Testing This series of tests assessed the ability of each security appliance to analyze and block web content in four risk categories. The URLs were sourced by Miercom from an unbiased sample set of live Internet targets. The four risk categories were adult, gambling, hacking and proxy avoidance. These web targets often compromise employee productivity, are required to be filtered to meet compliance requirements, harbor malicious threats, or provide mechanisms by which to bypass web security controls and are therefore a critical aspect of any web security solution testing. Configuration and Procedure A sample set of thousands of live web targets was used. A generic diagram of the test bed, direct path, is below. Figure 8: Direct Path Testing Each security appliance had the latest software and database(s) as well as access to the latest cloud lookup services. Default security policies, including anti-malware engines, as well as settings required to filter URLs in a specific category were enabled. All available security related filter categories were also configured. The Miercom client, Apache JMeter, sent an HTTP “GET” request to the target web server via the web gateway, the router and the Internet. The client was configured to wait up to 20 seconds for the web gateway to render a decision, block or pass. The 20 seconds was intended to remove the possibility of a temporary Internet issue from interfering with a block or pass decision. The composition of the sample set is shown in Table 8. Table 8: Sample URLs in Each Risk Web Filtering Category Category Websense TRITON WSGA Copyright © 2014 Miercom Number of URLs Adult 6,919 Gambling 5,418 Hacking 196 Proxy Avoidance 49 Total 12,582 Page 18 23 January 2014 DR131118 Expected Results The expectation was that each web security product would detect and filter or block adult, gambling, hacking and proxy avoidance URLs. Overall Results The Websense TRITON WSGA made the best overall performance, finishing first in all four categories and recording a blocking rate of 98.0% (12,334 of 12,582 samples) as shown in Table 9 and Figure 9. Table 9: Overall Blocking Rate Risk Web Filtering in Four Categories Vendor Product Sample Size Number Retrieved Number Blocked Percentage Blocked Websense TRITON WSGA 12,582 248 12,334 98.0% Check Point 12200 NGTP 12,582 309 12,273 97.5% Palo Alto Networks PA-2020 12,582 1,630 10,952 87.0% Blue Coat SG900-20 12,582 1,722 10,860 86.3% McAfee WG-5500-B 12,582 3,279 9,303 73.9% 12,582 1,437.6 11,144.4 88.6% Average Figure 9: Overall Blocking Rate Risk Web Filtering in Four Categories 100 Percentage Blocked (%) 98.0 97.5 87.0 75 86.3 73.9 50 25 0 Websense Check Point TRITON 12200 NGTP WSGA Palo Alto Networks PA-2020 Blue Coat SG900-20 McAfee WG-5500-B Source: Miercom Web Security Industry Assessment, January 2014 Websense TRITON WSGA Copyright © 2014 Miercom Page 19 23 January 2014 DR131118 8.0 Risk Web Filtering Testing, Results of Individual Categories 8.1 Adult Configuration Websense TRITON WSGA was configured to block adult content, lingerie and swimsuit, nudity, sex and sex education under the adult material menu. Blue Coat ProxySG 900-20, Proxy Edition was configured to block child pornography, nudity, pornography and sex education. Check Point 12200 NGTP was configured to block nudity, pornography, sex, sex education, and high risk and critical risk categories. McAfee WB-5500-B was configured to block incidental nudity, nudity, pornography and sexual materials. Palo Alto Networks PA-2020 was configured to block adult and nudity. Each product was configured with the latest versions of software/firmware and databases. All were also configured to utilize their AV engine(s) as well as cloud lookup services. In addition to the specific risk categories, all security categories were also enabled. The log information from the management interface was used to see all categories assigned per sample blocked. This log was compared to the Miercom scripts log for better accuracy. Results The Websense WSGA had the highest blocking rate, 97.8%, as shown in Table 10 and Figure 10. Table 10: Blocking Rate, Adult URLs Vendor Product Sample Size Number Retrieved Number Blocked Percentage Blocked Websense TRITON WSGA 6,919 151 6,768 97.8% Check Point 12200 NGTP 6,919 156 6,763 97.7% Blue Coat SG900-20 6,919 638 6,281 90.8% Palo Alto Networks PA-2020 6,919 727 6,192 89.5% McAfee WG-5500-B 6,919 1,041 5,886 85.1% 6,919 542.6 6,378.0 92.2% Average Websense TRITON WSGA Copyright © 2014 Miercom Page 20 23 January 2014 DR131118 Figure 10: Blocking Rate, Adult URLs 100 Percentage Blocked (%) 95 97.8 97.7 90 90.8 89.5 85 85.1 80 75 Websense Check Point TRITON 12200 NGTP WSGA Blue Coat SG900-20 Palo Alto Networks PA-2020 McAfee WG-5500-B Source: Miercom Web Security Industry Assessment, January 2014 Adult was the category with the smallest gap between the blocking rate of the leader and the last-place finisher. The leader, the Websense TRITON WSGA, had a blocking rate of 97.8%, 12.7% clear of the McAfee WG-5500-B. Websense TRITON WSGA Copyright © 2014 Miercom Page 21 23 January 2014 DR131118 8.2 Gambling Configuration Websense TRITON WSGA with Web Security Gateway Anywhere was configured to block gambling under the Extended Protection Menu. Blue Coat ProxySG 900-20, Proxy Edition was configured to block gambling. Check Point 12200 NGTP was configured to block gambling, high risk and critical risk. McAfee WB-5500-B was configured to block gambling and gambling related. Palo Alto Networks PA-2020 was configured to block gambling. Each product was configured with the latest versions of software/firmware and databases. All were also configured to utilize their AV engine(s) as well as cloud lookup services. In addition to the specific risk categories, all security categories were also enabled. The log information from the management interface was used to see all categories assigned per sample blocked. This log was compared to the Miercom scripts log for better accuracy. Results The Websense WSGA had the highest blocking rate, 98.6%, as shown in Table 11 and Figure 11. Table 11: Blocking Rate, Gambling URLs Vendor Product Sample Size Number Retrieved Number Blocked Percentage Blocked Websense TRITON WSGA 5,418 76 5,342 98.6% Check Point 12200 NGTP 5,418 82 5,336 98.5% Palo Alto Networks PA-2020 5,418 757 4,661 86.0% Blue Coat SG900-20 5,418 959 4,459 82.3% McAfee WG-5500-B 5,418 2,091 3,327 61.4% 5,418 793.0 4,625.0 85.4% Average Websense TRITON WSGA Copyright © 2014 Miercom Page 22 23 January 2014 DR131118 Figure 11: Blocking Rate, Gambling URLs Percentage Blocked (%) 100 98.6 98.5 86.0 75 82.3 61.4 50 25 0 Websense Check Point TRITON 12200 NGTP WSGA Palo Alto Networks PA-2020 Blue Coat SG900-20 McAfee WG-5500-B Source: Miercom Web Security Industry Assessment, January 2014 Gambling was one of two categories in which a competing web security product came closest in terms of percentage to the Websense TRITON WSGA in first place. As in Adult, just 0.1% separated the performance of the Websense solution and the runner-up, the Check Point 12200 NGTP, in determining whether to block or pass 5,418 gambling URLs. Websense TRITON WSGA Copyright © 2014 Miercom Page 23 23 January 2014 DR131118 8.3 Hacking Configuration Websense TRITON WSGA was configured to block hacking. Blue Coat ProxySG 900-20, Proxy Edition was configured to block hacking. Check Point 12200 NGTP was configured to block hacking, high risk and critical risk. McAfee WB-5500-B was configured to block potential hacking/computer crime. Palo Alto Networks PA-2020 was configured to block hacking. Each product was configured with the latest versions of software/firmware and databases. All were also configured to utilize their AV engine(s) as well as cloud lookup service. In addition to the specific risk categories, all security categories were also enabled. The log information from the management interface was used to see all categories assigned per sample blocked. This log was compared to the Miercom scripts log for better accuracy. Results The Websense WSGA had the highest blocking rate, 96.9%, as shown in Table 12 and Figure 12. Table 12: Blocking Rate, Hacking URLs Sample Number Size Retrieved Number Blocked Percentage Blocked 6 190 96.9% 196 52 144 73.5% PA-2020 196 103 93 47.5% Blue Coat SG900-20 196 108 88 44.9% McAfee WG-5500-B 196 124 72 36.7% 196 78.6 117.4 59.9% Vendor Product Websense TRITON WSGA 196 Check Point 12200 NGTP Palo Alto Networks Average Websense TRITON WSGA Copyright © 2014 Miercom Page 24 23 January 2014 DR131118 Figure 12: Blocking Rate, Hacking URLs 100 Percentage Blocked (%) 96.9 75 73.5 50 47.5 44.9 36.7 25 0 Websense Check Point TRITON 12200 NGTP WSGA Palo Alto Networks PA-2020 Blue Coat SG900-20 McAfee WG-5500-B Source: Miercom Web Security Industry Assessment, January 2014 The results in the hacking category revealed a three-tiered pecking order. The Websense TRITON WSGA was a clear winner with a blocking rate of 96.9%, preventing retrieval of 190 of the 196 samples. The Check Point 12200 NGTP was alone as the runner-up at 73.5%. The other web security products were in a group below 50%. Websense TRITON WSGA Copyright © 2014 Miercom Page 25 23 January 2014 DR131118 8.4 Proxy Avoidance Configuration Websense TRITON WSGA was configured to block proxy avoidance. Blue Coat ProxySG 900-20, Proxy Edition was configured to block proxy avoidance. Check Point 12200 NGTP was configured to block anonymizer, anonymizers/proxy avoidance sites, high risk and critical risk. McAfee WB-5500-B was configured to block anonymizers and anonymizing utilities. Palo Alto Networks PA-2020 was configured to block proxy avoidance. Each product was configured with the latest versions of software/firmware and databases. All were also configured to utilize their AV engine(s) as well as cloud lookup service. In addition to the specific risk categories, all security categories were enabled. The log information from the management interface was used to see all categories assigned per sample blocked. This log was compared to the Miercom scripts log for better accuracy. Results The Websense WSGA had the highest blocking rate, 69.4, shown in Table 13 and Figure 13. Table 13: Blocking Rate, Proxy Avoidance URLs Vendor Product Sample Size Number Retrieved Number Blocked Percentage Blocked Websense TRITON WSGA 49 15 34 69.4% Blue Coat SG900-20 49 17 32 65.3% Check Point 12200 NGTP 49 19 30 61.2% McAfee WG-5500-B 49 31 18 36.7% Palo Alto Networks PA-2020 49 43 6 12.2% 49 25.0 24.0 49.0% Average Websense TRITON WSGA Copyright © 2014 Miercom Page 26 23 January 2014 DR131118 Figure 13: Blocking Rate, Proxy Avoidance URLs Percentage Blocked (%) 100 75 69.4 65.3 61.2 50 36.7 25 12.2 0 Websense TRITON WSGA Blue Coat SG900-20 McAfee Check Point 12200 NGTP WG-5500-B Palo Alto Networks PA-2020 Source: Miercom Web Security Industry Assessment, January 2014 Proxy avoidance was the category in which the web control products had the lowest overall blocking rates. The Websense TRITON WSGA performed the best, blocking 34 of 49 proxy avoidance URLs for a blocking rate of 69.4%. Websense TRITON WSGA Copyright © 2014 Miercom Page 27 23 January 2014 DR131118 9.0 Conclusion Of the five web security products tested, the Websense TRITON Web Security Gateway Anywhere (WSGA) finished first in web security effectiveness and risk web filtering tests. Of the 16,307 URLs in the eight categories, the Websense solution blocked 15,991 samples for an overall blocking rate of 98.1%. The blocking rate of the runner-up, Check Point, was 92.8%. All web security products tested utilized the latest software, database(s), anti-malware engines and cloud-based resources available at the time of testing. All products tested were subjected to the same URL sample set sourced independently by Miercom. Testing revealed that web security risks are best mitigated when performed by security appliances, which offer real-time security defenses and content classification. Devices tested such as the Websense TRITON WSGA surpassed point-based security technologies in both accuracy and coverage by correlating multiple analytic engines to identify threats that might otherwise bypass any single mechanism. The use of this layered security approach proved to provide the best protection as well as content classification accuracy. The Websense TRITON WSGA achieved the highest efficacy scores in tests for detecting and blocking of multiple types of malware threats and analyzing and classifying content. Overall, the Websense TRITON WSGA is a superior web security solution, providing advanced multi-layered threat protection from malicious attacks and employing sophisticated real-time content analysis engines and algorithms that do not rely on traditional static database lookups. Websense TRITON WSGA Copyright © 2014 Miercom Page 28 23 January 2014 DR131118 Applicability of Test Results The tests in this report are intended to be reproducible for customers who wish to recreate them with the appropriate test and measurement equipment. Current or prospective customers interested in repeating these results may contact reviews@miercom.com for further details on this testing. Miercom recommends that customers conduct their own needs analysis review with us or any other proven network consultancy and test specifically for the expected environment for deploying new equipment. This report was sponsored by Websense, Inc. Data was obtained completely and independently as part of the Miercom Web Security Industry Assessment in which all vendors have equal opportunity to participate and contribute to the test methodology. All vendors included in these tests were afforded the opportunity to represent their products, and continue to have the opportunity to participate in the ongoing Industry Assessment. About Miercom Miercom has had hundreds of product comparison analyses published in Network World, Business Communications Review, Communications News, xchange, Internet Telephony and other leading publications. Miercom’s reputation as the leading, independent product test center is unquestioned. Miercom’s private test services include competitive product analyses, as well as individual product evaluations. Miercom features comprehensive certification and test programs including: Certified Interoperable, Certified Reliable, Certified Secure and Certified Green. Products may also be evaluated under the Performance Verified program, the industry’s most thorough and trusted assessment for product usability and performance. Websense TRITON WSGA Copyright © 2014 Miercom Page 29 23 January 2014 DR131118