Miercom Report - Websense Competitive Testing

Transcription

Miercom Report - Websense Competitive Testing
Lab Testing Detailed Report
DR131118
January 2014
Competitive Testing of
Web Security Devices
Websense TRITON Web Security Gateway Anywhere
Blue Coat ProxySG 900-20 Secure Web Gateway, Proxy Edition
Check Point 12200 Appliance Next-Generation Threat Protection
McAfee WG-5500-B Web Gateway
Palo Alto Networks PA-2020 Next-Generation Firewall
Miercom
www.miercom.com
Contents
1.0 Executive Summary ..............................................................................................................3
2.0 Products Tested ....................................................................................................................4
2.1 Websense TRITON Web Security Gateway Anywhere (WSGA) .................................... 4
2.2 Blue Coat ProxySG 900-20 Secure Web Gateway, Proxy Edition .................................. 4
2.3 Check Point 12200 Appliance Next-Generation Threat Protection .................................. 4
2.4 McAfee WG-5500-B Web Gateway ................................................................................ 5
2.5 Palo Alto Networks PA-2020 Next-Generation Firewall .................................................. 5
3.0 Hardware and Software Used in Testing ...............................................................................6
4.0 Overall Results......................................................................................................................7
5.0 Web Security Effectiveness Testing ......................................................................................8
6.0 Web Security Effectiveness by Individual Categories ..........................................................10
6.1 Drive-By Installers .........................................................................................................10
6.2 Exploits .........................................................................................................................12
6.3 Phishing ........................................................................................................................14
6.4 Malicious Redirects .......................................................................................................16
7.0 Risk Web Filtering Testing ..................................................................................................18
8.0 Risk Web Filtering Testing, Results of Individual Categories ...............................................20
8.1 Adult ..............................................................................................................................20
8.2 Gambling .......................................................................................................................22
8.3 Hacking .........................................................................................................................24
8.4 Proxy Avoidance ...........................................................................................................26
9.0 Conclusion ..........................................................................................................................28
Websense TRITON WSGA
Copyright © 2014 Miercom
Page 2
23 January 2014
DR131118
1.0 Executive Summary
Miercom conducted an independent third-party validation of the Websense TRITON Web
Security Gateway Anywhere (WSGA) and four competing web security products: the Blue Coat
ProxySG 900-20 Secure Web Gateway, the Check Point 12200 Appliance Next-Generation
Threat Protection, the McAfee WG-5500-B Web Gateway and the Palo Alto Networks PA-2020
Next-Generation Firewall.
Two types of testing were conducted to evaluate the ability of the appliances to block threats
and certain types of risky web content using a URL sample set sourced independently by
Miercom that was unknown to any of the vendors.
Web Security Effectiveness testing verified the detection, classification and blocking of multiple
web threats: drive-by-installers, complex exploits, phishing and malicious redirects.
Risk Web Filtering testing verified the ability to detect and block various types of risky web
content, such as sexual material, gambling, proxy avoidance and hacking. Blocking these types
of web content is an important aspect of controlling online access to minimize loss of user
productivity, manage bandwidth costs, prevent potentially malicious content from entering the
enterprise network and meet compliance requirements.
In both portions of testing, products that employ real-time dynamic content analysis tended to
outperform those that rely on static database lookups for URL matching and/or threat
signatures.
We were pleased with the overall performance of the Websense TRITON WSGA solution,
particularly its malware blocking and its real-time defense effectiveness. The Advanced
Classification Engine (ACE) is a key component of Websense TRITON, employing advanced
machine learning to quickly and accurately classify pages in real time based on contextual
assessment of content including images, multimedia and links.
The Websense TRITON WSGA solution demonstrated its ability to protect against both known
and emerging threats. Key results validated that it had:
•
The highest overall blocking rate, 98.1% (15,991 of 16,307 samples in eight
categories)
•
The highest blocking rate in both portions of testing, 98.2% in web security
effectiveness and 98.0% in risk web filtering
•
The highest blocking rate in all eight categories
•
A blocking rate of more than 94% in seven of the eight categories
The Websense TRITON WSGA solution demonstrated the ability to provide some of the most
advanced real-time threat protection and content classification we have observed in testing to
date. Therefore, it has earned the Miercom Performance
Verified Certification.
Rob Smithers
CEO
Miercom
Websense TRITON WSGA
Copyright © 2014 Miercom
Page 3
23 January 2014
DR131118
2.0 Products Tested
2.1 Websense TRITON Web Security Gateway Anywhere (WSGA)
Part of the TRITON unified security platform, Websense TRITON Web Security Gateway
Anywhere (WSGA) provides content analysis of web and SSL traffic in real time, ensuring safe
use of the Internet. The Websense TRITON WSGA solution can analyze new sites and dynamic
content in real time while proactively discovering security risks and blocking unsafe malware. Its
Advanced Classification Engine (ACE) detects, blocks or strips malicious code before it enters
the network. The WSGA dashboards offer feedback on network security, threat detection, traffic
loads and user activity for both inbound and outbound traffic.
The primary defense of all Websense TRITON solutions, ACE provides real-time, inline,
contextual defense for web, email, data and mobile security by using composite risk scoring and
predictive analysis on inbound and outbound web traffic. ACE works in conjunction with a
proprietary cloud-based threat intelligence security network, the Websense ThreatSeeker
Intelligence Cloud, which collects data from more than 900 million endpoints and analyzes up to
5 billion web requests every day.
The Websense TRITON management console can be used to configure web security, data
loss prevention (DLP) and email security on a single, easy-to-manage appliance. It offers both
on-premise and unified hybrid cloud security that protects remote and mobile end users or
entire offices.
The hardware portion of the Websense TRITON WSGA solution tested was the 1U Websense
V10000 appliance. Designed for headquarters locations and large branch offices, the V10000
has 24GB RAM and 6 1GB Base-T network interface ports and supports up to 7,500 users.
2.2 Blue Coat ProxySG 900-20 Secure Web Gateway, Proxy Edition
A 1U web control product, the Blue Coat ProxySG 900-20, Proxy Edition enables branch users
to have the same security coverage as those in a main office or headquarters location. URL
filtering is part of the functionality that provides protection and control of web traffic.
ProxySG appliances deployed with Blue Coat WebFilter automatically include Web Pulse and
Blue Coat Proxy Client for remote user protection, filtering and acceleration.
The ProxySG 900-20 is intended to serve up to 6,000 employees. Built-in ports are as follows:
two 10000Base-T with bypass and two 1000-BaseT (no bypass), onboard SSL. It also has two
1TB SAS hard drives.
2.3 Check Point 12200 Appliance Next-Generation Threat Protection
There are four possible security configurations for the Check Point 12200 appliance depending
on the software modules used. In addition to Next-Generation Threat Protection, the others are
Next-Generation Firewall, Next-Generation Data Protection and Secure Web Gateway.
The 12200 tested had the URL Filtering software module as part of the Next-Generation Threat
Protection configuration, which provides multi-layer protection against web-borne malware.
The Next-Generation Threat Protection is the most robust of the four since it has 11 of a
possible 12 software modules as standard. In addition to URL filtering, the other modules active
in the Next-Generation Threat Protection configuration are Firewall, Identity Awareness, IPsec
VPN, Advanced Networking & Clustering, Application Control, Mobile Access, IPS, Antivirus,
Anti-Spam and Email Security, and Anti-Bot. The firmware utilized was R76.
Websense TRITON WSGA
Copyright © 2014 Miercom
Page 4
23 January 2014
DR131118
The basic hardware configuration of the 12200 appliance includes 8 10/100/1000Base-T ports,
one network card expansion slot, 4 GB memory and a 500GB hard drive.
2.4 McAfee WG-5500-B Web Gateway
McAfee Web Gateways protect the enterprise network from inbound and outbound Web-borne
threats. The WG-5500-B is the high-end model in the McAfee family of medium- and enterprisecapacity appliances. Specifications include 12GB of memory, four copper 10/100/1000 network
interface ports and RAID-10.
The URL filtering functionality of McAfee Web Gateways is McAfee Global Threat Intelligence
(GTI), which filters on reputation and category.
The following is from the McAfee data sheet: “McAfee GTI creates a profile of all Internet
entities – websites, email, and IP addresses – based on hundreds of different attributes
gathered from the massive global data collection capabilities of McAfee Labs. It then assigns a
reputation score based on the security risk posed, enabling administrators to apply very
granular rules about what to permit or deny.”
2.5 Palo Alto Networks PA-2020 Next-Generation Firewall
The PA-2020 Next-Generation Firewall from Palo Alto Networks is designed for use as a highspeed Internet gateway, providing network security and threat prevention in large branch offices
and medium-sized enterprises.
URL filtering functionality for the PA-2020 is available via subscription. The functionality is
based on an on-box customizable database that can include up to 76 categories and 20 million
URLs. The user can customize categories, allowable content, block lists and block pages. The
maximum number of policies that can be created is 2,500.
Specifications include a 180-watt power supply, a 160GB hard drive and 12 10/100/1000,
2 gigabit SFP. The SFP transceivers are sold separately.
Websense TRITON WSGA
Copyright © 2014 Miercom
Page 5
23 January 2014
DR131118
3.0 Hardware and Software Used in Testing
Source: Miercom, January 2014
Product Name
Function
Software Version
Websense TRITON WSGA
Secure web gateway
TRITON 7.8.1
Blue Coat ProxySG 900-20
Secure web gateway
SGOS 6.5.2.1 Proxy Edition
Check Point 12200
Next-Generation Threat Protection
R76 firmware
McAfee WG-5500-B
Web gateway
Web Gateway 7 (7.2.0.9.0)
Palo Alto Networks PA-2020
Next-generation firewall
5.0.7
Mu Dynamics Mu-8000
Security testing appliance
Spirent Studio Security
Security testing software
Ixia XM12
Primary traffic generator
BreakingPoint FireStorm
Alternate traffic generator and
security test system
Apache JMeter
Load testing tool
Miercom client
URL Filtering Client
Ubuntu Linux
12.04LTS
The Ixia XM12 was the primary traffic generator. Ixia (www.ixiacom.com) is an industry leader in
performance testing of networking equipment. Real-world traffic was generated by the test
platform and test applications, principally IxAutomate for Layer 2-3 switching and routing traffic.
The BreakingPoint FireStorm was the alternate traffic generator.
Websense TRITON WSGA
Copyright © 2014 Miercom
Page 6
23 January 2014
DR131118
4.0 Overall Results
The Websense TRITON WSGA made the best overall performance of the five web security
products tested. Its 98.1% blocking rate, shown in Table 1 and Figure 1 is the result of blocking
15,991 of 16,307 in the eight categories.
Also, Websense TRITON WGSA had the highest blocking rate in all eight categories and in both
portions of testing, 98.2% in web security effectiveness and 98.0% in web risk filtering.
Table 1: Overall Blocking Rate, URLs in Eight Categories
Vendor
Product
Sample
Size
Number
Retrieved
Number
Blocked
Percentage
Blocked
Websense
TRITON WSGA
16,307
316
15,991
98.1%
Check Point
12200 NGTP
16,307
1,176
15,131
92.8%
Blue Coat
SG900-20
16,307
3,638
12,669
77.7%
McAfee
WG-5500-B
16,307
3,696
12,611
77.3%
Palo Alto Networks
PA-2020
16,307
5,242
11,065
67.9%
16,307
2,813.6
13,477.4
82.6%
Average
Figure 1: Overall Blocking Rate, URLs in Eight Categories
100
Percentage Blocked (%)
98.1
92.8
75
77.7
77.3
67.9
50
25
0
Websense Check Point
TRITON 12200 NGTP
WSGA
Blue Coat
SG900-20
McAfee
WG-5500-B
Palo Alto
Networks
PA-2020
Source: Miercom Web Security Industry Assessment, January 2014
Websense TRITON WSGA
Copyright © 2014 Miercom
Page 7
23 January 2014
DR131118
5.0 Web Security Effectiveness Testing
Description
This series of tests assessed the ability of each security appliance to analyze and block realworld threats sourced by Miercom from an unbiased sample set of live Internet targets. The
threats were drive-by installers, complex exploits, phishing and malicious redirects.
Configuration and Procedure
A sample set of thousands of live malicious web targets was used. A generic diagram of the
test bed, direct path, is below.
Figure 2: Direct Path Testing
Each security appliance had the latest software and database(s) as well as access to the latest
cloud lookup services. Default security policies, including anti-malware engines, as well as
settings required to filter URLs in a specific category were enabled.
The Miercom client, Apache JMeter, sent an HTTP “GET” request to the target web server via
the web gateway, the router and the Internet. The client was configured to wait up to 20
seconds for the web gateway to render a decision, block or pass. The 20 seconds was intended
to remove the possibility of a temporary Internet issue from interfering with a block or pass
decision.
The composition of the sample set is shown in Table 2.
Table 2: Sample URLs in Each Web Security Effectiveness Category
Category
Websense TRITON WSGA
Copyright © 2014 Miercom
Number of URLs
Drive-by Installers
37
Exploits
108
Phishing
3,536
Redirects
44
Total
3,725
Page 8
23 January 2014
DR131118
Expected Results
The expectation was that each web security product would detect and filter or block drive-by
installers, exploits, phishing and malicious redirect URLs.
Overall Results
The Websense TRITON WSGA made the best overall performance, finishing first in all four
categories and recording a blocking rate of 98.2% (3,657 of 3,725 samples) as shown in Table 3
and Figure 3 below.
Table 3: Overall Blocking Rate Web Security Effectiveness in Four Categories
Vendor
Product
Sample
Size
Number
Retrieved
Number
Blocked
Percentage
Blocked
Websense
TRITON WSGA
3,725
68
3,657
98.2%
McAfee
WG-5500-B
3,725
417
3,308
88.8%
Check Point
12200 NGTP
3,725
867
2,858
76.7%
Blue Coat
SG900-20
3,725
1,916
1,809
48.6%
Palo Alto Networks
PA-2020
3,725
3,612
113
3.0%
3,725
1,434.0
2,349.0
63.1%
Average
Figure 3: Overall Blocking Rate Web Security Effectiveness, URLs in Four
Categories
100
98.2
Percentage Blocked (%)
88.8
75
76.7
50
48.6
25
3.0
0
Websense
TRITON
WSGA
McAfee
Check Point
WG-5500-B 12200 NGTP
Blue Coat
SG900-20
Palo Alto
Networks
PA-2020
Source: Miercom Web Security Industry Assessment, January 2014
Websense TRITON WSGA
Copyright © 2014 Miercom
Page 9
23 January 2014
DR131118
6.0 Web Security Effectiveness by Individual Categories
6.1 Drive-By Installers
Configuration
Websense TRITON WSGA was configured to block all available security categories.
Blue Coat ProxySG 900-20, Proxy Edition was configured to block all available security
categories.
Check Point 12200 NGTP was configured to block all available security categories as well as
high risk and critical risk categories.
McAfee WB-5500-B was configured to block all available security categories.
Palo Alto Networks PA-2020 was configured to block all available security categories.
Each product was configured with the latest versions of software/firmware and databases. All
were also configured to utilize their AV engine(s) as well as cloud lookup services.
The log information from the management interface was used to see all categories assigned per
sample blocked. This log was compared to the Miercom scripts log for better accuracy.
Results
The Websense WSGA had the highest blocking rate, 94.6%, as shown in Table 4 below and
Figure 4 on the following page.
Table 4: Blocking Rate, Drive-by Installer URLs
Vendor
Product
Sample
Size
Number
Retrieved
Number
Blocked
Percentage
Blocked
Websense
TRITON WSGA
37
2
35
94.6%
McAfee
WG-5500-B
37
16
21
56.8%
Blue Coat
SG900-20
37
20
17
45.9%
Check Point
12200
NGTP
37
27
10
27.0%
Palo Alto Networks
PA-2020
37
37
0
0.0%
37
20.4
16.6
44.9%
Average
Websense TRITON WSGA
Copyright © 2014 Miercom
Page 10
23 January 2014
DR131118
Figure 4: Blocking Rate, Drive-by Installer URLs
100
Percentage Blocked (%)
94.6
75
56.8
50
45.9
25
0
27.0
0.0
Websense
TRITON
WSGA
McAfee
WG-5500-B
Blue Coat
SG900-20
Check Point
12200 NGTP
Palo Alto
Networks
PA-2020
Source: Miercom Web Security Industry Assessment, January 2014
The category, Drive-by Installers, had the smallest sample set in the test. The Websense TRITON WSGA
was the winner by a large margin, blocking 35 of the 37 URLs for a blocking rate of 94.6%. The runner-up
failed to block 16 URLs.
Websense TRITON WSGA
Copyright © 2014 Miercom
Page 11
23 January 2014
DR131118
6.2 Exploits
Configuration
Websense TRITON WSGA was configured to block all available security categories.
Blue Coat ProxySG 900-20, Proxy Edition was configured to block all available security
categories.
Check Point 12200 NGTP was configured to block all available security categories as well as
high risk and critical risk categories.
McAfee WB-5500-B was configured to block all available security categories.
Palo Alto Networks PA-2020 was configured to block all available security categories.
Each product was configured with the latest versions of software/firmware and databases. All
were also configured to utilize their AV engine(s) as well as cloud lookup services.
The log information from the management interface was used to see all categories assigned per
sample blocked. This log was compared to the Miercom scripts log for better accuracy.
Results
The Websense WSGA had the highest blocking rate, 99.1, as shown in Table 5 below and
Figure 5 on the following page. The blocking rate of the runner-up was more than 30% adrift.
Table 5: Blocking Rate, Exploit URLs
Vendor
Product
Sample
Size
Number
Retrieved
Number
Blocked
Percentage
Blocked
Websense
TRITON WSGA
108
1
107
99.1%
Blue Coat
SG900-20
108
36
72
66.7%
McAfee
WG-5500-B
108
46
62
57.4%
Check Point
12200 NGTP
108
67
41
38.0%
Palo Alto Networks
PA-2020
108
100
8
7.4%
108
50.0
58.0
53.7%
Average
Websense TRITON WSGA
Copyright © 2014 Miercom
Page 12
23 January 2014
DR131118
Figure 5: Blocking Rate, Exploit URLs
Percentage Blocked (%)
100
99.1
75
66.7
57.4
50
38.0
25
0
7.4
Websense
TRITON
WSGA
Blue Coat
SG900-20
McAfee
Check Point
WG-5500-B 12200 NGTP
Palo Alto
Networks
PA-2020
Source: Miercom Web Security Industry Assessment, January 2014
In terms of blocking percentage, the performance of the Websense TRITON WSGA in the Exploits
Category was the best in the entire test. The Websense solution blocked all but one of the 108 samples,
earning a blocking rate of 99.1%.
Websense TRITON WSGA
Copyright © 2014 Miercom
Page 13
23 January 2014
DR131118
6.3 Phishing
Configuration
Websense TRITON WSGA was configured to block phishing and all available security
categories.
Blue Coat ProxySG 900-20, Proxy Edition was configured to block phishing and all available
security categories.
Check Point 12200 NGTP was configured to block phishing, as well as all available security,
high risk and critical risk categories.
McAfee WB-5500-B was configured to block phishing and all available security categories.
Palo Alto Networks PA-2020 was configured to block phishing and all available security
categories.
Each product was configured with the latest versions of software/firmware and databases. All
were also configured to utilize their AV engine(s) as well as cloud lookup services.
The log information from the management interface was used to see all categories assigned per
sample blocked. This log was compared to the Miercom scripts log for better accuracy.
Results
The Websense WSGA had the highest blocking rate, 98.2%, as shown in Table 6 and Figure 6
on the following page.
Table 6: Blocking Rate, Phishing URLs
Vendor
Product
Sample
Size
Number
Retrieved
Number
Blocked
Percentage
Blocked
Websense
TRITON
WSGA
3,536
64
3,472
98.2%
McAfee
WG-5500-B
3,536
331
3,205
90.6%
Check Point
12200
3,536
743
2,793
79.0%
Blue Coat
SG900-20
3,536
1,832
1,704
48.2%
Palo Alto Networks
PA-2020
3,536
3,434
102
2.9%
3,536
1,280.8
2,255.2
63.8%
Average
Websense TRITON WSGA
Copyright © 2014 Miercom
Page 14
23 January 2014
DR131118
Figure 6: Blocking Rate, Phishing URLs
100
98.2
Percentage Blocked (%)
90.6
75
79.0
50
48.2
25
0
2.9
Websense
TRITON
WSGA
McAfee
Check Point
WG-5500-B 12200 NGTP
Blue Coat
SG900-20
Palo Alto
Networks
PA-2020
Source: Miercom Web Security Industry Assessment, January 2014
Phishing was the category with the largest gap between the blocking rate of the leader and the last-place
finisher. The leader, the Websense TRITON WSGA, had a blocking rate of 98.2%, 95.3% clear of the
Palo Alto Networks PA-2020.
Websense TRITON WSGA
Copyright © 2014 Miercom
Page 15
23 January 2014
DR131118
6.4 Malicious Redirects
Configuration
Websense TRITON WSGA was configured to block malicious redirects and all available
security categories.
Blue Coat ProxySG 900-20, Proxy Edition was configured to block all available security
categories.
Check Point 12200 NGTP was configured to block all available security categories as well as
high risk and critical risk categories.
McAfee WB-5500-B was configured to block all available security categories.
Palo Alto Networks PA-2020 was also configured to block all available security categories.
Each product was configured with the latest versions of software/firmware and databases. All
were also configured to utilize their AV engine(s) as well as cloud lookup services.
The log information from the management interface was used to see all categories assigned per
sample blocked. This log was compared to the Miercom scripts log for better accuracy.
Results
The Websense WSGA had the highest blocking rate, 97.7%, as shown in Table 7 and Figure 7
on the following page.
Table 7: Blocking Rate, Malicious Redirects
Vendor
Product
Sample
Size
Number
Retrieved
Number
Blocked
Percentage
Blocked
Websense
TRITON WSGA
44
1
43
97.7%
McAfee
WG-5500-B
44
24
20
45.4%
Blue Coat
SG900-20
44
28
16
36.4%
Check Point
12200 NGTP
44
30
14
31.8%
Palo Alto Networks
PA-2020
44
41
3
6.8%
44
24.8
19.2
43.6%
Average
Websense TRITON WSGA
Copyright © 2014 Miercom
Page 16
23 January 2014
DR131118
Figure 7: Blocking Rate, Redirects
100
Percentage Blocked (%)
97.7
75
50
45.4
36.4
25
31.8
6.8
0
Websense
TRITON
WSGA
McAfee
WG-5500-B
Blue Coat
SG900-20
Check Point
12200 NGTP
Palo Alto
Networks
PA-2020
Source: Miercom Web Security Industry Assessment, January 2014
The Websense solution blocked all but one of the 44 malicious redirects, earning a blocking rate of
97.7%. The McAfee WG-5500-B took second place by blocking less than half of the sample set, reaching
a 45.4% blocking rate.
Websense TRITON WSGA
Copyright © 2014 Miercom
Page 17
23 January 2014
DR131118
7.0 Risk Web Filtering Testing
This series of tests assessed the ability of each security appliance to analyze and block web
content in four risk categories. The URLs were sourced by Miercom from an unbiased sample
set of live Internet targets. The four risk categories were adult, gambling, hacking and proxy
avoidance. These web targets often compromise employee productivity, are required to be
filtered to meet compliance requirements, harbor malicious threats, or provide mechanisms
by which to bypass web security controls and are therefore a critical aspect of any web
security solution testing.
Configuration and Procedure
A sample set of thousands of live web targets was used. A generic diagram of the test bed,
direct path, is below.
Figure 8: Direct Path Testing
Each security appliance had the latest software and database(s) as well as access to the latest
cloud lookup services. Default security policies, including anti-malware engines, as well as
settings required to filter URLs in a specific category were enabled. All available security related
filter categories were also configured.
The Miercom client, Apache JMeter, sent an HTTP “GET” request to the target web server via
the web gateway, the router and the Internet. The client was configured to wait up to 20
seconds for the web gateway to render a decision, block or pass. The 20 seconds was intended
to remove the possibility of a temporary Internet issue from interfering with a block or pass
decision.
The composition of the sample set is shown in Table 8.
Table 8: Sample URLs in Each Risk Web Filtering Category
Category
Websense TRITON WSGA
Copyright © 2014 Miercom
Number of URLs
Adult
6,919
Gambling
5,418
Hacking
196
Proxy Avoidance
49
Total
12,582
Page 18
23 January 2014
DR131118
Expected Results
The expectation was that each web security product would detect and filter or block adult,
gambling, hacking and proxy avoidance URLs.
Overall Results
The Websense TRITON WSGA made the best overall performance, finishing first in all four
categories and recording a blocking rate of 98.0% (12,334 of 12,582 samples) as shown in
Table 9 and Figure 9.
Table 9: Overall Blocking Rate Risk Web Filtering in Four Categories
Vendor
Product
Sample
Size
Number
Retrieved
Number
Blocked
Percentage
Blocked
Websense
TRITON WSGA
12,582
248
12,334
98.0%
Check Point
12200 NGTP
12,582
309
12,273
97.5%
Palo Alto Networks
PA-2020
12,582
1,630
10,952
87.0%
Blue Coat
SG900-20
12,582
1,722
10,860
86.3%
McAfee
WG-5500-B
12,582
3,279
9,303
73.9%
12,582
1,437.6
11,144.4
88.6%
Average
Figure 9: Overall Blocking Rate Risk Web Filtering in Four Categories
100
Percentage Blocked (%)
98.0
97.5
87.0
75
86.3
73.9
50
25
0
Websense Check Point
TRITON 12200 NGTP
WSGA
Palo Alto
Networks
PA-2020
Blue Coat
SG900-20
McAfee
WG-5500-B
Source: Miercom Web Security Industry Assessment, January 2014
Websense TRITON WSGA
Copyright © 2014 Miercom
Page 19
23 January 2014
DR131118
8.0 Risk Web Filtering Testing, Results of Individual Categories
8.1 Adult
Configuration
Websense TRITON WSGA was configured to block adult content, lingerie and swimsuit, nudity,
sex and sex education under the adult material menu.
Blue Coat ProxySG 900-20, Proxy Edition was configured to block child pornography, nudity,
pornography and sex education.
Check Point 12200 NGTP was configured to block nudity, pornography, sex, sex education,
and high risk and critical risk categories.
McAfee WB-5500-B was configured to block incidental nudity, nudity, pornography and sexual
materials.
Palo Alto Networks PA-2020 was configured to block adult and nudity.
Each product was configured with the latest versions of software/firmware and databases. All
were also configured to utilize their AV engine(s) as well as cloud lookup services. In addition to
the specific risk categories, all security categories were also enabled.
The log information from the management interface was used to see all categories assigned per
sample blocked. This log was compared to the Miercom scripts log for better accuracy.
Results
The Websense WSGA had the highest blocking rate, 97.8%, as shown in Table 10 and
Figure 10.
Table 10: Blocking Rate, Adult URLs
Vendor
Product
Sample
Size
Number
Retrieved
Number
Blocked
Percentage
Blocked
Websense
TRITON WSGA
6,919
151
6,768
97.8%
Check Point
12200 NGTP
6,919
156
6,763
97.7%
Blue Coat
SG900-20
6,919
638
6,281
90.8%
Palo Alto Networks
PA-2020
6,919
727
6,192
89.5%
McAfee
WG-5500-B
6,919
1,041
5,886
85.1%
6,919
542.6
6,378.0
92.2%
Average
Websense TRITON WSGA
Copyright © 2014 Miercom
Page 20
23 January 2014
DR131118
Figure 10: Blocking Rate, Adult URLs
100
Percentage Blocked (%)
95
97.8
97.7
90
90.8
89.5
85
85.1
80
75
Websense Check Point
TRITON 12200 NGTP
WSGA
Blue Coat
SG900-20
Palo Alto
Networks
PA-2020
McAfee
WG-5500-B
Source: Miercom Web Security Industry Assessment, January 2014
Adult was the category with the smallest gap between the blocking rate of the leader and the last-place
finisher. The leader, the Websense TRITON WSGA, had a blocking rate of 97.8%, 12.7% clear of the
McAfee WG-5500-B.
Websense TRITON WSGA
Copyright © 2014 Miercom
Page 21
23 January 2014
DR131118
8.2 Gambling
Configuration
Websense TRITON WSGA with Web Security Gateway Anywhere was configured to block
gambling under the Extended Protection Menu.
Blue Coat ProxySG 900-20, Proxy Edition was configured to block gambling.
Check Point 12200 NGTP was configured to block gambling, high risk and critical risk.
McAfee WB-5500-B was configured to block gambling and gambling related.
Palo Alto Networks PA-2020 was configured to block gambling.
Each product was configured with the latest versions of software/firmware and databases. All
were also configured to utilize their AV engine(s) as well as cloud lookup services. In addition to
the specific risk categories, all security categories were also enabled.
The log information from the management interface was used to see all categories assigned per
sample blocked. This log was compared to the Miercom scripts log for better accuracy.
Results
The Websense WSGA had the highest blocking rate, 98.6%, as shown in Table 11 and
Figure 11.
Table 11: Blocking Rate, Gambling URLs
Vendor
Product
Sample
Size
Number
Retrieved
Number
Blocked
Percentage
Blocked
Websense
TRITON WSGA
5,418
76
5,342
98.6%
Check Point
12200 NGTP
5,418
82
5,336
98.5%
Palo Alto Networks
PA-2020
5,418
757
4,661
86.0%
Blue Coat
SG900-20
5,418
959
4,459
82.3%
McAfee
WG-5500-B
5,418
2,091
3,327
61.4%
5,418
793.0
4,625.0
85.4%
Average
Websense TRITON WSGA
Copyright © 2014 Miercom
Page 22
23 January 2014
DR131118
Figure 11: Blocking Rate, Gambling URLs
Percentage Blocked (%)
100
98.6
98.5
86.0
75
82.3
61.4
50
25
0
Websense Check Point
TRITON 12200 NGTP
WSGA
Palo Alto
Networks
PA-2020
Blue Coat
SG900-20
McAfee
WG-5500-B
Source: Miercom Web Security Industry Assessment, January 2014
Gambling was one of two categories in which a competing web security product came closest in
terms of percentage to the Websense TRITON WSGA in first place. As in Adult, just 0.1%
separated the performance of the Websense solution and the runner-up, the Check Point 12200
NGTP, in determining whether to block or pass 5,418 gambling URLs.
Websense TRITON WSGA
Copyright © 2014 Miercom
Page 23
23 January 2014
DR131118
8.3 Hacking
Configuration
Websense TRITON WSGA was configured to block hacking.
Blue Coat ProxySG 900-20, Proxy Edition was configured to block hacking.
Check Point 12200 NGTP was configured to block hacking, high risk and critical risk.
McAfee WB-5500-B was configured to block potential hacking/computer crime.
Palo Alto Networks PA-2020 was configured to block hacking.
Each product was configured with the latest versions of software/firmware and databases. All
were also configured to utilize their AV engine(s) as well as cloud lookup service. In addition to
the specific risk categories, all security categories were also enabled.
The log information from the management interface was used to see all categories assigned per
sample blocked. This log was compared to the Miercom scripts log for better accuracy.
Results
The Websense WSGA had the highest blocking rate, 96.9%, as shown in Table 12 and
Figure 12.
Table 12: Blocking Rate, Hacking URLs
Sample Number
Size
Retrieved
Number
Blocked
Percentage
Blocked
6
190
96.9%
196
52
144
73.5%
PA-2020
196
103
93
47.5%
Blue Coat
SG900-20
196
108
88
44.9%
McAfee
WG-5500-B
196
124
72
36.7%
196
78.6
117.4
59.9%
Vendor
Product
Websense
TRITON WSGA
196
Check Point
12200 NGTP
Palo Alto Networks
Average
Websense TRITON WSGA
Copyright © 2014 Miercom
Page 24
23 January 2014
DR131118
Figure 12: Blocking Rate, Hacking URLs
100
Percentage Blocked (%)
96.9
75
73.5
50
47.5
44.9
36.7
25
0
Websense Check Point
TRITON 12200 NGTP
WSGA
Palo Alto
Networks
PA-2020
Blue Coat
SG900-20
McAfee
WG-5500-B
Source: Miercom Web Security Industry Assessment, January 2014
The results in the hacking category revealed a three-tiered pecking order. The Websense TRITON WSGA
was a clear winner with a blocking rate of 96.9%, preventing retrieval of 190 of the 196 samples. The
Check Point 12200 NGTP was alone as the runner-up at 73.5%. The other web security products were in
a group below 50%.
Websense TRITON WSGA
Copyright © 2014 Miercom
Page 25
23 January 2014
DR131118
8.4 Proxy Avoidance
Configuration
Websense TRITON WSGA was configured to block proxy avoidance.
Blue Coat ProxySG 900-20, Proxy Edition was configured to block proxy avoidance.
Check Point 12200 NGTP was configured to block anonymizer, anonymizers/proxy avoidance
sites, high risk and critical risk.
McAfee WB-5500-B was configured to block anonymizers and anonymizing utilities.
Palo Alto Networks PA-2020 was configured to block proxy avoidance.
Each product was configured with the latest versions of software/firmware and databases. All
were also configured to utilize their AV engine(s) as well as cloud lookup service. In addition to
the specific risk categories, all security categories were enabled.
The log information from the management interface was used to see all categories assigned per
sample blocked. This log was compared to the Miercom scripts log for better accuracy.
Results
The Websense WSGA had the highest blocking rate, 69.4, shown in Table 13 and Figure 13.
Table 13: Blocking Rate, Proxy Avoidance URLs
Vendor
Product
Sample
Size
Number
Retrieved
Number
Blocked
Percentage
Blocked
Websense
TRITON WSGA
49
15
34
69.4%
Blue Coat
SG900-20
49
17
32
65.3%
Check Point
12200 NGTP
49
19
30
61.2%
McAfee
WG-5500-B
49
31
18
36.7%
Palo Alto Networks
PA-2020
49
43
6
12.2%
49
25.0
24.0
49.0%
Average
Websense TRITON WSGA
Copyright © 2014 Miercom
Page 26
23 January 2014
DR131118
Figure 13: Blocking Rate, Proxy Avoidance URLs
Percentage Blocked (%)
100
75
69.4
65.3
61.2
50
36.7
25
12.2
0
Websense
TRITON
WSGA
Blue Coat
SG900-20
McAfee
Check Point
12200 NGTP WG-5500-B
Palo Alto
Networks
PA-2020
Source: Miercom Web Security Industry Assessment, January 2014
Proxy avoidance was the category in which the web control products had the lowest overall blocking
rates. The Websense TRITON WSGA performed the best, blocking 34 of 49 proxy avoidance URLs for a
blocking rate of 69.4%.
Websense TRITON WSGA
Copyright © 2014 Miercom
Page 27
23 January 2014
DR131118
9.0 Conclusion
Of the five web security products tested, the Websense TRITON Web Security Gateway
Anywhere (WSGA) finished first in web security effectiveness and risk web filtering tests. Of the
16,307 URLs in the eight categories, the Websense solution blocked 15,991 samples for an
overall blocking rate of 98.1%. The blocking rate of the runner-up, Check Point, was 92.8%.
All web security products tested utilized the latest software, database(s), anti-malware engines
and cloud-based resources available at the time of testing. All products tested were subjected to
the same URL sample set sourced independently by Miercom.
Testing revealed that web security risks are best mitigated when performed by security
appliances, which offer real-time security defenses and content classification. Devices tested
such as the Websense TRITON WSGA surpassed point-based security technologies in both
accuracy and coverage by correlating multiple analytic engines to identify threats that might
otherwise bypass any single mechanism. The use of this layered security approach proved to
provide the best protection as well as content classification accuracy.
The Websense TRITON WSGA achieved the highest efficacy scores in tests for detecting and
blocking of multiple types of malware threats and analyzing and classifying content.
Overall, the Websense TRITON WSGA is a superior web security solution, providing advanced
multi-layered threat protection from malicious attacks and employing sophisticated real-time
content analysis engines and algorithms that do not rely on traditional static database lookups.
Websense TRITON WSGA
Copyright © 2014 Miercom
Page 28
23 January 2014
DR131118
Applicability of Test Results
The tests in this report are intended to be reproducible for customers who wish to recreate them
with the appropriate test and measurement equipment. Current or prospective customers
interested in repeating these results may contact reviews@miercom.com for further details on
this testing.
Miercom recommends that customers conduct their own needs analysis review with us or any
other proven network consultancy and test specifically for the expected environment for
deploying new equipment.
This report was sponsored by Websense, Inc. Data was obtained completely and independently
as part of the Miercom Web Security Industry Assessment in which all vendors have equal
opportunity to participate and contribute to the test methodology. All vendors included in these
tests were afforded the opportunity to represent their products, and continue to have the
opportunity to participate in the ongoing Industry Assessment.
About Miercom
Miercom has had hundreds of product comparison analyses published in Network World,
Business Communications Review, Communications News, xchange, Internet Telephony and
other leading publications. Miercom’s reputation as the leading, independent product test center
is unquestioned.
Miercom’s private test services include competitive product analyses, as well as individual
product evaluations. Miercom features comprehensive certification and test programs including:
Certified Interoperable, Certified Reliable, Certified Secure and Certified Green. Products may
also be evaluated under the Performance Verified program, the industry’s most thorough and
trusted assessment for product usability and performance.
Websense TRITON WSGA
Copyright © 2014 Miercom
Page 29
23 January 2014
DR131118