Websense Slowly Extends Reach of Data Loss Prevention Tools

Websense CEO Gene Hodges has no plans to join in the wave of consolidation that's sweeping through the enterprise security software industry, with future products the fruit of internal development, not acquisition, he said Wednesday.

The latest addition to the company's range is a data loss prevention tool, Websense Data Security Endpoint, intended to stop company data leaking from employees' PCs. Developed internally, it has the same data characterization engine at its core as the company's gateway security product, Websense Data Security Suite, but works on network endpoints.

"We don't plan to be acquisitive for the next four of five quarters, unless something unusual happens," Hodges said.

He doesn't plan to be acquired either, but that's "in the hands of the gods," he said.

His remarks came hours after rival Symantec said it would buy e-mail security vendor MessageLabs for US$695 million -- and two weeks after McAfee, another company Hodges sees as a competitor, said it would buy network security specialist Secure Computing in a deal worth around $465 million.

Websense's last acquisitions, on the other hand, date back to early last year. In April 2007, it paid $400 million for SurfControl, a U.K. vendor of Web security software, and in January 2007, it closed its acquisition of PortAuthority Technologies for about $90 million.

That slower pace gives Websense time to absorb and integrate the products it acquires, Hodges said.

"It's not good to have lots of undigested products in your range," he said. "Symantec and McAfee both have indigestion."

Websense Data Security Endpoint re-used the gateway data characterization engine it acquired from PortAuthority, a process not without its headaches for the development team.

"We worried a lot about size. The fingerprints for data loss prevention are very large, and updating those frequently causes all the pain you would expect, shifting gigabytes around the network. We worked on making those fingerprints sparser," Hodges said.

The data fingerprints allow the software to recognize three categories of data, he said: standard formats such as credit card or Social Security numbers; structured data such as customer database records and unstructured data such as a company's quarterly earnings press release.

The other elements of the new software, including policy management tools, were developed from scratch.

Those policy tools allow fine-grained control of who can send what kinds of data to whom. Printing off a customer's address and order details might be OK, while printing dozens of customers' Social Security and credit card numbers would be bad. Equally, sending an advance copy of the company's annual earnings report to the external e-mail address of the company's general counsel is fine, but if that same e-mail message goes to a spyware drop-box instead, alarm bells should ring.

"Data loss prevention requires that you block all the potential holes, so the endpoint and the gateway have to be coordinated," he said.

Simplifying that coordination, with a focus on integrated policy management, is Websense's goal for the coming year.

"The next move is to integrate in-the-cloud policy management with on-premises management," Hodges said.

That he said, will allow distributed organizations to choose how they deploy the technology, perhaps installing software on their own servers at headquarters and regional offices, and subscribing to a service "in the cloud" for remote workers, yet managing them all from the same console.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Related:
  
Shop Tech Products at Amazon