Many security teams struggle for visibility and control over the
data residing inside their organizations. Imagine trying to index
and classify the safe use of all content outside on the Internet as
well. There are terabytes of data inside enterprise networks,
petabytes of content on the Internet, and staggering growth trends
for each. This data is highly volatile, sometimes changing in
seconds as needs dictate and Web 2.0 allows.
Not all of these rapid changes are desirable, or even
intentional. In particular, Websense Security Labs found that more
than half of all Websites hosting malicious content during the
second half of 2007 were legitimate sites that had been recently
hacked. With Web 2.0, hacks happen in the space of a few
keystrokes.
Websense security researchers overcome these challenges using
the Websense HoneyGrid, an adaptive classification and research
system within the Websense ThreatSeeker™ network. The HoneyGrid
active feedback network uses over 50 million systems to monitor and
accurately classify the full range of Internet and enterprise
content—not just Web URLs, but all types of Web, email, data, and
application content—in real-time. These broadly distributed systems
automatically track changing content and trends, collect security
research material, and instantly adapt to changes through a
perpetual stream of probes and updates.
Without intervention by end-users or system administrators, the
Websense Internet HoneyGrid™ and Internal Network HoneyGrid provide
crucial context about data types and details on changing Internet
content and usage. These systems are used together by Websense to
safeguard essential information and Internet use in the enterprise.
This technical overview of the Websense HoneyGrid system provides
an insider’s perspective into each tier of this new technique.