Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Websense vs. PestPatrol

  1. #1

    Question Websense vs. PestPatrol

    I would just like to get some opinions from those who've had experience with these programs...

    When it comes to enterprise-wide spyware protection, which do you prefer? Websense or CA PestPatrol? I've been playing with evaluation versions of both and I'm having a hard time deciding which one to recommend for purchase.

    I tried out PestPatrol, and it looks to a great job and scanning everyone on the network, especially with real time scans. However, the BIG problem I have with it is that each client machine has to cough up a massive amoung of memory to give to PestPatrol's remote services. Because of that, PestPatrol really slowed down our machines.

    I'm impressed with Websense so far. Whereas PestPatrol is simply an antispyware solution, Websense is a comprehensive security package. However, I don't see much in the way of real-time spyware scanning like PP has. Websense seems to focus more on preventing malware from having access to the computer.

    But I don't know much yet, since I've just been playing with the evaluation versions for the past couple of weeks.

    Which program do you prefer and would recommend for an enterprise-wide solution?

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi Angelic~ I don't think that there is a definitive answer to your question, as both products have a different approach.

    Websense is an internet/web filter whereas PestPatrol is a more traditional malware scanner, and has a real time element.

    I guess you will have to sit down and figure where your most likely attack vectors are. This will obviously depend on how your users use your systems?

    I am no expert, but you might be able to emulate a lot of what websense does in your policies, routers and firewalls? Particularly if you install some executable blocker as well.

    Whilst you are doing evaluations:

    http://www.ewido.net/en/

    A multipurpose malware scanner with interactive scanning capabilities

    http://www.emisoft.com/en/software/free/

    A specialist trojan and dialer scanner that will also catch some worms and spyware.


  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Websense isn't designed to be a realtime spyware scanner. It's meant to show you exactly what's going on within your organization right down to the keystrokes entered by the end users. It's best used for policy enforcement.

    However, I have found that Websense's protocol analyzer is extremely effective in identifying botnet infections. It also allows you to see how successful your spyware remediation has gone. You can look at the hitcounts and see if you're making any headway. This isn't a guarantee because we know that spyware will soon (if not already) be using encrypred connections over SSL to retrieve commands from the control server but again, Websense is a totally different solution than pest-patrol.

    I'm the enterprise Websense admin (among other things) so if there is something specific you want to know, I'd be happy to answer.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    Senior Member
    Join Date
    May 2004
    Posts
    206
    Just a warning, websense blocks Maddox .
    It is better to die on your feet than to live on your knees.

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    LOL. Yes, and it blocks a list of others like somethingawful.com and ebaumsworld.com

    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #6
    theHorse13 beat me to it. Websense is not meant to be a "real-time" spyware scanner like Pest Patrol but with a little tuning it can be very effective in that approach. What we have done is keep an updated block list of known spyware IPs along with trending such as theHorse13 mentioned. Websense combined with the newest release of Norton Enterprise Antivirus 10.0 (provides spyware eradication) has been fairly effective for us.
    to SYN, or not to SYN. That is the question. -Shakespeare?

  7. #7
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    However, I have found that Websense's protocol analyzer is extremely effective in identifying botnet infections.
    Looking at the real time analysis and web reporting for the first time, was the first time, I was able to get a clear snapshot of the overall posture of bots on the network. Excellent, worth the price of websense alone. Does Pest Patrol filter protocols as efficient as websense? Protocol based filtering/logging is another plus to websense. I also like the quota time function where you can loosen the strings a little but still effectively manage connections.

    As mentioned even with Client Policy Manager (an option I did NOT pay for) Websense is not nearly an effective spyware prevention tool. I rely on McAfee for that at the present. But with wensense you KNOW who is infected and can act on those devices with amazing clarity as to what is going on.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  8. #8
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    I absolutely HATE websense... but that is from the end user's point of view.

    I have no admin control over ours...
    I just know its good at its job. (Though, I have figured out many ways around it.)
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  9. #9
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Mine isn't inline, there fore would be very easy to bypass.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  10. #10
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,253
    I Love WEBSENSE!!!!!!!

    A word of warning. Since it is a stateful packet inspector GET A BIG BOX. I have Websense / Cisco pix integration running on a quad Zeon PIII with 2.5 GB RAM.

    The benefits are No IM, No streaming media (see attached), No EXE's, com's, bat's, key word blocking. And learning how to set new rules does not require a two week training class.

    Of course I use a static address and set Websense to ignore all requests from my ip.
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •