Websense

[jonathans_daddy]

I sat through a seminar {aka vendor pimping his wares} yesterday for Wensense. It looks like a decent prouct, but I'm curious if anybody here is using (or has used) it and what their experience has been with it. What problems have you encountered? I'm not looking for discussion on whether it is right/wrong to censor, but unbiased opinions on the product. Vendors will never admit that their product has flaws.

[Info Tech Geek]

IMHO: I take these oppurtunities to nail the demonstator with the questions I want to know along with the problems I can see my company running into. If the individual there is just a sales man, then you don't want the product. I only buy from companies that send individuals who know the software like the back of their hands. I don't want to hear a sales pitch, I don't want to hear the pros and only the pros, I want to hear the truth and nothing but the truth. The next time you have a sales seminar, go to the distributors tech forum and review the issues and if there are fixes. Bring up the problem, well according to your forum this product failed to process on a Win2K system when using a WinNT server. This is the same situation we have in our office, what kind of fixes are in place to resolve this issue? I like to make these individuals work and if they start BS'ing you or just avoid the question. All you have to do is get up and walk out, lets see how fast their tune changes.

[thehorse13]

I have Websense running in an environment with 60,000 nodes.


Reliability:
===========================
Excellent. The only issues I have run into have been when idiots throw up AD controllers on the network without understanding how it effects the environment. Since WS relies on AD heavily, any hiccup in AD will cause issues with logging/monitoring.

Support:
===========================
Excellent. Every bug that I have found was turned around *very* quickly.

Ease of config/use
===========================
Somewhat painless to setup, but I would recommend using high end hardware for each component. It takes quite a bit of power.

The config GUI is very close to the look and feel of the Gauntlet firewall. In fact, it's scary close. Again, once you have a policy in place, it is easy to deal with. It is very flexible with configs so it can scale nicely to any environment.

Accuracy
=====================
Top flight. You can drill down to see what people are typing into a search engine and block them realtime if you felt the need. I have only seen a few false positives and that was only with custom protocols set to trigger by port. So if some poor fool opened up a connection on a port defined for some horrible protocol, you'll get a hit. This can be disruptive if you have it set to block. This turns up with streaming media servers mostly.

Quirks/Dislikes
=======================================
It uses crystal reporting as the front end to the database, which makes reporting as fast as watching paint dry. Reports are very good, but they take a lot of time to generate.

MySQL database seems to get hosed up about once every few months. I have yet to determine the cause but until I do, I'll just mention it as an issue that I am having until I can prove otherwise.

Anyway, if there is something specific you want to know, just ask.

--TH13

[linuxcomando]

All i have to say is that websence is awsome and i love it!!!!
Just to give you an idea, i dont have it on a 60,000 node network, however i am running it on prob. 30 100 node networks, just to give you the idea that it is quite versitile, at a couple of the sites i have their cam plugin which allows you to control access to whats on the pcs themself, i suppose kind of like deeep freeze or basically hard core security policies, and as for problems, like thehorse said the reports are slllloooww, but other than that i think its a kick ass product and for smaller networks only like $1200-$1700 a year or so depending on options

[ric-o]

Thanks for the info hoss - I was looking into it as well.

Do you have any experience/comments about some of the addons such as "Security PG", "Client Access Manager", "Client Policy Manager", or "Bandwidth Optimizer"? We are looking for something to block spyware and mobile code, and do caching.

[thehorse13]

Yes,

The spyware filter is part of the protocol analyzer add-on. It works wonderfully for *blocking* spyware traffic on your network but it beats the piss out of your logging server (logging *tons* of hits). The good news is you'll instantly know who to visit in order to clean the machine and yell about filling out online prize apps.

The policy manager is very good too. You can allow/disallow certain traffic based on time of day, user, group, etc.

Hope I answered what you need.