Published Wednesday, March 30, 2011 6:49 PM by Dave Meizlik

Leading market research firm IDC just reported that Websense is at the center of “content security” convergence. At Websense, are obviously pleased with this conclusion.  We’ve spent the last six years transforming our portfolio and company from a nice-to-have URL filter to a mission-critical content security solution.  So IDC’s affirmation is music to our ears.  But many security professionals might be wondering: just what exactly is content security? How is it different from traditional security? And why should I care? So let’s take a moment to explore these questions, starting with the last question first: you should care because the traditional pillars of enterprise security—perimeter and endpoint security – are clearly no longer cutting the mustard.  In fact, talking about them takes me back to my college days preparing for the LSAT when we toyed with logical fallacies and the principle that something can be necessary, but not sufficient.   Again, just to be clear – I’m stating that both perimeter and endpoint security ARE necessary… they’re just NOT sufficient.

What’s rendered these traditional defenses insufficient? Well, to answer that let me take one more step back in time… Several years ago, Websense began to closely analyze threat patterns through our ThreatSeeker™ Network (a global threat intelligence network that mines and analyzes roughly a billion pieces of content daily) and saw that threats were starting to blend – an email contained a malicious URL; a compromised website hosted data-stealing code; sensitive documents were disappearing into the cloud, and in some cases appearing in it; and social media sites meant the Web was becoming dynamic, changing how we apply policy, prevent threats, and stop data loss. Compounding this change in threats, we also saw changes in computing and mobility as more and more applications moved to the cloud (along with sensitive data), and an increasingly mobile workforce with more powerful computing devices.  Thus, the perimeter was, and continues to, erode and so too is the effectiveness of traditional styles of security – ones that are nearly entirely focused on keeping known bad stuff out.  Instead, we realized that the focus of security (and its application) needed to change to address what was substantive and core to the enterprise – the content.  The content – whether good (e.g., intellectual property) or bad (e.g., malware), not just a URL or file, but the content on the website, in an email, embedded in a presentation, stored on a device, etc. is what really matters, and what we at Websense realized we needed to protect.  What’s more, we realized we needed to provide a holistic solution to secure content at the network, endpoint, mobile, wherever and whenever.  So that’s what we built – the world’s first (and only, mind you) unified content security solution.  And that’s what IDC has recognized.

So that’s what content security is and why it matters, so let’s now take a look at why IDC says Websense is at the center of it. The “IDC Websense Vendor Profile: At the Center of Content Security Convergence,” proclaims that the three content security technologies — Web security, messaging security, and data loss prevention (DLP) — are currently on a collision course. This makes a lot of sense when you rationalize the situation.  What matters?  The content matters – both the good and the bad.  And what are the two biggest communication channels over which content is communicated?  The two biggest channels are Web and Email. So then the question isn’t really whether you should have security in place for these three areas.  Instead, the question is whether you have standalone products or a unified solution.  And the answer is pretty simple: The threats and communication platforms have converged, and thus so too must our security.  When we converge content security, we significantly increase threat prevention for modern malware, risk reduction for data loss and compliance, consolidate solutions (and vendor consolidation), and we save money.  Bottom line, with unification comes enhanced security and savings.

No doubt about it, the threat landscape has shifted dramatically. IT managers are struggling to stay secure in the face of new types of attacks and technology platforms, as widespread adoption attracts new risks. You can’t secure the perimeter anymore, because there is no perimeter to secure. Endpoints include all sorts of smartphones and pads. But you can secure the content. We think that the Websense TRITON solution is your best choice to do so, but you don’t have to take my word for it. Check out the IDC report at http://www.websense.com/content/industry-analyst-reports.aspx.