AP-Web PoC Test Plan
AP-Web PoC Test Plan
AP-Web PoC Test Plan
Scenarios
Forcepoint AP-Web
Proof-Of-Concept (POC)
Forcepoint. 1
Confidential
Forcepoint Test Scenarios
Scenarios
Document Reference
Property Description
Creation Date
Forcepoint has prepared this document for use by Forcepoint and the intended
recipient and addressee only. The contents of this document, which does not purport to
be comprehensive, has not been independently verified and shall remain the
confidential property of Forcepoint and must not be communicated to any other party
without the prior written approval of Websense. While this information has been
prepared in good faith, no representation or warranty, express or implied, is or will be
made and no responsibility or liability is or will be accepted by Websense or by any of
its affiliates, respective officers, employees or agents in relation to the accuracy or
completeness of this information or any other written or oral information made available
to any interested party and any such liability is expressly disclaimed. No legally binding
relations relating to the proposed transactions referred to in this RFI exist or will exist
between the parties until such time as a formal agreement providing for the proposed
transactions has been negotiated, executed and delivered by the parties. The
contents of this Response are the intellectual property of Websense. Provision of this
Response does not grant or transfer rights in relation to Websense intellectual
property contained in this Response. By accepting this RFI and the information
therein, the recipient agrees to be bound by the foregoing limitations.
Copyright © 2016 Forcepoint. All Rights
Reserved.
Forcepoint. 2
Confidential
Forcepoint Test Scenarios
Scenarios
Table of Contents
1. Executive Summary.................................................................................................4
2. Solution Overview………………….………………………………………………………5
3. Proposed Setup…………………………………………………………………………..10
4. POC Schedule and Work Plan………………………………………………………….12
5. Web Security Gateway (WSG)Test Cases…………………………………………….13
5.1. Test: Custom Block Page to include User ID / IP Address............................... 13
5.2. Test: Internet Access Test............................................................................... 14
5.3. Test: Blocked Category ................................................................................... 14
5.4. Test: Blocked Category (Security: Malicious Web Sites & Malicious Embedded
iFrame)...................................................................................................................... 14
5.5. Test: Eicar test virus........................................................................................ 15
5.6. Test: Web 2.0 dynamic categorization............................................................. 15
5.8. Test: Application Protocol Detection (APD) ..................................................... 16
5.9. Test: Authentication (as configured, if deployed) ............................................. 16
5.10. Test: Social Web Control – Granular control on Facebook access............... 16
5.11. Test: SSL /HTTPS Interception.................................................................... 17
5.12. Test: Real Time Monitor .............................................................................. 17
5.13. Test: Analysis of outgoing password file ...................................................... 17
5.14. Test: Reporting ............................................................................................ 18
6. Web DLP (Optional) .............................................................................................. 17
6.1 Test: Web data loss prevention with on-box Data Security policy engine............. 17
POC Sign-off Sheet…………………………………………………………………………….24
White Papers……………………………………………………………………………………25
Forcepoint. 3
Confidential
Forcepoint Test Scenarios
Scenarios
1. Executive Summary
The World Wide Web has changed dramatically in the past decade. The use of Web as
an application platform, a communication medium, and a business tool, combined with
the migration of attackers on the Web, demands new solutions to help manage business
and mitigate security threats. Enterprise IT managers should carefully evaluate both the
ease of management, as well as the effectiveness, of gateway-based Web security
solutions against a constantly evolving threat landscape.
Web 2.0 sites are rapidly growing to be some of the most visited Web sites on the
Internet. The ability of users to freely create and upload content into Web 2.0 sites is
increasingly attractive to attackers who upload malicious and objectionable content onto
reputable Web 2.0 sites or onto legitimate sites that have been compromised. The ability
of a Web security gateway to detect malicious content accurately on dynamic Web sites
like Web 2.0 relies greatly on real-time analysis of content, and not just on the reputation
of the Web sites.
Web 2.0 technologies have transformed the Web into an extremely viable and
increasingly popular platform for business communications. At the same time, however,
associated rich applications featuring real-time interaction and supporting user-
generated content have also elevated its potential as a conduit for sensitive information
and made the Web a highly attractive target/vehicle for hackers.
As a result, in addition to bolstering their formerly static Web defenses with real-time
scanning, analysis, and classification capabilities, today’s chief information, security, and
compliance officers should be considering how to address data loss over the Web
channel. The secure web gateway (SWG) is a logical consolidation point in this regard,
offering the potential for reduced infrastructure, complexity and cost of ownership.
Forcepoint. 4
Confidential
Forcepoint Test Scenarios
Scenarios
2. Solution Overview
The Forcepoint AP-Webis designed for customers that want to ensure their level of web
security increases as the web evolves from a static resource, to a dynamic
communication platform. Forcepoint AP-Webbuilds on the existing level of security
offered by Websense Web Security, adding real-time content classification and security
scanning coupled with outbound content control.
The Web Security Gateway makes the web safer and more productive for your
enterprise by securely enabling Web 2.0, consolidating your existing investment in
Websense solutions, and simplifying web management and reporting.
Forcepoint. 5
Confidential
Forcepoint Test Scenarios
Scenarios
Some very popular sites, thought to be safe, distribute many types of threats, making
them a launch pad to transmit malware to unsuspecting users. For example, 75% of web
sites with malicious code are compromised/legitimate sites, 60% of the top 100 most
popular web sites have either hosted or been involved in malicious activity, and 29% of
malicious web attacks included data-stealing code.
The Forcepoint AP-Webis the leading Web security solution to secure against dynamic,
Web 2.0 threats and ensure Web content is appropriate and within policy for your
organization. The Web Security Gateway provides real-time content inspection and
application control for the latest dynamic Web 2.0 content, including SSL traffic, ensuring
your IT staff is able to keep up with the latest threats.
Visibility and control over SSL encrypted traffic, allowing administrators complete
visibility of network traffic entering and leaving the enterprise.
Previously unseen web content such as private proxy avoidance servers can now
be effectively identified as can users trying to bypass your web security controls.
While many of these new types of Internet technologies are in wide use, the
ability to secure and control their use is not as widely deployed. Many of the
traditional IT security and control technologies simply do not address the risks
associated with accessing dynamic content in real time via these new delivery
systems.
Network firewalls provide little protection as Web 2.0 relies primarily on standard
HTTP and HTTPS protocols that simply can’t be blocked without cutting off Web
access.
Web reputation services alone are ineffective as some of the most valuable sites
on the Web, such as Google or Yahoo, have fallen victim to hosting malicious
code, and simply blocking access to these sites is not an acceptable answer for
most businesses.
Forcepoint. 6
Confidential
Forcepoint Test Scenarios
Scenarios
solid visibility into the network, administrators can create use policies that work for both
the company and employee.
Rather than taking a “block all” approach to web security, Websense Security
Gateway can create use policies that permit good traffic to cross into your
network while blocking components from the same site that are deemed to pose
a threat to the security and safety of your network. The granular and real-time
content review approach to web security means that corporate compliance and
user demands can be met simultaneously.
Another powerful benefit of Web Security Gateway is its compact size and consolidation
of technologies into an extensible appliance. The V10000 appliance combines multiple
Websense services onto a single platform. This reduces the number of servers, rack
space and power needed to deploy and manage your Websense security
implementation.
The Web Security Gateway integrates the Websense web proxy into a single
appliance providing visibility and control of all types of web traffic, including SSL.
Web filtering solutions can leverage the integrated web proxy/cache allowing
administrators to maintain a single solution to monitor private channels and
satisfy business users with optimal performance of their web activities.
Whereas Websense Web Filter and Web Security solutions can integrate directly
with these network components, and use them to re-direct web traffic, the Web
Security Gateway uses its integrated proxy capabilities built in to the product to
analyse the web content traversing the network. The Web Security Gateway
effectively captures all web traffic, co-existing with existing network infrastructure
components such as a firewall, router etc.
Forcepoint. 7
Confidential
Forcepoint Test Scenarios
Scenarios
55 built-in reports can easily be automated for generation and distribution to key
stakeholders to track all aspects of your web security and blocking activity.
The Web Security Gateway provides over 125 controls to manage thousands of
web applications, including IM and P2P, ensuring that your network can be
managed and secured against today’s latest technologies. With only a check of a
Forcepoint. 8
Confidential
Forcepoint Test Scenarios
Scenarios
box, you can instantly control what applications can communicate over your
network.
Updates for new or updated applications are automatic, keeping networks safe
against today’s threats. This means no additional time is required to stay up to
date and no additional IT resources are consumed trying to anticipate changes to
applications.
Forcepoint. 9
Confidential
Forcepoint Test Scenarios
Scenarios
3. Proposed Setup
Forcepoint. 10
Confidential
Forcepoint Test Scenarios
Scenarios
Forcepoint AP-WebInstallation
Forcepoint AP-Webwill be installed on the V5000 G2 appliance. Afterwards,
corresponding patches, if necessary, will be installed. The Websense Master Database
will be downloaded.
Testing
Forcepoint AP-Webtest cases will be executed for the POC proper. Expected results
will be generated afterwards.
Report Generation
Report will be generated during the entire duration for the POC process and will be
submitted to the customer for reference purposes.
Forcepoint. 11
Confidential
Forcepoint Test Scenarios
Scenarios
Pass/Fail
5.1. Test: Custom Block Page to include User ID / IP Address
Forcepoint. 12
Confidential
5.2. Test: Internet Access Test Pass/Fail
To perform this test, check that the policy has action based on “Confirm”
or “Quota”
To perform this test, check that the policy has blocked the category
“Adult Material”, “Gambling” and “Proxy Avoidance”.
Pass/Fail
5.6. Test: Web 2.0 dynamic categorization
1. From a Web browser, attempt to access:
http://www.facebook.com
2. Verify that access to the Games within Facebook page is blocked as
“Games”.
Pass/Fail
5.7. Test: Application Protocol Detection (APD)
Individual applications
Protocol Reporting
Pass/Fail
5.9. Test: Social Web Control – Granular control on Facebook
access
Social Web Control - Facebook
1. To perform this test, check that the policy has block message action
under the category “Social Web Control - Facebook” and category
of “Social Networking” is allowed
2. From a Web browser, attempt to access:
http://www.facebook.com
3. Verify that access to the message action within Facebook page is
blocked.
Pass/Fail
5.10. Test: SSL /HTTPS Interception
Pass/Fail
5.11. Test: Real Time Monitor
Real Time Monitor
1. Ensure all the user traffics is captured within the Real Time Monitor
Tool and it contains information about the time/user
name/url/category/action/etc
Pass/Fai
5.12. Test: Analysis of outgoing password file l
ThreatDashboard
passwordfiles.zip
Pass/Fail
5.13. Test: Reporting
Performed by:
Date:
Designation:
Witnessed by:
Date:
Designation: