March 12, 2013

Websense and F5 – Why it Matters

Ryan Windham

On February 25th, Websense and F5 announced a long-term, strategic agreement to develop the industry's most comprehensive, scalable, and real-time network security offerings. We also announced the availability of the first solution in our joint development roadmap.

Why does this matter?

Organizations today face increasingly sophisticated and targeted cyber-attacks that hit multiple attack vectors. The two primary targets are an organization's web application servers and its employees accessing the web.

Web application servers are targeted because they are public-facing and often have access to sensitive information in backend databases. As a result, they are subject to denial of service and application vulnerability and HTTP protocol exploitation attacks. In many cases, these web servers, once compromised, are used to drive redirects, host exploit kits and code, or deliver malware payloads because the site's good reputation passes traditional security defenses. Positioned in front of these web applications, F5's Application Delivery Controller is ideally positioned to thwart these types of web application server attacks. When Websense's advanced threat detection and data loss prevention (DLP) capabilities are added to this web application firewall platform, the joint solution becomes "content-aware." This provides a much higher degree of security against evolving threats.

Employees are also targeted due to their privileged access to information and their susceptibility to spear-phishing and other social engineering techniques. These attacks often lure users to web destinations that redirect to servers hosting exploit kits used to detect open vulnerabilities or open doors into the user's system resulting in silently downloaded and installed malware. Once installed, the malware often checks in with command and control centers before carrying out its instructions that may involve data theft. Websense's real-time security capabilities can detect and defend against each of these kill chain stages as utilized by advance threats.

What do both web application and employee attacks have in common?  Both attempt to acquire access credentials, infect, steal sensitive data, and in many cases are components of a broader attack on an organization that may also include disrupting commercial services.

The Websense / F5 joint solutions solve this problem by protecting both web application servers and employees from cyber-attacks. The solutions enable organizations to secure their entire enterprise footprint by protecting sensitive data from both inbound attacks and outbound exfiltration.  I.T. administrators have access to a consistent set of security services deployed across both gateways: the web application firewall and the secure web gateway.

This solution optimizes interoperability of the BIG-IP platform and Websense V-series and X-series appliances, bringing together the industry's most effective security defenses  and the industry's most scalable networking. Meanwhile, our R&D teams are developing an on-box integration which has Websense TRITON defenses running directly on the F5 BIG-IP platform. Have any questions about the F5 and Websense partnership? Feel free to email me at

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.