Websense senior director of product marketing Tom Clare told iTWire that the new version 7.7 of Triton contains ten new defences, seven watching outbound traffic and three monitoring inbound.

The gateway now performs realtime analysis of outbound links (eg, to help protect against spearphishing attacks), detects unusual encryption schemes (eg, attempts to exfiltrate data) by 'fingerprinting' commonly used ciphers, performing OCR on image files (as part of the DLP process), and "stateful DLP" (to detect situations where small amounts of data are sent at a time over a long period).

Some of these tests can be used in conjunction with the new geolocation feature, for example to block encrypted traffic to countries where the organisation has no business partners.

Mr Clare said the real-time link checking was needed as there have been attacks that have taken advantage of the way many people do not work over the weekend.

Emails are sent containing links that pass security checks when they arrive at the server on Saturday or Sunday, but the attackers add the malicious code to the target pages in the small hours of Monday morning.

Then victims check their inboxes on arrival at work on Monday, and may be tempted to visit the now-malicious pages. The new approach analyses the destination at the time the link is clicked.

"A great web defence makes a great email defence," said Mr Clare.

The new release of Triton recognises advanced malware payloads and command-and-control traffic.

There's also a new threat dashboard that presents information on who is being attacked, how they're being attacked, where the data is being sent, and which data is being targeted, he said.

Existing customers covered by maintenance will receive the new version at no extra cost, Mr Clare added.