Web Protection: Enterprise content filtering and more in a world-class appliance

Today with all the viruses and worms and malware, it is hard to think about a time in which we did not all have anti-virus, anti-spyware, anti-malware and spam filtering solutions. I have mentioned the Barracuda Spam Firewall here before and what it did to return email as a useful tool to Hagerman & Company, Inc. I was right when I wrote that this hardware appliance would revolutionize the elimination of SPAM email.  Since we installed it, this miracle device has successfully filtered over 94 percent of SPAM from reaching our mailboxes, virus/malware/worm-infected email has been stopped in its tracks and all with very low (less than .5 percent false positives at the onset and even less today with the smart learning technology of the device). So even though spam is a problem if unchecked, as I have mentioned before, the greatest growing threat is web traffic, specifically infected web traffic. The number of web sites that have infection from viruses and worms, errant code, bots and redirection continues to grow. That puts every machine in our enterprise at risk of infection and the company at liability. What to do?

What are the choices?
The challenge I had was a big one. Find a solution that would do for our web traffic and the threats it presented what the Barracuda did for spam. The Gartner group was saying that The Internet and Internet applications have become the primary source of malware infections in the enterprise... yet less than 15 percent of organizations have secured their internet gateway from these threats. How could I implement a solution that would allow us to control access to infected sites, effectively blocking them and do this from a central location? There are many products that can do site filtering at some level from the desktop, but administration is complex when dealing with hundreds of machines across a nationwide enterprise and these solutions are really not designed for the enterprise environment.

Service-based solutions
Service-based solutions are all the rage. They are available from big name companies, but in many cases, the desktop and service solutions add a client that puts an additional load on already burdened individual systems. Everyone is talking about cloud computing. I am sure that it has its place, but remember what is in the cloud stays in the cloud. That means if your Internet connection is severed or interrupted, so are the applications and solutions you depend on from the web. No, a service-based solution was not what I wanted. What I needed was a hardware appliance solution, a product that I could put inline in my infrastructure that would act as a gate, swinging open to allowing safe, business related traffic and swinging closed to block the threats. Did such a product even exist?

Symantec Web Gateway
It turned out that the Symantec Web Gateway (formerly the Webgate from Mi5) was EXACTLY what I was looking for, and more! And it had a perfect name for what it does, acting as a gate to allow and restrict web traffic. Symantec recognized that simple URL filtering solutions like we were using and so many home computer solutions used did provide some protection for users but they simply did not do enough. They had products that did just that, but they saw in the Webgate from Mi5 Networks a solution that would allow for robust filtering and give the kind of granularity that companies needed. So, as the line goes they liked it so much, they bought the company. Unlike other acquisitions, though, Symantec did not dead-end the product, but within weeks provided an upgrade to the software running on the Web Gateway that added additional functionality. This was refreshing to say the least. Symantec took something good and made it better. You could tell they realized that a one-size-fits-all solution simply will not work when you are dealing with monitoring, filtering or blocking sites, content etc. The needs for every business are different. What you really need is the ability to inspect files and traffic across all ports and protocols without noticeably slowing down the users browsing experience. Symantecs award-winning Web Gateway allows enterprises to defend their web perimeter using URL Filtering, web anti-malware detection, application control and more on a single, high-performance platform.

How does it work?
The Symantec Web Gateway brings a lot to the table. This device offers some industry firsts and capabilities I saw in no other product offering. These include the following:

Provides fast protection at the web gateway across multiple protocols for inbound and outbound web traffic
Protects against malware threats on all Web 2.0 file transfer channels
Ability to inspect for, detect, and block active and dormant botnets
Features URL filtering with flexible policy controls, and in-depth reporting and alerts
Advanced application control capabilities with ability to monitor and control usage by end-users spanning multiple applications
Detects compromised endpoints by network fingerprinting and behavioral modeling
Comprehensive web reporting and alerting
Flexible policy controls allow policy creation on any criteria and control over of how policies are applied across an organization


Symantec Web Gateway as advertised!
The marketing literature showed that the award winning Symantec Web Gateway was built on a real-time inspection engine that scans traffic on the fly, without the slowdown associated with proxy-based architectures. In addition to this real-time engine, the Webgate adds multi-layer defenses including QuickScan, DeepScan and MultiScan technologies in order to block inappropriate or malicious websites, active content, applications (IM, P2P, etc.), file downloads, phone home traffic and attacks. After less than 24 hours in monitor-only mode, we put the device into inline blocking mode. The performance was amazing. We could not see or perceive a difference in speed while on the web. We then did some speed benchmarks and discovered something weird: The speed of access to the Internet was actually FASTER than it was without the Symantec Web Gateway. Then we found something interesting. What we discovered was that even with all our defenses, the Symantec Web Gateway had determined we had some systems that were infected with malware, some of which were trying to phone home. The Symantec Web Gateway blocked that traffic and then performed remediation of the infections on those machines. I could suddenly see time to clean infected systems being freed up.

World-class protection
The Symantec Web Gateway is truly a world-class product offering world-class protection.
We put it through its paces, to see if we could get around it and the extent of granularity in its filtering. Yes, it stopped proxies. Yes, it allowed us to open individual web sites that the rules blocked while allowing the others to remained blocked. Setup a custom policy-yes, that worked too. IP addresses instead of text-blocked them too! In fact, the Symantec Web Gateway blocked access, right out of the box, not only to known sites infected with Malware, pre-scanned file downloads for infections and blocked access to sites about weapons, illegal drugs, pornography and more, straight out of the box. Two weeks into the trial, we bought the device and now a full year later, we dont know what we would do without it. The Symantec Web Gateway has given us an extra set of hands and an extra pair of eyes. Doing what it does, we see more machines up and the problem caused by malware have virtually disappeared. Of course, the recovery of 20 percent on our heretofore used Internet access bandwidth is yet another truly measurable benefit.

How can I get more information on this subject?
Posted in this newsletter is a copy of the case study that was conducted on Hagerman & Company, Inc., and the way the Symantec Web Gateway made a major impact on our enterprise. Additional information is also available if you take a look at the Symantec web site, including features, applications and press release on this award-winning product (http://www.symantec.com/business/products/screenshots.jsp?pcid=pcat_security&pvid=web_gateway_1 ) . You can also check out the documentation on the Symantec web site. There is a PDF file on the appliance there and it is located at the following URL (http://eval.symantec.com/mktginfo/enterprise/fact_sheets/b-web_gateway_DS_20045513.en-us.pdf). Look at the case studies. Contact us!  If you have questions or comments about this article, contact me.
 

All product names / logos, company names / logos are copyrights of their respective holders. John Boline is an MCSE, CNE, USE, a member of the Network Professional Association and the Microsoft Partner Research Panel, . The content herein is often based on late-breaking events. Much of the material is based on information from sources that are believed to be reliable. Hagerman & Company, Inc. disclaims all warranties as to the ultimate accuracy or completeness of the information. Hagerman & Company, Inc. and its employees shall have no liability for errors, omissions or inadequacies in the information contained within this article or for any interpretations thereof. The recommendations, positions and best practice policies outlined herein represent Hagerman & Company, Inc. initial analysis and therefore are subject to change as further information which may have bearing on these positions is made available. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice. Hagerman & Company, Inc. assumes no obligation to update the forward-looking statements made in this newsletter to reflect any change in circumstances, after the date of publication. Entire contents 2009 Hagerman & Company, Inc. All rights reserved. Reproduction of this publication in any form without prior written permission is forbidden

 

 

This page last edited on Thursday, June 03, 2010