- to control Web access. Its big advantage is that it's scalable, and provides granular usage reporting. The big players in this field include Websense and Surf-Control. However, the sophistication of Web 2.0 attacks and the speed with which their launch base and actual code can change means that URL filtering is no longer enough. It's still going to be a critical element within a WSG but needs to be combined with other technologies.
- Malware Filtering The aim of malware filtering is to catch malware entering and leaving the network. As with URL filtering, a database is used; in this case known malware signatures. The industry trend, though, is to employ similar techniques to antivirus engines, which use non-signature based methods such as heuristic scanning. For malware filtering to be truly effective, traffic on all ports and over all protocols must be analyzed from Layer 4 to Layer 7 as it enters or leaves the network. This delivers a proactive defense that can catch attempts to "phone home" since some malicious software invariably will get through. It also reduces the criticality of ensuring desktops and applications are patched and antivirus is up to date.
- Application Control Controlling the use of often unmanaged applications, such as IM, P2P and Skype, is becoming a critical part of network security. Interestingly, it is the one area where no one Web security gateway vendor really has a clear lead. Most devices can block or allow access only to specific groups or users. This is partly because new applications are emerging and adopted so quickly. IM and Skype are examples of how new applications can quickly become ingrained in work practices. To be truly effective, Web security gateways need to enforce a company's acceptable usage policies, selectively managing features of an application and blocking them where necessary.
ONE PRODUCT, MANY ADVANTAGES
Obviously, there are solutions available that offer these technologies individually. They're all necessary to properly secure the Web environment and using a combination of these point products can solve specific needs. However, deploying and managing them individually is complex and expensive and they are inadequate when operated in isolation. Most enterprise network administrators feel that they have too many security devices plugged in to their network already; all require staff to understand and maintain them, plus time to analyze the reams of data they produce
By bringing protective functions together within one device, Web security gateways streamline management. Administrators can set policy rules and parameters on one device, a far easier task than trying to enforce each policy across several different devices. This greatly reduces administrative overhead, particularly as there is only one device and one interface to grapple with. Managed Web security gateway services reduce the management burden even more.
Another big advantage with an integrated solution is that information can be pooled. The Web security gateways can cross-compare information to make a more informed decision as to whether traffic is potentially malicious. This makes traffic control, analysis and reporting far more effective.