M86 Secure Web Gateway 3000
September 01, 2010
£2,827 for appliance; £4,930 for one-year SWG licence for 500 users (exc VAT)
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Good reporting features, tough on the latest web threats, policy and rule-based security. This is a classy hardware platform
- Weaknesses: Data leakage prevention feature has some issues
- Verdict: SWG 3000 delivers a tough defensive barrier against the latest web threats while supplying a unique range of security measures
As web attacks get ever more devious, vendors have to be even more cunning. The Secure Web Gateway (SWG) appliances from M86 Security provide a unique solution, with its patented active real-time content inspection designed to identify malicious code and block it.
The SWG 3000 targets SMBs. It is good value: you pay a one-off fee for hardware, with yearly subs to M86's security services costing around £10 per user for 500 users.
Plenty of options are on offer and for AV there's Kaspersky, McAfee or Sophos. URL filtering can be handled by Websense or IBM's Proventia and HTTPS scanning is another extra.
The SWG 3000 appliance is a top quality IBM System x3250 M3 rack server, with 2.4GHz quad-core X3430 Xeon, 2GB of fast DDR3 memory and a single 250GB cold-swap SATA disk.
M86 offers a caching kit for a further £653. It has to be retro-fitted, so install before you deploy.
ActionScript is now on M86's radar, so the latest Flash and PDF-based threats can be nullified. Its DLP scans documents for specific keywords. It can scan FTP, HTTP and HTTPS traffic.
Amazon's EC2 (elastic compute cloud) service lets you distribute scanning to hosted services.
We found deployment easy as SWG 3000 defaults to an explicit proxy so you just configure your clients to use it. You can also use it as a transparent proxy, but LAN-to-WAN traffic must be redirected.
Usefully, you get a set of default policies, so you can start filtering straightaway. You can apply different policies to each user group and use proxy authentication.
Each policy has sets of rules and this is where you get to see M86's active real-time content inspection in action. To handle malicious code, the appliance inspects it to see what it would do. If it doesn't like what it sees, it blocks it.
The interval between a new threat emerging and protection being provided is covered by M86's Anti.dote service. Spyware gets a tough time too.
Each rule within a policy focuses on a specific threat type, so you'll have ones for malicious content, file blocking by extension etc. URL filtering is configured using rules and for Websense you have over 50 categories to choose from.
Websense URL filtering performed superbly: we were denied access to all bingo and games sites we tried.
Social networking was also handled well, but it would be useful to have a URL lookup tool.
The new data leakage prevention feature worked fairly well but isn't perfect. Using various webmail accounts, we attempted to send Word, Excel and PDF attachments containing banned words and these were all blocked.
SWG 3000 was unable to block text files containing banned words. Access to our test FTP sites was also problematic, as the appliance defaults to changing active FTP sessions to passive. M86's helpful support staff remedied this issue.
Logging and reporting tools are plentiful. Reports are predefined, but there's a good choice. You can generate reports and export the results to PDF, Excel or HTML.
Apart from the data leakage protection issues, the SWG 3000 performed very well. It is easy to deploy and offers a range of unique security measures.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry