M86 Secure Web Gateway 3000
Strengths: Good reporting features, tough on the latest web threats, policy and rule-based security. This is a classy hardware platform
Weaknesses: Data leakage prevention feature has some issues
Verdict: SWG 3000 delivers a tough defensive barrier against the latest web threats while supplying a unique range of security measures
As web attacks get ever more devious, vendors have to be even more cunning. The Secure Web Gateway (SWG) appliances from M86 Security provide a unique solution, with its patented active real-time content inspection designed to identify malicious code and block it.
The SWG 3000 targets SMBs. It is good value: you pay a one-off fee for hardware, with yearly subs to M86's security services costing around £10 per user for 500 users.
Plenty of options are on offer and for AV there's Kaspersky, McAfee or Sophos. URL filtering can be handled by Websense or IBM's Proventia and HTTPS scanning is another extra.
The SWG 3000 appliance is a top quality IBM System x3250 M3 rack server, with 2.4GHz quad-core X3430 Xeon, 2GB of fast DDR3 memory and a single 250GB cold-swap SATA disk.
M86 offers a caching kit for a further £653. It has to be retro-fitted, so install before you deploy.
ActionScript is now on M86's radar, so the latest Flash and PDF-based threats can be nullified. Its DLP scans documents for specific keywords. It can scan FTP, HTTP and HTTPS traffic.
Amazon's EC2 (elastic compute cloud) service lets you distribute scanning to hosted services.
We found deployment easy as SWG 3000 defaults to an explicit proxy so you just configure your clients to use it. You can also use it as a transparent proxy, but LAN-to-WAN traffic must be redirected.
Usefully, you get a set of default policies, so you can start filtering straightaway. You can apply different policies to each user group and use proxy authentication.
Each policy has sets of rules and this is where you get to see M86's active real-time content inspection in action. To handle malicious code, the appliance inspects it to see what it would do. If it doesn't like what it sees, it blocks it.
The interval between a new threat emerging and protection being provided is covered by M86's Anti.dote service. Spyware gets a tough time too.
Each rule within a policy focuses on a specific threat type, so you'll have ones for malicious content, file blocking by extension etc. URL filtering is configured using rules and for Websense you have over 50 categories to choose from.
Websense URL filtering performed superbly: we were denied access to all bingo and games sites we tried.
Social networking was also handled well, but it would be useful to have a URL lookup tool.
The new data leakage prevention feature worked fairly well but isn't perfect. Using various webmail accounts, we attempted to send Word, Excel and PDF attachments containing banned words and these were all blocked.
SWG 3000 was unable to block text files containing banned words. Access to our test FTP sites was also problematic, as the appliance defaults to changing active FTP sessions to passive. M86's helpful support staff remedied this issue.
Logging and reporting tools are plentiful. Reports are predefined, but there's a good choice. You can generate reports and export the results to PDF, Excel or HTML.
Apart from the data leakage protection issues, the SWG 3000 performed very well. It is easy to deploy and offers a range of unique security measures.