Strengths: Good overall value, new HTTPS scanning feature, strong policy-based web security and Sophos' remote monitoring service
Weaknesses: High price for the appliance, although it does include support
Verdict: An easily deployed yet powerful solution for controlling web access in the workplace. This latest version adds plenty of valuable features
Appliances undoubtedly offer one of the easiest ways to implement network security at the gateway, but, once you add in the yearly costs of maintenance contracts and update subscriptions, many turn out very expensive.
This is a particular problem for smaller businesses on a budget. However, Sophos' WS1000 web filtering appliance aims to be cost-effective, as the base price covers updates and subscriptions, plus 24-hour global support.
Sophos has also designed its appliances to be easy to manage: it claims you're never more than three clicks away from any function in its web interface. Sophos also provides an in-house monitoring service where it keeps an eye on the appliance and advises you of any faults or problems. It uses the appliance's onboard sensors to check on the hardware, keeps track of all updates and will contact the customer directly if problems are detected.
The appliance is a Supermicro 1U mini rack server endowed with a reasonably good specification, that includes a 3.4GHz Pentium D with 4GB of DDR2 memory. The two internal 160GB SATA hard disks are configured as a mirror and Gigabit ports are provided for the LAN and WAN connections.
With Sophos' latest upgrades the WS1000 looks good value, as these include the ability to detect and block anonymising proxies, improved Active Directory support and, more importantly, HTTPS scanning. These are provided free and any appliances that don't have them implemented can contact Sophos' support site and download them automatically.
Installation in the lab was simple as we connected the appliance's separate configuration port directly to a workstation and followed a browser-based wizard.
The WS1000 supports three deployment modes, operating in routed, bridged or transparent gateway modes. Bear in mind that the routed mode is required for HTTPS scanning and AD integration. You'll also need to ensure the WAN port is operational during installation, as once the wizard has completed it downloads all required updates before proceeding further.
The web interface is a tidy affair. It opens with a smart dashboard that includes charts, graphs and dials showing web traffic volumes, bandwidth usage, update status and policy violations.
Sophos' philosophy worked well: we couldn't find any feature that was more than three clicks away from the home page. Small businesses will also approve of the fact that CLI access is not required for any function.
During the quick-start phase you are offered a choice of five predefined web filtering policies, allowing you to implement basic protection immediately.
You can modify your selection to suit once the system is running and then add extra policies to fine-tune security for different users and groups.
Along with the default policy you can create others and apply them to groups, individual IP addresses or ranges. With AD authentication in the mix, policies can be applied to specific users and will be enforced regardless of the workstation they are using.
A further advantage is that reporting facilities are able to provide full details of users' web-browsing activities.
Policy operations are easy to understand as the default policy applies to all users and if you're not on this guest list then you won't get in. Beneath these are additional policies that are used to customise access for different groups of users and are enforced in strict order of priority. Policy creation is a simple process as you select groups, AD users or IP addresses, pick from a list of 50 URL categories to block or allow and decide if the policy is active.
There's much more capability too: blocks can be enforced on up to 30 download file types, the policy can be active only on certain days and times and it can be expired after a selected date.
During testing we found the WS1000 delivered a very high success rate with its web filtering. We Googled for online bingo sites and of the 50 visited only three slipped through the net. It was even tougher on games: we were blocked from all 50 sites visited.
Social networking is a big issue nowadays and we had no problem blocking access to sites such as Facebook and MySpace, as they came under the Personals and Dating category. A further handy feature is the option to enter a URL or IP address in the dashboard to see what category it's classed under.
A test facility is also provided, to check that your policies are working correctly. From the Group Policy heading you can enter a user or IP address and a URL and find out what the assigned policy will do.
Reporting is also very detailed: you can view bar charts showing traffic volumes, sites visited and general throughput. For users, you can see who is violating your AUPs, who's using the most bandwidth and what sites are being visited. Policies can also be queried so you can see the top blocked sites, while perpetrators and systems that may be infected with spyware attempting to call home will be listed as suspect.
The results are presented as pie charts but the data can only be exported in CSV format for use in other reports.
Smaller businesses will find the WS1000 a good partner for enforcing AUPs. It's easy to deploy and manage, offers tough policy-driven web content filtering and the new HTTPS scanning and AD integration features bring a lot of extra value to this product.