Eight questions for secure Web gateway successBy Sandra Gittlen
Choosing a secure Web gateway product or service can be challenging. Here are eight questions you should ask vendors to help determine which offering is right for your network.
1. What is the average latency for your offering?
Before you start to approach vendors about their products, you have to first figure out how much latency you can tolerate. For instance, if your users are depending on Web-based applications for real-time productivity, such as salesforce.com, then your latency has to be low. Make sure vendors know what applications will be monitored and/or controlled by the secure Web gateway so they can answer the latency question appropriately.
2. Did you build or buy the various parts of your secure Web gateway?
Since most secure Web gateways have been cobbled together based on piece parts from mergers and acquisitions, this is a critical question. While you don't have to shy away from companies that have meshed several products together, you do want to make sure they've integrated the products into a single management console and have made installation, upgrades and policy management a seamless process.
3. How does your technology roadmap mesh with my priorites?
Many secure Web gateway companies are still working on the various parts of their offerings. For instance, they might be strong in URL filtering, but weaker in application control. First determine the priorities for your own network – for instance, is malware filtering more important than application control – and then match your needs to the vendors' plans. Verify that your top issues will be addressed in products being delivered in the next few months.
4. How do you handle policy enforcement and management?
If you're a large enterprise with remote or branch offices around the world, you'll want a product with distributed policy enforcement and centralized policy management. You do not want to deal with backhauling Internet traffic to a central point just for policy enforcement – it's sure to create an instant bottleneck. However, you also don't want to have to set individual policies for hundreds of devices globally.
5. What form factors do you offer?
Today, there are a variety of ways to implement secure Web gateways: software, appliance, virtual appliance and service. If you are a company with numerous remote offices, purchasing and managing a device for each location can be expensive. Therefore, a service approach might suit you best. However, if you have a large IT staff and want more control over your network, then appliances might be the right choice for you.
6. Do you support bidirectional filtering?
Many companies have recognized that to be completely effective in the fight against malware, they must monitor both inbound and outbound traffic. For instance, they want to ensure that none of their machines have been compromised and are carrying out "phone home" commands that send sensitive data to remote machines.
Zero-day vulnerabilities are a common occurrence these days and secure Web gateway vendors should be able to tell you how they deal with these threats. Do they use non-signature-based methods such as heuristics and behavior patterns? If so, what are their success rates in detecting unknown threats? Ask for examples of malware they've been able to stop based on these methods. You'll also want to know what kind of performance hit having these extra safeguards causes. Then weigh your need for speed against your acceptable risk.
This is an often underrated part of the secure Web gateway choice, yet compliance rules dictate that you have strong reporting tools. You'll want real-time reporting in an easy-to-digest, centralized console that allows you to drill down into details. For instance, you'll want to be able to see the top users of various applications as well as the top threats for a particular time period. You'll want to make sure that the product or service you choose supports easy integration with your directory service.