If you're looking to upgrade your URL filter, you've got the upper hand with vendors of this new class of secure Web products. Use it.
"The time is now to get your security providers to add granular control over Web 2.0 products," says Peter Firstbrook, research director for Gartner's Information Security and Privacy group.
Firstbrook notes that the best news for IT departments looking to upgrade their Web point security measures (such as URL filtering) to an all-in-one secure Web gateway that adds to URL filtering, malware filtering, Web application-level controls and centralized management, is that vendors (he names Secure Computing as an example) are willing to negotiate on the gateway price.
"When your contract comes up for renewal, the scope of your product [or service] should be expanded to include other things," Firstbrook says.
To find the most appropriate product for their environment, IT managers must first measure how much traffic is being generated both inbound and outbound by Web-based applications. Applications to consider include blogs, Wikis, social-networking sites, instant messaging, Web conferencing, VoIP and peer-to-peer file sharing. These applications all have the potential for users to attract malware to their machines. You'll also want to factor in other Web-based programs, such as CRM or call-center tools.
Doug Camplejohn, CEO and founder of Mi5 Networks, says, "IT teams should have a baseline understanding of the inappropriate Web sites and applications employees are using." Some companies, including Mi5, offer to gather these measurements as part of the network-evaluation process that delivered as part of the sales process.
Of that traffic, IT managers will need to know how much is SSL-based that will need to be backhauled to a central site to take advantage of network-security tools. "Our SSL traffic is only 10% of our [overall] traffic, but it's the most important percentage, because that's where our vulnerabilities lie," says Chris Bress, CIO at Charlotte County Public Schools in Port Charlotte, Fla.
Bress, who brings all SSL traffic generated by his campuses through the network to his district-level BlueCoat ProxySG gateway appliances, says he couples WAN acceleration with his secure Web-gateway appliances to counterbalance the slowdown that can be caused by centralized SSL-packet inspection. He has two appliances at the district site for failover.
Another guideline to implement one of these Web gateways is to determine the acceptable risk in terms of productivity loss, bandwidth consumption and liability. This will help IT folks figure out what detail of control they'll want to implement both in terms of policy enforcement and URL filtering. It is important to note that the amount of traffic needing to be inspected and the depth of inspection can result in higher latency.
For the networks with a high risk factor, it may be crucial to go with a product or service that does some sort of nonsignature-based detection and filtering, like those offered by WebSense, which could help in detecting zero-day threats.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment