Corporate Web filter

Hi guys, anybody here recommend a good enterprise level web filter. My company's considering getting one and would like to research what's out there that provides excellent anti malware, content category filtering, and of course good management interface.

 

Syk69, if you're looking for a suite, I'm not the guy to advise. Although Symantec has good suites.
For business content filter, you can check www.k9webprotection.com

 

Thanks but that's installed on client machines. Looking more for a server software type appliance or hardware appliance.

Anyone familiar with untangle or cisco iron port? Would greatly appreciate your experience with them.

 

You could use OpenDNS if you are on a tight "Budget".

-http://www.opendns.com/-

Then there is the "pricey" BlueCoat.

-http://www.bluecoat.com/-

 

I use a NetGear Prosecure UTM25, and the content filtering on it so far has been very good. It has also tested really well in independent testing against malware, and it is much cheaper than most of your alternatives that offer the same services. The only thing to be aware of is their is not much literature out on the Prosecure yet because its a new product line. Their phone tech support has been nice though so the lack of literature has been made up for by their friendly staff. Not that I really needed much support. I just had a few question for them so there's been no problems with the unit. I purchased mine through the website below, but i would recommend you also visit Netgear's homesite as well. -http://www.netguardstore.com/ProSecure.asp?source=netgear

Edited...BTW... I had to wait for 3 weeks to get mine because of back orders. If you decide to go with Prosecure then you may want to ask if you will have to wait due to back orders. There may not be any at all, but I would check if you order through the same site I did.

 

Thanks will read into it. Will see if it can handle enterprise level environment (10k users)

 

What firewall/proxy do you currently use?

Ideally that's the place that you want to be doing this stuff. Keep in mind most vendors license one of two ways - by the user or per box. With 10,000 users you're likely to come out of it better with the latter.

Juniper and Palo Alto Networks are the two vendors I'm familiar with. Both license by the box, Juniper is pretty basic and almost "traditional" firewall with URL filtering, the Palo Alto Networks kit is way more advanced and lets you do URL filtering, application level filtering, user level, all sorts.

Where a lot of these products fall down is reporting. Most will do enforcement just great, but that's their primary job. If you have to run off a bunch of reports every week/month I suspect you're more likely to want to look at something like Websense, but you will pay handsomely for that.

 

Might be worth considering? : http://www.brightcloud.com/solutions/enterprise.php

 

Thanks for these suggestions. Yes reporting is important as well. Right now we got Checkpoint security gateway software blades. We are considering getting the IPS, application control and antimalware modules activated. But if there is something better we will consider it. Right now we are getting hit with a lot of P2P usage, mostly downloading of copyrighted content. But also fake av junk. We have McAfee enterprise but it lacks 0 day type protection without affecting usability. We have looked at websense but if there is something less expensive we are all for it.

 

I presume you're already doing the normal corporate things i.e. you only allow out the basic/bare minimum ports required and don't simply allow everything?

I would take a look at something like the Palo Alto boxes - best I know of if you want to know what applications (applications, not ports/protocols) are being used into and out of your LAN.

They aren't as cheap as something dumber like a Fortinet/Juniper but they are very good.

I believe Checkpoint have something similar available, last time I dealt with Checkpoint, which was a long time ago, the licensing was a total killer - maybe that's changed though.