Corporate Web filter

Discussion in 'other security issues & news' started by syk69, Jun 21, 2011.

Thread Status:
Not open for further replies.
  1. syk69

    syk69 Registered Member

    Joined:
    Feb 7, 2010
    Posts:
    183
    Hi guys, anybody here recommend a good enterprise level web filter. My company's considering getting one and would like to research what's out there that provides excellent anti malware, content category filtering, and of course good management interface.
     
  2. Technical

    Technical Registered Member

    Joined:
    Oct 12, 2003
    Posts:
    471
    Location:
    Brazil
    Syk69, if you're looking for a suite, I'm not the guy to advise. Although Symantec has good suites.
    For business content filter, you can check www.k9webprotection.com :)
     
  3. syk69

    syk69 Registered Member

    Joined:
    Feb 7, 2010
    Posts:
    183
    Thanks but that's installed on client machines. Looking more for a server software type appliance or hardware appliance.

    Anyone familiar with untangle or cisco iron port? Would greatly appreciate your experience with them.
     
  4. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    You could use OpenDNS if you are on a tight "Budget".

    -http://www.opendns.com/-

    Then there is the "pricey" BlueCoat.

    -http://www.bluecoat.com/-
     
  5. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,950
    Location:
    USA
    I use a NetGear Prosecure UTM25, and the content filtering on it so far has been very good. It has also tested really well in independent testing against malware, and it is much cheaper than most of your alternatives that offer the same services. The only thing to be aware of is their is not much literature out on the Prosecure yet because its a new product line. Their phone tech support has been nice though so the lack of literature has been made up for by their friendly staff. Not that I really needed much support. I just had a few question for them so there's been no problems with the unit. I purchased mine through the website below, but i would recommend you also visit Netgear's homesite as well. -http://www.netguardstore.com/ProSecure.asp?source=netgear

    Edited...BTW... I had to wait for 3 weeks to get mine because of back orders. If you decide to go with Prosecure then you may want to ask if you will have to wait due to back orders. There may not be any at all, but I would check if you order through the same site I did.
     
    Last edited: Jun 22, 2011
  6. syk69

    syk69 Registered Member

    Joined:
    Feb 7, 2010
    Posts:
    183
    Thanks will read into it. Will see if it can handle enterprise level environment (10k users)
     
  7. hutchingsp

    hutchingsp Registered Member

    Joined:
    Aug 2, 2007
    Posts:
    174
    What firewall/proxy do you currently use?

    Ideally that's the place that you want to be doing this stuff. Keep in mind most vendors license one of two ways - by the user or per box. With 10,000 users you're likely to come out of it better with the latter.

    Juniper and Palo Alto Networks are the two vendors I'm familiar with. Both license by the box, Juniper is pretty basic and almost "traditional" firewall with URL filtering, the Palo Alto Networks kit is way more advanced and lets you do URL filtering, application level filtering, user level, all sorts.

    Where a lot of these products fall down is reporting. Most will do enforcement just great, but that's their primary job. If you have to run off a bunch of reports every week/month I suspect you're more likely to want to look at something like Websense, but you will pay handsomely for that.
     
  8. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    Might be worth considering? : http://www.brightcloud.com/solutions/enterprise.php
     
  9. syk69

    syk69 Registered Member

    Joined:
    Feb 7, 2010
    Posts:
    183
    Thanks for these suggestions. Yes reporting is important as well. Right now we got Checkpoint security gateway software blades. We are considering getting the IPS, application control and antimalware modules activated. But if there is something better we will consider it. Right now we are getting hit with a lot of P2P usage, mostly downloading of copyrighted content. But also fake av junk. We have McAfee enterprise but it lacks 0 day type protection without affecting usability. We have looked at websense but if there is something less expensive we are all for it.
     
  10. hutchingsp

    hutchingsp Registered Member

    Joined:
    Aug 2, 2007
    Posts:
    174
    I presume you're already doing the normal corporate things i.e. you only allow out the basic/bare minimum ports required and don't simply allow everything?

    I would take a look at something like the Palo Alto boxes - best I know of if you want to know what applications (applications, not ports/protocols) are being used into and out of your LAN.

    They aren't as cheap as something dumber like a Fortinet/Juniper but they are very good.

    I believe Checkpoint have something similar available, last time I dealt with Checkpoint, which was a long time ago, the licensing was a total killer - maybe that's changed though.
     
Loading...
Thread Status:
Not open for further replies.