Can your web protection system stand the heat?

Danny Bradbury

If web protection systems were kitchen implements, they would sell by the millions. They slice and dice traffic, and sieve out the nasty online destinations that employees shouldn’t be visiting. They weigh the effect of web surfing on network bandwidth, and blend together policies that give users the productivity they need, while protecting them (and your clients' companies) from legal liability.

Just as in the kitchen, though, not all multi-purpose devices do what they claim very well. Here are some features to evaluate in a web protection system, to ensure that it is capable enough for an enterprise environment.

It prevents people from visiting sites they shouldn’t

Out of the box, a web protection solution should stop employees from visiting sites that you don’t want them to see. These sites can fall into a number of categories, stretching beyond the obvious ones, such as adult sites, gambling sites, or malicious web destinations known to deliver malware. Evaluate the extent of different categories, and find out how well populated they are.

It can live outside the datacenter

Cloud-based web protection systems lead to lower cost. Instead of paying for software licenses and server hardware up front, you can pay on a per-user basis as you go, minimizing the upfront investment.

The last thing that you need is to spend hours configuring on-site software that takes up server resources and needs regular patching. A cloud-based web protection system can also eliminate the hardware and management overhead found in on-premise installations, presenting you with a simple web interface with which to protect your clients.

It should be easy to configure…

That interface should offer you the maximum level of protection with the minimum investment of time and effort. Web protection policies implemented centrally should ideally address issues that business people understand, such as a loss of productivity, legal liability, or bandwidth control. By grouping these policies together in business-centric ways, and by enabling administrators to turn these policies on for broad ranges of devices, organizations can place large numbers of users under a protective shelter pretty much out of the box.

…but flexible enough to tweak

One size rarely fits all, so a web protection system should be customizable enough to deal with edge cases that need their own particular rules. For example, social networking sites can represent a productivity loss to one kind of worker, but may be vital to another, such as a marketing administrator. Other staff may get Facebook access during the lunch hour, but not at other times. And different kinds of device in different locations (such as at an end user’s home, for example) may need different levels of protection.

It reacts to the Internet quickly

The web moves at the speed of light, so why shouldn’t your web protection solution? Keeping up with the latest developments online is crucial for any system aiming to protect your clients' employees from new threats. Look for systems that constantly update themselves with new signatures and lists of dangerous URLs or IP addresses.

It reports in a way that you can understand

A web protection solution should provide an easily digestible, bird’s eye view of trends in web access, using interactive graphical charts that will help you spot emerging problems in your clients' systems. These might include people flocking to a new viral website that is draining network bandwidth, for example. You’d be amazed how often the same person can get joy from watching Gangnam Style on the company dime.

Just as some kitchen gadgets claim to do everything but don’t really deliver the goods, so some web protection systems claim to slice through all of your security problems but quickly go blunt. Be sure that you have all the right ingredients when making a choice – otherwise, things could quickly go sour.