Web Security Gateways Forum

Anonymous avatar x80
‎IT Manager with 51-200 employees
Mar 15 2018
We are a medium size company with 120 employees across 3 offices and growing. We are still debating between a cloud solution such as Zscaler Web Security or iboss and a physical appliance such as Fortigate 201E. Which Web Security Solution do you recommend?
Jason poole li?1428261508
Jason PooleThis is a "how long is a piece of string?" type question. As the other vendors have said it is hard to recommend something fully without knowing all the background. Your background did stipulate that you had multiple sites and you were growing. Having a traditional deployment scenario will mean that you need to have a "box" at each site and add more boxes as you add more sites. Going with a more modern solution like Zscaler will allow more rapid growth opportunities - just add users, no matter where they are - also this allows you to restrict with a single policy in the cloud rather than on each device. AS others have said, be mindful of the proximity of the Zscaler because of latency, but they do have >100 POPS which you will probably find pretty local. Overall, there is a lot more research you can do, but I'm leaning towards a cloud offering from the branches. You might consider an SD-WAN device at each branch that also has FW built in. This would give you connectivity resilience at a much lower price, but perhaps this is a debate for another day :-)
Alberto e luna rodriguez avatar 1432051310?1432051308
Alberto E. Luna RodriguezIf all you are looking for is Web Security Gateway, I would not consider a UTM like FortiGate. I would go for something more specialized like BlueCoat (WSS or on premise), Zscaler, Cisco WSA and the like. Cloud options are good if you don't want to route all traffic to a central location which might be a problem if you have limited bandwidth. Some of the drawbacks could be latency, privacy and confidentiality (all traffic goes through a third party in the cloud). If you also need Firewall and VPNs for the different sites then an UTM device (FortiGates are great for this purpose) or perhaps a modern SD-WAN solution might be the way to go.
Anonymous avatar x30
Sarkis OvanesianI would recommend an Onsite Appliance but with High Availability included. Just being partial to a more hands-on approach, and liking to have it all under my fingers. No Real Pros and Cons just a preference. If you have to go there: There are a lot of questions that have to be answered first. Are you looking to secure only one location or multiple? One aggregation point with VPN to your offices or it's every man(office) for himself scenario? Sizeability - Cloud can be extended to meet your growing needs as with an appliance you are stuck with what you have and if you miscalculated the bandwidth you could be in big trouble especially if you have business critical processes going in and out. Exactly what roles will that security play, and what services it will provide to your network. Do you have Road warriors? You have to answer to yourself those questions first and I'm just scratching the surface here. I almost forgot: A must do is a POC, I found that despite how correct a vendor is with his calculations on the Bandwidth they are always wanting on resources, so I always opt out on a one or two steps HIGHER appliance. Just for an example: In a case with multiple offices and an encrypted VPN's throughout the offices with one aggregation point for connecting to the Internet. Everything is simplified greatly because most of the traffic is internal and only a small portion is going in and out. In case an appliance is used on all locations then the TOTAL Bandwidth would have been 20-25 times bigger than what it is in reality. Hope you make the right decision.I know that it wasn't exactly what you asked but hope I had been of some assistance.
Vandy va li?1425483753
Technical Support Manager at a financial services firm
Mar 01 2018
Secure Web Gateways typically consist of a number of features such as malware protection, URL filtering, content filtering, SSL content scanning, web based DLP capabilities. Deployment methods to look for include proxy, in-line and transparent \ bridge deployments as well as port mirroring\span port capabilities, ability to work with and integrate ICAP and WCCP.

Sign Up with Email