Web Security Gateways Forum

Vandy Va
Technical Support Manager at a financial services firm
Jul 09 2018
Secure Web Gateways typically consist of a number of features such as malware protection, URL filtering, content filtering, SSL content scanning, web based DLP capabilities. Deployment methods to look for include proxy, in-line and transparent \ bridge deployments as well as port mirroring\span port capabilities, ability to work with and integrate ICAP and WCCP.
Mehdi Gafsi
‎IT Manager with 51-200 employees
We are a medium size company with 120 employees across 3 offices and growing. We are still debating between a cloud solution such as Zscaler Web Security or iboss and a physical appliance such as Fortigate 201E. Which Web Security Solution do you recommend?
Jason PooleThis is a "how long is a piece of string?" type question. As the other vendors have said it is hard to recommend something fully without knowing all the background. Your background did stipulate that you had multiple sites and you were growing. Having a traditional deployment scenario will mean that you need to have a "box" at each site and add more boxes as you add more sites. Going with a more modern solution like Zscaler will allow more rapid growth opportunities - just add users, no matter where they are - also this allows you to restrict with a single policy in the cloud rather than on each device. AS others have said, be mindful of the proximity of the Zscaler because of latency, but they do have >100 POPS which you will probably find pretty local. Overall, there is a lot more research you can do, but I'm leaning towards a cloud offering from the branches. You might consider an SD-WAN device at each branch that also has FW built in. This would give you connectivity resilience at a much lower price, but perhaps this is a debate for another day :-)
Alberto E. Luna RodriguezIf all you are looking for is Web Security Gateway, I would not consider a UTM like FortiGate. I would go for something more specialized like BlueCoat (WSS or on premise), Zscaler, Cisco WSA and the like. Cloud options are good if you don't want to route all traffic to a central location which might be a problem if you have limited bandwidth. Some of the drawbacks could be latency, privacy and confidentiality (all traffic goes through a third party in the cloud). If you also need Firewall and VPNs for the different sites then an UTM device (FortiGates are great for this purpose) or perhaps a modern SD-WAN solution might be the way to go.
Rick MaxsonAnswer is , it depends... If you do any web based business with Banks or Governments then get a hardware solution like Bluecoat or Fortinet because web based providers can not provide you with a static source IP and you will fail security checks. I've been involved in corporate moves to the "cloud" using Zscaler and both went very wrong, very fast, a year later and they still have monthly outages because of the "cloud" providing random source IP's. If this is for a public internet access outside of your corporate network then you should be fine otherwise I suggest hardware you control.
Ariel Lindenfeld
Sr. Director of Community
IT Central Station

Sign Up with Email