Solved

Web Secure Gateways - Taking it on the cloud

Posted on 2009-07-09
4
475 Views
Last Modified: 2013-11-22
Hi all...am here to seek your opinions.

Time has come for our Web Proxy / Cache renewal. I was wondering if it's the right time to look at alternative technologies. Our Current Web Proxy gateway belongs to the categories of Blue Coat / Secure Computing's Webwasher appliances.

I was looking at Messagelab's offering of provisioning Web security services and McAfee who now owns Secure Computing, start up its own Web Protection service. This is equivalent to taking this securing the web gateway service on the cloud with brings about reduction of admin costs.

What are the caveats here? For sure I would lose the local caching aspect bringing about a certain delay in responses to oft visited sites.
The questions are:

1. What are my options to keep a server (squid /ISA etc) internally for caching purposes while use these SaaS providers for everything else?

2. I need to undertake bandwidth management, assigning quotas of the total Internet bandwidth to different Active Directory group members. For example, my SLA with Dept. of Marketing is that they would be provided with 4MB of total Internet bandwidth at all times and Engineering would receive 8MB. I have Cisco Routers 2800s and ASA 5520 firewalls at the perimeter. Can I use these in any way?

3. If I take these services out on the cloud, how would I assign Internet browsing policies which are integrated with my AD groups? ( Maybe this is a question to be asked with messagelabs or McAfee but just thought of asking here for someone might have been there and done that.

Pls advise!!
0
Comment
Question by:fahim
  • 2
4 Comments
 
LVL 14

Expert Comment

by:Roachy1979
ID: 24821975
You can handle the bandwidth management and local caching using Squid:

http://pcquest.ciol.com/content/linux/103080904.asp

http://www.papercut.com/kb/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory

You can also use the Malware Block List within Squid....http://www.malware.com.br/

In fact, I can't think of anything that can't be done in house - while the maintenance cost may be higher due to increased internal resource usage, no licencing fees would be needed...
0
 

Author Comment

by:fahim
ID: 24876090
Thanks Roachy

From the bandwidth management perspective,as related in my second query, do I have commercial alternatives?

I read about packetshaper from Blue Coat but that doesn't fit the need as it's more from Packet shaping perspective. Does Cisco have anything up their sleeve? I want to avoid the open source way for the simple reason of inhouse maintenance unavailabiltiy.

0
 
LVL 14

Accepted Solution

by:
Roachy1979 earned 500 total points
ID: 24876911
Sorry....couldn't honestly advise.....we use Squid internally here!
0
 
LVL 1

Expert Comment

by:JohnArmstrong
ID: 39045485
Yes, Cisco has a product ' Cisco cloud web security', then of course there is market leader Websense and Mcafee which you already mentioned. Gartner group released a study in 2012 so you can check out who else made it to the magic quadrant.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco asax sourcefire Ips 7 65
PUP or Virus 6 71
Possibility of Outlook running on Linux 6 108
systemdown@india.com and McAfee 3 97
The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
A short film showing how OnPage and Connectwise integration works.
Concerto provides fully managed cloud services and the expertise to provide an easy and reliable route to the cloud. Our best-in-class solutions help you address the toughest IT challenges, find new efficiencies and deliver the best application expe…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now