• Malware detection – Usually based on signature files, reputation filtering (proactive blocking of malware based on its behavior, and a subsequent assigned reputation score), and proprietary heuristics, the typical set up usually includes multiple filters, one or more best-of-breed signature-based engines as well as the vendor’s own proprietary technology. Typical malware engines are updated multiple times a day. Malware can include spyware, viruses, worms, rootkits, and much more.
• Content/URL filtering – By filtering out unwanted websites based on URL, it enables organizations to manage and control the types of websites their employees are allowed to visit. Organizations can block unique websites, or select from pre-screened categories of websites. There are usually multiple categories, ranging from around 10 to 100, that make it easier to manage which types of websites are appropriate for the workplace. Categories often include millions of pre-screened sites, which are updated daily.
• Web Application Controls – This enable organizations to automatically block potentially malicious applications, and/or limit the use of non-work related applications, such as social networks and instant messaging. The available policies range from binary block/allow to intricate policies that can block/allow specific actions in a given Web application (e.g. posting on Facebook).
• SSL scanning – Since legitimate websites can unknowingly be the source of malware, web traffic over an SSL connection is also commonly monitored to enforce Web policies.
• Mobile Device Protection – is just as important as traditional workstation protection in the enterprise. The protection of mobile devices needs to address the fact that they are mobile, which some vendors approach with VPN settings.
• Bandwidth Controls – Allow administrators to completely block bandwidth-hungry sites like YouTube, or they can impose quotas that limit time spent or data consumed. This preserves bandwidth for legitimate traffic and application use.
Directory integration can be obtained via Active Directory or a variety of other protocols, such as LDAP. By integrating Web security tools with a corporate directory, organizations can use employees’ directory roles to assign and manage Web policies based on a user’s function and role in the organization. For example, the marketing staff can be granted full access to social media.
Management with an easy-to-use interface is offered by most vendors. The advanced component of a management interface occurs when there is a unified management interface for hybrid deployments. Many vendors still keep cloud-based and on-premises management interfaces separate. A unified management experience is certainly a great differentiator.
Reporting lets administrators view activity that happens on the network. Corporate Web Security solutions should offer real-time interactive reports on user activity. Summary views to give an overall view of the state of the network should also be available.