GFI WebMonitor - Web monitoring and Security
With all the threats that Internet access can present to your users and your data, web security software is one of the most valuable investments you can make in your information security. Any solution should offer the following key protections:
1. Site blocking
2. Antivirus
3. Reporting and logging
GFI WebMonitor offers all that and more. GFI WebMonitor Unified Security includes both the web filtering and anti-malware capabilities, and can be installed as a standalone server or as an add-on to ISA or TMG. This web security suite can be installed on its own server or as a plug-in for TMG, and GFI offers a free 30-day-trial so you can evaluate it risk-free.
Installation: The installer for the TMG plug-in is straight-forward only requires a service restart, not a reboot. During the installation, you can choose to enable the optional HTTPS traffic inspection, which functions by dynamically creating certificates and acting as a kind of Man-in-the-Middle to HTTPS sessions. If you have Active Directory you can install the root certificate to the domain, so you can perform HTTPS inspection without having to touch user workstations.
If TMG is the default gateway in your office, there nothing else to do to start protecting users. If not, or if you are going to use the standalone version, you can use a Group Policy Object to configure client browsers to use GFI WebMonitor as their web proxy.
GFI WebMonitor installs with antivirus protections enabled, but website filtering disabled. The net result is that you get protection against malware automatically, but don't block any websites until you opt in for that protection. This keeps the potential for business disruption to a minimum, which is very important when first implementing any web security solution.
Content filtering: Implementing content filtering is straightforward. There are several out-of-the-box categories for websites to block based on topics like adult content, hacking sites, etc. In addition to the category lists, GFI has a database of sites based on reputation which is updated like a/v definitions.
Sites that were safe yesterday but got hacked last night can be blocked today; protecting users from hacks before the hacked site even knows they have a problem. And you can customize your controls exactly the way you want through both white and black lists.
More on antivirus: The antivirus capabilities of GFI WebMonitor includes multiple engines for scanning, as well as the ability to block/permit downloads by file type. If you use one antivirus product on your workstations, using two others in WebMonitor covers all your bases. GFI WebMonitor is able to scan not only regular file downloads, but also the "hidden" file downloads that many websites use to deliver media content or plug-ins.
Bandwidth Policies: A great feature of GFI WebMonitor is Bandwidth Policies. Instead of completely blocking access to streaming media, you can control how much bandwidth streaming consumes.
That way, users can visit YouTube for a how-to video or a vendor's website for training content, without consuming so much bandwidth that your corporate website or email system is impacted.
Logging and reporting: GFI WebMonitor also provides rich logging and reporting. You can run queries, generate scheduled or on-demand reports, and choose whether to anonymize usernames or not. This enables you to look at activity without violating user's privacy, but also investigate completely when the situation calls for it.
Overall, GFI WebMonitor is a very strong part of any defense in depth strategy. It is easy to install, easy to configure, and provides great protection for users.