 |
|
|
|||
| |||||
Company: LCS Enterprises
This company wants to monitor and block employees' access to non-work-related Web sites, as management believes employees are wasting too much time on the Web.
Approximate budget:Â Open.
Requires:Â Web content filtering software or appliance suitable for 200 concurrent users.
Concerns: The company is most concerned with the ease and flexibility of applying and customising rules, getting updates, and using/importing custom lists of Web sites. The ability to apply different policies to different groups or users will be highly regarded, as will the ability to integrate with existing directory systems. Management tools and reporting will also be an important factor. The ability to block peer-to-peer file sharing applications or to prevent users from downloading spyware applications would be a bonus.
Best solution: The scenario winner in this case is a 50/50 tie between CA's eTrust Secure Content Manager (SCM) and Trend Micro's InterScan Web Security Suite. Really the features, ease of administration, and logging levels between these two applications are very close.
Look out for...
- Ease of tracking/identifying users, particularly if management want to audit certain employees Internet usage, the ability to correctly identify and track an individual within a company is important, therefore the company must ensure that their user logins and authentication systems are accurate and the filter that they choose enables easy identification preferably on network user ID, or IP address/MAC address.
- Support for custom white and/or black lists. Some sites which may be automatically blocked by the filters may legitimately need to be accessed by certain employees therefore white lists may be necessary to cancel out false positives.
- Granularity in applying rules to users or groups. Some users or corporate groups may require tighter or looser restrictions to the sites that they can access via the network therefore the greater the level of policy enforcement the application supports without getting too difficult to maintain the better.
- Ease of monitoring and management. What is desired is a system that generates no false positives, alerts the operator as soon as an event is triggered (with a full concise logged history) and can support 100,000 users over 100 sites... we may be going overboard here, but you get the gist. Logically if it isn't easy to operate, monitor, and maintain it will potentially become a burden to the administrators.
