Web Filter installed 360 miles north of Arctic Circle
CensorNet SWG is CensorNet’s next generation secure web gateway with built-in Cloud Application Control capability and the power to extend web access policies to Bring-Your-Own-Device (BYOD) initiatives.
Web access for employees is business critical and cannot be avoided. However, IT departments also face the challenge of how to accommodate trends like the rise of cloud applications and BYOD initiatives without compromising network security and bandwith. CensorNet SWG provides organisations with enterprise-class web access control, filtering and reporting whilst safely enabling the adoption of cloud applications.
The demand for cloud applications is unprecedented and the binary “allow” or “block” approach of traditional web security proxies either restricts cloud adoption or opens the flood gates to potential data breaches or misuse; in both cases having a negative impact. CensorNet SWG allows organisations to embrace the cloud application revolution by implementing discovery and analysis functionality across all devices used on the corporate network.
In addition, the solution provides a wide range of web access control functionality such as real-time anti-malware scanning, URL reputation analysis of billions of web pages, real-time image content scanning and a robust and sophisticated policy and reporting engine.
Cloud Application Discovery – Detect Cloud Application usage and activity within known applications and reveal which applications are in use on your network.
Security – provides robust web security and cloud application control capabilities including malware and web-borne threat protection, URL reputation and image scanning technology. Light or deep SSL scanning included as standard.
Management – provides a flexible policy engine, time and quota setting by user or device group and includes authentication, cloud application discovery and easy BYOD adoption.
Reporting – Offers real-time reporting including visibility of productivity and compliance by user, domain and actions, cloud application analysis, top trends and bandwidth as well as a customised report builder.
Deployment – The software can be deployed on a virtual server or physical server and is optimised for the most demanding networks.
Shine the light on Shadow IT – discover in real-time what cloud applications are in use across a broad spectrum of services, from Cloud Storage and CRM to E-mail and Social Networking.
Safe cloud application adoption – embrace cloud applications safe in the knowledge that actions within them, such as file uploads, posting messages and storing data, can be made visible and risk attributed.
Enable BYOD – allows employees to use their own devices and extends their web access policy to those devices for a consistent web-browsing experience
Increase network security – prevents accidental or intentional access to malware, inappropriate and illegal web-based content using the latest real-time scanning technology from BitDefender.
Increase productivity – embraces cloud applications, BYOD initiatives and limits access to time wasting websites during working hours.
Improve bandwidth availability – blocks or restricts access to bandwidth intensive downloads or applications.
Achieve compliance – helps compliance with BECTA , CIPA and other regulatory compliance related to web activity.
Rapid return on investment – prevents malware outbreak and associated down-time and costs which delivers instant return on investment.
Low total cost of ownership – a simple licensing model based on actual usage, easy deployment and no hardware or 3rd party software licensing requirements.
Reduce legal risk exposure – blocks known illegal content, inappropriate images and web content and creates an audit trail of activity for every user on the network should evidence be required.
Deployment & Network Diagram
The following diagram illustrates a typical network deployment for the Secure Web Gateway proxy.
- 64-bit physical or virtual machine* to run Linux (operating system is included)
- 4 or 8 GB of RAM
- Dual or Quad Core CPU
- 100 GB HDD
- At least one Ethernet interface
There are a number of ways the proxy server can be deployed to devices on the network:
- The proxy server address is configured in the web browser proxy settings explicitly, either manually or via Group Policy. This is best practice for domain based devices.
- The proxy server address is configured in the web browser via Web Proxy Auto-Detection (WPAD) over DHCP or DNS. This is best practice for devices which roam in and out of the network and you do not want the proxy settings to stay present when off-site. It is also useful if you wish to chain multiple proxy servers for simple fail over.
- The proxy server address is configured (usually via DHCP) as the default gateway for the device joining the network, which forces transparent proxying. This is best practice for BYOD. Authentication can be achieved via the Captive Portal.
- A combination of all the above is also possible, the methods aren’t mutually exclusive.
Out of the box, the proxy server is configured with a default policy and lightweight SSL filtering therefore it is possible to “install and go” however most customers will want to fine tune the policies and filter rules. The proxy server will listen on all available network interfaces and therefore if you want to use one proxy server for multiple subnets or VLAN’s you can simply add additional virtual or physical NIC’s to the server. These will appear in the Network settings page.
Best practice tips
- Wherever possible configure the browser proxy settings. This tells the browser it is using a proxy and therefore it will guarantee the best compatibility with web servers and web applications.
- Use your firewall to prevent proxy bypass by ensuring direct access to the Web (port 80 and 443) is only available from the proxy server.
- For BYOD devices, always set their default gateway to be the proxy IP address. This is much easier than configuring proxy server settings on the device.
What is Secure Web Gateway?
CensorNet Secure Web Gateway is designed to allow you to quickly and affordably implement a broad range of advanced web security features, ranging from traditional URL filtering and real-time anti-malware through to Cloud Application Discovery and Analysis. The SWG product supports simple or complex networks including VLAN and BYOD deployments and is therefore suitable for any size of organisation. Using Secure Web Gateway will increase productivity, make adopting cloud applications more secure, allow you to take control of BYOD devices, improve compliance and limit exposure to Internet borne threats.
The technical bits…
CensorNet Secure Web Gateway is a versatile web proxy server (HTTP/HTTPS) that filters web content using a number of techniques. These include a part-cloud based database of hundreds of millions of web sites, real-time and human inspection of content in multiple languages, real-time Cloud Application discovery and analysis engine, sophisticated image analysis, real-time anti-virus scanning and more. If you can access it in a web browser, it can be controlled by Secure Web Gateway.
The product itself is managed via an easy to use web interface and integrates seamlessly with Active Directory for single sign on authentication.
LDAP and Captive Portal authentication is also supported. The product supports granular filter rules using group based policies, scheduling, multiple administrator roles, computer and user identification, bandwidth monitoring, comprehensive reporting and more. For a full list of features please see the product features page.
Is this a software or a hardware product?
This is a software product which is available as a “software appliance” for use in a physical or virtual machine. The software is delivered as a downloadable .iso file (CD image). Installation takes approx 30 minutes.
The same software image can also be installed into a Virtual Machine, such as VMware ESX/i, Hyper-V, VirtualBox, XenServer, etc.
Please note that the machine must be 64-bit and all data on the hard drive will be overwritten by the software during installation.
Is CensorNet Secure Web Gateway suitable for schools?
Yes. CensorNet has a long history working with schools around the world to provide a safe Internet experience for pupils and students. In the UK, Secure Web Gateway has been accredited by the government advisors for education, BECTA, to ensure it is suitable for use within schools. The product also complies with CIPA and CensorNet are members of the Internet Watch Foundation, who campaign against illegal child abuse images online.
Do you provide discounts for education or not-for-profit organisations?
Yes, we do provide discounts on our normal retail price for education and charity customers. Please contact our sales team for a personalised quote.
Is there a “try before you buy” evaluation version?
Yes, you can try the software for 30 days before purchasing. The only limitation is time. If you decide to purchase, we simply issue a new license key by e-mail and you can continue to use the product for the term of your license.
How scalable is CensorNet Secure Web Gateway?
The proxy server is 64-bit and has been highly optimised to use all available server resources for maximum performance. We can support very large networks, for example with load balancers, high availability configuration and multiple proxy servers. There are many factors that need to be taken into account when considering scalability – such as number of users, devices, network bandwidth, server resources, policy settings etc. and therefore we recommend speaking to one of our technicians to discuss your specific requirements.
Does CensorNet Secure Web Gateway filter e-mail as well as web ?
No, please see our CensorNet Email Security solution for e-mail management, security and compliance.
Schools have a duty of care to provide a safe Internet experience for all their pupils and staff and need to demonstrate reasonable and effective measures to control access to the Internet.