McAfee Webgateway – Security Review

McAfee Webgateway – Introduction

McAfee Webgateway is an enterprise proxy solution combined with an antimalware gateway providing secure access to Internet and also filtering the unproductive web traffic for the employees.
From the operational point of view, McAfee Webgateway is for technical personnel. The User Interface is easy to use but the multitude of options for the web policy could be a challenge at the beginning. I’ve used this solution as a customer for 3 years and I won’t lie to you that it was easy  when I’ve started. After a couple of months of using it and after a lot of “trial and error” configurations (I always prefer to learn by myself) I’ve started to understand the full potential of this solution.

 McAfee Webgateway – Features

If you use any kind of enterprise proxy solution (Bluecoat, Websense, etc…) you will probably know what this kind of product can do. Basically all the products meant to protect the Internet access have similar features but if you are the kind of network admin who likes to go deep in the configuration and have the mean to totally control the web traffic, then McAfee Webgateway is your friend. I will try to briefly point the main features of the solution but if you want more details don’t hesitate to ask here and I will answer as fast as I can.

– it has full integration with Active Directory; the device is actually joined to the domain and acts as a computer, having access to the domain objects which provides full identity awareness

– if direct access to Domain Controllers is forbidden by security regulations, don’t worry, you can use a special software package who can relay the information about users to the gateway

– it has it’s own clustering solution based on VRRP, with active-active configuration; you can add how many gateways you need because the license permits this

– the nice thing McAfee Webgateway has is the licensing model which is based on the number of users not on the number of gateways or of the devices in the company; you can add how many gateways you need in your cluster without paying extra; the servers are not counted in the license

– there is integration with LDAP for authentication in the Web GUI and it has custom profiles for access (it has a permission tab for each object allowing you a very granular security profile)

– for Internet access you can use multiple authentications like: NTLM, Kerberos, LDAP

– the gateway can be deployed in explicit proxy mode or transparent mode, with some combinations of course

– the policy is based on rule sets which are basically collections of rules grouped by their purpose; each rule set has a matching criteria so the parsing engine won’t parse the rules inside if the matching criteria is not met, this way optimizing the hardware resources

– each rule has it’s own match criteria which can be a combination of a lot of functions like destination URL, time and date, client IP, web category and many many others and when I say many, I mean it; probably you will never use 90% of the functions but they are there, in case you want them

– something really powerful at the rule matching criteria is the ability to use logical operators (AND / OR), grouping them using the “(” and “)” obtaining an advanced logical matching criteria

– the antimalware rule set has 2 antivirus engines (McAfee and Avira) and also a behavioral engine meant to detect suspicious active content (java scripts, activex, flash); starting with version 7.4, which is still controlled release at this moment, McAfee Webgateway has full integration with the McAfee Advanced Threat Detection solution so any suspicious executable that passes the gateway will be sent for deep analysis to this sandboxing device

– the error pages are fully custom; you can add whatever HTML code you want and also java scripts

– reporting is done using the Webreporter solution which is included in the license or using the Content Security Reporter which is a module of ePolicy Orchestrator, which is also included

As a final conclusion, McAfee Webgateway is a very powerful solution which empowers the security officer or the network administrator to enforce whatever combination of security policy requirements in the Internet access gateway.

For more information you can visit McAfee website here.

mcafee webgateway