Zscaler Offers Secure Web Gateway Features: Review

Under the Comply heading, I set DLP (data loss prevention) policies and enforcement options. Zscaler uses the term “dictionary” to describe a DLP rule. There are eight predefined dictionaries including “credit card leakage” and “social security leakage.” I effortlessly created new dictionaries by clicking Edit, Add Dictionary and then entering strings to search for and their weightings.

Dictionaries are then grouped into DLP engines. For instance, the HIPAA (Health Insurance Portability and Accountability Act) engine contains the medical information leakage and Social Security leakage dictionaries.

It all comes together under Compliance Policy, where I enabled or disabled engines, set the order in which they should run, and assigned users and applications where I could apply the rules. My attempt to send a message on Facebook containing a Social Security number was logged and reported accurately.

Analyze gives you very close to real-time inspection of traffic, which can be sorted by user or transaction, and then filtered by department, location, URL classification, security threat and the amount of time you want to include in the report. I could easily see that my test user had spent the last half-hour browsing for barbecued brisket recipes. As a forensics tool, this is very helpful for answering the “what-in-blazes-just-happened” question.

Flexible reporting

Reporting is a strong suit for Zscaler. One of my favorite features is the ability to set any report as a Favorite, then organise Favorites and select them directly from the dashboard. Reporting is very flexible. I could slice and dice, subset and analyse, double-click on just about anything and get more detail. Any report can be generated as a PDF simply by clicking the little PDF icon next to the report title.

It’s important to track web activity on a per-user basis, which most companies will do through integration with LDAP or AD. I created user accounts and selected to force authentication, but this did not actually take place until I turned on authentication under the gateway settings. (Incidentally, there’s also an “enable bandwidth control” on the same screen.) In most cases the Zscaler administration GUI provided the ease and power I needed, but in cases like this, it left me stranded.

SMTP services, new in version 3.0, provide a similarly comprehensive, multi-tiered array of inspection and mail delivery services. As expected, anti-malware/spam/phishing services inspect mail before it reaches your email servers. Email and web security options are shown right next to each other; this integrated management ensures greater security-policy consistency than if policy were managed through multiple products.

Spam filtering worked fairly well: Settings are done via a slider (dial up the spam!), but I found them to be too general. Settings can be tweaked on a domain, user or group basis, but they can’t be tweaked for content. So it’s just dialing up spam versus dialing up subprime mortgages and dialing down Russian brides.

Over a 24-hour period, the default configuration delivered more spam than I would’ve liked, but there were no false positives. I could probably slide the dial around to find just the right spot, but users don’t have access to their spam settings. More mature anti-spam products allow users to tweak their settings and access their quarantines.

It’s possible to define “inflow” and “outflow” email content policies. I easily configured all mail addressed to info@mattsarrel.com to be delivered directly to me. DLP works as well with email as it does with web traffic. I prevented myself from sending an email full of Social Security numbers to an external account. The email was blocked and I received a custom email explaining why it was blocked.

Zscaler can also perform gateway-to-gateway SMTP encryption and delivery assurance. Reporting for SMTP security services is as helpful and easy to use as for web security.