The fifth article in my series on web security concentrates on SaaS
Security SaaS is a (at least in part) externally managed environment where the discovery/protection elements are performed in the cloud.
SaaS
This is can be the simplest of all the solutions to maintain. Usually an extremely polished administrator interface is provided allowing efficient rule updates.
The really big advantage is the vendor based categorisation of sites and malware. This massively simplifies the administrator’s job.
I have reviewed several solutions over the years for my employer but the vast majority failed to inspire confidence as this is a very new Market. There are few SaaS providers with a proven record, especially as I was looking to provide Global, Follow the Sun support.
I will therefore concentrate on the shortlist I know best: ScanSafe and MessageLabs. Two services bought out in recent years by network or security providers.
Advantages
Both these solutions offer a core of essential and massive advantages.
- Single business-wide administration interface
- Multiple layers of Malware/antivirus protection
- Active categorisation of sites by third party
- Stable SLA covered infrastructure
- Global service coverage
- Low additional latency
- AD integration
- Remote/Roaming user coverage
- Comprehensive logging and reporting
- Quota limits
MessageLabs
MessageLabs are famous for providing one of the most popular anti-spam/antivirus email solutions available to business. A few years ago they broke into the Web Security[1] Market. The experience and size of MessageLabs implies, quite correctly, that this will an accomplished product. Especially so now that the company is owned by Symantec[2] .
MessageLabs offer a robust environment, the SLA offers an unbeatable 100% availability. This is a reflection of their confidence in their Cloud.
The system requires a MS Windows Squid application or MS ISA plugin to act as the on site component, forwarding requests to MessageLabs. This allows the AD users and groups to be forwarded.
A separate Linux/Windows app is available to synchronise manually the AD information.
ScanSafe
Now a part of the one if the largest security companies in the world, Cisco[3], ScanSafe[4] have been in the industry since 2004. The oldest firm in this SaaS sector.
Extremely simple to setup – simply point a proxy to their service (after registering) and you’re away.
You can use their AD Connector, available as a Linux Java application or an MS ISA plugin if you want AD or LDAP integration. If you don’t, simply point a Squid server at the service and you can set up IP address based rules.
For corporations ScanSafe offer independent configurations for each of your breakouts and a global overview of the whole setup. You can create rules at the global rule that are inherited by the child configuration.
Offering 99.999% SLA they also pride themselves on extreme availability.
Which?
Well, which service is better?
Personally I cannot separate the two so it came down to commercials and at the time that led to ScanSafe winning. However I strongly recommend a long trial of each with your environment to see if you have any distinguishing element between the two. I would suggest at least 30 days.
As always, check the support that is available – my experience of ScanSafe support had been excellent so far.
That completes my look at the options that are available. I will return to elements of this over time but if you want something specific covered let me know!
References
[1]MessageLabs.Com (Web Secuity.Cloud) 03/02/2011
[2]Symantec (Press Release) 03/02/2011
[3]Cisco (Press Release) 03/02/2011
[4]ScanSafe (About) 03/02/2011
Back to top
– Posted using BlogPress from my iPhone
– Posted using BlogPress from my iPhone
harlekwin 
Discussion
No comments yet.