Product Review: GFI WebMonitor 2015

by [Published on 3 Feb. 2015 / Last Updated on 3 Feb. 2015]

This review is for GFI WebMonitor 2015. The review was conducted in a standalone Lab with a controlled number of users.

Product: GFI WebMonitor 2015

Product Homepage: click here

Free Trial: click here

What is GFI WebMonitor?

GFI WebMonitor, the latest 2015 generation of the WebMonitor product from GFI. Built from the ground up, it’s been completely redesigned from an interface perspective and has a different look and feel to any web gateway product that my team and I have used. The product reminds me of a modern ISA or TMG - one of my favourite topics! :)

The Trial

We started the trail in our Lab using an HP G7 server with 8GB of RAM and an 8Core CPU with 100 GB of HDD space. More than enough capacity and the CPU didn’t ever peak over 5%.

The Installation

The full installation took under 2 minutes, which is great.

It was noted that a Reboot was required. This is common, however I installed the software remotely and was kicked off the server during the installation before it required the reboot, I think this is something GFI could fix as in other products such as ISA and TMG the technology made allowances for detecting my source address and added it to the local ACL and does not drop me off whilst installing the software remotely.

The software also checks for a newer build before installing which is handy.

The software then asks for access permissions to the interfaces and the domain using the logged in account. We recommend an account be created for this purpose as it allows for more control in future.

The product installs the following:

  • Microsoft Visual C++ Redistributable
  • Microsoft IIS Express
  • Microsoft Report Viewer

The Configuration

The configuration process was concise with lots of auto detection happening. The GFI software detected the following:

  • The Operating System,
  • Auto Network Settings Detection,
  • Auto Network Interface Detection
  • WPAD Detection.

I was quite happy with all the detections, it made the process a no brainer and much easier to install and get configured compared with other proxies.

The software listens on port 8080 by default, this is the same as ISA and TMG, which is great and also congruent with how proxies should be. This ensures that it’s simple to remember and also easy to replace an ISA or TMG if need be from a proxy perspective.

The software publishes the GFI webproxy settings in WPAD, which is handy and saves time and makes it seamless, the GFI team have really thought this through, well done!

The software has Proxy Authentication capabilities and can chain to upstream proxy, which again reminds me of the ISA days and that’s great as it ensures that it can easily scale to enterprise grade.

In the next few months we will undertake a project for 10 000 users and will try this product to see if it can scale on a human scale. On a bot scale a script load of 10 000 users was placed on it and it handled it with no problem.

The interface is a well-designed HTML interface we (our team) all had positive things to revert back, and the drag and drop is good to work with, however one negative would be that you require a modern up-to-date browser for the interface to properly render, but this is to be expected.

The licensing was configurable at install time, with the ability to supply your own key and change it at a later stage and update it on renewal if required.

My team noted that HTTPS Scanning is possible but when taking a closer look, this area although possible is not perfect. I think it needs some refinement to be 100% however it’s good enough for the requirements for when inspecting SSL. When SSL was being inspected the CPU peaked a bit but that was to be expected.

The product can display warnings to the client before decrypting the traffic (block expired, non-validated and revoked certificates). This is a good notification feature and we liked playing with this functionality, as our corporate customers sometime require this for HR and compliance purposes.

Documentation

The documentation is good and of a high standard. There are some video tutorials, a knowledgebase, the user manual and a user forum (well constructed). Overall we rated the documentation one of the product's greatest strengths.

We only referred to the manual once, but went into this to see what the quality was like and it was very good compared to most products in the same class.

Additional documentation can be found here.

Additional features

Although the product is primarily a Web Filtering Application, there are some additional features that stand out.

  • 3 AV engines (BitDefender, Kaspersky and VIPRE) that scan downloads in real time
  • Web categorization and reputation-based filtering policies for over 460,000,000 URLs. GFI WebMonitor allows you to block access to specific websites as well as define web filtering policies, allowing or restricting access to particular categories of websites on a per user, per IP or department basis.
  • Application control allowing applications to be managed.
  • Malicious URL blocking, this allows blocking and management of potentially dangerous sites or known hacked sites filtering to prevent malware from being downloaded onto your network.
  • Customised user pages so that when a blocked message comes up it has corporate logos and messages that could potentially link to your internal HR website or Intranet.

Pros

Web filtering

The product has the ability to efficiently filter the web port 80 and 443 traffic, we were able to quickly manage this traffic and also QOS it. This also made it easy to manage cloud apps that traverse these ports. We were surprised at the ease of use, the configuration worked on one of our tablets.

Application control

There is module built into the product that easily allows for the administrator to configure the control management and reporting of cloud-based applications so that it is simple to manage these apps, the use of the new generation cloud data storage solutions that we have all seen a surge in recently.

This is a good solution if managed correctly and together with good corporate policy, using GFI WebMonitor 2015, we found it easy to block and report on cloud application usage.

The configuration took some getting used to but once we used the application and used the video tutorials our most junior members of the team were applying quite advanced controls.

Legal liability

Using this solution within your organisation you are able to quickly limit access to a broad range of illicit and potentially harmful and non-politically correct sites. The software can easily help to maintain compliancy and has sufficient logging for most corporate requirements.

Malware and virus detection

The product boasts the capability to detect; malware, viruses and Trojans by using its scanning technology in stream, using no less than 3 scan engines and up-to-date pattern files. We put some nasties on several websites and tested this; it caught all of them - it works!

Data loss

With the software it’s possible to configure the web browsing policies to limit data loss by restricting access to services and websites that could potentially lead to data loss.There are a number of configuration options and we were able to quickly block the usual suspects.

Bandwidth management

Bandwidth management is possible by restricting access to non-work related sites and illicit sites. You are able to quickly report on the top five talkers and the top five websites so that you can define a policy that will reduce the utilization of these sites and free up your bandwidth resource.

You can also monitor, control and secure Internet usage on your network using the software. The software also allows the administrator to monitor the employees’ browsing activities including downloads; this can be achieved through the drill-down reports.

It is also possible to manage access to categorised websites or by blocking access to non-work-related websites and web base resources including social media.

The website blocking can be set to ‘soft’, where the employees receive a warning that the particular policy is being violated or enforced or “aggressive” where user access is entirely disabled.

The Web categorization and reputation-based filtering policies are for over 460,000,000 URLs (these are updated daily). We could not test them all but the multiple websites we visited with the intention to bypass the controls were blocked.

The software can block access to specific websites as well as pre-defined web filtering policies; this includes particular categories of websites on a per-user or per-IP or department (group) basis.

It’s possible to control access to the websites in the categories, these include adult sites, gaming, gambling, email, travel, Peer 2 Peer, social media and many more - it’s worth a look.

The software also has a reasonable antimalware platform to help stop malware from getting onto the network or the endpoints through the websites.

Content management is another possibility with this proxy, we were able to create a policy that prevented the downloading of executables and ZIP+rar files, we then tried with videos and MP3 files and it worked too.

These policies were simple to configure and easy to implement and we were able to schedule the controls during working hours so that during lunch time the employees had un-feted access to social media and videos but during work hours access was restricted to these resources. We were also able to setup a time limit for media categories so that someone could use YouTube and the BBC for 10 minutes a day only. We found this quota system very interesting.

Cons

  • Cuts off the admin during the installation if product is being installed remotely
  • Requires a reboot after the install to full install
  • HTTPS scanning not perfect but usable
  • Remote management has to be through the web console as the other forms are quite unreliable.

Conclusion

The product, GFI WebMonitor, is responsive, easy to use and scalable compared to previous versions of the product and other available solutions in the same category.

The product enables the administrators to allow for users to use the Internet in a usable state whilst managing and controlling the interaction. Preventing accidental or intentional use of illicit content or sites that can cause malware infections, legal liabilities and data loss.

The software allows for granular control and is in the next generation of webproxies.

Typically we deploy webproxy solutions like this one to between 50-20 000 users but in most cases we found competitive software cumbersome to manage. The GFI solution seemed vastly simpler to manage and the team is keen to test it in the wild.

WindowSecurity.com Rating: 4.5/5


More information about GFI WebMonitor 2015 or download a free trial.

See Also


The Author — Ricky M. Magalhaes

Ricky M. Magalhaes avatar

Ricky M Magalhaes is an International Information Security architect, working with a myriad of high profile organizations. Ricky has over 16 years of experience in the security arena covering all ten domains including best practice and compliance. Ricky is a strategist on security and innovating creative ways to achieve compliance and mitigate risk, to many blue chip entities and forms part of the advisory boards to many organisations worldwide.