Our client is a global leader in B2B distribution of Paper, Packaging and Visual Communication solutions. The UK arm of the organization has multiple sales and logistics sites around the country. The head office houses the majority of its IT users, with the remainder distributed across the other office locations.
The IT team is responsible for the business applications and communication tools that underpin the business strategy; increasing productivity, reducing cost and risk. The company’s IT infrastructure includes a number of tools and capabilities to control the risk to the business of cyberattacks and security incidents.
Part of those controls was a category-based web access filtering system – based on the legacy Symantec Blue Coat solution. This provided monitoring of web access, management reporting and the ability to log, block, or allow access to certain sites, based on categories. These products were now at the end of their lives (EOL) and were to be formally retired by Symantec.
Our client sought to implement a next-generation secure web resolution service alongside their legacy platform, without impairing its functionality, as a phased approach to retiring the EOL tools.
Following our consultation, activereach identified:
- A solution was required to replace the Blue Coat web filtering with platform support and updates.
- A solution was required for the devices that were restricting network capacity and performance and a lack of malware scanning.
- The service needed to be easy to deploy, reliable, provide category-based filtering and management reports and be transparent for all employees regardless of location
“With the removal of the network edge performance limits that the Blue Coat solution was imposing, activereach believed that the perception of web access performance would remain consistent and improved under certain traffic conditions.”
Andy Powell, Senior Account Manager, activereach
activereach proposed Netskope Next Generation Secure Web Gateway (SWG), a deceptively simple forward based proxy service that replaced a frequently overlooked common network service (domain name lookups) with a more sophisticated security-enabled service that tracks and secures all requests for web site access from our client’s computing devices.
The service has built-in reports, 80 categories of websites that could be used to build policies around, and introduce additional scanning for malware and viruses hidden in web traffic, which complemented the Sophos malware solution on the endpoints.
By design the Netskope Secure Web Gateway is resilient and the platform has redundancy built in, and so is scalable and fault tolerant.
The activereach/Netskope solution provided the ability to:
- Govern web use and provide a safe experience for users with URL classification and filtering, and web threat protection.
- Offer real-time policy enforcement and data protection for SaaS
- DLP for SaaS with out-of-the-box regulatory templates. For use with Netskope for SaaS.
- Threat Protection for SaaS including malware detection and threat intelligence. For use with Netskope for SaaS.
Deployment & support:
The secure web gateway service involves no hardware and is transparent for users – making it simple to roll out to all devices regardless of location. It simplifies the edge topology, removing performance bottlenecks. It comes with full administrative access for the IT and security personnel, and is fully supported including emergency malware remediation support in the event that a device appears to be infected at any point.
Our client had a good technical understanding, and knew the importance of engaging fully with a new service offering to maximize its benefits.
It has been beneficial for activereach technical support to be able to demonstrate its ability to handle individual support challenges, and having users willing to carry out tests and changes to platform settings where required.
activereach implemented the Netskope SWG resolution service alongside the current Blue Coat platform without impairing its functionality until the Netskope service ultimately replaced the retired system. Once set up on the platform to receive and process name resolution requests from our client, their IT members were at liberty to switch to using the target secure resolver service for any or all computing devices on their network.
For endpoint devices that were off of the corporate network (perhaps in a domestic or remote worker setting), a lightweight agent could be installed to override local resolver configuration and, instead, use the company secure resolution platform. This meant remote workers could continue to enjoy the protection of the web filtering and anti-malware scanning, but the company could now more effectively monitor and control security posture.
“Our web filtering measures could not keep up and we needed a solution that could offer real-time protection and automatically block web threats and malicious sites as they were identified.
With employees everywhere, users were going directly to the internet and bypassing the secure perimeter.
Netskope has given us back visibility and control and we are delighted by the level of support and technical input that we received from the activereach team during the onboarding and migration phases.”
Client Network Manager