M86 Secure Web Gateway

Jun 08 2011

A Closer Look at M86 Secure Web Gateway

The M86 Secure Web Gateway protects networks from malware and features tools that let IT staff set up customized security profiles.

The M86 Secure Web Gateway protects networks from malware and features tools that let IT staff set up customized security profiles.

July 2011 E-newsletter

Mitigate Risk with Layered Security

Play It Safe with DLP

Understanding Endpoint DLP

M86 Secure Web Gateway

The M86 Secure Web Gateway comes out of the box ready to protect organizations from a wide range of malware, virus and phishing attacks – but it does a lot more than that. The SWG also lets the IT department control what users do when they browse the web and protects against malicious webmail content. The unit also offers highly granular control over the network. For example, the SWG can set up a unique security profile for every person in the organization.

More realistically, the IT staff can customize the M86 so that specific policies apply to specific groups of users. It lets the IT staff create exclusions so that policies don't apply to users who may need access to sites that might otherwise be questionable. And when the staff sets parameters on site access, they can also protect against malware entering the network from any site, even those that are not blocked.


Where the M86 SWG really shines is in its malware protection. The unit tested for this review used an antimalware engine from Kaspersky Lab, although antimalware software from other manufacturers is also available. The SWG inspects traffic that flows through it from the web for signatures of known malware as well as behavioral characteristics of malware that hasn't been encountered before, effectively eliminating the threat of a zero-day attack. The SWG can even detect and block malware that arrives in separate pieces, in which one segment of the malware would invoke actions from a different file downloaded at a different time.

When properly deployed, the M86 SWG should be transparent to most users, whose access to the Internet is unimpeded. Only when they attempt to visit a blocked site will they be warned that the site is inaccessible and told the reason. Malware on the site will likewise be blocked without intervention from the user. The SWG also protects users from viewing inappropriate content on other sites, and they won't have to worry about attachments from their webmail or about social engineering e-mails that attempt to get users to visit sites that collect protected information.

Why It Works for IT

The M86 SWG offers the IT staff a vast array of configuration options that give users the access to the ­Internet that they need, while protecting the organization from malware. It protects the organization against issues that stem from users viewing inappropriate sites, and from the loss of productivity that comes from sites such as social networking or shopping. It also supports a full range of compliance reporting and auditing.

Because the SWG allows the IT department to group employees according to their access needs, the IT staff can give some users access to Facebook, while denying access to others. It can even allow access to sites that are blocked by default; for example, giving people in law enforcement access to sites containing child pornography, which would normally be blocked to everyone.

The antimalware features are kept current with daily updates that reduce the chance that malware will go undetected. But even if a malware signature isn't in the current update, the SWG can check the behavior of the potential malware and block it.


Organizations need to understand that the M86 SWG is designed for people trained in security management who are familiar with configuring security devices. This is a professional device for professional IT staff – it's not something that an admin in the HR department can expect to manage to its full potential.