Headquartered in Santa Clara, California, McAfee, an Intel company, is the world’s largest dedicated security technology company. McAfee customers range from millions of home users and the smallest startups to the largest government agencies and enterprises. The company has approximately 6,000 employees and a network containing 14,000 endpoints and network devices spanning the US and an additional 60 countries.
As a progressive and innovative technology company, McAfee needed a web security solution that offered robust protection and flexible policy options to accommodate the varying needs of its internal users. For years, McAfee relied on a content filtering and reporting solution. But this solution proved to be insufficient protection against the backdrop of today’s highly sophisticated advanced persistent threats (APTs) like Operation Aurora. This complex threat exploited a Microsoft Internet Explorer vulnerability and attacked dozens of leading technology companies in Silicon Valley in 2009, putting their sensitive corporate data at risk.
Another key requirement McAfee needed in a web security solution was the ability to deploy different levels of secure web access for the multitude of McAfee environments worldwide. McAfee needed a solution that would allow sales and marketing to safely browse external websites in the workplace and take full advantage of interactive, business-enabling tools offered by Web 2.0 like Facebook and Twitter. At the same time, for other job functions, such as physical security, the company needed to restrict web access to internal sites or certain whitelisted sites only.
Making the Switch to McAfee Web Gateway: Multilayered Protection Against Today’s Complex Threats
The web content filtering system McAfee was using previously provided robust centralized management and detailed logs reports on user activity that were stored for more than a year, but McAfee was looking for more—namely, a greater depth and breadth of protection and policy deployment options. Simply blocking unsuitable content and known malware-laden URLs was not sufficient in a threat environment where malicious code could be hidden in apparently good HTTP or HTTPS traffic or where millions of new threats emerge on a quarterly basis. Also, after watching respected industry peers fall victim to Operation Aurora, McAfee was intent on having uncompromising protection for its valuable and sensitive intellectual property and other corporate assets.
The McAfee internal security team turned to its own product portfolio for an answer and displaced its content filtering product with award-winning McAfee Web Gateway. With sophisticated cybercriminals now attempting to crack the once-bulletproof HTTPS protocol by coming in through the back door of secure sockets layer (SSL) traffic, McAfee security professionals liked the fact that McAfee Web Gateway inspects encrypted traffic and defends it from malware. Because traditional firewalls and intrusion prevention systems have little visibility into SSL traffic, this is a great advantage that McAfee intends to implement in the near future. McAfee Web Gateway exerts granular control over malware, scanning for and blocking malicious code while allowing access to an otherwise good site. Additionally, the appliance’s ability to scan outbound content using FTP and web protocols, including SSL, also fortifies the company’s data loss prevention capabilities by keeping vital information secure, ensuring regulatory compliance, and providing forensic data in the event of a breach.
“With McAfee Gateway antimalware coupled with McAfee GTI providing instant information feeds on emerging threats all over the world our endpoints and security products are instantly informed ... we can now react more quickly when we need to.”Tony Gunn
Director of Security Engineering, McAfee
Known for its immediate, or “zero-hour,” defense against Operation Aurora, McAfee Gateway AntiMalware Engine, unique to McAfee Web Gateway, filters malicious web content in real time, offers comprehensive antivirus protection, and works in concert with cloud-based McAfee Global Threat Intelligence (McAfee GTI).
“With McAfee GTI providing instant information feeds on emerging threats all over the world to our Security Operations Center, our endpoints and security products are instantly informed. We’ve found this to be far superior to .DAT signature updates because we can react more quickly when we need to,” says Tony Gunn, director of security engineering at McAfee. In addition, McAfee GTI reputation analysis assigns reputation scores based on security risk to massive amounts of web data compiled by the renowned global research organization McAfee Labs. This also enables McAfee Web Gateway to block malicious sites or malware in good sites more effectively and intelligently.
Flexible Policies for Everyone Everywhere
At McAfee, some business units, for productivity reasons, are allowed to access only internal sites, while others need the ability to access any and all content. For example, sales and marketing employees need to be Web 2.0-enabled so that they can take advantage of Facebook, Twitter, and other social media tools to reach out to customers more effectively. McAfee Web Gateway has the perfect combination of flexible and granular policy options for this type of mixed environment. The appliance utilizes Microsoft Active Directory and authentication to record user names and provide users with access to allowable data only. These capabilities are a great boon to the McAfee HR department, which determines access rights based on job functions, safe harbor, and the suitability of certain content.
“Having granular control over policy allows us to make business exceptions for groups of users. If salespeople, while they are at the office, need to access certain customer websites that may be blacklisted for other employees, we can easily change the policy to accommodate the sales team’s needs. And, anytime there’s a change in policy or when new people or devices join the network, policy updates are made automatically and distributed to all our locations immediately. We don’t have to wait until after business hours,” explains Gunn.
Another example of policy control and granularity involves how employees use HTTPS or FTP to download large files. While most McAfee users typically don’t need to download a 600 MB .zip file, technical support personnel often do. McAfee Web Gateway allows administrators to set up different rule sets to match the requirements of different groups.
IT Operations Made Simpler and More Effective
While the previous content filtering solution had centralized management capabilities, policy changes were done manually—administrators had to log in to each device to make the same update. McAfee Web Gateway’s single management and reporting engine surpasses its competitor’s capabilities and lightens the load on IT.
“With McAfee Web Gateway, we have now standardized on a single management console on all egress points and policy. We have appliances deployed globally, so keeping policies in sync is critical. McAfee Web Gateway makes this process more efficient and much easier,” Gunn states. “For example, the devices in the UK also manage the devices in China. This fits in perfectly with our network strategy and expansion plans, especially in Asia. We can provide the same level of security worldwide to all our employees without adding any management complexity. All of this contributes to our vision of IT simplification. Our long-term goal is to consolidate all McAfee Web Gateway devices in all locations to a single management cluster.”
“We have appliances deployed globally, so keeping policies in sync is critical. McAfee Web Gateway makes this process more efficient and much easier.”Tony Gunn
Director of Security Engineering, McAfee
While many competing products do a great job of operating transparently in the background to sniff traffic and block users from malicious websites and content, reliability can be an issue. Sometimes these devices need to be rebooted frequently. Even if this doesn’t necessarily cause outages for users, web filtering is disabled while the systems are off-line, so there could be lapses in the continuity of protection. The redundant configuration of 12 McAfee Web Gateway appliances deployed globally gives IT greater reliability, which translates to greater peace of mind. “We can easily remove one machine for maintenance or upgrades and not experience any disruption in coverage or our users’ ability to access the Internet,” continues Gunn.
McAfee Web Gateway appliances are also flexible enough to be deployed using a load-balancing device, which allows expansion and makes it easier to schedule maintenance windows for the systems. McAfee can add or remove McAfee Web Gateway systems from the virtual IP (VIP) to increase capacity or allocate capacity elsewhere.
The McAfee Global Security team enthusiastically embraces its new web gateway solution and appreciates the benefits of its feature-rich, advanced technology—and looks forward to scaling up and exercising its capabilities more fully. Easy to deploy, use, and manage, with a comprehensive array of protections and flexible policy options, McAfee Web Gateway is quickly becoming a key component of the overall McAfee security infrastructure in key geographical locations. Future plans include integration with McAfee ePolicy Orchestrator® software, a management and reporting platform for multiple McAfee and McAfee partner products. And, as more employees use their own personal mobile devices in the workplace at McAfee and demand anytime, anywhere access to the web and company information, McAfee Web Gateway plays a critical role in safeguarding employees on the go against web malware and protecting vital corporate data assets while enabling business and streamlining the inevitable consumerization of IT.