What is our primary use case?
We previously used an on-premise proxy or a secure web gateway, but our employees were forced to do hybrid work during the pandemic. To connect to the office, they needed to connect to our VPN, and by doing so, they had to disable the proxy. That introduced a security risk because turning off the proxy exposes us to clickbait risks and phishing. We needed a solution that would cater to our needs but close those risks. Menlo Secure Web Gateway was the answer to that because it's cloud-based, and it provides a web isolation feature compared to other products on the market.
Right now, we're just looking at the private access and SaaS solutions.
The solution is invisible to our end users, so it doesn't have any impact on their work or performance. As far as friction with users, it only exists because we have to replicate our authentication in the cloud as well. They have to log in using a slightly different domain name from what we have in the office. As far as internet usage or speed is concerned, it's been pretty good so far.
This feature is very important because part of my objective when implementing information security is that the more invisible my tools are to the users, the better it is.
The deployment model is SaaS because it's provided by Menlo.
We are licensed for about 3,600 users, and we are deployed nationwide. We have a head office in Manila with about 2,000 users, and 1,600 users are deployed around the country. When users need to work from home, they can have safe Internet access from wherever they are.
How has it helped my organization?
We moved the proxy from on-premise to cloud-based, which gave us a huge advantage. We don't need to worry about our internet traffic anymore. The web isolation feature adds a layer of confidence. Even if our employees get to some site that is loaded with a malware payload, for example, there is no risk because we're confident that it will be isolated and mitigated. The risk in terms of email is lower.
The solution prevents all web and email security threats before they enter our network. The main difference with the on-premise proxy was that we were heavily dependent on signatures, web categorization, and filtering. We're doing a lot less of that now.
We have seen a decrease in the number of security alerts that our security ops team has to follow up on. Menlo provides a periodic report, which we can check on a regular basis. The report gives me confidence that the websites that are supposed to be blocked are always blocked. It lessens the tasks of the personnel who are doing web monitoring, so they're able to do other things.
I import these logs into my SIM. If a user gets to a site that is allowed and it's malicious, it usually gives me an alert. Since I've implemented Menlo, I haven't had an alert yet.
What is most valuable?
Accessing the internet with a proxy from anywhere is the most valuable feature. It ensures that users are only able to browse legitimate websites. If they happen to go to a legitimate website with a malicious payload, the isolation feature will take care of that.
The solution provides a single console for security policy and management. For management, they have provided a single platform console that we can access via the internet. From there, we can view a dashboard for our users, their activities, the risks mitigated, etc. We can see everything from a single pane of glass.
This single-pane approach is critical for us because we monitor certain indicators of compromise. For example, connecting to command and control hosts is one of them. If we see something that's triggering from there, it's more helpful than looking for that activity on our own. We can also monitor user profiles and user Internet browsing behavior. For example, are they working or are they just watching YouTube videos or going on Facebook?
I'm happy with the solution's ability to combine user-friendliness for admins and security for our organization. There are a few things that could be improved. When I talk to Menlo, there are still some features that I raised with them. In terms of logging, for example, it's quite impossible to get the total number of current users. There are still some sites that we will still need to bypass from isolation. When that happens, they don't need to authenticate with the solution anymore, so it just goes straight to the internet.
There are still some features that we're asking for, but the solution already provides 95% of what we need. So far, the ease of implementation has been quite seamless for us.
It's important for us that the solution does SSL decryption. In our previous proxy, we monitored user activity and were already doing SSL decryption. However, it's very important because we need to find out if there's any malicious activity, and we won't be able to detect that traffic is encrypted. There are certain sites that I don't want to take responsibility or accountability for. We aren't decrypting banking websites, for example, because I don't want to be aware of passwords or PINs. We can choose the sites that we want to exempt from decryption.
Our previous approach to SSL decryption is the same as what it is now. We've loaded the certificate on the proxy, and we define which sites we need to whitelist or blacklist from decryption.
What needs improvement?
The user monitoring could still be improved. We are a government agency, so we purchased Menlo by user. If we have 3,000 users, we need to see that all 3,000 users are able to use Menlo. However, there aren't any reports that say, "In the past six months, all 3,000 users have logged in," because there are some cases where SSL is bypassed, for example. When they access sites like that, the user is not tagged as a normal user, so 3,000 may become 2,900, but I still need to account for 100 users. I'm working with Menlo right now to make sure that all user activity will be visible to me.
For how long have I used the solution?
I have used this solution for a few months.
What do I think about the stability of the solution?
Since deploying the solution, we haven't had any issues. During the early stages, we had some tuning issues, but after setting it up and properly configuring everything, there haven't been any issues.
What do I think about the scalability of the solution?
I don't think it would be an issue if we grew to 5,000 or 10,000 users because the solution is deployed on an elastic cloud.
How are customer service and support?
I would rate technical support a nine and a half out of ten.
Technical support starts working on our issues almost immediately. I received exceptional support from them.
How would you rate customer service and support?
How was the initial setup?
Menlo set up the cloud infrastructure. I was only involved with setting up the policies, testing the performance, and making sure that the use cases we identified worked.
The setup was straightforward. It was as easy as defining the proxy file on the computer.
The deployment was really fast. We were up and running in less than a week. Our users are located nationwide, so there was a test period for them before we finally disabled the old proxy.
For now, Menlo is doing all of the maintenance and updates. That's another thing that is offloaded from my personnel because we usually do the patching and updates on-premises. The solution is SaaS, so Menlo is responsible and accountable for that.
There are at least two people involved in the maintenance.
What about the implementation team?
Menlo was directly involved during the deployment. The reseller was there on standby or just observing.
What was our ROI?
I don't measure the ROI for the web, but the cost is justified because we're able to use the internet from anywhere securely.
What's my experience with pricing, setup cost, and licensing?
The solution is expensive. It's more expensive than the solution I previously used. Compared with the other cloud-based solutions, it's very competitive.
Which other solutions did I evaluate?
I did a POC with two other solutions. The first was Palo Alto, which has a similar cloud-based proxy. The other was Forcepoint, but I was not able to do a POC for that because of budget constraints. The pricing of Forcepoint was too high for me. At the end of the day, the isolation feature was a big factor that the two other products didn't have.
What other advice do I have?
I would rate this solution a ten out of ten.
My advice is that it's best to experience this solution on your own and compare it to what you have. When I first learned about Menlo, the use case didn't fit me at that time because I didn't need remote proxy access. I said, "With isolation, my other tool should be able to detect any malicious site that my users will be connecting to, and we should be able to manually do that mitigation." If I were to suggest this solution to a colleague, I would ask them to test and really compare it with their existing solution to have a hands-on feel or experience with the product so they can find out for themselves how good it is.
I'm still exploring the other features, but I've checked what MPA is doing. It can do reverse isolation, and it will probably be a tool that will eliminate VPN and provide secure internal application access. Moving forward, Menlo has the potential to offer a lot more.
Which deployment model are you using for this solution?
Public Cloud
*Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
