Share your experience using Trustwave Secure Web Gateway [EOL]

We use it for URL filtering to enforce our enterprise Internet use policy. We use it for our current initiatives in artificial intelligence. There's a module in iboss for artificial intelligence we're utilizing. 

We use it for forensics when our internal affairs investigators need historical information on website access. We use their cloud configuration to send our enterprise-owned devices anywhere in the world, and we've enabled the protections to travel with the end user. 

We also have some botnet and malware and other protections through that agent, and we are currently evaluating the iboss platform to see if their zero trust framework and legacy VPN solution will work in our environment. We've been fanning out. Iboss started out with us as just a simple URL filter, and it has moved on to be used in several key critical areas of our operation.

We immediately saw value from the moment we deployed it 15 years ago. The product did precisely what people told us it would do. Over the years, it has grown with us and our enterprise's security function. We have had an excellent, mutually beneficial relationship with this vendor.

The solution saves us costs associated with the aftermath of an incident. That's not to mention cyber insurance claims and everything would go through the roof if these attacks had been successful that we've thwarted with iboss. The benefits are clear. We are thrilled it may help us save money again because we are retiring our legacy VPN. The iboss VPN offers more competitive pricing than the other two vendors. 

Using iboss, we've reduced daily security incidents. We have people in and out of our environment left and right. When they leave the environment, they think it's okay to use an asset that belongs to the organization. The solution has prevented things that otherwise could have been a tremendous loss for us. 

Now, the thing to consider here is that money isn't the only loss we measure because we're a government agency. We measure the effect on our reputation. Elected officials run this place. If we have an incident, people believe elected officials are not doing their jobs, affecting our reputation. It has saved us in that area as well. 

The iboss system is highly reliable. The false positive rates are small compared to some other systems we've experienced through other partner agencies who use competing solutions. 

The administrator's console is laid out logically. New features are added in places that make sense, making the console easy to use from an administrative standpoint. It runs in the background seamlessly for an end user. The only time you know it's there is when you get caught in a policy decision that blocks a connection. 

The iboss console has absolutely improved security. We rely heavily on it for command and control traffic analysis, and we're using their SSL decryption function. We can look inside of encrypted connections to catch and prevent these botnets that are out there. It has saved us a countless number of times.

We are a government entity with a Microsoft contract, so the single pane of glass is Microsoft. When we use any third-party tools, such as iboss, we feed into our Microsoft console, except the URL logs. We keep those separate for many internal reasons. We keep the URL logs, but the malware, CASB, and other information go directly into our Microsoft tenant.

We've deployed the iboss into several of our Azure environments, and it does exceptionally well in most cases. It sees the traffic it's supposed to while ignoring the traffic we've told it specifically to ignore. The only thing we don't do with it is by recommendation from the actual vendor. We do not inspect database connections because of the intensity of those connections. The vendor told us not to look at those. It would probably end up causing latency issues with our connections.

We were an early adopter of iboss' ChatGPT risk protection. We still use it because we've determined that it will work for us. We're working with their development team to enhance the feature sets. We tend to be on the leading edge of things in our field, which is rare for a government, but we're kind of a special group. We tell the vendors when we see things emerging and where they should go with these products. They've been excellent at adding these new features. It captures what we expect, and the features are there that we need.

The ability to monitor and secure these conversations is outstanding. In fact, we've put in the framework to allow us to block content that should not be going into ChatGPT, Gemini, or Copilot. It allows you to force users to go to a particular AI console. In our case, we will force users in the near future to only use one AI platform, Copilot. 

We already know iboss can force users to go straight to Copilot if they try to go to any other platform. That's fantastic. It has a DLP feature that will capture data that shouldn't be leaving your enterprise as well when it finds it in any of these AI chats. 

A positive improvement would be to expand into more areas for product monitoring. You have an agent that resides on the endpoint. They are positioned in a way that allows them to log information directly from the endpoint that they couldn't get in the past. They could monitor the process trees and the event logs and help with the overall detection rates of the product. If the URL is bad, the process on the machine has been observed as bad. 

Fold that in with the risk intelligence they're getting from all of the different subscriptions they are a part of. Now, these security companies subscribe to things like emerging threats, databases, etc. You can fold all this intelligence to decide what's happening on an endpoint. I would love to see them start moving into that space. That would compete directly with Microsoft. Maybe that's why they haven't. Having that ability native within the solution would be great. The other area in which I would love to see improvement is more detailed descriptions of why they block websites.

We have been using iboss for 15 years. 

The solution's stability is outstanding. I can't think of one instance when iboss was the cause of latency.

It's super-easy to scale up iboss. If I tell them, "We just lit up another five gigs of bandwidth," they'll spin up some new virtual gateways and dump them in my account.

I rate iboss support 10 out of 10. They are among the best I've ever seen in the support space. Some vendors, you would imagine, have great support, but it's terrible. These guys are fantastic. Whatever they're doing to train their people is working, and it's always a pleasure talking to these people.

Positive

We were using a competitor's product for several years, and it just got to be unusable, which caused us to go out and start looking for a replacement in the market. And iboss was not even part of our list of competitors that we were going to pilot to see if we could get a better solution in place. They were just at the right place at the right time and made a cold call to us, to the CISO. And he said, hey. This company called me about our pilot. It wasn't on our list, but I decided to call these people, and they won. They won me in the bake-off we did. The product did exactly what they said it would do, and the others did not. So that's how it all started.

Setting up iboss was incredibly easy. It took 20 minutes to unbox and rack them the first time. I turned it on our inline Internet pipe, and it immediately began working.

For maintenance, everything is pushed from the admin console. It's a matter of updating policies whenever policy changes occur in the enterprise. It requires me to edit policies when sites on the Internet don't comply with RFC. This causes problems for the end user. The other maintenance is insignificant. Whenever the vendor releases a new firmware, I simply click a button and schedule the install.

Their pricing is excellent. It fits within our meager security budget for these kinds of tools, and we're pleased with the pricing. Like everybody else, things go up when you add features, and we understand that. Overall, we'd pay a significantly larger amount of money to other competitors in the space if we were to get all the features we have with them right now.

We looked at several well-known solutions at the time. They did not measure up to their claims, which we find to be a common theme with vendors. But I, Iboss, unlike many others, did precisely what they said, and everything went exactly as they said it would. And so they won the contract and have kept it all these years.

I rate iboss 10 out of 10. If you're going with the cloud model, there are two different architectures you can use. You can use the agent-based one, which we use. The other is a direct private circuit that runs straight from your enterprise into their cloud. 

If you're going the agent route, make sure you have a good enterprise software management product in place, like Intune or SCCM for Microsoft or Jamf if you're an Apple shop. There's a million of them out there. Make sure you have one of those in place so that you can easily manage pushing out the agent to your users. After that, it essentially drives itself. The endpoints check-in and get updated automatically per your policies. 

Check Point Harmony Browse is primarily designed to protect users from web-based threats. It acts as a robust defense mechanism for web browsing activities. Primary use cases are threat prevention, data protection, zero-day protection and performance optimization. 

This solution has improved my organization by providing enhanced web security, increased productivity, reduced risk of data breaches, improved compliance and better threat visibility.

The valuable features are real-time threat protection, phishing protection, malware prevention, data loss prevention, and performance optimization.

Check Point Harmony Browse can be improved by reducing false positive reports, performance optimization and user interface improvement.

Additional features like privacy features, integration with password managers, and VPN Integration can be enhanced.

I've used the solution for two years.

The stability is good.

The scalability is good.

Our experience with technical support has been good.

Positive

No, I did not use a different solution. 

The initial setup is straightforward.

We implemented the solution via our in-house team.

The ROI is good.

Check Point needs to improve pricing and licensing.

No, I did not evaluate other options.