Menlo Secure Reviews

We previously used an on-premise proxy or a secure web gateway, but our employees were forced to do hybrid work during the pandemic. To connect to the office, they needed to connect to our VPN, and by doing so, they had to disable the proxy. That introduced a security risk because turning off the proxy exposes us to clickbait risks and phishing. We needed a solution that would cater to our needs but close those risks. Menlo Secure Web Gateway was the answer to that because it's cloud-based, and it provides a web isolation feature compared to other products on the market.

Right now, we're just looking at the private access and SaaS solutions.

The solution is invisible to our end users, so it doesn't have any impact on their work or performance. As far as friction with users, it only exists because we have to replicate our authentication in the cloud as well. They have to log in using a slightly different domain name from what we have in the office. As far as internet usage or speed is concerned, it's been pretty good so far.

This feature is very important because part of my objective when implementing information security is that the more invisible my tools are to the users, the better it is.

The deployment model is SaaS because it's provided by Menlo.

We are licensed for about 3,600 users, and we are deployed nationwide. We have a head office in Manila with about 2,000 users, and 1,600 users are deployed around the country. When users need to work from home, they can have safe Internet access from wherever they are.

We moved the proxy from on-premise to cloud-based, which gave us a huge advantage. We don't need to worry about our internet traffic anymore. The web isolation feature adds a layer of confidence. Even if our employees get to some site that is loaded with a malware payload, for example, there is no risk because we're confident that it will be isolated and mitigated. The risk in terms of email is lower.

The solution prevents all web and email security threats before they enter our network. The main difference with the on-premise proxy was that we were heavily dependent on signatures, web categorization, and filtering. We're doing a lot less of that now.

We have seen a decrease in the number of security alerts that our security ops team has to follow up on. Menlo provides a periodic report, which we can check on a regular basis. The report gives me confidence that the websites that are supposed to be blocked are always blocked. It lessens the tasks of the personnel who are doing web monitoring, so they're able to do other things.

I import these logs into my SIM. If a user gets to a site that is allowed and it's malicious, it usually gives me an alert. Since I've implemented Menlo, I haven't had an alert yet.

We use it to secure the internet connection of all of our users, ensuring that they can connect as transparently as possible to all of the websites that are, of course, not hazardous. And anything hazardous is prevented as much as possible.

We were looking for an isolation solution so that there would be no impact at all on the systems that we are responsible for protecting. We didn't want to wait until a first attack was successful and then find out what the impact was and how we should react to it. That's why we chose Menlo. Either you have access to something or don't have access to it. And if you do, we can ensure, 100 percent of the time, that there is nothing malicious that is going to impact our system in any way. And that's for the on-prem users who are connected to the corporate offices, as well as for the users who are roaming.

The primary benefit is that it secures users wherever they are, whether they are roaming, or they are using their PC at home, at work, or at the airport. We are able to do that, and we are even able to do it with companies that we recently acquired.

Another move forward was that we started inspecting SSL traffic, which was something we were not inspecting before. We were closing our eyes to what was happening to 98 percent of the traffic because it was encrypted. Today, we are not closing our eyes. Menlo enabled us to inspect more traffic and avoid relying on traffic that clearly can be hazardous. That may be one of the reasons we discovered new use cases that were difficult to test before, and for which we have had issues configuring Menlo to handle.

Another advantage is the ability to produce reports that help us to understand what our users are doing, even within the website. For example, are they posting files or are they downloading files? That is clearly an ability that we acquired with the solution as well.

And when it comes to isolation, we haven't seen any threats that have succeeded in coming in through Menlo. I have evidence, of course, that in some cases we were infected by malware, but it was not able to avoid Menlo's protection and connect back to the internet to get instructions from the command and control service. We have clearly demonstrated that those threats just cannot harm us.

Open browsing of systems on the web from endpoints within our network that could be vulnerable as a pretty quick avenue to exploitation is the primary issue that we are addressing. What I like about the Menlo Security solution is that it isolates all that browsing activity well and away from our infrastructure, keeping all of the noise out. Therefore, if our security tools hit on something, then it is something worth looking at, not just a bunch of garbage.

All our endpoints are designed to hit the Forcepoint proxies, then the Forcepoint proxy directs it out to the Menlo Security Cloud environment.

For the most part, the solution is invisible to our end users, which is important to us and impacted our choice in going with this solution. It does the best that it could possibly do given what it is doing. There are certain sites that don't work well with isolation on business sites. So, we have a process for creating exceptions to bypass isolation for those sites.

It has reduced security events to follow up on. While it is not 100%, there has been probably a 90% or more reduction. We were getting hit left, right, and center constantly from people browsing the Internet and hitting bad websites. It was not just bad websites that were stood up to be malicious, but good sites that were compromised.

It is pretty important to be able to inspect the traffic that might be maliciously encrypted. Although, decryption is becoming less of a thing as time goes by. There is a changing mindset amongst the security community on it, and we see that in some of the changing standards.

We are using it to protect our users as they navigate the web. It is their cloud service, and we have set up a proxy to go through their service.

The way we have it configured is that our staff basically logs into the internet to go out and surf. We have integrated it with Active Directory, and the users just provide their credentials. We have a screen that prompts them for those and also reminds them of how to behave on the internet. I believe we can change that now, but that was the way we rolled it out years ago. It is a good reminder for our staff. Generally, we like it. We even updated the landing page for that screen earlier this year. It works well for us. Other than that, the users don't really notice it.

For us, the primary goal is protection on the web, and that's extremely important. We're not using any of the other services at this time. The web part is key to the success of the organization. It gives us the ability to protect. It can isolate. It opens the session in an isolated format so that the code isn't running locally. It is running over in the Menlo environment, not in ours. It is not running on the local computer, whereas if you were to go to a normal website, it would run Java or something else on the local machine and potentially execute the malicious code locally. So, it does give us that level of protection.

It has worked very well for us. We've had very little trouble. We've had no malware that I'm aware of, which is common with surfing the web. As people move around on the web, they'll pick up various malware. It has always been a problem for me in the past, but since we've rolled out this solution, I can't remember the last time somebody had something weird on their system that had to be uninstalled. So, nobody is picking up odd things as they surf the web.

It also protects the opening of documents. When you download a report or document, it is opened in a protected fashion. So, the user can read that and be safe. It then gives you the opportunity to download the original or a safe version. If the user is still a little uncertain, they do have the ability to download it in the safe version so that if it had any malicious content, it is no longer a threat.

Prior to the acquisition of this service, staff was restricted heavily in terms of who was allowed to go to the internet. There were security concerns, and they just didn't feel comfortable letting just anybody go out and surf the internet to find anything. It was heavily restricted, which produced issues with staff trying to get tasks done. They'd have to call and ask for access to something or just access in general. If they were all blocked as a user, they'd have to go to somebody else. We've improved the efficiencies of the department by giving them the ability to more freely access the internet in a safe fashion. They're more efficient and therefore, more responsive to our members or customers.

We are not aware of a single compromise from the web since implementing the solution. In terms of its effect on our operations or business, overall, it has had minimal impact on the IT operations. It is easy to manage as an organization. It has improved efficiency and the ability for someone to quickly do research on an item and respond to the customer in a more timely fashion. So, from a customer standpoint, we are providing a better service.

It has significantly reduced the number of concerns. I'm not aware of a single piece of malware landing on a computer since we rolled out the solution.