Skyhigh Security Reviews

We use this solution to protect us against online threats, as well as for user activity monitoring.

The most valuable feature is the SSL decryption.

The cloud capability needs to be improved in terms of scalability. More generally, both scalability and performance on the cloud need to be improved.

The cloud needs improvement with respect to DLP.

We would like to have integration with Shadow IT analytics.

I have been working with the McAfee Web Gateway for five years.

This is a stable solution. It is constantly running across the entire enterprise.

Scalability on the cloud is something that needs improvement.

Our company has about 50,000 employees.

McAfee's technical support is fairly good.

Prior to McAfee, we were using Blue Coat. Two of the important things that Blue Coat was lacking are the SSL description capability and the in-line antivirus. I'm not sure if they have the capability now, but that is the reason that we switched to McAfee.

The initial setup is fairly straightforward and easy to perform.

Our in-house team implemented this solution. The architectural design and implementation were completed with the support and assistance of the McAfee team.

My advice for anybody who is implementing this solution is to use a hybrid model, rather than just something for a specific use case. Otherwise, you won't have a full 360-degree view. Integration with Active Directory is critical, as is the log integration with your SIEM solution. These are key factors that you need to consider.

If I were rating the on-premises and cloud-based features separately, I would give it a nine out of ten on-premises and a seven out of ten for the cloud.

Overall, I would rate this solution an eight out of ten.

The primary use case is to prevent employees from extracting the data out of their corporate system and getting them outside through Gmail and things like that.

Predominantly, there are two valuable features: One is the data loss and the other one is network loss. 

It also prevents you from writing data to your Gmail and does not allow you to move your data outside of the corporate system. That is the most important feature for me.

I would like to see more power being given to the admin. In the sense that in case an employee is facing an issue and they want to configure a service, like attaching an email in Gmail, for example, they should be given the option to make the service request and get that configured on the go.

Stability has been good so far. 

We have 14,000 users using this solution, all of the employees in the company. Everybody has it installed on their laptops or their desktops.

I would advise someone considering this solution to configure it the way the OEM advises you. You should have a list of customization.

I would rate it a seven and a half out of ten. 

We have 2 customers using McAfee Web Gateway. It is very useful as a complement to endpoint security. It is used to monitor incoming and outgoing traffic, as well as production.

McAfee has a very strong URL spam filtering feature.

McAfee Web Gateway has two kinds of solutions, one is for on-premises and the other is virtual. Their virtual solution is not as strong as their on-premises solution.

I am a reseller and partner of McAfee. I have been using McAfee Web Gateway for about 5 or 6 years.

It is a very stable solution.

McAfee offers good support.

The initial setup is not straightforward. You must know technology and networking. It would also be helpful if you have some expertise with McAfee products. If you have one person who is certified on McAfee products you can do the setup yourself.

It took approximately 3 days to deploy and implement 2 boxes on-premises. It then takes 5 to 10 days to fine-tune it. In total it takes about two weeks to set up.

Compared to other solutions and their prices, it is a bit on the costly side. However, it is not out of reach. Our customers pay a yearly license.

Although it is costly, I would recommend this solution to anyone. I would rate it a 9 out of 10.

We use this solution for controlling web content that the users are accessing. It's very good in case situations where you have the use of a VPN connection.

You can control your employees when they are in the office and out of the office, without using a VPN in the same fashion.

The on-premise solution will control them when they are on the corporate network, and when they're off the corporate network, the cloud's gateway will control them. They have the same policies.

It's a great product with solid features.

It's a security appliance and it is quite secure.

They are quite well integrated.

The documentation could be improved. The documentation could be more detailed with more examples of usage.

We have been selling McAfee Web Gateway for four years.

Deployment can be on-premises or on the cloud.

It is a very stable solution.

I don't have any issues with the scalability. You have to do the sizing before they implement it afterward. 

You have other solutions that have to increase the volume of usage.

We have several large clients that are using it.

We are satisfied with technical support.

The initial setup is straightforward. It is easy to install.

If the client has a lot of demands and depending on their structure or the client's requests, it can be complex to configure.  In general, it is straightforward and easy to configure.

Some of our clients have a perpetual license and pay additional support yearly. 

We don't have any customers that are using subscriptions yet.

I wouldn't say that it is an expensive solution but it's not cheap. We pay for what it's worth.

I would recommend this solution to others who are interested in using it.

I would rate McAfee Web Gateway a nine out of ten.

We use this solution as a CASB, a Cloud Access Security Broker, to gain insight into our cloud environment. We integrate this solution for our clients as a companion service to our main cloud product.

It gives us visibility into how the data is being used within our cloud environment. It shows the flow of information, and in our case, it has to with documentation that is restricted. For example, if a document contains credit card information or social security numbers then we are able to track it when somebody tries to delete them or do something else that is prohibited. We get flagged, which is the key. It enhances the visibility of what's in our cloud environment.

The most valuable feature for us is the integration with DLP. 

The biggest challenge we have with McAfee is their cross-cloud support. They tend to lag by a few months, in terms of providing support for new cloud platforms, or new cloud features. We're primarily focused on SaaS, so the other opportunities for them to improve their integration is with AWS and PaaS.

I would like to see better integration with on-premise tools.

That stability is good. It's a very good tool.

We have had no problems in terms of scalability.

We have a team of about forty people who use it. There is the DLP team, the various tenant cloud security administration team, and we also have our staff that uses it.

We found that the documentation is meager, but the response time from technical support is very good.

We did not use another solution prior to this one.

This solution is very easy to set up.

It took us about a month to get it up and running, but it took us four months to figure out how to use it amongst the different teams.

The licensing fees are based on what environments you are monitoring.

We did evaluate a couple of other options, and we have other solutions as well. We have Evident.io, one from Cisco, and one from Palo Alto. None of them are good in every environment, so we use a combination of these solutions.

I have found, based on implementations for multiple clients, that Evident.io doesn't meet the needs of all of the people. Evident.io is not a security protocol. It gives you visibility into your cloud, but it's not a broker. It's just an analysis tool. It is very PaaS-friendly, but not a SaaS-friendly tool. This is opposed to Skyhigh, which is SaaS-friendly but not PaaS-friendly.

My advice for anyone who is implementing this solution is to know what roles you will need to grant access to and have your roles predefined.

This solution has good coverage and good integration with other McAfee products. I am not giving it a perfect score because of the uneven coverage for other platforms. They tend to lag in terms of support for new platforms and new tools that come out on the cloud. 

I would rate this product a seven out of ten.

I like the encrypted disk feature and the endpoint protection.

The encrypted disk implementation could be improved. I currently use it from a dongle or USB key with two-factor authentication to access my computer.

I've been using MVISION Cloud for seven months.

It is a very stable solution.

We've had problems with scalability. We have 2000 users.

Technical support has been fast.

The initial setup was very complex from a rules point of view. There were problems with integration to the cloud and connecting to EIM solutions.

There are three other good products: Carbon Black, CrowdStrike, and SentinelOne. I think Carbon Black is the best, and I would rate MVISION Cloud at nine on a scale from one to ten.

Currently, we are using cloud discovery and analytics. This has given us an insight to which services our end users are subscribing to and where our business data may be held.

We are able to identify the high-risk websites and block them before the end users start using them to ensure that a business case is made for unblocking a high-risk site (rather than having to run interference after the fact). It also allows us to suggest other alternatives and safer services to the end user.

One feature offered is a 48-hour turnaround to add a service to the global registry upon request. While they do turn around risk assessments very quickly, often many of the answers are unknown which drives the risk scores of the services up. When provided with contact information, they will reach out to the service provider and get answers to those questions, but it doesn’t provide a lot of value to show a service as high risk just because they haven’t had the opportunity to ask yet.

I have experienced a few cases where I provided a direct contact name (who was expecting a call from someone at Skyhigh) for the cloud service provider being evaluated, and have received feedback from the contact that no one reached out to them after several days or, in some cases, weeks.

I have used this product for about 16 months.

I have encountered some stability issues. However, these seem to have improved over the last couple of releases.

I have also encountered scalability issues.

Some logging was turned on that filled up the log file shares very quickly; it took some time to determine the cause of the issue and remediate it.

The technical support level is good. They are responsive and truly desire to solve problems. The support staff can update versions of the software on our on-premises log processors in less than an hour via a WebEx session.

I have not used any other solution.

The setup was straightforward. We set up some on-site log processor devices to gather the firewall logs and send them encrypted to the server for analysis. The results were processed and then appeared on our dashboard.

The pricing policy is based on the employee/contractor count (people with a user ID in your active directory domain). The pricing policy is best if you enter a multi-year agreement.

I have evaluated other solutions such as Imperva Skyfence, Netskope, and Elastica.

If possible, have them run a simulation in your live environment for 30 days and you will be impressed with the kind of data that is collected. I, personally, highly recommend this product.

Insight into services being accessed and/or used in corporate environment. Additionally, Shadow IT as a whole and provides another set of eyes on web proxy logs.

It has allowed insight into gaps that may exist in current web proxy tool policies. Improves creation of security alerts on web proxy logs by having a separate system interpret said logs.

Skyhigh has given us categorization and rating of websites separate from what the web proxy places on the logs.

The tool could improve flexibility with the creation of reports/querying data. A better search capability, similar to a SIEM, would also allow deeper log analysis.