IT Central Station is now PeerSpot: Here's why
Buyer's Guide
Secure Web Gateways (SWG)
July 2022
Get our free report covering Cisco, Zscaler, Cisco, and other competitors of Symantec Secure Web Gateway. Updated: July 2022.
620,319 professionals have used our research since 2012.

Read reviews of Symantec Secure Web Gateway alternatives and competitors

Service Manager at a construction company with 10,001+ employees
Real User
Top 10
AI decision-making on quarantined documents reduces manual work
Pros and Cons
  • "For our needs, the cloud-native proxy architecture is a very good solution. We are moving away from on-prem appliances and moving more toward cloud-based solutions. Zscaler is a good fit for our strategy. This architecture helps with cyber threats because we inspect most of the traffic and we can see that a lot of threats are stopped directly in the secure web gateway."
  • "The reporting functionality could be a bit easier to use. There is a reporting function, but it's quite hard to do any good reporting, from a user-management perspective. For example, if a department manager wants to know how his department is using the web, there is a way to get the data, but it's quite cumbersome to get it and show it well. And that's true for comparing between departments."

What is our primary use case?

It's primarily for end-user access to the public internet. We use the proxy functionality and the URL Filtering.

We have a global policy for all our users. While there are a few categories of URLs that we are not allowed to do SSL inspection on, the primary function for us is to do SSL inspection so that we can make use of the built-in anti-malware and antivirus—the advanced-threat features—within the platform. We do SSL inspection of some 80 percent of all the traffic and we can evaluate if it's malicious or not.

It is a cloud solution where pretty much everything is handled by Zscaler.

How has it helped my organization?

Zscaler has helped to reduce the time we spend managing security policies. That is very important to us. A lot of the features it has are AI-based decision-making. For instance, if we implement a sandboxing rule for how files of a certain type should be inspected, we also can activate the AI decision-making process. That way, even if a file is new to the sandboxing environment, it can still see that it is a PDF and has these and these characteristics. Based on that, the AI says that "No, this file is not malicious," even though it normally would have been quarantined and sandboxed and have gone through the whole analysis process. The AI helps out in minimizing the time to do that analysis. And that also helps in reducing the burden of someone actually having to do things manually.

If you count everything that was involved in managing the appliances, the lifecycle management, and support contracts, in our old environment, we have reduced the number of FTEs managing the environment from five or six to about two.

It has also definitely helped reduce the number of infected devices in our organization by proactively preventing attacks. Since we scan almost all of the traffic, we now see how much of the traffic is "malicious." In our environment, we block about 1.6 million threats every quarter, but we don't know the severity of those threats. Maybe 1 million of them are malicious content in some way, while half a million are adware. But there are real threats that are being blocked, like botnet callbacks, cross-site scripting, and browser exploits. On average, we are blocking about 500,000 threats per month. 

What is most valuable?

There are a bunch of different capabilities that are valuable within the platform. We use quite a lot of them, but not everything. The ones that are most important to us are the URL Filtering and the application control. 

For our needs, the cloud-native proxy architecture is a very good solution. We are moving away from on-prem appliances and moving more toward cloud-based solutions. Zscaler is a good fit for our strategy. This architecture helps with cyber threats because we inspect most of the traffic and we can see that a lot of threats are stopped directly in the secure web gateway. But there are parts of it that we don't use yet, like the DLP functions. Instead, we are using the Zscaler Cloud Sandbox feature for content that is downloaded as files. We detonate the document in a sandbox and see if it's malicious or not.

It's a very easy-to-learn and easy-to-use platform, even for me as a more non-technical person. I'm still able to do a lot of work in this platform.

What needs improvement?

The reporting functionality could be a bit easier to use. There is a reporting function, but it's quite hard to do any good reporting, from a user-management perspective. For example, if a department manager wants to know how his department is using the web, there is a way to get the data, but it's quite cumbersome to get it and show it well. And that's true for comparing between departments. It's quite hard to get a good report. 

Another issue is that the API documentation could be a bit more up-to-date. They're implementing stuff, but not updating the documentation all the time.

For how long have I used the solution?

We have been using Zscaler Internet Access for the last five years.

What do I think about the stability of the solution?

Since we have global reach, we are seeing a bit more instability in Asia, primarily in China, but I'm not sure that it's related to Zscaler. I think it's more due to how China does things in terms of internet access.

What do I think about the scalability of the solution?

It scales very well, if you go for the cloud-based solution alone. In certain regions in the world, we have started to implement local appliances, like a VEN node, where we don't have good coverage from Zscaler's public data centers. But if you only use the public data centers, it's getting a lot better. A while back, there were 35 or 40 data centers that we could use globally, but now there are over 80. So the scalability is quite good for us.

How are customer service and support?

Zscaler's technical support team is good at what they do, and they help us fix our problems quite fast. I would rate them eight on a scale of one to 10. There's always room for improvement.

We have had issues from time to time where they don't really see our problem as a problem, but we, as a customer, are being affected. They have a few different ISPs that take care of traffic to and from their data centers, and when their ISP is not performing, we, as customers, are suffering. There have been occasions when we have seen that our traffic is being routed very strangely within the Zscaler network, but they don't see that as a problem. We do, because all of a sudden, all of our Swedish users are going to the data center in Norway instead of Sweden. For Zscaler that is not a problem because they are still doing their job. But for our users, it's complicated because Norway is not part of the European Union, whereas Sweden is. If they go through the VEN node in Oslo, Norway, we cannot reach stuff that is EU-regulated, such as export and import functions within the EU. That is a big part of what we do. At times, it has been hard to get the Zscaler TAC team to understand that this is a problem for us, as a company.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used to have an on-prem solution doing pretty much the same thing as Zscaler, but as our strategy is cloud-first and internet-first, we thought that we should also use a cloud-based solution. We started to look at the alternatives, five or six years ago. What we saw was that there was only one, at the time, that was mature enough for our needs.

Since then, Zscaler has evolved quite a lot. In the beginning, there was no Zscaler Client Connector, an agent on your computer. It was all cloud-based, but that changed about a half a year after we started to use Zscaler. We assessed whether Zscaler fit our needs or not and we saw that for 75 or 80 percent of our needs, it was a good fit. Some aspects were not mature back then but they have matured over time.

How was the initial setup?

The initial deployment was quite straightforward. I wasn't really on board at the time the implementation of Zscaler took place, but overall, when new features and functionalities are added to the product, it's quite straightforward to implement them and to roll them out to large user groups, or globally. From a rollout perspective, it's quite easy to use.

Initially, one of our demands was that everything should be cloud-based, meaning we shouldn't have any agents on each computer. We learned the hard way that such an approach doesn't work well, because you need something to control the path from the user's computer to the Zscaler cloud. You need to be able to steer how the traffic goes. You can do that with PAC files. But ultimately, together with Zscaler, we figured out that a client was needed, at least for our needs.

What was our ROI?

Zscaler has helped us save costs by enabling us to decommission all of our legacy proxies. We had at least nine locations with appliances, and we had multiple appliances per location. It has helped us save money.

We have also seen ROI in terms of the cost of both the lifecycle management and the service and support contract that we previously needed. We have saved quite a lot there. I don't know the exact numbers, because I'm not in charge of the finances, but if you count the resources needed to manage the platform, we have saved up to 45 or 50 percent of the cost we used to have.

Which other solutions did I evaluate?

Back then, there weren't many other cloud-based solutions available. There were hybrid models, but we wanted a completely cloud-based solution. 

At the time, Symantec had the beginning of a cloud-based solution, but it was very immature and it didn't work as well as Zscaler. Zscaler had been around since around 2010 and was five years into their journey, while Symantec was only a year or two into their journey. We opted for the most mature at that time.

Since then, we have looked at other solutions, including Netskope and a few others. They are similar in their design, but Zscaler has features in its design that make it stand out from the competitors. For instance, their scanning methodology is something like, "Scan once, analyze many times." That means there is a one-time scan of the traffic, but with multiple different threat engines, for antivirus and anti-malware, et cetera. And they do it only in the RAM memory of their cloud solution machines, which makes it super-fast. They can scan a lot of traffic in a very short amount of time. That part is something that a lot of other vendors are not doing. They're scanning in sequence, not in parallel.

What other advice do I have?

Make use of the Zscaler Client Connector as much as you can, with all of the functionality that comes with it. Also, do not allow the users to disable the Zscaler Client Connector, because then you don't know if traffic is actually going through Zscaler or not. If it's always on, you know that if something is not working, it's your policies that are doing something to the traffic. We used to make it possible for a user to disable the Zscaler Client Connector, which then made it impossible for us, as the team that troubleshoots problems, to know if the traffic was actually going through Zscaler or not. If you don't have that control, you don't know where the problem is. Now, at least we know that it's either on the client or it's on Zscaler or it's on the destination that they're trying to reach.

As for saving time with this system versus deploying and managing traditional network security hardware, it depends on how you build your management of the solution. We have opted for a solution where we manage everything centrally. We have one IT team that manages all of the Zscaler Internet Access policies and settings. But there is an option, and it's one of the strengths of Zscaler, to delegate control of parts or all of the solution to other teams. For instance, you could have URL Filtering policies that are managed by a local IT team in a given country. We don't do that. We manage everything from one team and we control everything, for our whole organization, from this management platform. We control the forwarding policies, the application access policies, the URL Filtering policies—pretty much everything.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Baljeet Singh - PeerSpot reviewer
Subject Matter Expert at Hitachi Systems, Ltd.
Real User
Top 20
Flexible endpoint security, provides URL filtering, and the reporting is good
Pros and Cons
  • "The feature that I find to be most valuable is the flexibility of the single endpoint."
  • "Stability needs some improvement, we have on occasion experienced some delay when it is synchronized."

What is our primary use case?

We are implementing Forcepoint Web Security Gateway on corporate, and on enterprise levels. We're not only maintaining Forcepoint, but we are also maintaining McAfee and Symantec as well. I implement and maintain Forcepoint.

The primary use case of Forcepoint Secure Web Gateway is focusing on the advanced malware detection for our customers. We deployed it in multiple locations, and we ensure that the customer's requirements are achieved.

The majority of customers are using the on-premises solution of Forcepoint, and hybrid solutions. But, during this COVID period, they are upgrading that Cloud Web Security console with the availability of the categorization, and there is a GRE tunnel. You can use the GRE tunnel between your organization and the Forcepoint cloud with the IT-based policy applicable to your prospective user.

How has it helped my organization?

Forcepoint provides you with the reporting that allows you to see the threat information and if there are any threats present.

You can see traffic going to a different country like China as an example. We can see the traffic and decide if they are going to block it and if we are able to block that IP from the firewall.

Also, it will check the functionality that is the most inexpensive and we can see the most important features. We can see whether some country is malicious. We can say this specific connection going to the specific malicious country, we can block that specific URL or specific country IP address from that security console. So, that is the most useful feature in the Web Security console.

What is most valuable?

The feature that I find to be most valuable is the flexibility of the single endpoint.

The Single endpoint for DLP and Cloud Web Security can be used for the DLP as well and Cloud Web Security as well. This is the most useful functionality from Forcepoint that is driven, and they are even providing the CASB, which is inbuilt on that endpoint as well.

They are providing CASB functionality on that same endpoint.

No other solution provides a single endpoint for the CASB, DLP, and that proxy solution.

Forcepoint has recently made changes on the cloud level. Previously, they did not have any flexibility on the cloud level. During this COVID period, Forcepoint has updated the cloud and now has more functionality on that level. For example, integration of CASB solution, cloud app, and DLP, which is also flexible. They're also adding on-premises data security solution integration with Cloud Web Security.

Also, URL filtering, which is filtering based on the categorized filtering, based on the content filtering, that is available on the Cloud Web Security Gateway, and even has an inbuilt DLP functionality, that limited functionality on the Cloud Web Security Gateway. This is free of cost. 

Forcepoint also includes a cloud app called Shadow IT visibility, which is very useful for the customer to identify whatever application accessed by the user from his endpoint machine, which is installed with the Forcepoint Cloud Web Security Gateway endpoint.

They have improved the cloud app functionality and they're giving the visibility of the accessibility of all the cloud applications accessed by users.

Forcepoint provides some more functionalities on the DLP.

They're going to integrate on-premises DLP solution with the cloud solution, Cloud Web Security Gateway.

With IP-based protection, you can put your ISP IP address and you can define a single policy for your organization, and any traffic coming from your organization will be filtered out with the specific policy.

There are many options and a lot of customization available in the reporting. There is a report builder, report viewer, and a customized reporting template is there. So, you can just customize your reporting, which is the best feature added by Forcepoint.

The ability to display the reporting to higher management is good. They just added that feature to the Cloud Web Security console.

CASB integration has just been added. With the CASB solution, you can select your sanctioned applications or your unsanctioned applications, and define a policy based on them.

The self-user registration is not a part of the domain. Previously, they only had two or three predefined templates, now they're adding four or five templates with the limited DLP functionality.

Web isolation, which was not previously included with the Forcepoint, can now offer a web isolation license. If there is some malicious URL or there is some uncategorized URL and you want to permit, or you want to block that URL, but you can just define the web isolation. In this scenario, that URL will be opened in the remote server, which is an isolated environment. In this scenario, if there is any malicious activity happening on that specific URL then it might not reach on your system because that is open on the isolated environment. Even if you are going to download any files from that site, and if there is a malicious file, they're going to sanitize on that isolated environment, and if it has found any malicious activity, it is automatically blocked.

In regards to decryption, the deep level inspection for all the sites is now available. Earlier, there was limited functionality for this.

Shadow IT provides you with risk level information, for example, it can identify what applications are high-risk and all the applications that are low-risk.

Based on the risk level, you can just block the application.

What needs improvement?

Forcepoint giving only on-premises solutions and hybrid solutions.

They're also providing the Cloud Web Security, but there is limited functionality, limited categorization, and limited protection.

Stability needs some improvement, we have on occasion experienced some delay when it is synchronized.

What do I think about the stability of the solution?

With stability, the only thing is that that policy synchronization is sometimes delayed, but not much of a delay.

Generally with Forcepoint documentation, whenever we want to change anything on the policy level on the cloud console, it can take 10 to 15 minutes to update the endpoint machine, but generally, it will be updated in one or two minutes. 

That is not a challenge, but sometimes it's taking more than 15 minutes. 

Forcepoint is also performing some back-end activity to update the Cloud Security console, and they are experiencing some downtime. It will be a total of 12-hours to make some changes to the cloud environment that they also pushed the mail to his customer, whoever is using the Cloud Web Security component. So, they're going to upgrade the solution for the specific region. Region-wise, they mentioned for example the India region or any other region. With this specific region, the server going to update, which might be impacted. 

They will have a 12-hour downtime, and after that, the stability will be resolved.

What do I think about the scalability of the solution?

If I am talking from my perspective and my organization's perspective, we have more than 25 plus customers in my range that are using Cloud Web Security. They are going to move the Cloud Web Security console because earlier, they were using an on-premises solution. Now, you know that the future is on the cloud, so that's why most customers are going to the cloud solution.

With on-premises, you require a server, you require caching, you require an appliance, and you are required to update each and every server. That is why customers are moving to Cloud Web Security. They don't need to upgrade the server because that is back-end activity. The only thing that you can just protect your system in the office and in roaming mode as well.

How are customer service and technical support?

Technical support is great with the priority level. 

When you're going to raise a case that might be of severity, you can define the severity with the technical levels, business server, or any support level, which is taken by the customer or partner. 

According to this, we're getting the response, we're getting the proper article on that console, whenever we're going to raise the case with a specific problem. With the problem, when we are going to put that problem information, there is automatically an article that is attached.

The maximum problem will be resolved on that tech knowledge-based article. But if there is nothing returned, or there is no resolution with the knowledge-based article, at that time we definitely raise it with the support team and they respond immediately.

How was the initial setup?

The initial setup is straightforward. 

You just need to put a server to sync your user information with the cloud for the authentication perspective. If you're not using the AD environment, you can just send an invitation link for your user, so they can register themselves with that Cloud Web Security console and use the functionality and the admin can apply the policy for specific or the email ID based users. 

Definitely, if we are talking about the Cloud Web Security solution, not only Web Security solution, any cloud solution, so generally, they're asking for the email addresses when they are going to integrate the AD environment on the cloud. So, that is recommended for all of the web solutions.

This is a flexible environment; you can just put that agent on machines through AD or any third-party deployment tools. There is the flexibility of the port connectivity, where you can just keep open the ATA 443 port that is generally used in the organization environment, and you can suggest the customer open the specific port for the specific cloud ranges. 

You cannot open that traffic for all of the internet.

What's my experience with pricing, setup cost, and licensing?

Licensing cost is also dependent on the number of licenses. 

When users increase from 100 to 500 or from 1,000 or even 20,000, that licensing cost automatically decreases. And if there is a limited license, you can say there is a fixed price, for use of the licensing.

Licensing is flexible. License pricing information is based on the customer, their environment, and on the future approach. For example, are they're going to move forward with this environment? Will they be increasing their system to more users?

There are additional costs for URL filtering, Web isolation, and CASB integration. 

For the normal scenarios, if I am talking about URL filtering, there is no additional component for that. There's a single license, the standard license for the URL filtering and if you want to add web isolation, that is definitely something you need to pay more for. Even if you want to increase your storage limit for the log, you definitely need to pay for the storage as well. To start with, the retention period is 90 days.

Which other solutions did I evaluate?

I am evaluating several solutions to compare with Forcepoint Web Security Gateway such as McAfee, Symantec, DLP, Web Security, CASB, and Email Security as well.

Generally, the McAfee team is a different one in my organization. But if I am talking about McAfee with the Gartner Report, the categorization is limited for McAfee

If we are talking of Forcepoint, there are more than 101 categorizations included. Based on the categorization, you can just identify which URLs come over the specific categories, and you can identify them immediately.

If you are talking about the URL categorization based on that behavior, that is also positive, proper categorization performed by Forcepoint so that you can get the response from the internet as well.

With Cloud Web Security, of course, Forcepoint is providing the hybrid. The scalability on the hybrid and cloud web security, that is visible.

With McAfee, from my organization, there are limited customers for this because they are facing many issues, which is why they maybe moved on to Forcepoint.

What other advice do I have?

We deployed this solution during COVID, for two or three customers, and the customers are very happy with this product.

I can recommend Forcepoint.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
President at PJM Digital Design
Consultant
Boosts productivity, intuitive setup, and it required no new investment in hardware
Pros and Cons
  • "The most valuable feature is web filtering, where we are able to blacklist and whitelist sites on the fly."
  • "On occasion, we whitelist a site and it still gets blocked. To get it working, we have to remove it and then re-add it a couple of times, until it finally takes hold."

What is our primary use case?

We primarily use this solution for filtering. It handles whitelisting and blacklisting URLs and websites that the client machines can go to.

We use the onsite DNS proxy running on a Hyper-V machine, and we use the WebTitan DNS servers for our forwarders.

How has it helped my organization?

Using this solution has helped to boost productivity in the company. For example, it has prevented people from watching basketball, be it the Final Four or March Madness. It has also prevented people from going to Amazon and shopping. We have subsets of users that purchase things for the business that are allowed to go to sites like Amazon, but overall, it has boosted productivity by blocking users from going to unwanted sites during the business day.

In terms of helping to reduce viruses, ransomware, phishing, and malware attacks, it is difficult to quantify. We haven't had a ransomware attack, either previous to our implementation or since that time. Typically, phishing attacks come in via email, but we use Office 365 for that. We do have spoof emails coming in, although the email feature is not something that we have enabled in WebTitan.

Using WebTitan helps to protect our staff, regardless of where they are working from. We have a SonicWall set up and we use the NetExtender VPN. All of the DNS is pointed toward the WebTitan proxy, as well as our wireless connections. Anybody that comes into the office with that phone that connects to the network is served through the WebTitan proxy through DNS.

This is critically important for our organization because it's the number one thing that is protecting the environment. The biggest task these days is preventing malware, ransomware, and phishing. As part of a combined approach, it's been effective.

We were able to use our existing server with Hyper-V on it to set up the DNS proxy. Other than the licensing of the software itself, there was really no extra cost added because we used existing hardware.

What is most valuable?

The most valuable feature is web filtering, where we are able to blacklist and whitelist sites on the fly.

Overall, the system is fairly easy to use. I would rate it a seven out of ten in terms of how easy it is to understand and use the customization options.

It was very important to us that WebTitan doesn't need to install an agent or other software on individual workstations. That was one of the reasons we didn't go with some of the other options; we really don't want an agent running on a machine, taking up resources. It makes bringing new machines into the environment more difficult and more time-consuming.

What needs improvement?

Although the interface is easy to use, it takes some getting used to.

The main issue that I have with the product is related to the DNS proxy. The fact that all of our clients are pointed to the DNS proxy for DNS has caused us some problems. The serious one was that there was a Microsoft update that was released and when we updated the server that the DNS proxy resides on, it stopped the Hyper-V service from starting. That brought down the entire business, which was not good for us. Due to issues like this, the DNS proxy is my least favorite part of this solution.

On occasion, we whitelist a site and it still gets blocked. To get it working, we have to remove it and then re-add it a couple of times, until it finally takes hold. The same thing happens with the blacklist but it happens more often with the whitelist. It doesn't happen all of the time, or very often, but it happens.

For how long have I used the solution?

I have been working with TitanHQ WebTitan for between two and a half and three years.

What do I think about the stability of the solution?

This is a stable solution, as long as our DNS proxy stays up.

What do I think about the scalability of the solution?

We have added some PCs and some servers to our infrastructure, and it scaled up okay. I haven't doubled or tripled the number of client or server machines, so it would be hard to speak to that. However, it scales fine for our purposes.

We have between 30 and 35 workstations, with a couple of servers. Every user typically brings in their phone and connects to the wireless network. In total, we probably have between 60 and 70 devices connected on any given day.

How are customer service and support?

Technical support has been good and they've been supportive. That said, it could be a little easier to navigate. Sometimes, we're not sure what number to call or who to contact, so if there could just be a screen presented to us, that would just make support a little easier.

It's been a while since I opened a ticket, but I think it's a phone call. Submitting a case is a little onerous. I would prefer a more specific protocol to be able to use to submit a case and track it, rather than just calling support and talking to someone. It's fine, but it's nice to be able to reference back and have a web interface where I can manage the support calls.

We did not use live support to help us with onboarding. We were provided with documentation, so that was the extent of what we had used.

I would rate the support an eight out of ten. It's more the process that I would criticize, and not the actual people in support. They have been fine.

The last issue that we had to deal with was difficult. When the proxy failed because of the update, we handled it by changing our DNS back to our domain controllers. The problem was that we were still having issues.

It may have been my fault because I had forgotten that the DCs were also set to have WebTitan as their forwarders. Nobody reminded me, either. We chased our tails for half a day and then finally realized that we should check the configuration. Once I saw the forwarders configured, I removed them and put in our Verizon forwarders. After that, everything started working. Things like that just happen, and it's really nobody's fault.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Prior to WebTitan, we did not have another web filtering solution in place.

How was the initial setup?

The initial setup was not complex, although I'm in IT. It certainly would be complex for a layperson that's not familiar with these types of things.

The most difficult part was probably getting Hyper-V and the remote DNS machine set up and running. Besides that, it was fairly intuitive.

The deployment was completed in one business day but building the whitelist and the blacklist is an ongoing task. Initially, that probably took another half business day.

Our implementation strategy began with an online demo with a WebTitan representative. We looked at the product and the documentation, and read case reports. We did not test it. Rather, once we decided we were going to use it, we committed and installed it.

What about the implementation team?

Two of us were responsible for the deployment. I'm the IT consultant and handle all of the IT tasks. The other person wears many hats, primarily office manager, but does day-to-day IT.

Once it is installed, it's pretty much hands-off after that. There were two instances when the DNS proxy failed, which we had to look after. Also, there is basic day-to-day maintenance of the different sites. Overall, however, it's hands-off as long as nothing breaks.

What was our ROI?

In the sense that it's increased productivity, we have seen ROI.

What's my experience with pricing, setup cost, and licensing?

WebTitan is an inexpensive product compared to others on the market, so it has helped to reduce costs associated with web filtering. I estimate that it is between 20% and 30%, compared to the alternatives that we looked at.

It's very aggressively priced, which is something that we definitely like. With corporations, everything is the bottom line. That's what they look at first and that's what they were satisfied with.

Which other solutions did I evaluate?

We looked at several solutions when we were evaluating products. One was Barracuda, and there was a Symantec product along with a couple of others.

The advantage that we saw with WebTitan was that we didn't have to install a local client. It was also cost-effective.

Our main reason for choosing it was that it worked.

What other advice do I have?

My advice for anybody who is implementing WebTitan is to look at the environment carefully. Make sure that wherever you're using the DNS proxy is very stable, because that's the heartbeat of the product. If that fails, everything fails.

Also, try to get used to using the interface to build your white and blacklists. I think the key thing is making sure that the DNS proxy is on a stable machine, and that you're going to test updates before you apply them. Microsoft is notorious for breaking something every other month with an update.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Buyer's Guide
Secure Web Gateways (SWG)
July 2022
Get our free report covering Cisco, Zscaler, Cisco, and other competitors of Symantec Secure Web Gateway. Updated: July 2022.
620,319 professionals have used our research since 2012.