I guess from reading this blog, you would assume that I only work with Celestix products! I have to say it feels a bit like that recently has I'm running a 3-4 IAG web demonstrations a week now, along with evaluation and real installations.
I work with Websense a lot as well, and it's easy to forget that Websense not only provide web filtering, but also email and data security products.
Today, I ran a web demo for a Websense Web Security solution, which runs perfectly in an ISA environment, including the Celestix MSA appliances. The discussion turned to Web 2.0 and user generated content, where a solution such as Websense Web Security Gateway comes into its own.
Websense WSG, has to run on a Linux platform and will not run on Windows. This solution can be the proxy and cache server, negating the need for a third party proxy such as Bluecoat or Microsoft ISA server.
WSG runs an anti virus scanner at the gateway, which is not supplied with Websense Web Security, but could be an add-on for Microsoft ISA server, where something like Avira AntiVir for ISA Server would work.
Another shortcoming of Websense Web Filter or Web Security is that it can not deal with user generated content or SSL encrypted content.
Traditional web filtering solutions can not filter feeds into pages such as iGoogle. The page is "seen" as being google.com so completely allows it, the problem is that iGoogle can have feeds from Hotmail, GMail, Facebook, etc which are normally blocked. By using WSG, the individual feeds can be allowed, blocked, quota'd or confirmed.
Traditional web filtering solutions will not be able to filter SSL packets, but the Linux gateway will be able to be the "man in the middle", where it will be able to decrypt, inspect, and either discard the packet or re-encrypt the packet and forward it on.
Content inspection can also be carried out on the fly!!
With all these features of dynamic user content filtering, SSL filtering, on the fly content filtering, why are users on jumping at this product? The issue is not really price, but rather the Linux server that the software must run on!! It's amazing how many people are still put off my Linux!!