FaceTime Communications USG-1030 review

There are clear benefits to using social networking for business purposes, but allowing employees to have uncontrolled access in the workplace is asking for trouble. Facebook and Twitter alone can pose serious threats to security. Although businesses can create acceptable use policies (AUPs), actually enforcing them is another matter.

The problem with most Unified Threat Management (UTM) appliances is they can only control access to these types of sites via their URL category filtering capabilities which means all access is either blocked or allowed. FaceTime‘s Unified Security Gateway (USG) appliances are much smarter as they can control access at a more granular level.

In this exclusive review we look at the top of the range USG-1030 which is delivered as a well specified Dell rack server with enough grunt to handle up to 10,000 users. Smaller models are available with the USG-530 handling up to 7,000 users, the USG-320 good for up to 2,500 users and the entry-level USG-220 suited for SMBs of up to 500 users.

The appliances introduce FaceTime’s new Socialite feature (a nauseatingly clever acronym for social: IT enabled) which focuses on controlling access to Facebook, LinkedIn and Twitter. This is an optional module which allows you to strictly control what activities on these sites employees can use. There's also a SaaS deployment option for Socialite which extends these controls to remote workers.

All access is controlled using security policies which can be applied to AD users and groups or individual IP addresses and ranges. We were impressed with the Socialite features as they allowed us to control virtually every aspect of Facebook.

Nearly fifty settings are provided for Facebook allowing you to control access to a wide range of features including account and application settings, installing and playing games, searching for friends and watching video. After users have logged in you can apply plenty of post control settings such as blocking postings, chat and friends lists. The contents of posts can be logged for compliance purposes. It’s also possible to restrict access to a single corporate Facebook account and require that all posts are approved by a moderator before going live.

Using our live LinkedIn account for testing we found the levels of control equally impressive as we could block access to functions such as company and job searches, posting messages and sending invitations. With the latter function blocked we received a warning web page from the USG when we tried to send an invitation.

There’s much more to the USG appliances as they offer optional controls for IM and P2P apps, URL category and web content filtering plus anti-spyware and anti-virus. More new features have been introduced as the appliances can now run the Squid web proxy cache locally, enforce Safe Search options for Google, Yahoo and Bing and support ISA proxy servers.

There are 55 categories of URLS to block or allow - a useful feature is the option to send an AUP agreement page to a user when they first try to access the Internet. FaceTime’s content scanning adds a new dimension to web access control as the USG can be set to look for specific words or phrases in web pages.

This can also be applied to the contents of documents, text files and archives and you can opt to scan inbound and outbound traffic. Lexicons of word categories are provided and options are available to passively monitor web access, block access if a scan policy is triggered and send alerts. So, for example, you can prevent sensitive data from leaking out by restricting what documents be sent as attachments using webmail based on their content.