M86 SWG 3000 v10

The majority of network security products can only react to web-based threats once they've been identified and the vendor has come up with an attack database update, a new signature file or a patch to protect against them. The SWG appliances from M86 Security aim to be more proactive and are designed to provide instant protection as new threats emerge.

In this exclusive review we look at the entry-level SWG 3000 which introduces M86's latest v10 code that was announced in October. The SWG 3000 targets mid-sized companies of up to 1,000 users and is based on the good-quality IBM System x3250 M3 rack server.

When we reported on the new v10 code release, M86 advised IT Pro about its Dynamic Web Repair feature which cleanses web pages of malicious code before presenting them to the user. In reality this has been in the SWG products from the start and is part of its active real-time content inspection.

The more common sandbox technique requires suspect code to be run in a fenced off area in memory. Rather than do this, the appliance passively inspects the code as it comes in to determine what it is trying to do. If the code is deemed to be malicious it blocks and removes it, so presenting the user with a sanitised web page. It didn't affect web page rendering speeds in our tests, nor did it mark any legitimate code or pages as malicious even when using web apps.

Dynamic Web Repair is included in the yearly SWG subscription which also provides protection against spyware. It includes M86's Anti.dote service which automatically pushes a new set of rules to the appliance to provide additional protection when a new threat is spotted.