IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

CensorNet Secure Web Gateway review

Control exactly how your employees use the cloud

Security button
Price
£9 ex VAT per user per year (for 251-500 users)
  • Easy deployment; Versatile security policies; Superb web application risk analysis; Good value
  • Anti-malware optional; Online help files incomplete

CensorNet’s Web Security Gateway (WSG) is an on-premises security appliance with a sharp focus on controlling the latest web applications. It goes way beyond common web filtering products as, instead of applying limited ‘block’ or ‘allow’ enforcements, it provides real-time discovery and analysis for over 150 web apps.

Instead of blocking users completely from specific apps, CensorNet allows administrators to gather detailed information about what their users are up to first. Armed with these reports, they can create granular security policies that keep users safe but won’t stop them doing their jobs.

Implemented as a web proxy, SWG also provides comprehensive URL filtering backed up by a database with over 140 categories. HTTPS inspection comes as standard and the captive portal feature provides a simple solution for controlling BYOD users.

Installation

SWG runs on Ubuntu 14.04 and is provided as an ISO file so it can be hosted on a physical or virtual server. For testing, we loaded it on our Dell PowerEdge R820 VMware ESXi server, but it’ll work just as happily on Hyper-V, VirtualBox or XenServer.

Deployment is a swift process, as we attached the ISO to a new VMware VM, booted it up and followed the console’s quick start wizard. After setting the location, language plus IP address and securing admin access, we then moved over to the appliance’s web interface.

After applying a license, we started downloading CensorNet’s URL database and left it running in the background while we configured the appliance. The tidy web console opens with an overview showing VM resource usage, the status of Internet access and the proxy, an activity bar graph showing allowed and blocked hits plus a pie chart for detected web categories.

Proxies, users and certificates

WSG supports a number of methods for deploying web proxy settings to users. It can be set manually or via Group Policy, the appliance can act as a default gateway or you can use WPAD (web proxy auto-detection) with DHCP or DNS.

We took the manual approach and configured our Windows desktops to grab the PAC (proxy auto-configuration) script directly from the appliance. For local authentication, we added groups, user names and passwords from the console. We also imported our AD users from our domain controller – given all this, a useful feature is the option to stop multiple logins from the same proxy account. 

For full web app discovery and analysis, you’ll need the SSL Intercept feature enabled which requires a certificate installed on each system. This is very simple as we just downloaded it from the appliance and imported it manually onto each desktop.

Security policies

Security policies are extremely versatile as they can run in logged unfiltered, filtered, restricted, blocked or advisory modes where the latter allows users to override a blocking action. When accessing a specific site, users can be redirected to another if you so choose and regular expressions can be used for URL keyword and phrase matching.

The web categories are neatly organized into subject groups which can be individually blocked, allowed or ignored. They can also have time quotas applied so if you’re feeling generous, you can allow employees to access games or social networking sites during their lunch break.

When applying policies to groups, we used the scheduler to decide precisely when they were active on each day. Oddly, we found the paintbrush tool provided for selecting time segments wouldn’t work in Microsoft Edge.

Analyze this

The web app analysis is very impressive and we found SWG capable of providing a wealth of information about usage. We tested with a range of apps including LinkedIn, Facebook, Twitter, Gmail, OneDrive, IDrive, Google Drive and Google Apps where the web console provided a complete graphical breakdown on who was using them and which device they were accessing them from.

Selecting a user from the graph took us straight to the analysis page where we could see precisely what they were doing and this included links to web sites they had accessed. SWG records all activities so for Gmail, we could see when they logged in, who they sent emails to, if they read or deleted emails, imported address lists and much more.

Assign risk level thresholds to each web app category and you’ll be notified when a user accesses them. The SWG catalog provides a complete list of all web app actions and for Facebook alone you can assign risk levels to 46 activities such joining a group, editing a profile, sharing posts, uploading files or creating pages.

Setting up alerts is trickier as CensorNet hasn’t updated its online help for this activity. Even so, after some practise, we created keyword dictionaries and alerts that warned us when users sent webmail messages to specific addresses, logged into a cloud storage app or downloaded a file.

Verdict

CensorNet’s Secure Web Gateway provides supremely versatile security policies and even though the BitDefender anti-malware component is optional, it’s still better value than much of the competition. CensorNet’s sophisticated discovery and analysis make the Secure Web Gateway a great choice for businesses that want more control over cloud application usage in the workplace.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

What is SMAC?
digital transformation

What is SMAC?

30 Jun 2022
HPE upgrades GreenLake with Private Cloud Enterprise
Cloud

HPE upgrades GreenLake with Private Cloud Enterprise

28 Jun 2022
What is metaverse security?
Security

What is metaverse security?

9 Jun 2022
What is Amazon S3?
Amazon S3

What is Amazon S3?

16 May 2022

Most Popular

Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
FCC commissioner urges Apple and Google to remove TikTok from app stores
data protection

FCC commissioner urges Apple and Google to remove TikTok from app stores

29 Jun 2022