Cisco Secure Web Appliance (formerly Cisco Web Security Appliance [WSA]), powered by Cisco Talos, protects by automatically blocking risky sites and testing unknown sites before allowing users to link to them, helping with compliance. It is available models S690, S390, and S190.
N/A
Sophos Cloud Web Gateway (discontinued)
Score 7.0 out of 10
N/A
Sophos Cloud Web Gateway has been discontinued since 30 June 2020.
McAfee Web Gateway can be much more expensive, we tested it and it really is excellent in the usefulness it offers; however, the team did not adapt very well to how expensive the tool can be. On the other hand, Cisco Secure Web Appliance offers much more comfortable payment …
At home I have a McAfee service that does similar tasks and helps manage the users of my internet. McAfee seems more user friendly and easier to set exceptions.
Cisco Web Security Appliance (WSA) is a potent tool. When it comes to handling emails and links from blacklisted IP, Cisco Web Security Appliance (WSA) does a better job. However, considering the price to performance ratio, Mimecast is way ahead of Cisco Web Security Appliance …
Considering we're with Cisco IronPort Web Security Appliances for the last 9 years, as I stated, we don't have too much experience with other producs. What I can say is that in the past, we evaluated Websense before it became Forcepoint and we also used MS ISA Server for …
We previously used BlueCoat ProxySG appliances. The system worked well overall, but the hardware, licensing, and support costs were just too high to continue using the product. The hardware costs, in particular, were unacceptable. It was relatively easy to convert our …
Websense has more resources devoted to categorizing the internet. The product is one of the best and most expensive. The Cisco WSA isn't as experienced, but is also significantly cheaper. Its an active product line getting investment and improvements. It is worth a look. …
Cisco IronPort was the most flexible and easy to deploy. The use of a central manager even simplifies the process even further. Maintenance is seemeless and upgrades go well without having to install constant hotfixes.
We used several other products (evaluation and production) in the past and are testing some of them now. According to my experience I can say that Cisco IronPort Web Security Appliance has a lot of positive moments. It doesn't mean that other products worse or do not have such …
I had experience in the past with Barracuda and WatchGuard. Barracuda was fine, although I found it harder to configure and administrate. Less intuitive, but possibly more robust. WatchGuard was a nightmare, it either blocked too many things or not enough, and the rules were …
Sophos Secure Web Gateway has flexible pricing and deployment options. It offers a huge range of categorization options and they also pull web categorization info from other services.
Based on the platforms I have evaluated, I think the WSA is a great fit for any organization that needs a proxy server that provides control over what web sites are accessed or when they can be accessed. I think it is probably overkill if you simply need a proxy server for bandwidth savings or because you need to proxy general Internet access without extensive filtering needs.
Sophos Secure Web Gateway works perfectly for any SMB/Enterprise environment where the IT Admin wants to control the internet. With that said, I can not think of an organization that doesn't need to control or audit the usage of their internet.
It does a great job of filtering emails based on IP reputation. This feature works particularly very well. Cisco has a vast database of IP reputation scores and therefore offers very few false positives and negatives.
It checks each email thoroughly without any compromise of privacy. Any malicious link present in the body of the email makes its way to the quarantine. The IP reputation scores also help in this case.
Administrator Permissions: There's not enough granularity on the administrative side. We ran into an issue where we wanted to restrict junior admins from being able to see traffic per user. But in doing so, it also prevented them from adusting some other settings they had to have access to, like setting exceptions for sites.
CA Database: I occasionally run into issues where the list of certificate authorities in the appliance is not up to date, and I have to manually add a CA. These aren't rare, never-heard-of authorities, either, but they are usually subsidiaries of one of the major ones.
Feedback: Sometimes it takes some good detective skills to track down why a legitimate site isn't working. It's often because of content hosted elsewhere (images, for example), but the reports aren't always clear as to what actually gets blocked. It takes some trial and error sometimes to unblock something that should be okay for our business.
Because it's one of those products you almost don't realize it exists from the end user. From the administrator perspective, you can do everything on its web interface and it's very intuitive to manage, once you know the concepts behind identities, acls, etc. Also, once you build the control structure, I mean, you link 'local' groups with your own Active Directory groups, as we did here, you don't need to be managing those things on the appliance itself.
Our experience with Cisco's support was terrible. Other than the fact that they don't respond to service-related emails with urgency, they also keep on changing the policies that affected us. Recently, they came up with a new look for the same software, which was insanely slow. Renewal of keys for the old interface took months. Overall, the support was not very friendly from the users' point of view.
Considering we're with Cisco IronPort Web Security Appliances for the last 9 years, as I stated, we don't have too much experience with other producs. What I can say is that in the past, we evaluated Websense before it became Forcepoint and we also used MS ISA Server for webfilter. As you may imagine, IronPort is a very very superior product.
I had experience in the past with Barracuda and WatchGuard. Barracuda was fine, although I found it harder to configure and administrate. Less intuitive, but possibly more robust. WatchGuard was a nightmare, it either blocked too many things or not enough, and the rules were too complex. I would pick Sophos over either of these, both for ease of use, and for cost.
Having a much safer work system has given us the guarantee and security of always staying out of danger.
The prevention system is important for us and always keeping our devices, web and emails free of any malicious agent has allowed us an excellent workflow, without distractions or inconvenience in the development of projects.
Thanks to the fact that we have kept our work system safe, we have saved ourselves a lot of inconvenience, time spent, avoiding equipment damage, payments to solve problems, among many other problems that thanks to Cisco Secure Web Appliance we have been able to solve.
We have not had a single instance of malware since installing Web Gateway. We have other ways to prevent infections and attacks, of course, so this is just one tool in the box, but we had a handful before this from people visiting sites they should not have. Web Gateway has prevented those, at least.
There was some pushback initially as users had to deal with some business sites not working (usually due to CA problems). After the initial growing pains, however, we've seen very few other problems.
The appliance updates itself, in the middle of the night, so that reduces some overhead and planned downtime.