Secure Web Gateway & APT

Where we fit

The iboss Secure Web Gateway Platform combines next-gen Web Security with patented APT defense to detect evasive infections faster, contain data and reduce loss. iboss patented technology integrates seamlessly in any network scenario to upgrade your current Secure Web Gateway, and/or easily integrate iboss FireSphere APT Defense with any security solution you are using now, to increase your security posture and lower TCO.

Read about the iboss Secure Web Gateway Platform

Web Filtering and Regulatory Compliance

iboss offers comprehensive, content-aware Web Filtering and Security features that protect your network from advanced threats, while enabling granular control over Web access. Leveraging total port visibility, and stream-based, inline technology, iboss enforces corporate AUP and regulatory compliance requirements, while protecting the network from advanced threats in real time.

  • Comprehensive Dynamic URL Database continuously updated
  • Zero-day threat protection with Kaspersky signature and heuristic databases
  • Add advanced threat protection with FireSphere APT Defense

Granular controls allow you to configure your policies to fit your organization’s requirements:

Social Media: iboss content-aware flexibility means you can allow business-critical Internet tools, without having to blocksites completely. For instance, restrict parts of a site, such as allowing access to Facebook, but restricting posting.

Port Access Management – iboss enables you to restrict ports or open them based on local or directory group memberships so you can give access when needed.

Keyword Filtering – iboss keyword defense provides keyword lists that are included and custom lists you can import. Triggers can be set to immediately email administrators upon detection of high risk or suspicious words.

Domain and File Extension Restrictions – iboss gives you the ability to block access by domain extension, based on directory or local-group membership which prevents accidental downloading of damaging threats, while ensuring that valid file extensions continue to function.

SafeSearch Enforcement – This features applies strict safe search enforcement on Google, Bing and Yahoo search engines, including image searching.

Google Services Support – Services such as Google Images and Translation are cached, so organizations must rely on Google SafeSearch, forcing some of them to restrict access completely. iboss technology solves this problem by scanning content, applying your AUP and stripping restricted content directly from the search results, which SafeSearch can’t provide.

Read how iboss Behavioral Sandboxing increases protection against signaturaless threats

Distributed Behavioral Sandboxing

Defending against today’s advanced persistent threats and targeted attacks requires technology that goes beyond signature-based technology, That’s why sandboxing has emerged as a vital layer of security that enhances the preventive capabilities of Secure Web Gateway solutions. Sandboxing works by establishing a virtual machine environment where suspicious files can be executed in isolation and their behavior analyzed to determine whether a threat exists or not.iboss Behavioral Sandboxing uses a combination of rules and heuristics to determine whether or not a file signifies a threat and then analyzes the files it deems suspicious, providing forensic details about the behaviors and context of the threat its analysis reveals. It can be deployed as a pure-cloud, multi-tenant solution, an on-premises solution, or in a hybrid configuration. It offers both automatic and manual deposit of suspicious files and in direct-to-cloud configuration, it can support multiple sandbox instances without causing latency or bottlenecks.

Key Features of iboss Sandboxing Include:

  • Auto-Deposit: When activated, it automatically intercepts suspicious file downloads on the network and deposits them in the sandbox
  • Distributed Sandboxing: Provides multi-tenant, cloud-based deployment that’s automatically load-balanced allowing multiple instances of a sandbox to run on one network, without causing latency
  • User-based Configuration: Users can configure their own custom virtual machines (VMs) to see how a file behaves in multiple environments, for instance WinXP, Win7, etc.
  • Reporting Integration: It is integrated with the iboss Threat and Event Console to deliver detailed analysis and alerts instantly
  • Deployment Options: Extremely flexible configuration options including on-premises, pure cloud or hybrid (some functions in the cloud and some on-prem) deployments.
  • Manual Deposit: This feature that allows users to deposit files to the sandbox manually
  • Admin panel: Programmatically spins sandbox instances (virtual machines) up and down and provides access to the sandbox via remote desktop (RDP) to observe malware live and in action
  • Admin tools: Enables users to customize forensic analysis conducted in the sandbox
  • Scalability: Cloud configuration ensures infinite scalability