J003-Content-WebMonitor2015R2_SQA new release for GFI WebMonitor is available today so we caught up with Calin Ghibu, product manager, to learn more about the release and what makes this update truly special.

1. What is exciting for businesses in this release?

I am very excited about this release because we have taken the intelligent web activity-monitoring feature in GFI WebMonitor to the next level. While the product does great in accurately reporting on how the Internet is being used company-wide, we believe that in order to further simplify IT admins’ lives, we need to help them understand the context around the data delivered by the product. This is why we introduced WebInsights; a new analytics engine that performs behavioral analysis for the entire web activity and then puts a historical context around three main areas of interest: bandwidth consumption, security concerns and potential productivity loss areas.

2. This means it would be unfair to classify WebInsights as a reporting tool. Can you explain why?

WebInsights is definitely not a reporting tool. It performs two main functions. The data analytics engine uses a series of averages calculated using historical data to define what is “normal” for a specific environment in terms of bandwidth, security and productivity loss. WebInsights also has a new selection of interactive dashboards that present the results of the analytics engine in conjunction with the current web activity monitoring parameters. The great thing about these dashboards, and a key differentiator, is that they are interactive. IT admins may choose the analytics parameters in order to see where they stand on an hourly, daily, weekly or monthly basis when compared to the “normal trend”. WebInsights allows the admin to create a baseline against which future comparisons are made. At the same time, the dashboards give you the ability to drill-down, allowing IT admins to interact with the graphs and learn more about particular points of interest without generating reports or manually filtering the data.

3. What are the benefits of having access to such data in near real time?

The main benefit of WebInights, and what makes it a key differentiator from competitors’ products, is the ability to understand what the numbers mean and in turn, help the sysadmin decide what action to take. In the past IT admins could see certain values for bandwidth consumption or security concerns but these figures were not analyzed in a historical context. If they had to do so manually, they would not know if numbers are normal or abnormal, and more importantly, if the numbers are a sign that they need to take action. Here is a simple example:

Without WebInsights (how competitors’ software reports on data):

Today you have consumed 35 GB of bandwidth and there were 12 security concerns identified by the product (as blocked access to malicious websites or infected downloads).

An IT admin would not know if this activity is normal for his environment and would have to look through significant volumes of data in order to notice if something is wrong and some action is required.

With WebInsights:

Today you have consumed 35 GB of data and there were 12 security concerns identified. You are 20% below (or above) your daily (or hourly/weekly/monthly) average, here are the peak hours (or days/weeks) and the top contributing users.

Equipped with such information, an IT admin knows immediately where he stands from the point of view of web activity. If the current data reads above (or close to) normal, he immediately sees the peak periods and top users contributing to current status. The IT admin can also take this further and drill down by period or user in order to identify specifics that led to the situation at hand. All this with just a few clicks. Based on this information, the IT admin can then take immediate action and further restrict access to certain websites or adjust quotas for certain users. This way, the situation is addressed and web activity returns to normal. Same goes for the security concerns. Having the ability to identify periods and users generating peak security concerns is critical in order to identify potentially compromised computers. If you normally have 50 malicious websites blocked per day, and 20 attempts to download infected files, you would need to be alerted if half way through the day, 500 malicious URLs were blocked and 200 infected files were detected. Peaks in security-related activity are usually generated by malware penetrating defenses and running at endpoint level, or by malicious users operating the endpoints. The ability to identify immediately those users and/or computers generating peaks is very important when the admin needs to mitigate and address security risks.

4. Are there other new features?

Yes, this new release comes with significant improvements particularly when it comes to the accuracy and performance of our HTTPS inspection technology. With more than 65% of websites already using HTTPS, the ability to maintain functionality and scalability when dealing with HTTPS websites is very important. Products which do not perform HTTPS inspection accurately cannot cover for 65% of web activity. At the same time, we improved the way policy exceptions are being handled in the product. In previous versions, if a user believed he was erroneously prevented from accessing a website, or if he or she needed exceptional access to a certain web resource, the only way to request it was by calling or emailing the IT admin. With this release, we have included functionality to request access to websites via a button in the blocking page being served to a user when he or she is prevented from accessing a web resource. Users can now request access with a single click and this action will fire an alert in the notification center of the main console. The IT admin can then see the request in real time, as well as the website requested. Like that, (and with a single click) access is granted or denied for a configurable period without having to edit policies manually.

5. What can we expect in future versions of GFI WebMonitor?

We have already started working on delivering a web filtering and security functionality as a transparent proxy, with major benefits in terms of ease of use. We will also be enhancing the product’s intelligence to enable GEO IP-based filtering use cases: i.e. block requests to websites hosted in certain countries and deliver insights into which are the counties “visited” by the users. Next, we will be expanding on our application control abilities and handle applications connecting to the internet on any port or protocol, not just HTTP/HTTPS, with major benefits for DLP, security and productivity use cases.

For more information about GFI WebMonitor or to try the latest version free for 30 days click here.