Reining in the Web
Product reviews: Three solutions for monitoring and filtering employees' Internet activities
- By Maggie Biggs
- Feb 03, 2002
It's 10 a.m. on Tuesday. Do you know what your staffers are doing? If your agency is like nearly any private-sector firm or academic institution, a large number of your employees are likely surfing the Web, sending personal e-mail, transferring files, or doing other Internet activity that is not work-related.
Although on the surface you might think this is no big deal, such Internet activity annually costs agencies and departments significant productivity — and with it, money. In addition, unmonitored Internet activity can increase security risks and legal liability. Also, network bandwidth needed for office business is diminished without proper activity monitoring.
Many information technology executives are hesitant to deploy Internet monitoring or filtering tools, because of criticism of these solutions as Big Brother tactics. However, the network and computing equipment that employees use belongs to their employers, and many organizations believe they have the right to control employees' Internet usage.
For agencies that deal with sensitive information, a complete lockdown of Web activity may well be warranted to prevent leaks of secure data. For other agencies, reasonable limits on end-user activity may be the best solution.
The best thing IT managers can do is to define an Internet use policy (IUP) that clearly differentiates between acceptable and inappropriate Internet activity. The IUP may differ substantially from one agency to another.
For example, one agency might want to allow workers 30 minutes per day — presumably during the lunch hour — to view news headlines or visit educational sites. On the other hand, some agencies may want to block users from accessing personal Web-based e-mail accounts to prevent information leaks or deny access to MP3 sites to prevent large file downloads during working hours.
An IUP should be defined only after IT staff members meet with managers across the organization to make sure that all authorized activity is accounted for in the policy. Moreover, IT staff and managers need to communicate the IUP to employees before implementing the policy or installing Internet monitoring or filtering technology.
For this analysis, we selected three leading Internet monitoring and filtering solutions — Elron Software Inc.'s IM Web Inspector, SurfControl PLC's SuperScout Web Filter, and Vericept Corp.'s Vericept Pro. We found each to be highly effective at matching monitoring and/or filtering technologies against an IUP, although the solutions differ in the approaches they take.
Elron IM Web Inspector: Custom-made for Custom Work
The software-based IM Web Inspector is flexible enough to meet the IUP requirements of most agencies. It can be configured to monitor or filter activity, or to do both. IM Web Inspector offers real-time monitoring as well as a technology called SmartList, which checks content for possible IUP violations.
Of the solutions we examined, IM Web Inspector offered the most in-depth reporting and good alerting capabilities.
IM Web Inspector was remarkably easy to install and tailor to the IUP of our test network. This software-based solution supports installation on Microsoft Corp. Windows NT 4.0 with Service Pack 4 or later, or Windows 2000.
Even though IM Web Inspector cannot be installed on platforms other than Windows, such as Linux or Sun Microsystems Inc.'s Solaris (which would be nice), the solution is fully capable of monitoring, filtering and blocking activity in mixed operating system environments. For example, our test network included Solaris, Linux, Windows and Apple Computer Inc. Macintosh systems. IM Web Inspector was able to monitor and enforce our IUP across all platforms.
IM Web Inspector classifies activity via its included dictionaries. The solution provides default activity classification out of the box, including categories for FTP, Web-based e-mail, chat, instant messaging, sexually explicit material, news, sports, stock quotes and more. IT administrators can add or delete categories as needed.
Elron Software's dictionaries support SmartList, which also adds restricted activity to the dictionaries based on your IUP definition. For example, we created a dictionary for job-searching activity. As our test workers surfed various job sites, IM Web Inspector detected the site activity correctly and added it to our job-searching dictionary.
IM Web Inspector flexibly monitors in real time and can filter both sites and user activity. For example, sites may be categorized as monitored, filtered or blocked. Users can be categorized as monitored with no restrictions, monitored with restrictions, unmonitored with restrictions, or unmonitored and unrestricted. We particularly liked that we could set the default action for new user activity (e.g., a new desktop or laptop on the network) to be monitored and restricted.
One eye-opening setting in IM Web Inspector is the default SurfTime cost-per-minute setting. It can define the cost per minute for inappropriate Internet activity based on the median salary rate of the agency's employees. For example, we calculated that our cost per minute was 50 cents per minute per staff member. SurfTime also reports the percentage of working hours that users are devoting to online activity unrelated to their jobs.
Elron supports more than 100 built-in reports out of the box — some of the most comprehensive reporting in this software category. Managers can view reports based on sites, users, workstations or network bandwidth. Elron also provides grouping reports that let managers view user activity by category or view the top 10 users based on their inappropriate activities.
Agencies that want to create custom reports can do so via IM Web Inspector's browser-based Report Wizard. We were able to quickly follow the prompts to create several new reports that closely matched our IUP.
IT staff and managers can stay on top of inappropriate Web activity via IM Web Inspector's alerts. Some alerts are included out of the box, but IT staff will most likely want to use the browser-based Alert Wizard to create alerts specific to the agency. For example, we created a Simple Mail Transfer Protocol (SMTP) alert that notified managers anytime users accessed sexually explicit materials. We then triggered the alert from a workstation and successfully received an e-mail, which provided information about the incident.
Overall, we found Elron Software's IM Web Inspector to be highly effective at curbing inappropriate activity on our test network. We feel it can be customized to a fine level of detail and can therefore meet the needs of nearly any organization. The company also offers monitoring and filtering of e-mail messages via a separate product, as well as antivirus and firewall solutions.
SurfControl SuperScout: Good Package Overall
SuperScout Web Filter is a software-based Internet monitoring and filtering solution that can meet the needs of many government agencies. It provides real-time monitoring and filtering capabilities across an array of platforms.
As with Elron Software's IM Web Inspector, we had no trouble installing and configuring SuperScout to match our IUP. The solution supports Windows NT and 2000, Solaris and Linux — and also works with Check Point Software Technologies Ltd.'s FireWall-1, Novell Inc.'s BorderManager, and Microsoft's ISA and Proxy servers.
SuperScout was able to monitor activity across our mixed platforms, including Solaris, Linux and Macintosh-based systems. The solution includes a color-coded real-time monitor and tools that provide historical data.
By default, SuperScout comes with a number of pre-defined rules based on activity categories, such as audio or video file downloads. SuperScout's Rules Administrator allows IT staff to quickly create and modify rules to meet the needs of an agency's IUP.
For example, we were able to quickly create a rule that prevented our staffers from accessing job search-related sites. We also created a rule with a threshold that allowed users to access news sites during lunchtime, but not during working hours. Rules can be created that relate to Web sites, Web-based e-mail, chat, MP3 files and more.
SurfControl updates its categories daily and makes the updates available to customers. The company also offers an optional add-on called Virtual Control Agent, which performs a function similar to Elron's SmartList technology. Virtual Control Agent analyzes content and dynamically updates category listings to maintain an agency's IUP across time.
We liked the 50 built-in reports included with SuperScout Web Filter, such as ones that show the cost analysis of inappropriate activity by department or by user.
On the downside, however, although we were able to customize the existing reports, we could not find a way to create new reports.
Moreover, we had trouble accessing the Web-based reporting module remotely. We were able to access and use the Web-based reporting successfully when using Internet Explorer. However, accessing Web-based reports using other browsers, such as those from Netscape Communications Corp. and Opera Software, yielded errors and intermittent problems.
Still, SurfControl does provide report output in HTML, PDF, Microsoft Word and many other file formats. Furthermore, report creation can be set up on a scheduled basis via the built-in scheduler function. Accordingly, agencies using browsers other than Internet Explorer might want to take advantage of different output options, such as PDF, to view the reports following a scheduled report run.
Like Elron, SurfControl supports an alert system that enables IT workers to notify the appropriate managers when an activity conflicts with an agency's IUP. Administrators will need to configure the solution to work with SMTP before setting up alerts.
Overall, we were fairly pleased with SuperScout. We recommend that agencies considering this solution order it with the optional Virtual Control Agent to maximize protection and minimize administrative requirements.
However, agencies with browser compatibility concerns or those that require significant report customization options will want to carefully examine these aspects of SuperScout before buying it. SurfControl also offers an e-mail filter product for sites concerned about e-mail abuse.
Vericept Pro: A Subtle Approach
Vericept's Vericept Pro takes a markedly different approach to supporting an agency IUP. Rather than actively filtering or blocking Internet activity, the Vericept solution simply collects records of inappropriate uses and allows IT staff and agency managers to identify and deal with problems off-line.
Vericept's V1100, which is part of the Vericept Pro tool, is a Linux-based appliance configured to match an agency's IUP. The device collects network traffic of all types — e-mail, Web, instant messaging, FTP, Telnet and the like. The traffic is then analyzed by built-in linguistic and mathematical analysis functions.
Activities that match an agency's acceptable-use policy are discarded, while actions considered inappropriate based on the IUP are identified. Full copies of inappropriate activity are stored for managers to retrieve and evaluate later.
Setting up the V1100 was straight.forward. We connected a monitor and keyboard to the device and set its parameters, including IP address. Agencies can also use a laptop connection to configure the V1100.
We configured our Vericept device to automatically receive and install product updates. We also set up the SMTP configuration needed to forward IUP conflicts to the appropriate managers.
Similar to the other solutions we examined, Vericept can be highly customized to fit the needs of most agency IUPs. For example, we added and modified keywords that denoted inappropriate access to audio and video files. We also could specify users who should not be monitored.
Vericept includes built-in reporting that is available via Web browsers. We were able to view exceptions to our IUP in a color-coded format that clearly showed what users were doing. We then drilled down into the data and were able to view exactly what the user was doing and when. The V1100 had saved copies of all inappropriate activities.
We could not locate any options to create customized reports of our own. If Vericept added support for user-generated reports on the data collected, it would increase the value of the solution.
Vericept Pro correctly trapped all instances where we purposely tried to access inappropriate content. It did a good job of trapping even the sneakiest of workarounds. What's more, it accurately reported on our activity and promptly notified our manager.
The Vericept solution is not designed for agencies that want to block access to specific traffic. Instead, it assumes that you have defined an IUP and communicated it to your employees before installing the solution. With fair warning, Vericept collects the data needed to enforce an IUP in a face-to-face manner.
Choosing a Solution
All of the solutions we evaluated are well-prepared to meet the needs of agencies that want to deploy an effective IUP strategy. Choosing one over another may largely come down to your network's platforms and the approach you want to take to support your IUP.
Based on the IUP that we defined in our test environment, Elron Software's IM Web Inspector did the best overall job of meeting our needs when compared to the results we found with the other solutions. However, the way an organization defines an IUP will vary substantially depending on the dynamics of the computing environment and the work being performed.
Therefore, the best idea is to evaluate solutions hands-on after defining your organization's IUP. The solution that best matches your IUP is the best choice for your agency.
Biggs has more than 15 years of business and IT experience in the financial sector.