M86 Security's real-time web security solution is intended to provide zero-hour protection against known and unknown web attacks, without dependence on signature-based patches or updates. M86 uses its own patented Real-time Code Analysis (RTCA) behavior inspection technology to scan data at the gateway for operations, parameters, script manipulations and other exploitations for a given piece of content, determining whether a piece of active content will potentially perform a malicious action when loaded onto the browser. The product will remove malicious content for compromised sites and can provide a repaired page to the user through its Dynamic Web Repair technology.
The tool came to us as an appliance with M86 Security's software running on an IBM server platform. The device required us to Secure Shell (SSH) into the interface and run through a command line-based initial setup but, after configuring the basic network details, we were able to perform the rest of the setup using the web-based interface. The system is designed to deliver web security via behavior blocking.
The user interface provided an attractive graphical display of information. Configuring and maneuvering the interface was a bit clunky. Menu choices opened in new windows so it made it tough to move around selections. The reporting engine was a business intelligence-like tool providing default templates with the ability to add columns and filters for specific needs. There are compliance report templates that would be useful for audit purposes. The scanning features are easy to use and very flexible. You can set up email alerting on a handful of canned event types.
The Secure Web Gateway appliance with basic reporting starts at $4,980, plus $9.38 per user for a subscription license for 10,000-plus users for one year, including one-year standard support.