Software as a Service (SaaS) is catching on, but it isn't a universal no-brainer. With each technology step change, suppliers adapt existing products, but this SaaS is purpose designed and uncompromised. Its current version is unusually not important, as users benefit immediately from new releases, centrally delivered by Webroot.

The end-user perspective is reassuringly transparent. The Administrator uses a well appointed Web-Based Management Portal, providing information defined by one of ten main service tabs including, Dashboard, Profile, Admin, Policies, Logs, Reports and Monitors. This service arrives comprehensively configured but administrators can configure their use of the service on a broad spectrum, from liberal without intervention to positively paranoid. Configurations can be applied individually, globally, or to groups, underlining its flexibility. With no hardware to configure or software to install, you pay your money and get your service. There's no internet configuration, as the service acts as a Proxy with every single piece of traffic captured, preventing infected devices from calling home.

A pie chart on the dashboard shows activity levels against selected criteria, such as Blocked site access requests; a good overview. Some tabs, like Accounts, present other options, including a Blocked Access page to advise affected users. Quite important really as it prevents helpdesk calls.

A large number of Web Security products leave devices exposed when away from the network. While it is not an alternative to Desktop protection, the Desktop Web Proxy

extends Webroot protection for its users creating internet connections away from the office; if required, recording and reporting associated data and pushing new use polices from the console. With monitoring and data collection occurring in real time (not always a given) administrators stay in control, especially when gathering forensic information.

Acceptable Use Policy (AUP) can be applied either to Block or Coach User access. The Coach option is highly attractive as it both protects and ultimately changes user behaviour in favour of AUP. Uploading company documents to a web site is not typically approved in AUP. This could be an example of a blocked activity that is managed by exception. However, when it is necessary to apply exceptions, the changes must propagate rapidly, and they do.

The service is built around three modules, Malware Protection, Access Control/URL Filtering and Content Control. Organisations serious about protection will want all three, but may deploy in sequence. Licensed by physical user, some organisations may choose to provide administrator access outside of IT, for example to an HR manager. Restrictions allow a role-appropriate view to be configured for each administrator, to control access.

This service is far more than a layer of protection. Compliance, employee and corporate protection are central. Data is by default retained for 365 days. If required as in the case of litigation, it can be retained longer by exporting it into CSV and freezing it within the service.

Latency could be a concern, but Webroot

have given this much thought. Testing shows content caching does not materially reduce latency, but that browser compression generally speeds up internet access and their service forces this browser feature, though it was not tested by us.

The features continue. Risk/Fraud/Crime uses a comprehensive range of categories and sub-categories to protect users from sites, not just by URL but by content type. With so-called zero-day URLs becoming more common, this is very useful. Blocking Web ads is generally welcomed, and Webroot do it with panache. Instead of leaving an ugly box with a red cross the service removes all traces, ruling out any chance of investigation by inquisitive staff.

This Service does everything you would expect and more. It is reassuring to see suppliers thinking outside of the technology box and creating a business tool. The service doesn't have to be applied in an overbearing way, perhaps allowing measured access to sites like Facebook. The capability of this service will challenge organisations to think again about its protection. CS

Supplier: Webroot
Product: Web Security Service
Web site:www.webroot.co.uk
Telephone: +44 870 141 7070
Email:review-EEMEA@webroot.com