Skip navigation

We are observing a shift in the web security market. The shift is a continuation from year 2000 URL Filtering + AV approach over the current web 2.0 controls towards an application centric security model.

In the application centric security model, we are no longer talking about URLs, URL categories and the like but are about applications and their features.

For example - today, admins are blocking URL categories such as chat to avoid people chatting on Facebook chat, but might also affect other 'tools' on that page or in other web pages. The application centric approach will block just that as a feature of a specific application.


While of course control is an aspect to that, the other aspect is visibility:

  • What are my users doing?
  • Do I need to be concerned about anything?
  • Is there a security issues with an application?
  • Is there a Shadow IT problem that I am not aware of but should be?


Shadow IT

Employees around the world are taking advantage of the cost-saving and productivity-building benefits that Software-as-a-Service (SaaS) cloud applications bring to their working environment, but many don’t realize that using these applications without IT security policies applied can lead to a negative impact on their business as a whole. The use of non-approved applications, often known as shadow IT, can lead to data being put at risk through unauthorized access or theft, increased opportunities for malware infection, and failed compliance in highly regulated industries.

Please make sure to visit our micro-site on shadow IT here and learn about the Shadow IT Problem:



In case you have ever asked yourselves one of the question above and have not found an answer to the problem, let me try to illustrate how you can already today very well gather answers to your questions!

With the assistance of Content Security Reporter, the Common Catalog and McAfee Web Protection, I will illustrate a possible solution scenario that will help you to get more visibility into application usage in your organizations.


For that I am assuming that Web Protection is logging the application name, which the default in the log settings. These logs are then fed to CSR, so that we can report about the data therein. In CSR, I have created new application specific dashboard based on the default queries that ship in the product.


(Screenshot of CSR Dashboards, the XML of this is also attached for ePO 5.1.0 and CSR 2.1)


Within that Dashboard you can get all information that is needed:

  • Top applications by bandwidth
  • Top applications by
    • User
    • IP Address
  • Malware Detections on Applications
  • Top Applications by Usage in Hits
  • And TOP blocked Applications


From the Dashboard you can use CSR's functionality based on the Common Catalog to simply move application names into lists, which will then be reflected on Web Protection on premise and can be synched into the cloud using McAfee's Full Web Hybrid. With this you can just get the application name into a list which is used to apply a policy enforcement, such as block, to the listed applications and their features.


With this model you have the ability to create a solution for the main 3 pillars of a web application centric policy, which are:

  • Application Discovery
  • Application Reporting
  • Application Control


all from a single pane of glass through CSR.


If you have further questions and comments, please send a PM through our community system.

While SKYPE is an extremely convenient, productive and useful tool, it creates some headache with administrators using Secure Web Gateways.

Our colleague Jeff Ebeling has created a great new article on that topic: How Do I Selectively Control Skype with McAfee Web Protection?

Today we released McAfee Web Gateway as new main version for the product.


This is a great miles stone as this is the 1st release that includes

  • Full support for McAfee Advanced Threat Defense
  • McAfee Web Protection Full hybrid
  • Identity Federation as a new pillar of web security


Jon details out nicely what a new main version means, please read: It's that time of year! A new main release is coming...


Release Note are available from the CSP

or the KC: McAfee KnowledgeBase - Web Gateway Release Notes

Onze vrienden van DearBytes hebben een Nederlands taalpakket gemaakt

Dutch language pack for McAfee Web Gateway 7 - DearBytes


Thanks guys for that great work!


This is a great example how partnership can work! If you have any cool solution around Web Gateway that you created and want us to speak about that, send me a message!




Filter Blog

By date:
By tag: