Through a management interface, the company built its rule set by checking off what groups would face what restrictions by checking boxes to enable certain categories of filters. And the interface allows inclusion of exceptions. "You may not want to enable a particular category, but you may need to enable certain URLs within that category."
The service includes access to records of what sites what users have attempted to access and deliver that data within a minute of the attempt, he says. The service can turn this data into reports for department managers who want to know what sites are being hit and what attempts are being made, he says.
In addition to outbound screening, the service checks inbound traffic for viruses, spyware and other malware. For example, Lanco can define whether it wants the service to block attachments coming in or going out. Remote workers outside of corporate facilities used only desktop security software. "We needed an enterprise solution," he says. The company has about 40 locations.
Lanco has a proxy server at its headquarters site that diverts Internet-bound traffic from the corporate LAN, WAN and VPN to Zscaler's proxy site at distributed Zscaler data centers. Individual workers accessing the Internet from hotels or other non-corporate locations have a browser setting that directs their traffic directly to the nearest Zscaler data center, says Jason Morris, Lanco's technical support operations supervisor.
Lanco says the URL blocking has freed up bandwidth, but can't say how much. But based on log searches, historically workers went to sites that are now filtered, so based on that, Wasowski concludes that bandwidth has been freed up for productive traffic. The company hasn't discovered a hard return on investment for the service, but "we knew we had to do something to protect our environment," Wasowski says.