The customer, one of the fastest-growing providers of UTM solutions, wanted to introduce a premium web filtering offering to provide product differentiation and increase revenue. Additionally, the customer required a simple integration of a lightweight SDK with its UTM offering.
Profile
Fast-growing Unified Threat Management (UTM) vendor with thousands of new installations each month (“UTM Vendor”)
Industry
Internet Gateway Security
Deployment Requirement
On-disk integration on Linux-based appliances deployed at customer locations around the world
“We tested the top vendors and zvelo performed extremely well – it was very easy to evaluate, simple to integrate and the lightweight SDK was ideal for our deployment.”
– CTO, UTM Vendor
The Problem
The UTM Vendor was experiencing considerable growth with installations of its UTM offering, however, it identified the need to increase product differentiation in a crowded market segment, as well as increase the average annual revenue for each installation. The UTM Vendor had provided a free, open source-based web filtering offering, and therefore, had the necessary “front end” GUI, policy management, reporting and other features required for a competitive web filtering solution, but had considerable user dissatisfaction due to the poor quality, high false positive rate, poor coverage and lack of real-time categorization of new websites of the open source URL database that was being used by the UTM Vendor.
Additionally, the inferior web filtering offering was contributing to a poor perception of the overall UTM product in product reviews and amongst the reseller channel. The UTM Vendor identified the following areas of its web filtering offering that needed to be addressed:
- High false positive rate – the existing open source URL database suffered from extremely high (over 40%) miscat rates across the database, including some of the most popular websites. This created significant customer support workload for the UTM Vendor’s staff, which raised costs and damaged the reputation of the UTM Vendor and its UTM product. Further, changes to the miscategorized URLs in the open source database often took days or weeks to correct.
- Lack of international language/website coverage – the existing open source data base lacked coverage for languages and websites in key international markets served by the UTM Vendor, including top markets in Europe, Asia, the Middle East and Latin America. This shortcoming precluded sales in many situations in these markets, particularly for customers who took the time to evaluate the UTM product.
- Real-time categorization of new websites – the existing solution had no ability to perform any type of real-time categorization of new websites, which further exacerbated the coverage issue.
- Detection and coverage for malicious websites – the existing solution completely lacked any type of detection or coverage for malicious websites, meaning the UTM product would not meet the requirement of any organization that required protection for their users from accessing malicious websites.
The UTM Vendor was convinced it needed to find a new URL database to address the weaknesses identified with its existing offering.
“We had developed a great web filtering application with excellent reporting. However, the open source URL database was really hurting us in the marketplace and we recognized the need to implement a URL database with the coverage, accuracy, and malicious website detection capabilities we required to be recognized as a superior UTM technical solution and to support the growth in revenue we envisioned from the installation base.”
– Chief Technology Officer, UTM Vendor
The Solution
With the decision made to integrate a new URL database, the UTM Vendor began a review and evaluation process of the leading vendors. The evaluation criteria included:
- Coverage & Accuracy – an evaluation of the respective vendors’ URL database coverage and accuracy for over 5,000 URLs randomly selected from the Alexa™ top 100,000 list, as well as an additional evaluation that emphasized porn, phishing, and gambling coverage and accuracy.
- Real-time Categorization Speed for New URLs – an evaluation was conducted by submitted new URLs to determine the speed at which new URLs were categorized and added to the URL database. One particular test was the evaluation of the speed for categorizing ActiveWeb* sites that users visited that were not in the URL database of the vendor. This process tested both response times and coverage for these websites.
- Malicious Website Detection – an evaluation of the vendors’ coverage and detection abilities of malicious websites was performed, using feeds from several sources including Phishtank™ (for phishing and fraud websites) and a range of internal/external sources for websites identified as hosting spyware, malware or other threats.
- Response Time to Handle Miscats – because false positives were so prevalent and such a big expense for the UTM Vendor, an evaluation was conducted by submitting miscategorized URLs to determine the time it took the vendor to research and correct a miscategorized URL
- SDK Option and Ease of Integration – the vendors were asked to prepare SDKs for the Linux Debian environment utilized by the UTM Vendor, with the evaluation focusing on ease of integration as well as impact/load on the UTM ‘s performance
The evaluation process took nearly two months to complete, however, deciding the URL database partner of choice was easy once the tests were completed, as zvelo was the clear winner and the zveloDB® was selected to be the basis for the premium web filtering offering on the UTM product.
“There were so many things that impressed us with the zveloDB offering. The coverage, accuracy, real-time categorization of the ActiveWeb, as well as lightweight and easy-to implement SDK were ideal for our channel and their customers. It made the zvelo choice very easy.”
– Chief Technology Officer, UTM Vendor
Following the evaluation, in less than a month the UTM Vendor completed the integration of the zveloDB SDK with real-time lookups to zveloNET®, enabling real-time automated categorization of new ActiveWeb sites.
UTM Vendor’s Web Filtering in Action
The UTM Vendor introduced the zveloDB-based offering as the premium web filtering alternative on its UTM product and saw an immediate jump in subscriptions.
Once subscribed, the customer’s IT personnel (or the customer’s reseller) can quickly configure the acceptable use policies and users on the UTM’s network can begin web surfing and Internet use as normal. When the user accesses a website, the URL is directed to the UTM product running the Web Filtering application.
For example, if a user requests access to www.existingwebsite.com, the URL is then directed to the Web Filtering application, which queries the zveloDB through via the zveloDB SDK. The zveloDB SDK performs a fast lookup in the following order:
- First – the “Custom” database.
- Second – the zveloDB.
- Third – the zveloNET Cache database, followed by a query to the zveloNET Master Database (at the zveloNET “cloud”).
If www.existingwebsite.com is found in any of these databases, the category value(s) are returned to the Web Filtering application and the Web Filtering application uses the acceptable use policies for the particular user to block or allow access to the requested website.
If, however, the user requests access to www.newwebsite.com, and the URL is not found in the above-mentioned query process, the URL is immediately processed by the zveloNET real-time AutoCat systems to determine the appropriate category (up to 5 categories) and to identify if the website is infected, compromised or contains any type of threat. The www.newwebsite.com URL and its categories are then added to the zveloNET Master Database and available for any subsequent queries from any zvelo customer. If any other user for any customer then requests access to the www.newwebsite.com, it is then found in the query and the URL and its category values are downloaded to the zveloNET Cache database, making for even faster lookup speed.
zveloNET’s ability to harness the collective web activity of all of the users of zvelo customers provides the basis for the extremely high coverage of the ActiveWeb and malicious websites. Each additional user increases the breadth of ActiveWeb sites visited and categorized, thereby further increasing the coverage and malicious website detection for all of the collective users.
Ease of Integration
A key consideration and evaluation criteria for the UTM Vendor was ease of integration. With the zveloDB® SDK, the integration is simple and straightforward. zvelo offers a range of options for the zveloDB SDK, including multiple versions of Linux, UNIX and Windows, and was able to quickly deliver the specific Linux Debian version required by the UTM Vendor. With only a few API calls to develop and test, the resulting zveloDB SDK integration was simple and completed in less than a month.
“The zvelo SDK integration couldn’t have been simpler. zvelo’s SDK had the flexibility to meet the specific requirements of our Linux Debian operating environment and the lightweight design was ideal for our UTM offering with virtually no impact on the load or performance of the system.”
– Chief Technology Officer, UTM Vendor
Benefits of zveloDB
The zveloDB’s 99.99% coverage of the ActiveWeb sites visited by users, combined with zveloNET’s real-time AutoCategorization for new websites, provided excellent website coverage for the UTM Vendor’s global users and seamless policy management for the user’s web surfing, while zvelo malicious website detection capabilities provided zero-hour protection against compromised, infected, phishing and other web threats. The zveloDB SDK was tailored for easy integration with the Linux Debian operating environment, as well as an API to automate end-user submissions of any miscats for immediate research and response by zvelo’s quality assurance team of Web Analysts, eliminating the customer support costs for the UTM Vendor.
The Results
The UTM Vendor experienced immediate success with the introduction of its premium Web Filtering offering. Further, feedback from the channel has confirmed a considerable degree of product differentiation over the free open source-based offering, as well as producing increased revenue per installation. Additionally, with expanded coverage for international markets, the UTM Vendor has been able to engage international channel partners for evaluations and sales opportunities.
“zvelo had done a superior job of combining excellent technology and business responsiveness. We have worked with zvelo on the integration, the launch, and ongoing sales support and training and we can only hope all of our future partnerships work out as well as zvelo.”
– CEO, UTM Vendor
*ActiveWeb – those websites visited by actual users.
