Tuesday, April 18, 2017

Web Protection Part 3: Deployment, Reports, and Usage

In part one of this series on Web Protection, you had a discussion with a client or potential client about implementing Web Protection. In part two, we covered setting up a demonstration policy and implemented it on a single device to begin collecting data for analysis. Now that you have had a few weeks to let Web Protection analyze the network traffic on your client's endpoint, the time has come to show the results of what type of information has been passing through this device. Bear in mind that while Web Protection has been deployed, it has been collecting and analyzing data. This data is available through the various reports within the MSP Remote Monitoring and Management Cloud Dashboard (MSP RMM Cloud). In the future, note that you can provide feedback on multiple levels. For the sake of this initial demonstration, you will only have tracking information for a single device.

Working with Reports

Within the southern panel of the Dashboard, you have a Web tab. Here, you can view the breakdown of the Day:

You can also view the breakdown based on the Website:

And you can view the breakdown based on the Category:

As you move through these sections, you should note that there is an "Actions" menu. This menu allows for additional functions within the tab. It also allows for the ability to export the information into CSV format for any report building that you would like.

In addition to this CSV export option, the Web Protection has additional reports available within the Reports section. To access the Overview, simply navigate to the following location within the MSP RMM Cloud Dashboard:
  1. Reports
  2. Web Protection 
  3. Overview Report

Once selected, you will select the Client, Site, and Relevant Device. Please note that in the future, you can select just a client and run the report against the whole client. Similar with sites. 

From the Summary, you can view how active the device was during the demonstration period. 

You can view the most visited Categories and websites. Looks like this user has been streaming video while working. 

Under the Web Security section, you can view a breakdown of Blocked Requests. The following screenshot illustrates an active device where some blocking is enabled. This illustrates the effectiveness of the Web Protection with even a small handful of categories turned on. 

The report continues on to cover Web Bandwidth and covers a complete breakdown of the information that you are capturing for the client. Once this information has been collected, it is much easier to present to the client. You are now able to highlight areas that they may not have been aware of. This also serves as a great tool to provide insight into end-user behavior. 

Deploying Web Protection to your Client

Once you and the client have reviewed the reports and discussed their needs, it is time to generate a full Web Protection policy. Reference last week's article on how to setup a new policy and items to check for <here>.

Deploying the Web Protection to all of the client's devices is fairly straightforward. Simply go to Settings> Web Protection > Settings.

Once loaded, Adjust your client as needed. Please note that you may need to do both Servers and Workstations to maintain consistency.


Change the Drop Down from "Use Policy" to "On" and specify the intended Web Protection Policy.

When you have all of the settings adjusted, click OK to save the changes and begin the Web Protection deployment.

Tips and Tricks for Using Web Protection

Perhaps one of the more common issues that have been seen is with intranet locations and network attached printers. These can get blocked with Web Protection if you choose to block Private IP addresses within the Category Filter.

Another issue that may appear is when blocking Unknown. This is not always that the website is unknown, but rather that the BrightCloud service is unavailable to provide a response on the category of the website. It can also mean that the website is too new to have been categorized. Lastly, it can also mean that the IP address information for the server may not yet match records for that domain. Given the numerous online services, new Server's and Cluster's go up all the time to meet growing demand. When new IP addresses are identified in the BrightCloud system, they may take some time before being updated, associated, and listed correctly.

Web Protection has been known to help prevent Cryptolocker and some variants as a part of a layered security approach. Under the right circumstances, it blocks the download of the TOR browser that the Crypto variants use to download their encryption engine. While good to note with the client, it should be stressed that this was a part of a layered system, where there was Managed Antivirus - BitDefender and Backup and Recovery on a device as well.


In closing, Web Protection is a great feature with many great enhancements that you can offer to your clients. You are now ready to have the conversation, meet the client's needs, and provide accurate information with regards to their bandwidth usage.

For tips on starting the conversation, please reference the article from a couple of weeks ago, found here.
For information regarding how to setup a demonstration policy, please reference last week's article, found here.