When it works, it works. I like the AD integration, allowing the use of profiles to create pseudo ACL's to the web based on filtering preferences. On the Go agent is an extremely awesome feature. Employees would just take work assets home and bypass the web filter, but the OTG Agent stops this as it takes over DNS wherever the device goes and applies the filtering rules. ]
The cloud aspect is nice being able to log into the system from anywhere to provide assistance is tantamount to SLA's
1. Inability to filter by IP address as well as AD
2. more intuitive tools, like the test feature, it would be nice to be able to select the profile you'd like to test against instead of having to use the ip address of the user (but you can't filter by IP so this seems broken to me)
3.WMI/RPC needs to be running for this system to function properly - this does open security concerns in a production environment some people may be unaware of.
4. whitelisting websites is tedious and labor intensive, if you have multiple profiles and need to whitelist a site, say company wide (which involves multiple profiles), it needs to be added to each one individually. It would be nice if you could select all the profiles to apply a URL to when whitelisting.
5. Mass imports for whitelists overwrites the entire profile instead of the delta - - EXTREMELY ANNOYING
6. Only a single login for the cloud portal - not conducive to a strong CSF when they're multiple techs who need access to the platform
SECURITY, this is the main problem. Most Cybersecurity incidents happen from the inside, meaning someone goes somewhere they shouldn't and downloads something nefarious.