These are a bit of a mish-mash of different applications, many of which could be caught by simple URL filtering. However, the idea behind application visibility appears to go beyond the simple block/allow/warn of URL filtering, and get more specific in the controls.
For example, Facebook is broken down into 15 subcategories, such as "Facebook Applications: Games" and "Facebook Applications: Education," which would allow you to differentiate different types of Facebook usage, blocking those you don't allow. In our testing, the S-Series was able to differentiate different types of Facebook usage and blocked access accordingly. In fact, Facebook is one of the most sophisticated sets of controls. For example, you can block all Facebook Events, or you could just block posting of events but allow "Like" of events. In LinkedIn's controls, you can block the employment section separately from the messaging section, or you can block job searches separately from job postings.
In our testing, the IronPort S-Series did exactly what it said it would — identify applications and apply application controls, including bandwidth limits, as a Web proxy. However, it's clear that for this to work, you need a proper configuration.
For example, now that many Facebook users are selecting to encrypt their sessions, you must use the sanctioned man-in-the-middle to decrypt the SSL, or there's no possibility of applying fine-grained application controls. Similarly, if you want to control BitTorrent, you must force the traffic through the proxy by blocking VPN users who try and go around the proxy.
Overall, the Web security options within Cisco's Secure Mobility Solution give network managers enough choices to provide strong policy enforcement for end users no matter where they are.
Sign up for Computerworld eNewsletters.