Standalone MES tenants and multi-tenant orgs and their tenants in MES Advanced and MES premium tiers can now consume third-party threat intelligence using an API to augment Lookout’s web content protection. Administrators and security analysts choose a third party threat intelligence feed to add business-relevant unsafe domains to their MES deny-listed content. This helps prevent threats before they become issues to be dealt with in the MES console easing the management burden on administrators. It also helps for managing content availability according to business needs. Just as important, this aligns MES with more traditional security tools, helping administrators ensure consistent protection across devices managing web security. The feature needs a supporting client version.

The threat intelligence feed has the following additional advantages:

• Allows a much larger capacity, 15 K entries per feed for advanced and 150 K entries per feed for premium, while the standard deny list managed via the console can hold up to 100 entries.
• Each standalone tenant is allowed one feed.
• Supports multi-tenancy. An org can set their own feed for all tenants under the org. Org tenants can have two feeds: the org feed and a tenant-specific feed.
• These feeds can be enabled or disabled at the device policy group level.
• You use an API to automate feed ingestion from a third party source.
• Content classification occurs in the cloud and protection from unwanted sites takes effect almost immediately because devices no longer must wait to receive config files.