Proxy Server Software (ISA Piggyback) Recommendations

["Shawn A. Corrello" <shawnc () legolas sinnerz us>]

I'm asking for some guidance, suggestions, or recommendations regarding 
ISA based proxy server software. Here is my situation:

My company currently uses two proxy server for all user's web access. We 
have ~750 users going through each server. Each server is running 
Microsoft ISA 2006 installed on top of Windows Server 2003. We currently 
use an ISA piggyback application named Chaperon, by Cornerpost software, 
to apply default content filtering rules and to write our ISA content 
filtering rules and violation notifications.

We're considering upgrading to a more robust ISA piggyback application, 
particularly one that is more stable than Chaperon. We've had repeated 
issues with Chaperon not sending email alerts to our infosec staff when 
a user(s) is continously trying to access innappropriate material. Our 
primary goals are:

1. Ability to retain our existing ISA rules after upgrading.
2. Ability to perform "smart" filtering based on a regularly updated 
online rules database/list.
3. Ability to write our own specific content filtering rules.
4. Ability to alert infosec staff when potential web content violations 
are occurring.

Anyone have any suggestions or recommendations? We are somewhat 
constrained by budget. We also do need to stick with an ISA based proxy 
(this is not my decision, but no *nix/squid ect. recommendations please).

I've looked at GFI's WebMonitor application. It looks great on their 
website and should fit our budget. Does anyone have any first hand 
experience with this? I know that GFI's reputation is pretty good in the 
infosec world.

Any feedback is very much appreciated.

Thank you.
SC