The web gateways has been designed for ease of use from the initial deployment to the ongoing management. Firstly there is a choice platform. Clearswift supplied hardware, customer’s own hardware, or VMware. Secondly the web gateway can be installed and protecting the organisation with a default policy in under an hour. Lastly, the ongoing management is minimal, automatic updates including software updates, 100% web user interface with no complicated command line syntax to learn.
The first item ‘MIMEsweeper Content-aware policy engine’ sets Clearswift apart from alternative solutions. Web 2.0 brings collaboration and sharing on a many-to-many basis and the quality of content inspection to protect sensitive data is more important than it has ever been. Business need to innovative and grow and online collaboration is essential to reach new partners and customers. Clearswift’s content analysis is like no other, it can look inside a zip file to discover a word document which itself may have another embedded spreadsheet with the company finances. Providing the spreadsheet is marked in some way (company sensitive) then the Clearswift’s SECURE Web gateway can detect it and prevent it from accidentally leaking out. It is the depth and quality of analysis that Clearswift is renowned for and is included as standard on the SECURE Web Gateway for full OUTBOUND threat protection. INBOUND threat protection is provided by leading Anti-virus, anti-Spyware and URL filtering technologies. These technologies are further enhanced by the MIMEsweeper content inspection engine which will prevent suspicious script and other high risk content such as executables from being downloaded. Not all executables are known threats but even non malicious code can present a threat to stability and performance if the program was not designed correctly. For these reasons t is wise to prevent access to executable content unless the user job function requires access such as an IT user. The important point to note here is that the MIMEsweeper content engine will detect executables even when embedded inside a word document or other formats such as a compressed zip. The same is also true for sensitive company information, MIMEsweeper looks inside that other solutions tend to ignore.
Consistent features and a similar policy model benefits customers that purchase both Gateways. A common policy elements can be shared across gateways ensuring consistency in definition and analysis since both gateways use the same powerful MIMEsweeper content engine.
The Web policy routes shown are the end result of creating a web usage policy. The policy shown is the default policy provided with the Web Gateway. The policy is easy to understand and some key aspects of the policy are highlighted below Some routes to ‘bad sites’ are blocked as shown by the no entry sign Other routes are allowed as indicated by the green allowed tick The no entry sign with a green tick (see Gambling Route) shows a soft block whereby a user accessing a blocked site can choose to continue for business purposes The clock indicates a time quota restriction for non-business related sites - Each route has a number of content Rules applied so even when accessed not everything is allowed Selecting a route will show the rules on that route (see smaller image) Rules such as block viruses and other malicious downloads The last rule will help prevent data leaks and is called ‘block uploading of confidential data’. This rule will examine uploaded content for key words such as ‘classified’ and stop the upload if found. This ability to prevent data leaks is a key selling point and is the capability that allows the web 2.0 to be enabled and information to be shared because sensitive information can be stopped.
The URL filter has 76 categories covering millions of sites with daily automatic updates to add new sites. In addition to the URL filter Clearswift include additional filtering capabilities Rea-time categoriser: For new and uncategorised sites this will analyse the web page content in real-time to determine if it is typically representative of a ‘bad sites’. Sites that include pornography, hate violence or provide anoynmizer capabilities can be blocked even if they are not in the URL database. Embedded URL detection : This helps to prevent ‘inappropriate’ content when cached on Google or Yahoo. In these cases the cached URL includes a sub URL for the original site. For example, as shown in the lower image accessing www.hackaday.com via the Google translation page (left red circle) is blocked because the resulting URL includes the embedded www.hackaday.com URL (right red circle). The URL is shown below with the two relevant parts highlighted in bold. http://translate.google.co.uk /translate?js=y&prev=_t&hl=en&ie=UTF-8&layout=1&eotf=1&u= www.hackaday.com &sl=auto&tl=en By categorising the embedded URL content derived from categories of site blocked is prevented from displaying even when cached on Google.
Here we see the configuration screen for the time policy or time quota. This shows how easy it is to setup a policy to set time limits on personal browsing. Image: Unlimited browsing is allowed up until 9am week days and after 6pm (green area) and all day at weekends No browsing is allowed weekdays between 9 – 12am and 3pm to 6pm (white areas) During a 3 hour lunch window (orange area) employees are allowed 60 minutes of personal browsing Clear, intuitive and easy to use. Simply drag the mouse to shade different areas as required.
Lexical analysis is one of the most powerful capabilities of the SECURE Web Gateway. This feature is used to detect and prevent accidental data leaks. It works by searching file uploads for key watermarks within the documents that indicate sensitive data. The image shows specific phrases that could be detected. These are editable and more complex phrases can also be included that use the powerful expression analyser to look for patterns such as, it begins with three numeric characters followed by 10 letters and ends with a Z which may indicate a customer reference number for example. Anything that as text can be searched and a policy applied including URL – Prevent inappropriate searches or allow them but inform HR. Documents – Prevent sensitive data being uploaded to Web 2.0 sites or via webmail. Web Page – block pages with profanity that might offend. HTTP headers – There are many HTTP headers that accompany every requests and one in particular ‘user agent’ can be used to ensure old un-patched browser versions are blocked.
Data leak prevention is provided as standard with the Web Gateway. To make prevention of leaks easier the Web Gateway includes standard templates and dictionaries for common terms that may indicate a potential leak of a compliance issue.
Encrypted HTTPS traffic represents a greater percentage of web traffic today. Just like standard web traffic the encrypted traffic can carry the same types of threat and therefore should be subject to the same level of scrutiny. The SECURE Web Gateway is able to inspect encrypted traffic as thoroughly as non encrypted traffic. The Web Gateway can even check the validity of the web server’s certificate and decide if the site can be trusted or not based on the policy settings which may be preferable to letting the end users decide.
Personalised feedback to the users is important when it comes to Web security It informs the browsing user what is happening. It reassures the user that their browsing experience is being protected. It reminds the browsing user of the acceptable usage policy (AUP) and encourages responsible usage at all times.
The Clearswift SECURE Web Gateway is provided with fifty default reports which allow reporting on all aspects of the Internet usage Top users. Top sites. Bandwidth usage. Threats detected. etc. All reports can be scheduled for automatic delivery and in interactive mode support full investigative drill down capability. This is shown on the slide where from the top report selecting a line item displays another report with a finer level of detail.
The RSS feed provides informative updates regarding important news such as a new updates being available. Various metrics and counters are shown to provide a health summary of the system and current trends including threats detected.
Over 60 different system alarms can be generated. Each alarm goes to the UI, but can also be sent to a specific Email address or SNMP server
Customers can choose how they deploy the product. At present 66% of customers are buying a “soft” option meaning that customers are deploying on either their own platforms or a virtual platform.
Clearswift can sell a choice of 3 servers, two being a low-end unit based on the Dell 210. The high end server is a Dell R610, with much faster processors and resilient disks.
Unifying information security Clearswift is a security Software company that aims to simplify companies’ IT security to better protect businesses’ intellectual property and data. This in turn gives businesses the confidence to adopt web, email and collaboration technologies to ultimately allow the business to innovate and grow.
Clearswift’s security solutions are built around a core content inspection engine. Policy and reporting on content, threats and user activity are then applied to the communication channels. Today Clearswift SECURE solutions are available for web and email ensuring compliance across all digital communication channels.
Clearswift SECURE Web Gateway Secure and resilient platform –Pre-built and supplied on Dell hardware. –Deployed on own hardware or as VMware. –Optimisation of Linux OS tuned for web gateway. Easy to install – Up and running in under an hour. – Pre-configured with Default ‘Standard’ Policy. Easy to use & manage 100% web-based GUI. Graphical ‘drill-down’ reporting. Automatic security software updates. 4
Complete Web Gateway protection MIMEsweeper content-aware policy engine – True binary signature file identification. – Lexical analysis/templates. – Comprehensive data leakage controls. Kaspersky Anti-virus/malware – Viruses, worms, Trojans and malicious code. Sunbelt Software Anti-spyware Spyware “call home” prevention. Tracking Cookie detection/removal. URL filtering – 77 categories more than 30 million web sites. 5
Fully conjoined policy updating Policy Web Gateway Email Gateway
Easy to understand and use policy model Policy Configuration User authentication with NTLM or Kerberos Policy based on Users, Content Rules & Routes The Web policy protects ‘Everyone’ Viruses, Spyware, dangerous payloads types such as executables Dubious types of site such as Pornography, Hacking, etc. Block uploading of ‘office’ or ‘confidential’ documents 8
Comprehensive URL filtering capabilities • URL Database – Millions of sites – 77 categories – Daily updates • Real-time categoriser – Pornography – Anoynmizer – Hate, violence etc. • Embedded URL detection – Google & Yahoo! Cached items – Google translation pages 9
Time based policy quota Using the example ‘Everyone to Non Business Related’ route shown previously The green area defines when access to this route is allowed The white area defines when it is blocked The orange area defines a period with 60 minutes browse time quota 10
Lexical Analysis Lexical content rules easily configured to search for words or phrases within: Requested URL Format types i.e. Excel, Word, etc. Web Page HTTP Headers Examples of usage Search for confidential phrases within office type such as Word and Excel (see image) Search for suspicious script commands within script Search headers to prevent old browser versions Block inappropriate search requests Block posts that include the company name 11
Data loss templates & compliance lists Predefined regular expressions for PII (Personally Identifiable Information) and PCl (Personal Credit Information) National insurance number Credit card numbers Social security number Editable compliance dictionaries Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA), Securities and Equities Commission (SEC) and Sarbanes Oxley (SOX). Benefits Easy to use (simply add to route) No configuration errors 12
HTTPS content scanning and certificate policy • Full content scanning of HTTPS/SSL encrypted data • Detects malware or data leakage in encrypted HTTPS traffic • Provides policy based certificate checking for added protection 13
Personalized user feedback • Block Pages – Policy violations • Progress Pages – Informative feedback when downloading large files • Acceptable Use Policy Page – Users are reminded at regular intervals with ‘Accept’ button 14
Deployment options 1. Pre-built on a Dell server platform 2. Deployed on choice of own hardware 3. Virtualization within a VMware environment 18
Platform information• R210 range • R610 range – Under <500 & 200-500 – Designed to support 2,500 users users `
24x7 technical support • Clearswift provides professional, intelligent and adaptable support and training services to meet the exacting needs of our enterprise Customers • Clearswift Global Support (24x7 as standard) is provided to help with any questions or issues relating to your Clearswift deployment • Technical information is available at anytime for our supported Customers from the Clearswift Knowledge Base • We pride ourselves on exceeding Customers’ expectations. Results of the Jun 2010 global support survey are: •Met or exceeded expectation of initial response time - 93.29% •Met or exceeded expectation of ability to solve problem - 90.85% •Met or exceeded expectation of overall response time - 93.21% •Met or exceeded expectation of technical competency - 93.83% 20