We were eager for this box to arrive from Clearswift, this kind of kit gets us excited. This gateway is available as a pre-installed hardware appliance, virtualised gateway for VMWare, or software ISO images for installation on your own hardware. The version we reviewed was the “own hardware option” deployed on a 1RU Dell Server.
On inspection, the newly arrived server also proved to be really stacked—loads of hard disk storage and two fast SSD flash drives. We also noted 4Gb of installed RAM and, during boot up, a familiar linux screen.
An array of open source software started up including ntp, SSH server, BIND DNS server, Tomcat application server and PostgreSQL database. From a security perspective we wondered why the portmapper and statd server services were running at logon. We’d prefer these to be disabled.
After logging on, we were met with a straightforward menu that allowed us to configure our network settings. Once an IP was assigned and connectivity established, we fired up a browser. The setup of the device will feel familiar to any systems administrator. And with administrators in mind, we noted a factory-reset function available on boot-up, which could come in handy if a rebuild is ever required. Clearswift’s SECURE Web Gateway 2.5 has a big remit. It enables users to securely access a wide range of information and services on the web while also enforcing an acceptable use policy and restricting the accidental disclosure of proprietary information.
Clearswift makes a big deal about this, and not without reason. Amongst all the promotional literature that accompanies such products to the lab for testing, this gateway’s feature list is a worthwhile read. Its capability includes:
- Data leakage prevention – Its content inspection capability means it can look into a zip file, find a word document with an embedded spreadsheet and (providing the spreadsheet has a protective marking e.g. a classification) prevent it accidentally leaving the organisation.
- User level control of access to the web – it enables flexible acceptable use policies by allowing time-quota-per-user, or time schedules for certain websites or categories to be applied (e.g. Facebook is only allowed during lunchtime, footy tipping sites only on Friday afternoon, and gambling sites are restricted at all times).
- Social media policies – Clearswift enables flexible and granular policies to be set on common social media sites. For example, users can be restricted to viewing only certain channels on YouTube or from posting certain information to twitter. Restrictions can be made for specific groups of users, for example, the product can be configured so that the marketing department can use Facebook at any time, whilst the rest of the company can only use the site during lunch breaks.
- Core protective features include Kaspersky’s anti-malware engine that protects against viruses, spyware and other malware, and a URL Database that enables phishing and malware hosting websites to be blocked.
- Additional protective features continue with “call home detection” that detects click fraud and adware components, alerting the organisation to systems compromised by spyware or adware.
- Active code detection - identifies and quarantines macros, scripts and equivalents in Adobe PDF, Microsoft Office and Open Office documents
- Suspicious script detection – this can prevent JavaScript and VB scripts on websites from performing unexpected actions such as attempting to access the registry of a visiting computer
- True file type detection – Clearswift recognises files by their binary signature not just file name extension
- File and message anomaly detection – files that are encrypted, encoded, obfuscated, deeply nested or otherwise configured in a way to attempt to evade detection can be quarantined
- Fifty default reports are offered for all aspects of bandwidth usage including: top users, top sites, and bandwidth usage. Threat detection can also be reported on, and reports can be delivered automatically in an interactive mode for full drill down to assist investigative activities.
Following a rough and ready startup, Clearswift’s polished web management interface is a welcome surprise. The interface offers six panes: home screen, policy, reports, system, health and users.
The home pane provides an overview of each of the other views and includes a summary of the system health.
The policy pane includes a global policy view with a range of clearly presented options.
In the manage policy routes pane are all the standard options for web content management products, allowing an administrator to tailor policies and select classes of sites for blocking.
The report centre pane has a wide selection of useful reports, and the system health pane is really excellent, displaying every conceivable kind of information, graphs include CPU, Disk Usage, Network Bandwidth and Connections, with summary statistics in a progress bar format.
Pros
The range of deployment options makes this a really flexible solution. If you’re ever stuck with an unexpected hardware failure, it will be easy to swap out one hardware appliance for another due to excellent hardware support for Linux.
We also really liked the easy-to-use web interface, if you are someone who hates reading manuals; you’re going to be able to forge ahead without too much extra reading.
Cons
The only thing we didn’t really like about the product was its less than polished installation experience. Some customised boot screen images and straight forward quick start guides would give a new owner a more comfortable introduction to this product. Our first impression, to be honest, was that we thought we had received a faceless Dell server full of open source software and a 3rd party antivirus engine, rather than the sophisticated integrated security appliance it claims. Only after we installed the product and had accessed its excellent web interface did it show its colours as a professional security product.
If you are deploying web and email content management, this product deserves serious consideration. The VMware virtual appliance deployment option is an effective way to add security to your Internet gateway with minimal cost and low complexity.
Clearswift offers a 30 day trial of this software via its website, so we do recommend you evaluate for yourself.
______________________________________________________________________________________
CSO Announcement
Register Today. Hear from Rob Livingstone, Michael Barnes, Steve Quane and Dave Asprey amongst others on the Evolution, Trends, Solutions and the Future of Cloud Security, limited seats register today through CSO.
______________________________________________________________________________________