This document summarizes the Clearswift SECURE Email Gateway 3.2. It provides unified security for email through a core content inspection engine and policy-based controls. Key features include anti-virus, anti-spam, data loss prevention, encryption, and reporting. It offers deployment options on Dell servers or virtual machines and 24/7 technical support.
2. Unifying information security
Clearswift is a security
Software company that
aims to simplify
companies’ IT security to
better protect businesses’
intellectual property and
data. This in turn gives
businesses the
confidence to adopt web,
email and collaboration
technologies to ultimately
allow the business to
innovate and grow.
3. Clearswift’s security solutions are
built around a core content
inspection engine.
Policy and reporting on content,
threats and user activity are then
applied to the communication
channels.
Today Clearswift SECURE
solutions are available for web and
email ensuring compliance across
all digital communication
channels.
4. Clearswift SECURE Mail Gateway
Secure and resilient platform
Packed Dell server, own hardware
or on VMware/Hyper-V
Optimisation of Linux OS tuned for
Email gateway.
Easy to install
Up and running in under an hour.
Pre-configured with Default
‘Standard’ Policy.
Easy to use & manage
100% web-based GUI.
Graphical ‘drill-down’ reporting.
Automatic security software
updates
5. Complete Email Gateway Protection
MIMEsweeper content-aware policy engine
True binary signature file identification.
Lexical analysis/templates.
Comprehensive data leakage controls.
Kaspersky Anti-virus/malware
Viruses, worms, Trojans and malicious
code
Zero-hour malware detection
Comprehensive Anti-spam defences
Network based filters
Content based filters
On-Box Email Encryption
By direction or by content, using industry
standard technologies
7. World class spam protection
• TRUSTmanager
– global reputation network
– Rejects 80-90% of all traffic
before it
reaches your gateway
• SpamLogic
– delivers in total 99.6%
accuracy rate
– Multi-engine layered
defence
8. Multi-layered spam defences
Connection/Network Level
Checks
80-90%+ of spam rejected
Content Level
using these filters Checks
9. End user message release mechanism
• Web interface to permit users to releases own messages
• Allows user to build up “Trusted Senders” for automated release of
messages
• Administrators can monitor what email senders are being Trusted
• Administrators can maintain an end users Trusted Senders List
10. Multi-layered Malware protection system
• Email still remains a vector for viruses to propagate
• Many thousands of new viruses and variants are created
daily
11. Deep inspection, intuitive scanning options
•Banned file types can be blocked or stripped from messages
•Oversized messages can be rejected or parked and delivered at
a more convenient time
•Selective scanning enables searches of areas of interest
–Headers
–Messages
–Attachments (MS Office, Open Office, PDF, HTML)
•Powerful search criteria
–Dictionaries for PCI, PII, Profanity, etc.
–Expressions, Regular expressions and Operators
•Multiple disclaimer support including HTML and hyperlinks
12. ImageLogic – Detection of unacceptable images
Multiple algorithms
Extensive usage of machine learning
13. Data loss templates
•Predefined regular expressions for PII (Personally
Identifiable Information) and PCl (Personal Credit
Information)
–National insurance number
–Credit card numbers
–Social security number
•Editable Compliance dictionaries
–GLBA, SOX, HIPAA, SEC
14. Email Encryption
• Supports PGP, S/MIME and Password Protected messages
• Allows signing, encryption and decryption of messages
• Policy based encryption, i.e. by route or by content
• Opportunistic TLS for server to server communications
17. Easy policy model
• Contents Rules to inspect the data applied to Policy Routes that
define what is allowed over that email communication channel
18. Headers, footers and meta-data
Received: from eric ([192.168.201.1]) by prodman11.europe.clearswift.com (8.14.1/8.14.1)
with SMTP id nB2MGP3d006083 for
alynh@prodman.europe.clearswift.com;
Wed, 2 Dec 2009 22:16:27 GMT
Date: Wed, 2 Dec 2009 22:16:25 GMT
Message-Id: <200912022216.nB2MGP3d006083@prodman11.europe.clearswift.com>
From: <alynh@prodman.europe.clearswift.com>
To: <eric@outside.com>
Subject: Here is a great document
Hi Eric
This is a really document , call me on 01189 038503
Regards Alyn
Here is my site http://www.clearswift.com
19. Message Tracking across peers
Track messages using
extensive criteria
Works across peer
group
20. Built-in Reporting
Over 70 different
reports available
Scheduled or
on-demand
22. System Alerting
Over 60 different
alarms available
SMTP and SNMP as
standard
23. User activity monitoring
• Display a log of last login time and source
• Show where administrator activity
• Display any break-in attempts
2009-10-27 11:22:28,223 [0] [FAFA..F2C] [LOGIN] [192.168.15.2] [admin]
2009-10-27 11:22:29,7 [0] [FAFA..F2C] [NAVIGATE] [192.168.15.2] [admin] [Clearswift Email Gateway] [/Appliance/HomePage/index.jsp]
2009-10-27 11:22:35,296 [0] [FAFA..F2C] [NAVIGATE] [192.168.15.2] [admin] [SSH Access] [/Appliance/SystemsCenter/SSH/index.jsp]
2009-10-27 14:19:01,34 [0] [93C...715] [LOGINFAILURE] [192.168.15.2] [mjuyhn]
2009-10-27 14:19:07,237 [0] [93C...715] [LOGINFAILURE] [192.168.15.2] [mjuyhn]
2009-10-27 14:19:11,532 [0] [93C...715] [LOGINFAILURE] [192.168.15.2] [mjuyhn]
24. Deployment options
1. Pre-built on a Dell server platform
2. Virtual Gateway versions on other supported hardware
3. Virtualization within a VMware ESX and ESXi environment
25. Platform information
• CSE range • ENE range
– Under <500 users – Designed to handle 80,000
– Designed to handle up to messages per hour
20k messages per hour throughput
throughput – Resilient system with Dual
power and Raid disks
`
Model Size CPU Memory Disk Raid Power
R210 1U Dual Core 4Gb 250Gb No 101 watts
R610 1U Quad 4Gb 2x146Gb Yes 183 watts
Core
26. 24x7 Technical Support
• Clearswift provides professional, intelligent and adaptable support and training
services to meet the exacting needs of our enterprise customers
• Technical information is available at anytime for our supported Customers from the
Clearswift Knowledge Base
• We pride ourselves on exceeding Customers’ expectations. Results of the Mar 2010
global support survey are:
– Met or exceeded expectation of initial response time – 93.98%
– Met or exceeded expectation of ability to solve problem – 92.37%
– Met or exceeded expectation of overall response time – 90.77%
– Met or exceeded expectation of technical competency – 93.89%
Hinweis der Redaktion
In this example The sender could send a plaintext message to Mr Pink, Mr Red and Mr Yellow. The Gateway will be responsible for content scanning the message and then arranging encryption using the right method for each recipient. Mr Pink might be S/MIME, whereas Mr Red might prefer PGP and Mr Yellow might use password protected zip files. Not only can content be scanned as it leaves, but it can also be decrypted (when sent by Mr Purple) and delivered into Mr Blue in its original secured manner.
The Clearswift Gateway policies are created and managed in the “Policy” centre. There are a number of default Content Rules which have been created to perform a specific part of the policy, such as “Delete Virus”. These Content Rules can be amended or new ones created based on customer requirements. Content Rules are constructed using elements taken from Policy references, such as Lexical lists which contain lists of words to check for. These references can then be re-used in multiple separate Content Rules to save recreating them If you have the CLEARSWIFT SECURE Email Gateway and the CLEARSWIFT SECURE Web Gateway you can peer them together and share the Content Rules across both products. This allows you to define rules once that can apply to both of the Clearswift Gateway protocols. Content Rules are applied to Policy Routes which define the direction of communication. For example, in the CLEARSWIFT SECURE Email Gateway: “ *@mycompany.com” TO “Everyone”, or in the CLEARSWIFT SECURE Web Gateway it could be “Everyone” TO “Social Networking Sites” A company will define multiple Policy Routes to describe their communication rules. The ordering of routes is important as the list is evaluated from top to bottom to find the route that has the best match for the source and destination of the communication.
This slide demonstrates how we take a message and break it down into it’s constituent parts, to be able to provide target scans of the appropriate data.
Being able to track messages is vital for any SysAdmin. Even in customer configurations that deploys multiple systems, being to run a single command from 1 console that searches across all nodes is key in identifying what happened to email
Reports are now fundamental as organisations have to be able to justify their actions and also their efficiency. Reports can be generated immediately or scheduled. For customers who have multiple gateways the reports can be consolidated. Over 60 basic report templates exist and customers can modify these to create new views on the data stored on the system
RSS feed allows Clearswift to communicate information to customers without excessive emailing them Various counters and graphs give the SysAdmins a view of the current behaviour of the system. Indicators provide customers with a status of recent updates and service status
Over 60 different system alarms can be generated. Each alarm goes to the UI, but can also be sent to a specific Email address or SNMP server
A log maintains a history of where the SysAdmins have been on the product, but also records if someone is trying to breakin to the system.
Customers can choose how they deploy the product. At present 66% of customers are buying a “soft” option meaning that customers are deploying on either their own platforms or a virtual platform.
Clearswift can sell a choice of 2 servers, one being a low-end unit based on the Dell r200 (soon to be the r210) . This unit can process around 20k messages per hour. The high end server is a Dell r610, with much faster processors and resilient disks to generate a throughput of around 90k messages per hour