Clearswift SECURE Gateways brochure

IntroductionClearswift is a business with over twenty yearsof experience. Its content-aware, policy-basedsolutions are used by over 3000 organizationsglobally, enabling them to manage and maintainno-compromise data, web and email securityacross all Gateways and in all directions.Our track record in innovation includes developing many ofthe features the security industry now considers standard,including:• Deep Content Inspection (DCI)• Policy-based encryption• Inbound and outbound content scanning across multiplecommunication channels• Internal content scanning for collaboration softwareClearswift continues to lead the IT security industry withthe deployment of production-ready appliances and virtualGateways on the vSphere platform. Using powerful, effectiveand tested content-aware policies, these solutions protectour clients, employees and trusted third-partiesAs business practices change to adapt to the introductionof the cloud, big data and BYOD (Bring Your Own Device)coupled with the increasing amount of collaborationorganizations now face, Clearswift continuesto innovate and adapt our flagship solutions,the Clearswift SECURE Gateways.www.clearswift.com

Clearswift SECURE Email GatewayThe SECURE Email Gateway (SEG) has its heritagein the Clearswift MIMEsweeper product. Along withthe shared functionality, it is designed to offersecure email-based communications closely alignedto an organization’s business requirements.Spam protectionThe multi-layer spam defense includes both connection andnetwork level checks coupled with monitoring of content.It incorporates the TRUSTmanager IP reputation system,which uses community feedback on good and bad senders,to effectively block spammers and malware at the IPconnection, in conjunction with SpamLogic and a Bayesianfilter. A cloud-assisted spam detection system recognizes newspam runs as they are emerging.As with anti-virus, the definitions are constantly updated toensure comprehensive up-to-the-minute protection againstall the latest threats.EncryptionWith the growing need to collaborate securely,organizations need methods of encrypting content that areeasy to use from the senders’ and recipients’ perspective andalso comply with organizational security andregulatory requirements.The SEG offers a wide range of channel and message levelencryption to provide organizations with the security toensure their privacy commitments are honored.These include:• TLS• S/MIME• PGP• Ad-Hoc password protected• Portal (pull and push)These methods can be used in conjunction with each other:for example, ad-hoc password protected files can be sent viathe Portal.99.9%The nuisance of spam continuesto be a burden for organizationsand the SEG combines a numberof filtering technologies todeliver 99.9%+ detection rates.With the PKI methods of S/MIME and PGP, key managementgains importance - and the SEG has features to performautomatic key harvesting, Online Certificate Status Protocol(OCSP) and key server lookups to reduce the admin overheadeven more.ReputationImageLogicMultiple Technologies ProvideComprehensive Spam ProtectionConnection/Network Level Checks80-90%+ of spam rejected with these filtersGreylistingBATVAnti-SpoofRBLSPFIn the past, it was just pornographic images which neededto be blocked. While the same is true today, the EmailGateway ImageLogic functionality can also be used toprotect intellectual property contained in images fromleaving the organization.Validate SenderLDAPSignatures(Junk/Bunk)CURBLBayesianAnti-SpamEngineContent Level Checks>99.9% spam detectionwith these filtersPersonal message managementAdministrators can also delegate message release to the endusers.It’s common for users to be given access to managespam messages that ‘might’ be legitimate and allow them tobe whitelisted so that they won’t be blocked again. The SEGextends this capability so that end users can be responsiblefor releasing other message violations coming in and leavingthe organization based upon corporate culture and policy.The SEG also provides a number of methods which allowthe end-user to manage their mail via an email digest, webportal or via an app for Apple iPhone and iPad devices.For example, lawyers working on cases where profanitiesappear in court documents could trigger policy violationsand be blocked; Personal Message Management allows themto be granted permission to release the messages withoutadministrator intervention, using a simple hyperlink.Of course every transaction is also audited forcompliance purposes.www.clearswift.com

Clearswift SECURE Web GatewayThe SECURE Web Gateway (SWG) contains thecommon functionality, but is designed specificallyfor dealing with web based communication throughHTTP and HTTP/S.DeploymentEase of deployment enables organizations to be able todeploy the product quickly into their infrastructure. TheSWG can be deployed either as a forward (explicit) proxy,Transparent (WCCP) proxy or in conjunction with Firewallsthat support policy based routing.HTTP/S scanningMore and more organizations are now securing their sitesusing HTTP/S to prevent eavesdropping on browser sessions.This technology can render some content scanning solutionsunusable, but the SWG has an integrated SSL decryptionengine so that these sessions are automatically decryptedand passed to the content scanning engine to ensure nopolicy violation can take place.Flexible policiesThe Internet can now be considered an extension of your owninfrastructure with more and more companies adopting cloudbased services such as Salesforce for CRM, Office365 formessaging structure and sites like Dropbox for file sharing.Remote client optionThe SWG supports remote clients, meaning that even if theuser is not connected to the organization’s network, thedevice will be subject to corporate security policies. Thisoption can also be deployed on BYOD platforms ensuring thatcorporate information is kept safe no matter where it is beingaccessed from.Website categorizationEmbedded into the SWG is a URL filtering engine withover 50 million URLs which are updated daily and sortedinto more than 80 different categories, including Phishing,Malware and Security Risk. Malware definitions are refreshedhourly to supplement the integrated anti-virus scanning ofany downloads.Along with the URL database, there is a real time categorizerwhich detects page content as it is being downloaded. Thisallows the SWG to determine whether pages contain contentthat might be pornographic, use remote proxies or includehate or violence, amongst other content.With the increase in the amount of personalized contentdelivered through social networking pages, this featureensures that employees are kept safe from pages which areon reputable sites but have been hijacked or abused.With such diverse business requirements, it’s necessary toprovide security profiles to ensure that users both in theoffice and working remotely are presented with policies thatenable them to work effectively and securely.As well as required access to business sites, a number oforganizations will permit their staff to use social networkingsites in a controlled manner.Organizations need to be able to define who is usingthese services based upon their authenticated ID orOrganization Grouping, when they are using the sites andalso for how long.This enables rules to be created, such as:• HR department can use LinkedIn and Facebook all day• All other users can view LinkedIn between 12:00 and14:00 for 1 hour maximum• All other users can view Facebook between 12:00 and14:00 for 1 hour maximum and can update their status,but not perform any file uploadsOf course any content posted will still be subject to thecorporate security policies for that individual.Easy to use policies:how granular policies can be applied to categorizedwebsite as well as social networks8

Clearswift SECURE Exchange GatewayThe SECURE Exchange Gateway (SXG) is designedspecifically for securing internal communicationin a Microsoft Exchange environmentDeploymentEase of deployment enables organizations to be able todeploy the product quickly into their Exchange 2007/2010 or2013 environment. The SXG can be deployed to filter trafficor in monitor mode to allow the product to identify policyviolations without interrupting message flow.Integration with the SECURE Email Gateway permits policy,message management reporting to be performed at a singlemanagement console.To mirror the resilient and high availability configurationsimplemented for Exchange Servers, the SXG preferreddeployment configuration is for 2 x SXG instances that executein an Active-Active mode, balancing the workload automatically.Internal scanningWith a growing need to ensure that internal communicationsare acceptable to the business and that confidential contentis not sent to recipients who should not receive that content.Rules can be created based on senders, recipients,file types, sizes and of course the content of the messagesand their attachments.Messaging policiesEmail will continue to be the dominant communicationsmedium for many years to come and every company isdifferent so having flexibility to create policies that areappropriate to deal with business problems is essential.Most organizations apply controls to messages to and fromthe internet, but seldom consider risks of internal messaging.The SXG platform is designed to deal with the concerns ofinternal messages and focuses on Data Loss Prevention andthe prevention of unacceptable messages and attachmentsinside the business.Policies can be granular, created for individuals or usergroups obtained from Active Directory, policy rules canbe created and applied to the appropriate senders andrecipients.Data Loss PreventionWith so much sensitive information available, organizationsmust take the risks of corporate confidentiality at everypoint in their infrastructure, not just at the egress points.The SECURE Exchange Gateway features all the standardcontent filtering and Data Leakage prevention includingintegration with the Clearswift IG server to provide full andpartial document fingerprinting.This technology uses client-server architecture to ensurethat although additional security is being applied there isno noticeable difference to the performance of theExchange system.Exchange 2007,2010 or 2013SECURE ExchangeGatewaySecureconnectionOutlook orOWA Clientwww.clearswift.com

Clearswift SECURE ICAP GatewayThe Clearswift SECURE ICAP Gateway works withBlueCoat Proxy SG series products to provideinformation security of the browser traffic usingan off-proxy scanning engine.DeploymentThe BlueCoat proxy servers are well known to networkadministrators to provide both proxy and network bandwidthmanagement capabilities. They also provide an interface toallow 3rd party solutions such as Anti-virus and Data LossPrevention solutions to connect via the ICAP. Connectingthe SECURE ICAP Gateway to the Proxy SG devices allowsthe network security features of the BlueCoat device tobe complimented by the Clearswift information protectionfunctionality.For organizations who already have a ICAP AV solutionfor their BlueCoat system they can consolidate devicesand use the SECURE ICAP Gateway to provide bothAnti-malware and Clearswifts’ Advanced Data LossPrevention in a single system.Managing data securelyThe SECURE ICAP Gateway provides all the standardcontent filtering and Data Loss prevention featuressuch as Adaptive Data Redaction, Structural and DocumentSanitization. The SIG can also support integrationwith the Clearswift IG server to provide full andpartial document fingerprinting.BlueCoatProxy SGBrowserICAPSECURE ICAPGatewayEnabling policiesWe actively increase, rather than hamper, employeeproductivity by facilitating employee engagement withcollaborative online technologies through our flexible web2.0 policy rules.User identities are authenticated by the BlueCoat proxy andpassed to the SECURE ICAP Gateway so that granular userpolicies can be applied to the content coming in and out ofthe organization.The SECURE ICAP Gateway goes beyond simply keeping yournetworks free of viruses, inappropriate content and harmfulexecutable. It enables complete, granular control overthe information that you access or share online, whetherit’s limiting recreational browsing, or preventing sensitivedata from leaking into status updates using the ClearswiftAdaptive Redaction functionality.The Clearswift SECURE ICAP Gateway enables organizationsto reap all the benefits that collaborative web 2.0technologies have to offer, safe in the knowledge that yoursensitive data, IP and brand reputations are protected.10

Clearswift Information Governance ServerDeploymentThe Clearswift Information Governance Server (IGS) isdeployed centrally in an organisation. Running on a Linuxplatform, this integrates with your own environment forenterprise single sign on and support for for current SECUREEmail, Web, Exchange and ICAP gateways; our architecturalstrategy provides future Gateway integration.Document managementBusinesses have to be more dynamic when it comes tosecurity. The IG server permits users to register sensitivedocuments through a simple to use web interface. Users canmanage the registration of content as well as deregistrationwhen the information’s sensitivity status has changed.They are also notified of any violations if that document oreven a fragment of that document is uploaded to a website,sent internally or emailed to an external recipient.Document track ‘n’ traceThe IG server is not just a repository of documentfingerprints; it is also used to store transactions from all ofthe connected Gateways. This data store can then be minedto show information flows and relationships. The informationanalytics provided will allow the ability to follow a pieceof data across multiple protocols providing the CISO withunique insights to how and where their information is going.SECURE EmailGatewaySECURE WebGatewayInternet TrafficCheck and TrackCheck and TrackSECURE ICAPGatewayCheck and TrackIG SERVERRegisterSensitiveContentInternet TrafficCheck and TrackFILE SERVERSECURE ExchangeGatewaywww.clearswift.com

Clearswift SECURE File GatewayMore than just emailYour business may already understand email as apotential risk, but what about files that are too large toattach to a message? The Clearswift SECURE File Gatewaycan scan large files of up to 16GB as they are transferredinternally between departments or externally to partnersthrough FTP or other non-email transfer protocols, ensuringtotal data security.Content recognitionThe File Gateway’s content inspection engine recognizesover 150 different file or format types, using strong signatureand data parsing techniques that ignore unreliable externalindicators like file extensions. The engine performs recursivedecomposition and systematically opens and searches withinarchive files like ZIP and TAR to locate all embedded objectssuch as images or active content within Office documents.Inspection continues until there is nothing left to process.By recognizing particular file types it is possible to set apolicy to decide which file types are acceptable and whichshould be blocked. The inspection also extends to textualcontent, covering the words and phrases contained withinthe files.Two person integrityAs this content can be extremely sensitive the SFGsupports a more military style of two-person integrity onpolicy modifications. Any changes can only be appliedonce a second administrator has approved the firstadministrator’s changes.Software Developer Kit (SDK)The technology at the heart of every Clearswift product,a high-performance deep content inspection engine thatprovides comprehensive data recognition and thoroughcontent processing is also available for System Integratorsas a Software Developer Kit (SDK). The SDK gives accessto all key functionality including:• Data recognition using true-file typing, not simplyextension-based recognition• Recognition of over 150 common formats• Data integrity checking and verification• Data decomposition of nested and compressed files(including large files up to 16GB) and the subsequentanalysis of extracted files• Text extraction from standard office files (including MSOffice, OpenOffice, PDF and HTML) with pattern matching,programmatic operators and more• Active content detection recognizing macros and scripts inOffice and PDF formats• Malware detection including interfaces to 3rd party AVenginesThe SDK is used by companies who have clients across allvertical markets operating around the world to ensureregulatory compliance, prevent leakage of sensitiveor classified information and detect inappropriatecommunication.PackagingWith interfaces, documentation and sample code in C,C++ and Java, deployable on x32 and x64 Windows 2003/2008and RHEL 5/6 platforms, this SDK allows software developersto build client/server applications that can be more‘content aware’.12

Gateway deployment optionsThe Clearswift security solutions are available witha range of deployment options to fit your existingIT infrastructure and reduce the time and costsassociated with deployment.For the quickest return on investment, and to reap efficiencysavings, simple deployment is essential. Clearswift’s optionsgive you total web and email security that works how you do.Hardware deployment optionsThe Clearswift SECURE Web and Email Gateways areavailable as pre-configured appliances ready for immediatehardware deployment at your network perimeter. A rangeof hardware performance profiles allow you to select thecorrect unit for your filtering needs and provide scope forfuture growth. Hardware deployment options from Clearswiftare also backed by ‘Next Business Day’ or ‘Four-hour’ onsiteservice options.Virtualization deployment optionsThe Clearswift SECURE solutions also support virtualizationusing VMware and Hyper-V for email filtering, allowingthe creation of private cloud security systems for greaternetwork management flexibility. Your deployments canthen be assembled from a combination of physical andvirtualization servers according to your specific businessneeds and environment.Peered GatewaysIf more than one Clearswift Gateway is deployed, or morethan one type of Gateway (e.g. Web and Email) is deployed,then integration occurs at all points. Peered Gateways sharecommon policy and system settings, ensuring that, shouldone Gateway fail, the remaining Gateway will be able topick up the load. With more than one Gateway deployed,administrators can use a single interface to enforce aconsistent policy across multiple communication protocols.Software deployment optionsThe Clearswift SECURE solutions are also available fordeployment on your own server hardware, allowing you tomaintain consistency in your environment using systems fromyour preferred vendor. The SECURE Gateways operate on ahardened Linux distribution, offering ultimate flexibility foryour own hardware deployment choices.www.clearswift.com

Support andProfessional ServicesThe development of world class productsis complemented with a 24/7 support andprofessional services organization.Standard SupportThe Standard Support offering gives a highly reactiveand responsive 24/7 service, enabling Clearswift to takeimmediate ownership of reported issues, providing fullvisibility of progress and status through the end-to-endmanagement of incidents.”Premium SupportWorld classproducts, 24/7support andprofessionalservicesorganization”The Premium Support offering is a highly personalizedservice, delivering additional services through a dedicatedSupport Account Manager, inclusive of best practiceconsultation, on-site support days and regular on-premiseservice reviews in true partnership with our clients.Advanced SupportAn Advanced Support offering is available, recognizing thebusiness critical nature of Clearswift solutions. It deliversenhanced support capabilities, including automated servicemonitoring and reporting and regular service reviews tofurther secure consistent operational availability through amore proactive level of support.Professional ServicesThe Professional Services organization offers our clientshelp in all aspects of securing their infrastructure. It canoffer Gateway infrastructure design, installation andconfiguration services. Clearswift Professional Services alsooffers policy design services and system upgrade and systemhealth check support.14

SummaryThe Clearswift SECURE Gateways offer the ability for organizations of all sizes to deploy a sophisticatedweb and email security solution.With Clearswifts Advanced Data Loss Prevention (DLP) capabilities built in, they offer protection from inbound threats as wellas protecting against data leaks. New technology DLP options are available to make DLP even more cost effective to deployand to support new ways of working.Key FeatureSECURE EmailGatewaySECURE WebGatewaySECURE ExchangeGatewaySECURE ICAPGatewayDeep Content Inspection 3 3 3 3Data Loss Prevention 3 3 3 3Anti-virus 3 3 3 3Encryption* 3Remote Client Support* 3Text Redaction* 3 3 3 3Document Sanitization* 3 3 3 3Structural Sanitization* 3 3 3 3Standard / Advanced* /Premium* Support3 3 3 3Professional Services* 3 3 3 3*Additional cost optionwww.clearswift.com

About ClearswiftClearswift is an information security company, trusted bythousands of clients worldwide, to provide adaptive cybersolutions that enable their organizations to secure businesscritical data from internal and external threats.Built on an innovative Deep Content Inspection enginemanaged and controlled by a fully integrated policy center,Clearswift’s solutions support a comprehensive InformationGovernance strategy resulting in data being managed andprotected effortlessly.As a global organization, Clearswift operates out of offices inEurope, Australia, Japan and the United States.Clearswift has a partner network of more than 900 resellersacross the globe.More information is available at www.clearswift.comUnited KingdomClearswift Ltd1310 WatersideArlington Business ParkThealeReading, RG7 4SAUKGermanyClearswift GmbHLandsberger Straße 302D-80 687 MunichGERMANYUnited StatesClearswift Corporation161 Gaither DriveCenterpointeSuite 101Mt. Laurel, NJ 08054UNITED STATESJapanClearswift K.KShinjuku Park Tower N30th Floor3-7-1 Nishi-ShinjukuTokyo 163-1030JAPANAustraliaClearswift (Asia/Pacific) Pty Ltd5th Floor165 Walker StreetNorth SydneyNew South Wales, 2060AUSTRALIAwww.clearswift.com