Clearswift Web Appliance
March 04, 2010
£6,870 (exc VAT) for 250 users, one-year subscription all services
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Extensive web filtering policies, swift deployment, new scheduling and caching features, all on a quality hardware platform
- Weaknesses: Firewall rules needed for IM apps and no P2P app controls
- Verdict: Clearswift's latest appliance delivers excellent web filtering performance, along with highly versatile policy-based AUPs
Never tempted to diversify, Clearswift has always had a firm focus on web and messaging content security and its latest v2.0 appliances deliver a range of welcome new features. In this exclusive review, we look at its Web Appliance CSHE, which targets mid-sized businesses with between 250 and 500 users.
The Web appliance runs a hardened Linux kernel, with a third-party solution for its web content filtering. It has beefed up its category database from 40 categories to 76, with a keen focus on malware and phishing threats.
Virus scanning is looked after by Kaspersky Lab, while Sunbelt Software handles anti-spyware scanning. Both http and FTP protocols are supported as standard and Clearswift offers scanning of https encrypted traffic as an option, at an extra £1,890 for the 250-user CSHE appliance.
Clearswift Web Appliance has a good-quality Dell PowerEdge R200 1U rack appliance as its foundation; with a 2.66GHz quad-core Xeon X3330 processor and 2GB of memory.
Storage is handled by a single 160GB SATA hard disk for the Linux OS and caching. It has two Gigabit ports; single deployments will only use the first, as CSHE is designed as a standard web proxy.
A transparent proxy mode does away with the need for client configuration, but this requires a switch capable of intercepting and redirecting web traffic.
A number of features address areas Clearswift had been found wanting in. Web access policies finally get the benefit of a built-in scheduler, allowing you to decide the periods they are active for. Limits can be applied to the amount of time a user may browse a category for, so you could allow limited personal use at work.
Improved reporting now shows where URLs have been classed under multiple categories. An automatic user feedback mechanism is designed to reduce the number of external sites classed as unknown and can also be used to correctly categorise a company's own intranet sites.
Caching has improved greatly, with CSHE offering a maximum cache size of 10GB that can be increased in 10GB increments. Clearswift has added a cache auto-purge feature, a bypass option and cache usage reporting tools.
We chose standard proxy mode and manually configured our test clients. It can be automated for larger client bases using PAC (proxy auto-configuration) scripts or AD group policies.
The management console home page gives an overview of system activity and alerts, while anti-virus, anti-spyware and URL category updates are automated. The system health page offers charts showing real-time activity, threats rates, network use and so on.
Clearswift's policies determine what you want the appliance to look for, how it should handle content that triggers a rule and whom it should notify. Rules define what to search for in web traffic, plus content within documents and archives. These include virus scanning, spyware blocking and file size limits.
Filtering categories contain multiple protocols, URL categories and custom lists of sites, gathered together as internet zones.
It takes time to get the hang of creating policies, but performance is very good. With the games and gambling categories blocked, we were unable to access such sites. The social networking category deftly handled Facebook/Twitter et al; we could modify the policy to allow their use in lunch breaks and for specific systems or AD users.
Clearswift has tackled the lack of a classification tool; you can enter a URL in the management console and it will tell which category it falls under. To handle IM apps such as Windows Live, you need to use firewall rules; P2P apps are beyond its control.
Along with new FTP backup and restore options, the Report Centre has been improved and allows reports on specific policy routes to be created. It has a wide selection of predefined reports.
An emerging trend for web access in the workplace is the demand for personal online time. Clearswift's latest web filtering appliance is versatile enough to allow administrators to permit these activities and yet enforce clearly defined and easily controlled 'acceptable use policies' (AUPs) to ensure business internet resources aren't being wasted.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Data centres are on the move - where will they end up?
- Same fate befalls Post Office broadband as hit DT?
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Former Expedia IT employee admits to hacking execs from the inside
- Cyber-insurance: What will you be able to claim for and is it worth it?
- Levelling the playing field against targeted attacks
- India Supreme Court calls on tech giants to curb sexual assault, cyber-crime
- IoTSF conference: EU should become de facto regulator