November 01, 2008
£9,632 for 500 users for one year (exc VAT)
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Easy deployment, versatile policy based security, AD and LDAP now supported, detailed reporting features
- Weaknesses: Policy scheduling still not on the list, no website categorisation tool
- Verdict: Well specified appliance with strong policy-based web content security and combines this with swift deployment
Along with messaging security, Clearswift has always focused firmly on providing web content filtering and its latest family of MIMEsweeper for web appliances aim to offer businesses tools to enforce strict AUPs (acceptable use policies).
The ENW appliance runs a hardened Linux kernel and Clearswift has opted for a third-party solution for its web content filtering which offers over 40 URL categories. Both HTTP and FTP protocols are supported as standard but Clearswift only offers HTTPS scanning as an optional feature. Virus scanning is looked after by Kaspersky Lab whilst anti-spyware scanning duties have been taken away from Aluria and handed to Sunbelt Software.
Unlike some vendors that rely on nondescript hardware of indeterminate origin, the ENW appliance on review is supplied as a well specified Dell PowerEdge 1950 1U rack server. It looks quite capable of handling high traffic loads as its specification includes a pair of 2.33GHz quad-core Xeon E5410 processors teamed up with 2GB of fully buffered memory. You get a triplet of 146GB high performance SAS hard disks in a RAID-5 fault tolerant array whilst the network connection is handled by a Gigabit port. Power redundancy is also on the menu as the ENW comes with both hot-plug 670W power supplies.
We found deployment a simple affair as the appliance functions as a web proxy so you just need to configure your client accordingly. We did this manually but it's easy to use proxy auto-configuration scripts or Active Directory group policies. You then point a web browser at the appliance's default IP address and run through a simple wizard-based routine, where you apply your licenses, configure network address and add mail server details for notification purposes.
That's the easy bit and at this stage we would recommend taking time out to understand how Clearswift's web filtering policies work before going further. These have been criticised by some for being overly complex but once you get the hang of them it becomes abundantly clear how powerful they can be.
Policies employ three stages for web content filtering and use multiple rules applied to specific routes. Each policy defines what the appliance should look for, how it should handle content that triggers a rule and who it should notify. Rules define the content you want to look for in web traffic, whether upload and download file size limitations should be applied plus anti-virus and anti-spyware measures. Web-filtering categories contain multiple protocols, URL categories and custom lists of sites and these are gathered together as internet zones.
All these components are brought together in the policy routes where you apply filtering policies to users.
We criticised earlier versions of the ENW appliances as you could only apply policies to machine lists which contained IP addresses, ranges and hostnames. Clearswift has remedied this as LDAP servers are now supported so Active Directory users and groups can have policies applied to them. This is essential as it allows policies to follow users no matter what system in the office they log on to.
However, you still can't schedule policy routes to be active at specific times.
During testing we found the filter categories worked extremely well and we could send customised warning web pages to users that transgressed our AUPs.
Clearswift's Informs make up the third stage of a policy and here you define email addresses of those who should be notified when rules are triggered. We did have problems with some social network sites, mainly as there are no tools to tell you which category they come under, making this a tedious process of elimination.
The console's "system center" offers a collection of colour-coded graphs showing bandwidth usage, the performance for all scanning activities, detected threats and the status of database and signature file updates.
The "report center" provides a choice selection of predefined reports which can be used to show areas such as those users generating the most activity, who is attempted to circumvent their AUP, the most popular sites and what policy actions have been triggered.
Administrators looking to delegate tasks will like the "user center" as you can create multiple users and dish out specific access permissions.
We found the MIMESweeper for Web ENW appliance easy to install and its policy based security capable of delivering strong web filtering and malware protection. Clearswift also makes a compelling case for using its MIMEsweeper for SMTP mail security solution as well.
AD support is an essential improvement as it makes this product much more capable and although only offered as an option, HTTPS scanning also available.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Data centres are on the move - where will they end up?
- Same fate befalls Post Office broadband as hit DT?
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Former Expedia IT employee admits to hacking execs from the inside
- Cyber-insurance: What will you be able to claim for and is it worth it?
- Levelling the playing field against targeted attacks
- India Supreme Court calls on tech giants to curb sexual assault, cyber-crime
- IoTSF conference: EU should become de facto regulator