Code Green CI-1500 v.4
Strengths: Easy to use, supports more than 400 file formats, a very good performer in smaller enterprises
Weaknesses: Only manages the network leakage vector, no support for peripherals
Verdict: For an SME that wants to manage data leakage through the network, this is a good fit
The Code Green offering is a good middle-of-the-road extrusion detection device. It works in three modes: packet monitor, MTA inspection and ICAP agent for use with a Blue Coat Proxy SG server.
Using the ICAP agent, the content inspection appliance (CI) can identify and reroute HTTP, HTTPS and FTP traffic as needed. As a packet monitor, the device cannot block traffic. Installed using a tap, it watches packets and reports policy violations. The MTA configuration reroutes email and manages it according to applicable rules, including automatically encrypting sensitive information using PGP.
We like the email and ICAP capabilities, but the packet inspection would be more useful if it could perform blocking as well. However, given that most data leakage is through email, the separate email capability handles that problem nicely, and if you want other protocols you can implement the ICAP. The CI-1500 does not provide protection against data leakage through peripherals.
We found this appliance easy to set up and get going, but the configuration of the various capabilities was a bit challenging. The box uses separate ports for its three capabilities, and each needs to be configured for use.
However, documentation is excellent and provides everything you need, including well-illustrated examples of various configurations. It did not take us long to insert it into our test bed. Policy configuration is also described well and there is an excellent paper that explains how to work with pre-defined policy templates.
Once up and running, the appliance performs very well. The CI-1500 supports up to 5,000 users, while the smaller CI-750 handles up to 250. These products are aimed at SMEs.
The website is good, but could use more support content. That said, there are some white papers and data sheets, as well as a support line that is available by phone, email and through the website during normal working hours. A 24/7 premium support package can also be purchased.
Priced at £12,327, this is not a cheap product, given its focus on data leakage through the network only. However, for smaller organisations with only that particular need its ease of use and good performance make it a bit better than average value.