Clearswift specialises in mail and web-content security, and has always offered separate products for each function. The company hasn’t been tempted to merge the lot together, and with good reason, as each is a powerful product in its own right. Originally offered as software only, Clearswift launched its original MIMEsweeper for SMTP mail security appliance in 2005, and now its web content-filtering software gets the same treatment.
The MIMEsweeper for Web software is designed to run on a Windows server platform but, as with the SMTP version, it’s been rewritten for the appliance, where it uses a hardened Linux kernel instead. We’ve no problems with the choice of hardware platform, since Clearswift has partnered with Dell and uses its rack servers as a foundation. The entry-level CSW250 on review is based around a good-quality PowerEdge 860 1U rack server and supports 250 users.
The appliance functions as a web proxy, so all you need to do is reconfigure your client browser proxy settings, and this can be done manually via an AD Group Policy or using proxy auto-configuration scripts. For URL filtering, Clearswift has gone for a third-party product and customised it to slot into the Linux OS. The MIMEsweeper for Web software has more than 40 categories, and Clearswift has taken the new service and modified its category list to match. Kaspersky steps in for anti-virus duties, while spyware is handled deftly by Aluria. Clearswift has taken the latter’s SDK and embedded it in the OS.
For the CSW250 web-management interface, Clearswift has used precisely the same slick design and concepts that impressed us when we looked at the MIMEsweeper for SMTP appliance. The homepage provides a sidebar to the left, with a health-status graph and list of the latest alarms. All functions have been neatly separated out into different Centers. The appliance can start filtering web traffic immediately using the default policy, but new ones are easy enough to create from the Policy Center.
The CSW250 uses a simple three-phase filtering concept that employs combinations of content rules and routes. These tell the appliance what to look for, how suspect content should be handled and who should be notified. Content rules determine what you want to look for in web traffic, and these range from blocking uploads and downloads of files above certain sizes, spyware “call home” actions, removing tracking cookies and, of course, blocking viruses. Internet zones are used to define groupings of URLs and filtering categories, and each one can contain multiple entries and a mix of both types.
Web policy routes tie everything together as you select your target systems, decide what URL filtering categories or sites are to be included and what actions you want to take. A drawback is the current lack of integration with AD, which means policies can only be assigned to IP addresses, IP subnets and hostnames that are defined as Machine Lists. However, Clearswift advised us this is being implemented in the next OS release, due out in March.
For simple filtering of undesirable content, you just set the policies to block all this type of web traffic. However, policies are flexible, as they can be set to allow traffic through. But look out for certain activities: you could, for example, allow inbound and outbound IM traffic through for specific systems or subnets, but block it if viral or spyware activities are detected, make sure tracking cookies are removed and stop specific file types from being transferred.
The filtering rules use easily recognisable icons, and selecting a policy route produces a slick flowchart beneath, making it easy to see what’s occurring and in what order. Note that policy scheduling also won’t be supported until the next OS release. When users try to access a banned web page, you can thrust a warning web page at them that’s specific to the category classification. Furthermore, these can be customised with features such as your company logo and advisory text. As the name implies, Informs are used to define who should be notified when a rule has been triggered, and each can contain a single email address.
The Report Center provides a pile of predefined reports on areas such as the most popular websites, the number of document downloads and viral activity. These can be easily customised, allowing you to create your own threat reports or see how much bandwidth certain systems are consuming.
As with Clearswift’s mail security appliance, we found the MIMEsweeper for Web solution easy to deploy and use. The current lack of AD integration and policy scheduling are drawbacks, but this web-content security solution is still versatile and compares favourably on price and annual subscription charges with its competition.
. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
