EXCLUSIVE: Clearswift MIMEsweeper Web Appliance ENW10

When we looked at Clearswift's MIMEsweeper EN10 mail security appliance a couple of months ago we were very impressed with the level of features and the slick management interface it presented. The company has always offered web content filtering software as well and Clearswift now feels the time is right to deliver it as an appliance based solution.

The ENW10 sits at the top of a family of four appliances and is designed to handle up to 3,000 users. At this level the hardware specification needs to be good and Clearswift doesn't disappoint as it has a good partnership with Dell. Rather than using nondescript boxes of indeterminate origin as some vendors choose to do, the ENW10 is presented as a high quality PowerEdge 1950 which comes equipped with a fine specification.

For installation the ENW10 functions as a web proxy and drops straight into the network without any fuss. All you need to do is reconfigure your client's browsers to use the appliance as a proxy server and this can be done manually, via an AD group policy or using proxy auto-configuration scripts.

The biggest difference between the software and appliance based solutions is the former requires a Windows Server system to run from whereas for the latter it has been completely rewritten for the appliance and uses a hardened Linux kernel.

For URL filtering, Clearswift has not ported across its own software solution but has gone for a third-party product and customised it to slot in to the Linux OS. The MIMEsweeper for Web software has over 40 categories and Clearswift has taken the new service and modified its category list to match. For anti-virus duties, Clearswift has turned to Kasperksy again which is no surprise as it's a particularly powerful product. Aluria, which is now part of the EarthLink group, stands up to spyware and Clearswift has taken its SDK and embedded it in the OS.

When we looked at the MIMEsweeper for SMTP appliance we were impressed with the slick web management interface and it's good to see that Clearswift has used precisely the same design and concepts for the web filtering appliances where all functions have been separated out into different Centres making them very accessible. The appliance can start filtering web traffic straight away as a predefined active policy is created during the quick start phase but new policies are easy enough to create from the Policy Centre.

It uses the same simple three-phase concept for its filtering policies which employs combinations of content rules and routes. These tell the appliance what to look for, how any suspect content should be handled and who should be notified. Content rules determine what you want to look for in web traffic and what you want to manage such as blocking uploads and downloads of files above certain sizes, spyware 'call home' actions and viruses. Internet zones are where you define groupings of URLs and filtering categories and each one can contain multiple entries and a mix of both types.

Web Policy Routes bring it all together as these apply your filtering decisions to selected targets. A drawback is that integration with Active Directory is not supported so all policies can be assigned only to systems via Machine Lists which use IP addresses, ranges and hostname definitions. Policy scheduling is not yet supported either but Clearswift advised us that this and Active Directory integration will be implemented in the next release in March. Policies are used to filter out undesirable web content but at this level they are fairly simple as all they do is block traffic. However, delve a bit deeper as you'll see that policies can be extremely flexible and can be configured to look for a range of specific activities.

The use of IM in the workplace is a concern but we found it easy enough to create a policy that allows IM chatter through in both directions but still blocked viruses and spyware, stopped specific file types and sizes being uploaded or downloaded and made sure that tracking cookies were removed.

For URL filtering you can send a warning web page to users that try to access any sites blocked within the policies assigned to their system. Each page can be fully customised with features such as your own company logo and advisory text. For each policy you can decide who should be notified and this is where Informs come in, as these define a single email address or specify the system administrator and policies can contain multiple Informs.

You can keep track of all the action from the Report Centre which provides plenty of predefined reports and these can be easily customised and exported to PDF or CSV format, or emailed to a selected user. A clever feature is that Clearswift hosts the on-line help files allowing it to see which pages are most frequently accessed and consequently which areas of the appliance are giving the most grief.

Filtering rules are designed to be easy to create and selecting a policy route produces a slick flowchart beneath showing what is occurring and in what order. It even has the option to present policy flowcharts in a printable format.

Appliance configuration is handled at the System Centre which offers a smart health page with graphs on system utilisation, threat rates and bandwidth usage along with the status of all automatic updates to the anti-virus and anti-spyware engines and URL database. Task deployment can be managed at the User Centre as you can provide extra login details to other staff and allow them to view and create reports and possibly set up policy definitions.

During testing we found the ENW10 easy enough to deploy although it really does need to have Active Directory support to allow it to apply policies to users and groups and well as systems. Other than that we were impressed with the appliance, as policy-based security makes it extremely versatile and the smart management interface is a pleasure to work with.

Email to a friend

Print this page