The malware inspection engine is now ActionScript aware giving it a greater focus on Flash and PDF based threats. The new data leakage prevention feature is designed to scan a range of document types for specific keywords and block the transfer of any that match. It claims to scan FTP, HTTP and HTTPS traffic and support a range of document types including Word, Excel and PDF.
Distributed scanning options have been extended to Amazon's EC2 (elastic compute cloud) service. This allows you to deploy multiple virtual scanning appliances run by Amazon which can be centrally controlled by your own SWG policy server.
All these features are brought together with policies which comprise rules containing conditions and actions. Each rule focuses on a specific threat type so you'll have ones for dealing with malicious content, file blocking by extension, web content blocks, anti-virus scans and so on.
There are a lot of rules to choose from but a set of default policies are provided so traffic filtering can start immediately. You get three main policies for basic, medium and strict security levels and each contains around 40 rules.
New policies are easy to create as you can clone existing ones and modify the copies to suit. Rules are placed in order of priority and the X-Ray feature will prove handy for testing as this can be applied to whole policies or specific rules where it runs them passively.
Policies are applied to groups of users and any unknown user is automatically placed in a default group to which you can apply a policy of your choosing. Naturally, proxy authentication can be applied and the appliance supports LDAP and Active Directory.
The anti-virus scanners and web content filters are also configured with rules and the Websense option offers over 50 URL categories to choose from. URL filtering proved to be very effective as with the games and gambling categories blocked our attempts to access online bingo and gaming sites were all rebuffed.
