During testing, Deep Content Fingerprinting precisely registered Microsoft Office documents, PDF files, and C++ source code.
This process works by scanning file systems or content repositories -- plus, it does on-the-fly assessment of e-mail attachments
and Web uploads. Interestingly, fingerprinting works with
content written in any language or character set (including non-Roman ones, such as Japanese). The resulting highly compressed
fingerprints (1TB of data typically reduces to a 5GB pattern-matching file), combined with this systems' standard pattern
matching (for detecting, say, common U.S. and European identity numbers) reduced false positives to zero in my evaluation.
Additionally, fingerprints infallibly detected when I copied parts of a protected document into another, compressed the new
file, and modified the original text. Yet the system is smart enough to know that insignificant noise, such as added spaces,
should not trigger alarms. Additionally, the system inspects encrypted objects.
Depending on the policies I'd set, the Content Inspection Appliance blocked messages, put e-mail in a quarantine queue for
later action by the proper authority, or re-routed mail to another Mail Transfer Agent server for processing (such as adding
encryption or applying digital rights management). This worked without any noticeable delay when sending from Microsoft Outlook,
communicating with instant messenger, using Web mail, or transmitting files via FTP.
With blocking, the originator can be informed of the reason for the action, which helps to educate employees and further reduces
risk of accidental disclosures.
When security violations happened, incidents were recorded, and the manager I specified was immediately notified to act using
the Content Protection Dashboard. Importantly, CI-1500's own security ensures that incidents related to one department (say
HR or finance) can't be viewed by others. In one section of the dashboard, color-coding highlighted the most severe problems
so I could review them first. Reports let me see the details of the incident, record a comment, take appropriate action (such
as releasing a message from quarantine), and close the task. This workflow's flexible, which let me quickly re-route some
incidents to others for action.
Other dashboard functions let me generate custom alerts and reports, display graphs of incident trends, and see risk metrics.
Although the CI-1500 lacks some the sophisticated report functions found in its competitors (generating and e-mailing reports
on schedules, for instance), what it offers is still above the norm.
Similarly, on the forensic side, reviewers can view the audit history of incidents and sort them by different criteria to
help spot patterns. That said, the CI-1500 doesn't retain information about all communications it monitors, so it's not perfect
if you need to go back and see messages that might have been missed.
 |
| The Bottom Line |
Code Green Networks Content Inspection Appliance 1500
Code Green Networks, codegreennetworks.com
|
 Excellent 8.8 |
|
| criteria |
score |
weight |
| Accuracy |
9 |
20% |
 |
| Ease-of-use |
9 |
20% |
|
| Features |
9 |
20% |
|
| Performance |
9 |
20% |
|
| Scalability |
8 |
10% |
|
| Value |
8 |
10% |
|
|
|
Cost:
Starts at $25,000 for 250 users
Platforms:
2U appliance running tuned and hardened Linux OS
Bottom Line:
The CI-1500, appropriate for midsize organizations and government agencies, monitors communications, discovers data leaks,
and automatically enforces policies. Predefined policy templates and wizards get the content inspection appliance set up and
protecting networks in a day. It monitors widely used TCP protocols, while a built-in mail transfer agent blocks or reroutes
messages. Incident management, workflow, and auditing complete this solution.
|
|
About our Reviews and Scoring Methodology
|
|
|
| The Bottom Line |
InBoxer Anti-Risk Appliance
InBoxer, inboxer.com
|
| Very Good 8.5 |
|
| criteria |
score |
weight |
| Accuracy |
9 |
20% |
|
| Ease-of-use |
9 |
20% |
|
| Features |
8 |
20% |
|
| Performance |
8 |
20% |
|
| Scalability |
8 |
10% |
|
| Value |
9 |
10% |
|
|
|
Cost:
Starts at $4,995 for 100 users and about $25,000 for 2,500 users
Platforms:
1U Linux-based appliance
Bottom Line:
InBoxer's affordable Anti-Risk Appliance scans inbound, outbound, and internal messages for various privacy violations. The
system uses sophisticated language models (based on speech recognition) to score messages -- and then invokes rules based
on the score. The system also excels at real-time reporting and customized dashboards, which shorten investigations; additionally,
InBoxer stores messages for historical search. However, there's no blocking capability.
|
|
About our Reviews and Scoring Methodology
|
|
|
| The Bottom Line |
MessageGate Enterprise Email Governance 4.2.1
MessageGate, messagegate.com
|
| Very Good 8.6 |
|
| criteria |
score |
weight |
| Accuracy |
8 |
20% |
|
| Ease-of-use |
9 |
20% |
|
| Features |
8 |
20% |
|
| Performance |
9 |
20% |
|
| Scalability |
9 |
10% |
|
| Value |
9 |
10% |
|
|
|
Cost:
Between $10 and $45 per seat, depending on deployment options; SenderConfirm is $10,000 for as many as 1,000 mailboxes.
Platforms:
Solaris 9 or 10, Red Hat Linux, Windows Server 2003 or Windows 2000 Server; MySQL, DB2, or Oracle 9 databases.
Bottom Line:
MessageGate's modular solution lets you create usage policies, install a message adapter on your e-mail server, analyze messages
against polices, and then act appropriately (such as placing a hold on messages). Most significant, this system applies archiving
policies and tags to messages before they enter your message vault -- which helps reduce storage space and also e-mail discovery
and investigation costs.
|
|
About our Reviews and Scoring Methodology
|
|
|
| The Bottom Line |
Palisade PacketSure 5.5
Palisade Systems, palisadesys.com
|
| Very Good 8.5 |
|
| criteria |
score |
weight |
| Accuracy |
9 |
20% |
|
| Ease-of-use |
8 |
20% |
|
| Features |
9 |
20% |
|
| Performance |
8 |
20% |
|
| Scalability |
9 |
10% |
|
| Value |
8 |
10% |
|
|
|
Cost:
$4,000 to $250,000, depending on the size of the organization and included features
Platforms:
1U Linux-based appliance
Bottom Line:
PacketSure, a network appliance, monitors TCP and UDP traffic passively or inline. The system performs deep packet inspection
and will block or encrypt traffic at the network edge. The default 140 signature rules can be customized with keyword matching
or extended using regular expressions. Content analysis add-ons match specific information in databases and files, such as
credit card or private healthcare data.
|
|
About our Reviews and Scoring Methodology
|
|
Talkback
E-mail
Printer Friendly
Reprints
