Mitigating network-borne threats has been an imperative to companies of all sizes and statures. As if malware and viral infestation weren’t enough, today’s corporations must contend with even bigger bugs, including regulatory compliance, information leaks, and intellectual property theft.
I recently garnered an exclusive look at the new Clearswift MIMEsweeper Web Appliance ENW10, an inline filtering device that locks down all Web communications including mail, IM, and FTP, and I was pleasantly impressed with the results. The MIMEsweeper appliance is a Dell PowerEdge 1950 server packed with virus protection (courtesy of Kaspersky Labs), a spyware sniffer (from Aluria/EarthLink), and a link blocker based on a URL database from an OEM that Clearswift declines to reveal. The appliance plugs into your network with very little effort and begins protecting straightaway.
In tests, MIMEsweeper did a reliable job of trapping spyware, viruses, and keywords and phrases thrown at it -- even viruses buried inside Microsoft Office attachments. In addition to sniffing through Office docs, this appliance can peek inside PDFs, compressed archives, and executables, as well as a variety of multimedia files, to expose the hidden bits running through your network with suspicious and potentially malicious intent. The set-it-and-forget-it updating scheme will help technically challenged SMBs justify the price, considering the appliance exacts a nearly 37 percent premium over the cost of Clearswift’s comparable software-only configuration.
On the downside, unlike competing solutions from Secure Computing and Blue Coat Systems, this unit cannot scan HTTPS content streams. SSL-encrypted content and Web sites will pass through MIMEsweeper unexamined.
Further, unlike SurfControl, which offers a client-side agent that integrates with its Web security appliance, MIMEsweeper does nothing to protect against leaks of sensitive content while mobile users are on the road.
Nevertheless, what MIMEsweeper sets out to accomplish it does well. It provides solid defenses and good reporting, keeps management overhead to a minimum, and boasts features such as lexical pattern matching and LDAP support for user authentication that will bolster its appeal to larger enterprises.
Drop and block
The MIMEsweeper appliance sports two dual-core Xeon 5160 processors, dual gigabit NICs, 2GB of RAM, and a RAID 1 storage configuration using two 250GB SATA drives. The hardened Linux core supports 2,500 users, on average, according to the company, and it can be configured as a direct proxy or mounted transparently within your network routing.
Installing MIMEsweeper in the test network was a snap. Basic settings such as network configuration and passwords are handled quickly by a wizard interface. Installing the online update to the new 1.1 release was also painless, and MIMEsweeper maintains partitions between new and previous versions to accommodate rollbacks if necessary.
Further, although customizing policies is typically an arduous, time-consuming process, MIMEsweeper’s straightforward interface made easy work of building up rules and defining roles and machines for policy inclusion. There’s just no easy way around the development curve, but I found the Web interface surprisingly easy to use.
Newly added lexical search expressions allow you to sift e-mails and attachments for specific words and phrases. Boolean operators, regular expressions, and contextual awareness operators (before, after, with, etc.) can all be combined into tightly tailored scanning algorithms.
A notable omission is the absence of policy scheduling, though a number of nice features rounds out the offering, including policy/rule dependency tracking and customizable “404” screens that can be outfitted with your own corporate stylings and messages that alert users to policy violations.
Multiple MIMEsweeper appliances can be peered for scalability, and you can push policies uniformly through centralized administration, but comprehensive load balancing and centralized reporting are still absent. Both would be welcome additions.
Hot on the trail
In addition to configurable e-mail alerts, MIMEsweeper provides good runtime monitoring through an informative, browser-based admin interface. All of the administration and reporting features are browser based, and the Adobe Flash reports can be e-mailed or exported as PDF (with minor text flaws) or CSV (comma-separated value). MIMEsweeper’s reporting features made quick work of tracking sources of malware and pinpointing in-house systems that were potentially infected. I liked being able to build e-mail alerts right into the policy definition layers. Triggering immediate awareness to threat conditions always beats waiting for a nightly batch report.
The admin interface provides heads-up details on system errors (hardware and software based) as well as real-time activity, including threats encountered. Other advisory alerts, such as the reminder I got when I left SSH access to the console open, will prove helpful in keeping admins on track.
Additional administrators can be defined for delegated policy and user management, but I would like to see finer-grained access controls. Permissions are currently an all-or-nothing proposition: An employee gains equal access rights to report creation and policy disablement if added as an administrator, for example.
MIMEsweeper does have wrinkles in need of ironing. Clearswift might start by taking another sweep through its online documentation to insert useful examples and ensure its links are live. The company would also be wise to add support for URL spaces in lexical scans. Better wildcarding to reduce redundant variations in URL specification would also be helpful. For example, blocking on *.playboy.com stopped traffic to www.playboy.com, but typing http://playboy.com was still permissible.
These dings are relatively minor considerations in light of the breadth and capability of the product. MIMEsweeper is strong on protection and usability. Management of the appliance, with respect to updating the virus and URL databases, is almost entirely autonomous, providing a boost to overall effectiveness and relief to administrative staff. Although Clearswift has left a few items on the to do list, MIMEsweeper Web Appliance offers an easy and effective means of thwarting malware and plugging intellectual property leaks.
Overall Score (100%)
|Clearswift MIMEsweeper Web Appliance ENW10 Version 1.1||8.0||8.0||8.0||9.0||8.0||9.0|
You may still be better off sticking with Win7 or Win8.1, given the wide range of ongoing Win10...
Now that we're down to the wire, many upgraders report that the installer hangs. If this happens to...
Based on a technique created by a German blogger, here's how to stop wasting hours checking for Windows...
Everyone benefits from Network Time Protocol, but the project struggles to pay its sole maintainer or...
We reviewed a lot of gadgets and services in 2016, and here are our top 12 recommendations for tech...
The kit helps developers build apps that boot as OSes and are less dependent on hardware
Were it not for an alert customer, attackers could have compromised every RHEL instance on Microsoft...