Clearswift makes a clean sweep of Web threats
MIMEsweeper Web Appliance offers solid, plug-and-play protection against Internet malware and data leaks
Newly added lexical search expressions allow you to sift e-mails and attachments for specific words and phrases. Boolean operators, regular expressions, and contextual awareness operators (before, after, with, etc.) can all be combined into tightly tailored scanning algorithms.
A notable omission is the absence of policy scheduling, though a number of nice features rounds out the offering, including policy/rule dependency tracking and customizable “404” screens that can be outfitted with your own corporate stylings and messages that alert users to policy violations.
Multiple MIMEsweeper appliances can be peered for scalability, and you can push policies uniformly through centralized administration, but comprehensive load balancing and centralized reporting are still absent. Both would be welcome additions.
Hot on the trail
In addition to configurable e-mail alerts, MIMEsweeper provides good runtime monitoring through an informative, browser-based admin interface. All of the administration and reporting features are browser based, and the Adobe Flash reports can be e-mailed or exported as PDF (with minor text flaws) or CSV (comma-separated value). MIMEsweeper’s reporting features made quick work of tracking sources of malware and pinpointing in-house systems that were potentially infected. I liked being able to build e-mail alerts right into the policy definition layers. Triggering immediate awareness to threat conditions always beats waiting for a nightly batch report.
The admin interface provides heads-up details on system errors (hardware and software based) as well as real-time activity, including threats encountered. Other advisory alerts, such as the reminder I got when I left SSH access to the console open, will prove helpful in keeping admins on track.
Additional administrators can be defined for delegated policy and user management, but I would like to see finer-grained access controls. Permissions are currently an all-or-nothing proposition: An employee gains equal access rights to report creation and policy disablement if added as an administrator, for example.
MIMEsweeper does have wrinkles in need of ironing. Clearswift might start by taking another sweep through its online documentation to insert useful examples and ensure its links are live. The company would also be wise to add support for URL spaces in lexical scans. Better wildcarding to reduce redundant variations in URL specification would also be helpful. For example, blocking on *.playboy.com stopped traffic to www.playboy.com, but typing http://playboy.com was still permissible.
These dings are relatively minor considerations in light of the breadth and capability of the product. MIMEsweeper is strong on protection and usability. Management of the appliance, with respect to updating the virus and URL databases, is almost entirely autonomous, providing a boost to overall effectiveness and relief to administrative staff. Although Clearswift has left a few items on the to do list, MIMEsweeper Web Appliance offers an easy and effective means of thwarting malware and plugging intellectual property leaks.