CSG-2500 stands firm against malware
Network defender can carry a heavy load, though reporting and protocol support are lacking
Admins also can decide which protocols to scan, and they can specify standard and nonstandard port assignments. For instance, I was able to scan HTTP traffic on port 80 as well as port 81 and 8080 (unique ports on my test Web servers). Unlike the Cymphonix offering, this release doesn’t include any scanning support for instant message or CIFS traffic. The company has said it would consider adding additional scanning if customer demand dictated it.
Content filtering is part of the HTTP and FTP scanning engines. Policies for blocking objects such as ActiveX and Java, or any file matching a specific extension, are available. IT can also manually create a list of blocked URLs or let the CSG-2500 forward traffic to an existing Websense server.
Administrators have the choice of defining a different policy for outbound e-mail. The unique outbound policy allows for notification to the sender that malware was detected in the message and the ability to filter messages based on keyword, password-protected attachments, file type, and name. Many enterprises will already have an e-mail content filtering solution in place, such as Sigaba Secure E-mail, but for some, this will be a welcome tool.
Cracking the code
One unique feature is CP Secure’s ability to crack open HTTPS traffic and scan the stream for potential problems. Without any changes to the end-user’s browser, the CSG-2500 acts like a “man in the middle” and decrypts the traffic, inspects it for viruses and malware, then re-encrypts it and sends it on its way. This process does add a little more latency overall, but not enough to be noticeable.
The policy engine with the HTTPS service provides a good range of options for dealing with various secure Web sites. A default list of trusted certificate authorities, such as Entrust.net, Thawte, and Verisign, is included, and admins can edit the list to meet their needs. They can even maintain a list of sites that have untrusted certificates that users can access to allow for internal-deployed self-signed certificates. Because the CSG-2500 is intercepting the SSL traffic, users will get a certificate-authenticity warning when connecting through the appliance. To eliminate this, IT can distribute a digital certificate for the appliance for import into each user’s browser. I did this and the warnings disappeared.
CSG-2500’s reporting and logging capabilities are a weak spot. IT can search the log based on specific criteria and either view the text output or send it to a CSV file. The most useful reporting feature is the report profiles. Each profile defines the protocols and date range (up to 30 days) to include in the malware and traffic summary, and send to a user via e-mail. While not nearly as sexy as the reporting engine in the Cymphonix offering, it is enough to help IT understand what is being detected on the network.
For medium and large businesses that need to protect a lot of users from Web-based threats, the CSG-2500 definitely scales well and doesn’t add excessive amounts of latency. I like the HTTPS scanning capabilities, and I couldn’t slip any malware through during its time on my bench. Reporting could use some improvement, the lack of IM and CIFS support is disappointing, and smaller installations may balk at the price tag. However, for those who need high performance near real-time Web traffic scanning, the CSG-2500 will handle the load.