eSafe 4.0

eSafe 4.0
Aladdin Knowledge Systems
Price: Starts at $25,440 for software; $28,439 for preloaded server

Content filtering typically means a mix of antivirus and antispam software, and a variety of e-mail, IM, Web and URL filters. Aladdin Knowledge Systems eSafe 4.0 manages these tasks in one gateway filtering system that examines network traffic for malicious code and inappropriate content. It strips out offending content or blocks suspicious connections entirely.

eSafe uses a combination of keyword filters, blacklists, antispoofing technology and advanced statistical analysis to block suspicious messages. We benchmarked eSafe's gateway against CloudMark's antispam system, which plugs into Outlook clients. eSafe matched its performance by blocking about 70% of spam.

eSafe can launch in an hour with a default filtering configuration, which blocks VBScript and JavaScript, and performs HTML page filtering based on keywords and phrases, such as "adult toys." It's a quick startup that adds significant value, considering the diverse functionality. But most enterprises will want to put in a few hours tweaking environment-specific rules to address the nuances of their acceptable use policies, such as a sports organization enabling access to espn.com.

Aladdin Knowledge Systems eSafe 4.0 content filtering system combines several content analysis technologies into a single system. When eSafe detects malicious code, it allows you to block or quarantine the offending content. Filters are first divided by protocol (HTTP, FTP and SMTP) and then by action (scan vs. block). The appliance is configurable for several purposes, from a router that sits between the firewall and an internal network to a firewall support system residing in the DMZ. An intuitive wizard guides security managers through the basic configuration, and to less commonly used settings, such as editing the list of keywords for the spam filter.

More Information Learn what fundamental questions you should ask when evaluating content-filtering solutions for your enterprise. Visit our URL/Content Filtering resource center for news, tips and expert advice.

eSafe runs autonomously once the content filters are configured, and users can schedule automatic updates for virus definitions and the software. It integrates with existing technology via the Content Vectoring Protocol, to work directly with firewalls such as Check Point FireWall-1. Its mail filters provide native support for Microsoft Exchange servers, and it can filter and forward traffic for other mail servers through its SMTP relay. eSafe also integrates with Kaspersky Labs' antivirus solution and SurfControl's URL database to enhance content filtering. However, it doesn't plug into any other third-party content filtering solutions.

eSafe's documentation and reporting are weak. You may find yourself flipping through the installation manual trying to find information that isn't where you would expect it. And its report generation is much too tedious -- a query-based process with results that lack analysis and resemble an event log. You need to build reports step by step, and can't simply double-click on an entry for detail. However, reports can be produced that sort data by infected or blocked file type or by specific policy violations, and the software does allow events to be logged to a SQL database for further analysis.

Our testing showed that eSafe can effectively manage a data load running over two T1 lines, and Aladdin claims that a single gateway can handle up to 25 Mbps of sustained traffic. Enterprises looking for an alternative to using several content-filtering tools can choose from various filters, Linux or Windows operating systems, and a software license or a preloaded server.

About the Author
Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles including the CISSP Prep Guide and Information Security Illuminated.

This review orginally appeared in Information Security magazine.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Security Buyer's Guide,   Application and Platform Security,   Web Security Tools and Best Practices,   Web Server Threats and Countermeasures,   Web Application and Web 2.0 Threats,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Security Buyer's Guide Keystroke dynamics makes BioPassword Internet Edition a viable authentication option Access security with KoolSpan's SecurEdge NetChk Protect 5.5 Biometrics: Best practices, future trends 2006 Products of the Year: Emerging Technologies Secure Sphere 2.0 Scan & Deliver: SLAs force service providers and outsources to hit the mark ... or hit the road Secure remote access: SSH Tectia Manager Spycatcher Enterprise 3.2 Configuresoft's Enterprise Configuration Manager v4.7 Web Server Threats and Countermeasures Increase in Gumblar backdoors poses FTP credential problems VeriSign extends DDoS attack protection service Microsoft issues IIS FTP advisory, exploit code circulates Panda reports fast-spreading rogueware antivirus fraud rakes in millions Oracle issues quarterly patches, fixes database flaws Latest DDoS attacks extremely unsophisticated, experts say Stolen FTP credentials likely in massive website attacks Microsoft warns of IIS zero-day vulnerability How to find and stop automated SQL injection attacks How to spot attacks through Apache Web server log analysis Web Application and Web 2.0 Threats New Facebook worm propagates using sexy model Web security firm ranks Firefox, Safari browsers as flaw prone Web application vulnerability assessment shows patching progress Layoffs prompt insider threat fears, cybersecurity survey finds Botnet masters turn to Google, social networks to avoid detection Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say Kaspersky system analyzes malicious URLs on Twitter for malware Pushdo botnet uses Facebook to spread malicious email attachment Do Facebook URL security concerns justify blocking social networks? RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary cache cramming  (SearchSecurity.com) content filtering  (SearchSecurity.com) Web filter  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.