eSafe 4.0

Information Security magazine reviews the strengths and weakness of eSafe's new content-filtering solution.

eSafe 4.0
Aladdin Knowledge Systems
Price: Starts at $25,440 for software; $28,439 for preloaded server

Content filtering typically means a mix of antivirus and antispam software, and a variety of e-mail, IM, Web and URL filters. Aladdin Knowledge Systems eSafe 4.0 manages these tasks in one gateway filtering system that examines network traffic for malicious code and inappropriate content. It strips out offending content or blocks suspicious connections entirely.

eSafe uses a combination of keyword filters, blacklists, antispoofing technology and advanced statistical analysis to block suspicious messages. We benchmarked eSafe's gateway against CloudMark's antispam system, which plugs into Outlook clients. eSafe matched its performance by blocking about 70% of spam.

eSafe can launch in an hour with a default filtering configuration, which blocks VBScript and JavaScript, and performs HTML page filtering based on keywords and phrases, such as "adult toys." It's a quick startup that adds significant value, considering the diverse functionality. But most enterprises will want to put in a few hours tweaking environment-specific rules to address the nuances of their acceptable use policies, such as a sports organization enabling access to espn.com.

Aladdin Knowledge Systems eSafe 4.0 content filtering system combines several content analysis technologies into a single system. When eSafe detects malicious code, it allows you to block or quarantine the offending content. Filters are first divided by protocol (HTTP, FTP and SMTP) and then by action (scan vs. block). The appliance is configurable for several purposes, from a router that sits between the firewall and an internal network to a firewall support system residing in the DMZ. An intuitive wizard guides security managers through the basic configuration, and to less commonly used settings, such as editing the list of keywords for the spam filter.

More Information

Learn what fundamental questions you should ask when evaluating content-filtering solutions for your enterprise.

Visit our URL/Content Filtering resource center for news, tips and expert advice.  

eSafe runs autonomously once the content filters are configured, and users can schedule automatic updates for virus definitions and the software. It integrates with existing technology via the Content Vectoring Protocol, to work directly with firewalls such as Check Point FireWall-1. Its mail filters provide native support for Microsoft Exchange servers, and it can filter and forward traffic for other mail servers through its SMTP relay. eSafe also integrates with Kaspersky Labs' antivirus solution and SurfControl's URL database to enhance content filtering. However, it doesn't plug into any other third-party content filtering solutions.

eSafe's documentation and reporting are weak. You may find yourself flipping through the installation manual trying to find information that isn't where you would expect it. And its report generation is much too tedious -- a query-based process with results that lack analysis and resemble an event log. You need to build reports step by step, and can't simply double-click on an entry for detail. However, reports can be produced that sort data by infected or blocked file type or by specific policy violations, and the software does allow events to be logged to a SQL database for further analysis.

Our testing showed that eSafe can effectively manage a data load running over two T1 lines, and Aladdin claims that a single gateway can handle up to 25 Mbps of sustained traffic. Enterprises looking for an alternative to using several content-filtering tools can choose from various filters, Linux or Windows operating systems, and a software license or a preloaded server.

About the Author
Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles including the CISSP Prep Guide and Information Security Illuminated.

This review orginally appeared in Information Security magazine.

This was first published in August 2005

Dig deeper on Web Server Threats and Countermeasures

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close