Aladdin Knowledge Systems
Price: Starts at $25,440 for software; $28,439 for preloaded server
Content filtering typically means a mix of antivirus and
eSafe uses a combination of keyword filters, blacklists, antispoofing technology and advanced statistical analysis to block suspicious messages. We benchmarked eSafe's gateway against CloudMark's antispam system, which plugs into Outlook clients. eSafe matched its performance by blocking about 70% of spam.
Aladdin Knowledge Systems eSafe 4.0 content filtering system combines several content analysis technologies into a single system. When eSafe detects malicious code, it allows you to block or quarantine the offending content. Filters are first divided by protocol (HTTP, FTP and SMTP) and then by action (scan vs. block). The appliance is configurable for several purposes, from a router that sits between the firewall and an internal network to a firewall support system residing in the DMZ. An intuitive wizard guides security managers through the basic configuration, and to less commonly used settings, such as editing the list of keywords for the spam filter.
eSafe runs autonomously once the content filters are configured, and users can schedule automatic updates for virus definitions and the software. It integrates with existing technology via the Content Vectoring Protocol, to work directly with firewalls such as Check Point FireWall-1. Its mail filters provide native support for Microsoft Exchange servers, and it can filter and forward traffic for other mail servers through its SMTP relay. eSafe also integrates with Kaspersky Labs' antivirus solution and SurfControl's URL database to enhance content filtering. However, it doesn't plug into any other third-party content filtering solutions.
eSafe's documentation and reporting are weak. You may find yourself flipping through the installation manual trying to find information that isn't where you would expect it. And its report generation is much too tedious -- a query-based process with results that lack analysis and resemble an event log. You need to build reports step by step, and can't simply double-click on an entry for detail. However, reports can be produced that sort data by infected or blocked file type or by specific policy violations, and the software does allow events to be logged to a SQL database for further analysis.
Our testing showed that eSafe can effectively manage a data load running over two T1 lines, and Aladdin claims that a single gateway can handle up to 25 Mbps of sustained traffic. Enterprises looking for an alternative to using several content-filtering tools can choose from various filters, Linux or Windows operating systems, and a software license or a preloaded server.
About the Author
Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles including the CISSP Prep Guide and Information Security Illuminated.
This was first published in August 2005