Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Code Green Networks' Content Inspection Appliance 1500 product review

Product review of Code Green's Content Inspection Appliance, a data protection tool to help detect sensitive information leaving the enterprise.

This article can also be found in the Premium Editorial Download: Information Security magazine: Nine tips to guarding your intellectual property


Content Inspection Appliance 1500

Code Green Networks
Price: Starts at $25,000 for networks with up to 250 users



As organizations increasingly turn security focus from outside attackers to the threat from within, they are beginning to consider information leakage tools. Code Green's Content Inspection Appliance 1500 (CI-1500) is among the still- maturing handful of products designed to detect sensitive information leaving the enterprise.

Policy Control A-  
Code Green's primary detection engine uses proprietary technology to develop many short "fingerprints" of each piece of submitted content.

Code Green also supports the use of regular expression matching rules to protect against users extracting content from databases and other structured data sources.

The challenge here is determining and managing rules for what constitutes sensitive data. This may be a straightforward task for companies with clearly defined document-classification policies, but it could pose a considerable challenge for less mature organizations.

You create policy rules based on content match, traffic source and destination, protocol, and desired action.

A document triggers an alert if it contains at least one fingerprint from the RedList of restricted content (the GreenList holds permitted content). Actions include notifying the administrator, retaining a copy of the offending document, sending a syslog report and blocking/rerouting email messages.

We were impressed with the range of file types covered--390 according to Code Green--including all standard productivity software, such as Microsoft Office, Acrobat and WordPerfect, as well as other formats such as AutoCAD, Flash and .exe/.dll binary files.

Configuration/Management A  
The appliance ships with default policies and settings. We simply booted it up, attached it to a network tap and were monitoring traffic.

We then explored the content registration and policy creation process. The CI-1500 allows you to register individual content files through a Web upload, scan Windows and NFS file shares, and integrates with Stellent and EMC Documentum content management systems.

We evaluated both the Web upload and Windows file share registration options and had no difficulty adding new content. We also created policies based on customized regular expressions.

Effectiveness B  
We ran the CI-1500 through a variety of tests designed to thoroughly evaluate its content-inspection capabilities. It successfully detected Microsoft Office, Adobe Acrobat and text documents that we attempted to send via Web upload and email. We tried cutting and pasting document sections into other formats, and the appliance detected our circumvention attempt. It also scanned and detected protected content in .zip files.

The appliance's Achilles' heel, common to content-inspection products, is its inability to inspect encrypted traffic. An insider aware the organization performs content filtering can simply encrypt outbound traffic (for example, using Gmail) to bypass the appliance's scrutiny. The ideal solution would be to integrate a Web proxy server to allow for SSL decryption and inspection.

Reporting B+  
The CI-1500 provides a fairly robust reporting mechanism. Administrators may use one of nine predefined reports (such as top-matched policies, policy violations by protocol and top-source emails of policy matches) or create their own based on specified criteria (such as time, policy violated, source/destination IP, content).

Code Green's CI-1500 could prove valuable to organizations with well-defined classification schemes.

Testing methodology: The CI-1500 was tested in a network of Windows and Macintosh clients using a variety of common file formats, including Microsoft Office files and Adobe Acrobat documents.

This was last published in May 2007

Dig Deeper on Email and Messaging Threats-Information Security Threats

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.