Aladdin Knowledge Systems
Price: $13,650 for 500 seats, including optional advanced antispam, URL and content filtering modules.
Aladdin Knowledge Systems' eSafe 5 can do so much that the hardest part may be just explaining it all. This is a comprehensive content security package to protect your organization's Internet operations.
The eSafe gateway software package scans and cleans data passing through SMTP, HTTP, and FTP and POP3 connections, including AV scanning, inbound and outbound content filtering, antispam and application filtering, scanning of active content, and a lot more. eSafe uses its own AV engine, while the antispam signatures and URL filter database are licensed from Cobion-ISS.
The list of eSafe's capabilities could go on for pages, and the product definitely lived up to expectations. For example, its spyware filtering can block known HTTP vulnerability exploits that can lead to spyware execution and installation. It blocks ActiveX spyware, malicious Browser Helper Objects, spyware toolbars and even spyware DLLs inside downloaded applications. It can detect infected workstations, analyzing traffic for specific protocols and block malicious communication.
The URL content filtering provides a blocking list of over 20 million sites, divided into more than 50 categories. Executable files can be blocked even if the extension has been changed, and untrusted macros can be deleted from all Microsoft Office docs.
While some of the technology is signature-based, Aladdin also uses heuristics to find threats that have no specific signature; using proprietary methods, eSafe examines aspects of executables, content and protocols, and scripts in HTML pages.
All this capability is easily and flexibly managed through the Windows-based eConsole Manager, which allows you to define security rules according to specific clients, servers, e-mail addresses, destinations, domains, senders, recipients and file types.
A real-time statistics window shows the current traffic status graphically according to protocol. An extensive selection of reports and alerts inform you whenever a vandal or virus attempts to enter the network. SQL-based reporting modules provide dozens of reports and session log files that can be easily exported into a SQL database.
Installation on any Intel-based server or blade is straightforward, using the eSafe Virtual Appliance CD. eSafe is typically installed behind the perimeter firewall. It can be installed in router mode and in transparent bridge mode as a forwarding proxy, or it can work using Check Point Software Technologies' Content Vectoring Protocol to communicate with Check Point firewalls. In bridge and router modes, eSafe provides clustering, load-balancing and failover capabilities.
Scott Sidel is a technical editor for Information Security magazine, where this review originally appeared in the September 2005 issue.