|
e-Sweeper delivers content security management of SMTP
email systems. Based on Clearswift's MIMEsweeper™ engine the e-Sweeper
Client Agent processes the email stream while its configuration is determined
via a combination of the database component of the e-Sweeper Sentinel
and interaction with a Web based management interface.
The distributed nature and Web-based administration architecture
of e-Sweeper allow deployment options to be matched to service providers'
operational objectives. The clean separation of configuration database
from actual email processing affords exceptional flexibility in individual
component placement and management. When the Sentinel and Client agents
are fully distributed only low volumes of data pass between them.
Client Agent
Policy Identification
- Identifying policy by sender / recipient route
- Application of policies to messages
Content Analysis
- Recognition
- Decomposition
- Scanning
- Cleaning
- Re-composition
Classification
- Determining what happens to data
- Disposal actions
- Disposal notification
Sentinel Process
Configuration Database
- Client Agent details
- Customer details
- Domain configurations
- Threat and message data
Configuration Generator
- Create domain and Agent specific configurations
Billing Process
- Create billing information for users based on events and charging
structure for a given billing period
Data Out
Quarantine Auditing & Reporting
Service Provider Management
System configuration for Service Providers or Managed Service
Distributors is via Web-based interaction
- Manipulation of relay hosts
- Load balancing by distributing configurations and domains to particular
groups of client Agent machines.
- Setup/editing of customer information
- Review of customer status
- Online billing information
- Review of customer requests (delete domains, upgrade/downgrade service,
change numbers of users, alter MX records).
- View customers' configurations for support purposes
- View quarantine areas on client Agent machines or via database
- Run usage reports
- Change branding of users' configuration Web-site
- Create policy templates for customers
System Functions and Operation
Objects and email scanned by e-Sweeper go through three
key processes to identify and manage potential content threats.
Stage 1: Policy Identification
Recognition of policy rules as defined by Administration
user
- Application of security operation on each entity as set up using
the Web-based configuration pages
- Bi-directional policy application i.e. to both incoming and outgoing
messages
- Internal users may bypass a particular policy. Bypass lists may
contain both individuals and groups that reflect organizational entities
(e.g. Finance, Admin etc.)
Stage 2: Content Analysis
Analysis and scanning of objects in the email data stream
- Recursive decomposition of objects to identify original content
- Recognition and management through Format Managers of key data formats
used in email transfers
Compression formats:
ARJ (including self-extracting ARJ), BINARY, BINHEX, CAB, CMP UNIX
compressed, GZIP, LZH, MIME, TAR, TNEF, UUE (all variants), ZIP (multiple
variants), including self-extracting, and recognition of password-protected
ZIP) etc.
Document formats:
CDA(.doc, .xls, .ppt, etc.), PDF, PLAIN TEXT, etc. - Image formats:
BMP,GIF, JPEG, TIF etc.
Sound formats:
MP3
Video formats:
AVI, MPEG
Executables:
Including DOS executables, Windows 3.1 executables, 32bit Windows
executables, Javabyte
Encryption formats:
Recognition of S/MIME and PGP
Recognition of content by file architecture, rather
than extension
Routing to quarantine (or other user-defined area)
of unrecognized data formats
- Scanning by content managers of email content according to policy
- Scanning by major industry virus scanners
- Support for multiple virus scanners
- Scanning in headers, subject line, body text and attachments
for key words and phrases e.g. offensive phrases, sexual or racial
harassment, confidential information, trade secrets, junk e-mail
/ spam, email misuse
- Scanning by file type
- Scanning by file size of attachments
- Attachment of text to emails e.g. legal disclaimers
- Anti-relay support
- Spam control using real-time black list
- Scanning for inappropriate images
Stage 3: Classification
 Execution
of actions e.g. message quarantined, delivered, deleted
Notification e.g. alerts to the administrator, and/or
sender and/or recipient
Configuration
- All configuration executed via the Internet
- User setup, billing, support and reporting via a dedicated ISP specific
Web pages
- Threat configuration, quarantine management and reporting on a end-user
basis via an ISP-branded Web site
Scenarios
- Policies consist of scenarios - content-specific security operations
to be performed on each entity
- Grouping of scenarios into folders i.e. to recreate organizational
security environments
- Hierarchical arrangement of policies
- "Inheritance" by lower level policies of higher level scenarios
- Linking of scenario results to classification
Auditing and Reporting
- Writing of audit points to be written to external datafiles, such
as Access/ODBC
- User-defined transfer of data to database (e.g. by time, by size threshold)
System Management
- Local and secure remote management
- Provided as a Microsoft Management Console Snap-In for services, message
areas (e.g. Quarantine, Parking), recent message details
System Requirements
Agent
- Windows 2000 SP2 or above
- Agent defined on the Sentinel
- MAILsweeper™ 4.3 or above
Agent machines process approximately 10,000 emails per hour.
An Agent can handle configurations for between 200-600 domains depending
on configuration complexity
Sentinel Server:
- Windows 2000 Server SP2 or above
- Microsoft Internet Information Server 5.0 or above (IIS)
- Local or Network access to Microsoft SQL Server 2000
- Local or Network access to IMAP4/SMTP Mail server
*NOTE for LDAP functionality you must first install .NET
framework 1.0 or above and this functionality comes with a separate installer.
Deployment
e-Sweeper can be deployed either within your existing SMTP
Smart Relay Host infrastructure or as a stand alone Smart Relay Host.
|
|
Languages: English | Deutsch | Japanese
> 
