The internet is now considered an extension of an enterprise’s own infrastructure. With the ever growing adoption of cloud-based services such as Salesforce.com and Office365, alongside employee use of the internet whilst at work, organizations need to ensure that the content and information that exists and is viewed online is both appropriate and permitted. Protecting themselves from any critical information data breaches resulting in serious financial penalties or loss of business reputation is paramount. The Clearswift Secure Web Gateway (SWG) offers a proactive, policy-controlled web gateway solution transforming the web from a high-risk environment to a secure resource, tailored exactly to your organization’s needs.
Clearswift’s award-winning deep content inspection capabilities facilitate the competitive advantages inherent in open and safe communications. SWG goes beyond simply keeping your network free of viruses, inappropriate content and harmful executables. It enables complete granular control over the information that is accessed or shared online, whether it’s limiting or monitoring recreational browsing or preventing the inappropriate leak of critical information. The Clearswift Secure web gateway enables an organization to reap all the benefits that collaborative web 2.0 technologies have to offer, safe in the knowledge that Clearswift’s unique Adaptive Redaction functionality allows for content to be dynamically modified to make the content ‘safe’ rather than have to ‘stop and block’ the collaboration ensuring a proactive approach to critical information protection.
Data leak prevention
By using the lexical analysis capabilities of the Secure Web Gateway, accidental data leaks can be detected and prevented– one of the scourges of modern corporations. Even hidden information in metadata can be removed from documents while being uploaded. Images can also be scanned using Optical Character Recognition (OCR) to prevent sensitive information from being exfiltrated. Either by searching file uploads for key watermarks within the documents that indicate sensitive data or by understanding the content, the leak can be identified, stopped and proper repercussive actions taken.
To ensure regulatory compliance is maintained and to prevent the leak of critical information, SWG has the ability to receive feeds from existing databases, as well as standard templates and dictionaries of common terms that may be indicative of a communication containing sensitive data.
Depending on the content, the use of Adaptive Redaction enables the sensitive data to be monitored, and if required, automatically redacted therefore allowing the communication to continue but with the information contravening policy removed. This process can be applied both to document properties and to any change history that potentially houses sensitive data.
Deep content inspection
Intelligent, deep content inspection enables risk-free social media communications – Clearswift’s sophisticated deep content inspection engine can recognize the difference between an innocent Tweet and a potentially damaging one. Context-aware scanning can detect and prevent users from uploading restricted information and images. The combination of ‘Content’ and ‘Context’ aware policies dramatically reduces the opportunity for false positives, providing less resources to manage an efficient data loss prevention strategy.
Policy-based web security
The intuitive and powerful user interface means that administration tasks are simplified, reducing errors and operational costs. SWG’s flexible and easy to configure policy comes with comprehensive reporting and auditing functionality.
Flexible web 2.0 policy controls
Clearswift has made setting policies for the most popular social media sites easy, with specific social networking policy routes for sites such as Facebook, LinkedIn, Twitter and YouTube. This capability allows different departmental policies to be set, and each route comes with pre-populated content rules allowing policies to be defined according to the website’s capabilities; in turn this means that employees are free to use the social web to innovate and grow your business. High quality reporting and auditing features give actionable insight into the way information is used on your networks, driving inbound threat protection, preventing data leakage and maintaining productive use of company network resources. If you’re concerned about data leaks via Facebook, webmail or similar sites – you can still allow access but control the outbound data flow through inspection and redaction policies. YouTube may contain inappropriate content – you can allow access, but only to authorized videos. SWG’s granular policies help you mitigate data loss, legal and reputational risks, and maintain regulatory compliance.
Predefined regular expressions for PII Personally Identifiable Information) and PCI (Payment Card Industry)
- National insurance and ID number
- Credit card numbers
- Social security number
- International Bank Account Number (IBAN)
Editable compliance dictionaries
Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA), Securities and Equities Commission (SEC) and Sarbanes Oxley (SOX)
Contextual policy rules for Facebook and other Web 2.0 sites
- Inbound threat protection
- Outbound data leakage
- Specific Facebook rules
This intuitive and powerful user interface means that administration tasks are simplified, reducing errors and operational costs.
Inbound threat protection
The Secure Web Gateway features integrated Cloud-assisted Avira, Kaspersky or Sophos anti-virus, anti-malware and antispyware protection, with automatic updates to provide the latest protection. The AV engines also support heuristic and behavioural scanning is available.
These technologies are further enhanced by the MIMEsweeper content inspection engine, which prevents suspicious script and other high-risk content such as executables from being downloaded. Even more, active content can be detected in documents and HTML to be optionally sanitized.
Text in web content can be searched, using both context and direction, and a policy applied.
- URL: Prevent inappropriate searches or allow them but inform HR
- Documents: Prevent sensitive data being uploaded to Web 2.0 sites or via webmail
- Web Page: Block pages with profanity that might offend
- HTTP headers: Block old un-patched browser versions
Advanced URL filtering
The Clearswift URL database contains 84 categories and is updated daily. It covers millions of sites, and represents billions of web pages. Also operates an additional database covering malicious malware and phishing categories, which is updated hourly.
This functionality detects new inappropriate sites, remote proxies, pornography and hacking, that can appear or occur on a daily basis. SWG’s real-time categorization engine is trained to recognize the characteristics of these sites and prevent access.
Browse time and quota policy
Sophisticated policies enable both definition of ‘time of day’ and ‘total amount of time per day’ any user can browse selected categories of a given site.
Flexible deployment options
You decide how you want to buy and deploy the Clearswift Secure Web Gateway. It’s supplied either as a pre-installed hardware appliance, as a software image that can be loaded on a choice of hardware platforms and public Clouds such as AWS and Azure or alternatively virtualized in a VMware environment.