Packetsure Learns by Example

 
 
By Michael Caton  |  Posted 2005-09-12
 
 
 

Packetsure Learns by Example


Palisade Systems Inc.s Packetsure 4.1 with content Surety puts a new spin on e-mail security by learning what constitutes unacceptable e-mail through example sets.

Click here to read the full review of Packetsure 4.1.

2


Palisade Systems Inc.s Packetsure 4.1 with content Surety puts a new spin on e-mail security by learning what constitutes unacceptable e-mail through example sets.

The PacketSure platform began shipping at the end of June and is priced on a per-user basis, starting at $15,000 for a 500-user license. eWEEK Labs tests show that the appliance-based PacketSure does a good job monitoring for and blocking suspicious message-based content. PacketSure uses TCP and UDP (User Datagram Protocol) packet inspection and broadly monitors user behavior, allowing administrators to prevent users from visiting certain Web sites, using file-sharing applications such as BitTorrent or running Windows file sharing.

During tests, eWEEK Labs could either use sample documents and files—Content Learning—or write rules—Content Matching—to catch communications that might violate a company policy. Even with both these outlets, however, we still needed to exert considerable effort in tuning the system to cut down on false positives. The amount of time dedicated to tuning should decrease over time, though.

This leads to a glaring omission in the product: PacketSure lacks a quarantine mechanism for storing, reviewing and releasing messages that trigger a policy, so it wont be a good fit for companies that need to actively monitor communications for compliance purposes. But companies looking for a way to prevent the transmission of intellectual property and secure data such as Social Security numbers, as well as to block unauthorized public instant messaging and e-mail applications, will find PacketSure to be a useful tool.

Read more here about e-mail management and security.

The packetsure with content Surety system is actually two appliances. The PacketSure appliance, which can run in either passive or in-line mode and would likely be placed in a network DMZ, does the actual policy enforcement. The MCDR (Master Content Description Repository) appliance sits inside the firewall and holds all relevant policies.

We think this is a good design because it allows companies to use specific data, such as customer numbers, to build policy on the MCDR appliance, but it keeps that data safe by passing only hashes of it to the PacketSure appliance.

The Content Surety part of the system comprises the Content Learning and Content Matching features, as well as Windows-based CS Monitor and CS Agent applications for creating and managing policies. Using CS Agent, we built policies based on files we determined to be inappropriate for sharing.

We appreciated how simple it was to build these policies, especially given that users with compliance responsibilities (and not necessarily IT skills) will have to use the tool to build policies. Building a policy was as simple as designating files in a directory structure, creating a policy name and designating files as either public or private. The CS Agent then processed the files to determine common characteristics and the differences between public and private files.

We did run into one situation that warranted augmenting Content Learning with some additional document management processes. During testing, the Content Learning system couldnt learn the difference between a draft and a final document when the documents lacked specific metadata or were submitted in the same file format because the information contained in the documents was too similar.

Once we designated documents as draft or confidential, it was much easier to build a profile that worked consistently. Even with this extra step, it was easier to use Content Learning than to use expression-based alternatives—such as SendMail Inc.s Mailstream Manager or the PacketSure platforms own CS Monitor, for that matter—because we didnt need to be as thoughtful about detailing the conditions that would constitute an exception to a policy rule.

CS Monitor is the primary administration tool for managing communications between the PacketSure appliance and the MCDR appliance, as well as the tool with which we built expression-based policies during tests.

We found it generally easy to manage policies. However, it wasnt as easy to manage access to—and features of—public IM applications with CS Monitor as it is with IM security applications from vendors such as IMlogic Inc. and Akonix Systems Inc.

Like IM management systems, PacketSure can monitor file-sharing applications. Companies also can buy an optional component, Content ID (developed with Audible Magic), that can examine file sharing for content thats been copyrighted. This could be useful in allowing users to share some files using a protocol such as BitTorrent without running the risk of violating copyrights.

Administratively, the PacketSure platform has a few weaknesses. For example, the product has a Web-based administration console, but it includes only a subset of the tools needed to fully manage the product. Administrators will need to run the CS Monitor application and compliance staff will need to run the CS Agent to get the products complete management feature set.

Furthermore, the product lacks dedicated tools for notifying users of policy breaches, as products such as Orchestria Corp.s Active Policy Management 4.0 do (via a client-side application). However, administrators can configure PacketSure to send alerts via Windows messaging or SMTP. The PacketSure systems reporting tools are good, although the aforementioned lack of a quarantine queue is limiting.

Next page: Evaluation Shortlist: Related Products.

Page 3


Akonix Systems Inc.s L7 CM5000 Appliance for managing IM and file-sharing policies (www.akonix.com)

Clearswift Ltd.s MIMEsweeper for SMTP and MIMEsweeper for Web Appliance-based policy enforcement for e-mail and the Web (www.clearswift.com)

Orchestrias Active Policy Management Flexible e-mail and Web monitoring application requires end-user application (www.orchestria.com)

Sendmails Mailstream Manager Gateway application for monitoring e-mail for compliance (www.sendmail.com)

Technical Analyst Michael Caton can be reached at michael_caton@ziffdavis.com.

Check out eWEEK.coms for more on IM and other collaboration technologies.

Rocket Fuel