ContentWatch Security Appliance Offers Filtering, Anti-malware

ContentWatch's CP 300 security appliance offers very good content filtering, traffic shaping and anti-malware capabilities, as well as excellent reporting. It also integrates with directory services such as LDAP to let businesses enforce Internet usage policy by person. However, despite the strong security features, it still leaves some open holes, but what doesn't?

Many businesses need to keep employees safe on the Internet and require solutions to monitor and, in some cases, block activity. The reasons vary: regulatory compliance, data loss prevention, information security policy and even HR policy.

A powerful driver for these solutions is the ability to limit or restrict bandwidth usage based on content categories or media type so that Jane in research can browse the Web looking for information on competitors' products, but Bob in accounting can't stream live video of the Victoria's Secret fashion show.

In this space, ContentWatch is offering a 1U (1.75-inch) appliance, the ContentProtect 300, that provides solid filtering and anti-malware protection. The CP 300 also integrates with various directory services.

There are a lot of options available in this market, ranging from simple URL filtering solutions to solutions bundled with other perimeter protection services such as anti-malware all the way up to UTM (unified threat management) offerings with full perimeter security. Which architecture appeals most to you will be dictated by your existing security solutions and whether you want to augment or replace them.

Historically, Web content filtering solutions relied on static lists of URLs that were pushed out by the provider much the way anti-virus signatures are. There are a number of drawbacks to this method-it only works with a frequently updated database (and no database of all the content on the Web can ever be completely up-to-date). There are also some easy ways around filters like this, such as using a "safe" domain (such as blogspot) to host "non-safe" content (such as pornography).

Click here to see an eWEEK Labs walk-through of the ContentProtect 300.

Therefore, good solutions not only filter on the text string of the URL but also conduct some sort of page-based content analysis on the fly. This analysis can be conducted on the actual device or somewhere out in the cloud. Administrators need to balance settings to provide enough protection while not scanning so deeply that the Web browsing experience is compromised.

Along with the filtering and anti-malware features, the ContentWatch CP 300 includes bandwidth management and application control. The integration with directory services such as LDAP allows businesses to set and enforce Internet usage policy by person rather than the usual way, which is by MAC or IP address. Rules governing content, application and bandwidth usage can be set for individuals and groups. Administration can be done via browser or SSH (Secure Shell), and larger organizations have the option of managing multiple ContentProtect boxes through a single interface.

I installed the CP 300 following the clearly written Quick Start guide, configuring it first from a workstation directly attached via cross-over cable and then moving it onto my Secure Web Gateway testbed to sit between the external firewall and the testbed's Ethernet switch. Ports are clearly labeled and located on the front of the unit. The device includes a hardware bypass so that network traffic continues to pass through it even if it fails. A helpful and informative wizard walked me through initial configuration, although I was disappointed that there was no way to configure SMTP authentication when configuring e-mail alerts.