ContentWatch Security Appliance Offers Filtering, Anti-malware - Page 2

The main Web GUI is separated into three main categories: Report, Manage and Admin. Another drawback to the product is that there is no context-sensitive help-clicking the Help button downloads and opens a PDF of the manual. The streamlined GUI is easy to use, yet at times it felt poorly organized. For example, configuring bandwidth utilization for the WAN link is, for some baffling reason, under Admin, Configuration, Miscellaneous. Other than a few quirks, everything is where you'd expect it to be, the GUI is responsive, and reporting is excellent.

I synchronized the CP 300's user directory with my LDAP server and started to build policies under the Manage tab. I put users in groups, created rules for time of day, content category and traffic shaping, and then assigned those rules under the Policy Manager. It seemed a bit cumbersome at first, but this modular approach makes it very easy to tweak policy later.

To make it easier to get started, ContentWatch provides several ready-made policies, ranging from denying all access to monitor-only. In most businesses, a good place to start is with Moderate settings, which block certain Web content categories, allow IM and prevent users from bypassing the device through proxying.

Those default rules did a great job when I ran through my usual content filtering tests. Google, Dogpile and Yahoo Safe Search was enforced automatically using my Moderate policy, all of the usual porn sites I test with were stopped, and all of the external proxying sites were blocked. I was impressed that many of my efforts to get around filtering using foreign languages were blocked as well, although I did eventually get to native-language Japanese pornography.

A major disappointment hit when I subverted the filter entirely by accessing well-known pornography sites through Internet archive sites like Administrators who want to completely lock down Web use can always block everything and only allow whitelisted sites. In addition, the page that appears when content is blocked informs the user why-for example "filter avoidance real-time filter"-and provides a link to a spyware removal tool. This page can be customized easily.

The CP 300 excels at reporting. Reports can be sorted by user, IP address, site, application (other than browser) and bandwidth used. I could find specific threats such as spyware or viruses that were blocked, the sites that attempted to serve them, and the workstation or user who browsed that page. Any report can be displayed as a table, pie or bar chart; searched and filtered; and exported to Excel.

The CP 300 retails for $2,995 for the hardware; the software subscription depends on the number of nodes supported and whether it's one, two or three years.

Matthew D. Sarrel is executive director of Sarrel Group, an IT test lab, editorial services and consulting company in New York.