clearswift secure email gateway evaluation guide
TRANSCRIPT
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
1/301
Clearswift SECURE
Email GatewayVersion 3.2
Evaluation Guide
Revision 1.0
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
2/30
Clearswift SECURE Email Gateway / Version 3.2 / Evaluation Guide / Revision 1.0
2
IntroductionThank you for taking the time to evaluate Clearswift SECURE
Email Gateway.
Modern business simply couldnt function without email. However,both incoming and outgoing messages can pose signicant risks to
the security of company networks and condentiality. It is therefore
vital that an organisations email gateway is able to mitigate spam,
neutralise viruses and prevent data leaks without hindering the free
ow of messages.
The Clearswift SECURE Email Gateway is a trusted email gateway
security solution that gets the balance right.
This evaluation guide explores and explains some of the many benets
of the SECURE Email Gateway. Rather than overwhelm you with an in-
depth analysis of every feature our intention is to present the essentialinformation that will allow you to continue to explore and evaluate of
SECURE Web Gateway at your own pace.
Note that this guide assumes that you have already followed the
Clearswift SECURE Email Gateway Getting Started Guide. As such, you
should have completed the Initial Setup Wizard and be able to log in to
SECURE Email Gateway. If this is not the case then the Getting Started
Guide can be found on the Technical Guides area of the Clearswift
website please read it before proceeding.
Well start with a brief overview of what you can expect to see the
user interface. As thats a bit of a mouthful, well call it the UI fromhereon. Heres an overview of what well cover:
Dening an anti-spam policy for your organisation
Tailoring anti-spam policy for specic groups or departments
Blocking unauthorised attachments while allowing the free ow
of information
Performing keyword searches across messages and their attachments
Safely encrypting email sent to external organisations
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
3/303
The UIWhen you rst log in you will be presented with this Home page:
The Home page is the starting point for managing SECURE EmailGateways features and for implementing and maintaining an effective
spam policy for your organisation. It is supported by a further six pages,or Management Centers, displayed as tabs across the top of the GUI Policy, Message, Report, System, Health and Users. Lets take a closerlook at these...
The Home page presents an overview of SECURE Email Gateway. It isthe rst page displayed each time you log in.
The Policy Center lets you dene and maintain an Acceptable Usage
Policy (AUP) for your organisation. This involves creating rules to
manage information owing in to and out of your organisation. Use thePolicy Center to create rules and routes that determine which emailaddresses and domains are allowed or blocked and who is allowed tosend and receive messages.
The Message Center manages held, or quarantined, email messages.It also offers the ability to run the message-tracking tools,allowing you to trace the paths of any email passing through theSECURE Email Gateway.
The Report Center provides access to the monitoring capabilities ofSECURE Email Gateway. It collates and presents information on theactivities of users, including the most popular email domains, thebusiest users and the types of attachments sent and received. It can
also generate detailed reports on incoming spam and detected viruses.
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
4/30
Clearswift SECURE Email Gateway / Version 3.2 / Evaluation Guide / Revision 1.0
4
The System Center is used to manage some of the more technicalaspects of SECURE Email Gateway. The most important settings willhave been congured during the Initial Setup Wizard, so theres not too
much to worry about with this Center. However, they can be editedfrom here at any time.
The Health Center is the place to view real-time usage information forSECURE Email Gateway. Key metrics available here include such as thespam and virus proles, SMTP connections, processor usage, system
update information and the volume of encrypted/decrypted messagesthat have been processed.
The Users Center control access to the aforementioned managementCenters. Use it to create new administrative users, allowing access toall or selected Management Centers.
This evaluation guide will focus on the most important ManagementCenters, offering simple guidelines on making the most of them.
Policy CenterWell start by exploring the Policy Center. It is likely that the majorityof your of time will be spent here, creating and managing the rulesthat dene the email policy. The good news is that the SECURE Email
Gateway comes with a default email policy that can be ne-tuned
quickly and easily to meet your organisations specic needs.
The policy is dened in SECURE Email Gateway using a combination
of content rules, policy routes and Clearswifts TRUSTmanager andSpamLogic technologies to identify and lter 99.5% of spam and prevent
malware infections.
In simple terms, content rules examine every message passing throughthe SECURE Email Gateway, performing a variety of security checks.These rules can be created and reused multiple times to enable the email
administrator to manage even complex policies with ease. A plain-Englishexample of a content rule could be written like this: Detect condential
material in outbound messages and inform IT security personnel. Toview current content rules simply click the Content Tools link
These content rules become part of policy routes. So, again in plainEnglish, a route might be thought of along these lines: Outboundmessages from the sales department. As such, messages can besubjected to different sets of rules dependent on the route throughwhich theyre owing. Click Mail Policy Routes to see the default settings.
As well, Clearswifts SpamLogic technology allows for a global spampolicy for each SECURE Email Gateway. You might, for example, congure
SpamLogic to reject all messages that come from known spam sources.For exibility it is also possible to create a special Spam Content Rule
for a particular group of recipients. To explore these options, just clickSpamLogic Settings.
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
5/305
CONTENT
RULE
DESCRIPTION USES CAN CAUSE
MESSAGE
QUARANTING
Add Disclaimer Places annotation at the top or bottom of the
message body (e.g. Company Disclaimer)
Message
Annotations
No
Add DisclaimerConditionally
Places annotation at the top or bottom of themessage body (e.g. Company Disclaimer)based on specied conditions, such as a
particular word or phrase being present in orabsent from the message
MessageAnnotationsLexicalExpressions
No
Detectlenames
Checks the message for attached les and
then checks if they match the names from adened list
Filenames Yes
Detect Lexicalexpression
Checks the message for specic words, phrases
or patterns against a dened dictionaryLexicalExpressions
Yes
Detect Spam Overrides the global spam policy for thisparticular direction of email trafc Yes
Detect Virus Denes the behaviour when a message witha virus is detected. For example, a messagesubject to this rule may be held or deleted
Yes
DigitalSignatureValidation
If the message has been digitally signed,this rule checks to see if all or some of thesignatures are valid
Yes
Encryption orDecryptionFails
Denes how to process the email if there is
a failure when trying to either encrypt ordecrypt a message
Yes
MessageModication
Fails
Denes how to process the email if there isa failure when trying to modify the message(when adding a disclaimer, for example)
Yes
MessageProcessingFails
Denes how to process the email if there is
a failure when trying to process the message(when parts of the message are corrupt, forexample)
Yes
Message SizeRestriction
Dened the behaviour when messages which is
over a certain size is processedYes
All trafc Special rule to force the disposal of a messagebased purely on who is sending or receivingthe message
Disposalactions
Yes
Detectunacceptableimages
Checks message to see if they contain imagesthat have either been dynamically classied
as unacceptable or whether the SystemAdministrator has preclassied them as
acceptable or unacceptable
Pre-classied
imagesdened in
Policy >ImageLogic
Yes
Click Mail Zero Hour Malware, meanwhile, to determine how the SECUREEmail Gateway will react to attachment-laden messages containingconrmed or suspected malware. Its worth noting at this point that
these checks are run early in the sequence of message examination. Assuch, messages may be rejected or quarantined before the SECURE Email
Gateway anti-virus engine is run.
Content RulesAs noted, Clearswift SECURE Email Gateway uses content rules inconjunction with routes to manage the free ow of information via
email. This table describes the available content rule types:
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
6/30
Clearswift SECURE Email Gateway / Version 3.2 / Evaluation Guide / Revision 1.0
6
Content rules are constructed using items from the content referencesections in order to dene the detailed part of the security check that
is being performed on that message.
These base rules can be re-used throughout the policy. It is advisablewhen creating the rules to use sensible names as it will make theAcceptable Use Policy self-documenting.
Policy RoutesWhen a message is received by the SECURE Email Gateway it isprocessed against the security policy in the following order:
1. [optional] Global spam policy
2. [optional] Global anti-malware checks
3. Identify most appropriate policy route based on sender and recipientof that message. Then
a. Process message using each content rule in that policy route
b. Determine the outcome for the message dependent on thetriggered rules
Policy routes are listed in a table format, which the SECURE EmailGateway processes from top to bottom. The rst route that provides a
match for the sender and recipient email addresses will be evaluated.If no route is matched, a nal catch-all route is used to dene the
default actions for the message.
Denes what the
content rule has tolook for
usesModied
with generates
Denes how messages
are modied
Denes notications
and what happensto messages (held,relayed or deleted)
Default action forall messages
Address Lists based on manual and LDAPentries dened in the Email Addresses
in the Policy Center
Catch-all route. If messages are processed here, then it islikely that you have incorrectly congured the policy routes
Spam and Malware Policy
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
7/307
Ordering of policy routes is important. Explicit rules should be placedat the top of the list, with less-specic rules below them. Why? Well,
consider this following example routing table:
ROUTE NUMBER FROM TO
1 *@clearswift.com *@hotmail.com
2 *@clearswift.com [email protected]
3 [email protected] [email protected]
Remember, routes are process from top to bottom. So, if the SECUREEmail Gateway was evaluating messages using this routing table thenemails sent from [email protected] to [email protected] wouldmatch Route 1 right away, and be processed accordingly. In otherwords, even though Route 3 provides an explicit match it would neverbe reached because the message wouldve already been picked up byRoute 1. But reverse the order of the table (from 1-2-3 to 3-2-1) andthe explicit route would be able to do whatever job is required.
Remember, too, that each route has a specic series of rules to be
performed against the messages. The order of these rules is similarlyimportant, as they are evaluated from left to right.Consider this example:
At a casual glance, this may seem like an effective route. However, theorder of these rules isnt terribly sensible. The Detect Condential
Material rule performs a keyword search on the message body, lookingfor sensitive words and phrases. But, there is little point performingsuch a search if the message contains a virus. Messages carrying virusesare likely to be deleted, so performing the keyword search rst is a
waste of time and resources. By the same token, it is more sensibleto add legal disclaimers after all the other rules have been processed.Here, then, is a more efcient order for this particular set of rules:
1. Drop messages containing a virus
2. Detect Condential Material
3. Detect Credit Card Lexical Expression
4. Add Legal Disclaimer
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
8/30
Clearswift SECURE Email Gateway / Version 3.2 / Evaluation Guide / Revision 1.0
8
Message CenterThe Message Center is the place to manage held, or quarantined,
email messages. As detailed earlier when discussing the SECURE EmailGateway GUI, the Message Center also offers the ability to run themessage-tracking tools and identify messages that are pending delivery.
It is possible to create administrator accounts that have privilegessufcient only to manage a subset of the quarantine areas. Similarly, it
is access to the SECURE Email Gateways message-tracking feature canbe restricted. Note that the security for these sections is managed inconjunction with the User Center.
The maximum size of the message areas is dictated only by the amountof free disk space available to the system. The actual number ofquarantine areas is also unrestricted. However, its worth noting thatSECURE Email Gateway is not designed as a message archive. As such,we wouldnt recommend long-term archival of messages.
Drilling down into a particular area exposes all the messages in that
area. To do this, just click the plus (+) symbol alongside an area.Here, weve drilled down into the Condential area:
Its possible to drill down still further, to view information about aparticular message. To do this, simply double-click the message:
Batch operations allow for massoperations (delete, release etc.)on messages that match a specic
search query
Query the tracking historyto identify when and how amessage was processed
Messages areas with count and totalsize for that particular area. If thisSECURE Email Gateway is peered itwill show a consoildated view of allmessages areas across all peers
Messages that are waiting to beprocessed, waiting for delivery andwaiting for a retry event if the initialdelivery attempt was unsuccessful
Available message handling Page length Page controls
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
9/309
Clearswift SECURE Email Gateway offers a very powerful message-tracking feature, allowing authorised administrators to be able tosearch the message-processing logs. This is useful for tracking what hashappened to a particular message.
When you start Message Tracking you can dene you search criteria
based on numerous elds such as sender, recipient, subject, sending
host, received date and on which gateways the search is to run
Flexible search criteria allow for generic or precise reporting onmessages that have been accepted or rejected on this SECURE EmailGateway or one of its peers. Heres an example search results:
As before, it is possible to drill down to a particular message justdouble-click:
This panel explains which set of policy rules wereapplied to this message and triggered content rule
Explanation to show where in the message the violation occurred
Next hop delivery with timestamp
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
10/30
Clearswift SECURE Email Gateway / Version 3.2 / Evaluation Guide / Revision 1.0
10
Report CenterClearswift SECURE Email Gateway includes versatile management and
reporting facilities, all controlled from a simple web-based interface.Dozens of ready-made report templates are included and new ones canbe created quickly and simply. Better still, SECURE Email Gatewaysreports are interactive: drill down on the y to get to the data you need
quickly and avoid producing useless reports. Heres what it looks like:
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
11/3011
Obvious, most relevant report groups will depend on your organisation.However, here are a few pointers for useful reports that will providea good place to start your exploration of SECURE Email GatewaysReport Center:
Top Addresses. Use this group of reports to nd the biggest senders of
message in your organisation. Note that its possible to view reportsboth on volumes of messages owing in and out.
Threats Summary. This report, which youll nd in the Threats group,
gives an overall view of the number of messages that have beendetected with viruses, spam or other content check.
Message Processing Rates. These reports, found in the GeneralProcessing group, can provide an at-a-glance view of peak emailsending/receiving times.
Reports can be run by selecting the report and pressing View, or bysimply double-clicking the report name.
The provided reports display user activity for all users. It is likely,though, that youll want reports to focus on specic user groups
or individuals over a specic time periods. Moreover, it is useful to
schedule reports for automatic delivery, rather than executing themon a manual basis. As such, wed advise tweaking some of the report-ltering parameters to create reports tailored for your organisations
needs. Here, for example, are the parameters for the provided AverageMessage Processing Lag Per Day report:
Changing a reports lters is easy. First click to highlight the report that
is the closest match for your reporting requirements. Now click Copy tocreate a copy of the report that can be edited as necessary. To changeany of the lter parameters, just click the appropriate tab:
The lter parameters and their meaning should be self-explanatory. Note
that in order to generate reports based on domains or address routes;these will obviously need to be created prior to customising a report.
When creating a report notice that its icon changes to include a blueperson. Create a report with a schedule and a little clock icon is
added, too.
Parameters for that report
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
12/30
Clearswift SECURE Email Gateway / Version 3.2 / Evaluation Guide / Revision 1.0
12
SECURE Email Gateways reports are interactive. As such, it is possible todrill down on data to receive a more detailed report. For example, afterrunning the Top Virus Names report, clicking on the virus name will runanother report to show the list of senders of that particular virus.
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
13/3013
System CenterThe System Center provides access to settings that dene how the
SECURE Email Gateway operates and how it interacts with componentsin your existing environment. Heres what it looks like:
The System Center is split into three sections - Monitoring & Control,Conguration and Appliance Version & License. Lets explore these in
more depth.
Monitoring and ControlThe Logs & Alarms section allows the administrator to be able to viewthe logs that been generated by the SECURE Email Gateway. Each log isautomatically rolled over at the end of the day and held for 30 days. Ifyou require a longer retention periods, then use the Backup & Restorefeature in the System Center or create scripts to move the les off the
SECURE Email Gateway installation as and when required.
Tools fordiagnosingconnectivityissues
Optionsto viewwhole login browserwindowor mail toyourself
Log data is exposed in the GUI anddoesnt require administrators to accessoperating system
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
14/30
Clearswift SECURE Email Gateway / Version 3.2 / Evaluation Guide / Revision 1.0
14
As well, you can use this section to modify how SECURE Email Gatewayhandles triggered alerts. By default alerts will be displayed in the GUI. Ifdesired, use the relevant option to send an alarm by email or SNMP.
The Service Control section offers administrators with sufcient
privileges the ability to gracefully shut down individual services or theentire SECURE Email Gateway.
Conguration
The majority of the options found in the System Settings sectionwill have already been dened in the Initial Setup Wizard. Should
adjustments need to be made when moving the SECURE Email Gatewayfrom a test to a live deployment, though, they will most likely beenacted here:
Perhaps obviously, SECURE Email Gateway SMTP conguration is managed
in the SMTP Settings section of the product lets you dene the SMTP
conguration of the product.
Shutdownoption. Availableto administrators
with shutdownaccess rights
IP Address, Subnet, DefaultGateway and hostnamedened here
This section needs tocompleted for HTTP accessvia a proxy
SSH is off by default,but can be enabledfor a subset of IPaddresses
Access control to themanagement interface isdened here
Time settings such as NTPserver are dened here
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
15/3015
The PMM Settings section is the place to congure SECURE EmailGateways Personal Message Management (PMM) feature. Its possible,for instance, to specify the format of the message such as text andcompany logo and how frequently the users will receive messagesshowing messages held for them.
The administrator can afford end users control over the delivery ofcertain emails. Messages identied as spam, for example, could be
released if the user determines that the email is in fact legitimate.Alternatively, certain staff may be given the right to release outboundmessages that would otherwise be blocked by the SECURE EmailGateway. These PMM features can be enabled on an individual, group orcompany-wide level. To do this click the Policy tab followed by Manage
Disposal Actions.
Add routinginformation for yourinternal domains here
Dene the IP addresses
of internal hosts who arepermitted to the gateway
Enable for PMM
Control what users will be able to selfrelease messages
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
16/30
Clearswift SECURE Email Gateway / Version 3.2 / Evaluation Guide / Revision 1.0
16
The pink cells indicate a Full Distribution. At these times, SECURE
Email Gateway will send notications to all users showing all heldmessages. The green cells indicate a Partial Distribution: thisgenerates notications only for users for whom new messages have
been held since the last full distribution.
SECURE Email Gateway also offers the ability for users to add emailaddresses (including full domains) to a whitelist, to prevent thesemessages being held. These options are also managed from this part ofthe UI.
Clearswift knows that many organisations will deploy more than oneSECURE Email Gateway. This affords common policy, common messagemanagement and common reporting but the Gateways must rst be
peered together. This is a straightforward process. Simply enterthe IP address and user credentials of an additional peer in the PeerAppliances section. Clearswift SECURE Web Gateway devices canalso be added to the peer group, allowing policy to be shared andsimple administration from a unied interface. Here is what the Peer
Appliances section looks like youd just click New to add a peer:
The SECURE Email Gateway product is of course very reliable. However,
the Backup & Restore section provides a simple way to schedule anautomatic backup of policy, system settings and the auditing databaseto an FTP server. Heres a typical view:
The PMM notications are sent to users according to a schedule. To view
or edit this, click the System tab followed by PMM Settings then PMMService Settings. Heres what youll see:
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
17/3017
The SECURE Email Gateway stores the last 20 congurations online,
each is tagged with the reason why the conguration was made, by
whom and from where. Previous copies of policy cab easily be madeinto the live version, if a change made needed to be reverted.
Change history, who, what, wherefrom and when
Previous policy congurations that
be restored or backed up
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
18/30
Clearswift SECURE Email Gateway / Version 3.2 / Evaluation Guide / Revision 1.0
18
Appliance Version & LicenseSECURE Email Gateway is able to automatically update its anti-virus and anti-spam defences, without administrator intervention.Similarly, updates to the SECURE Email Gateway itself are alsodownloaded automatically. However, it is important to understandthat these product updates are NOT applied without action from theadministrator. This is where the Appliance Version & Upgrades sectioncomes in. The administrator is notied of new releases, via GUI alerts
and optional SNMP or SMTP alerts, and then must decide what action totake. This screenshot shows the Appliance Version & Upgrades sectionon a SECURE Email Gateway that has had some upgrades applied:
Self-testing the SECURE Email GatewayOne of the SECURE Email Gateways strengths is its comprehensivecollection of self-test features. These save time wasted on needlesssupport calls, allowing you to detect and resolve issues quickly andeasily. Click the System tab to return to the System Centers home pageand youll see these options displayed in the left-hand control panel:
It is impossible to consider all possible permutations of situations thatmay lead to problems but a good rst step would be the Connectivity
Test just click the link. This provides conrmation that the SECURE
Email Gateway is connected and able to communicate before deciding
which areas should be the focus of subsequent troubleshooting steps.And be reassured that when expert help is needed, Clearswift can becontacted 24 hours a day, 7 days a week.
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
19/30
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
20/30
Clearswift SECURE Email Gateway / Version 3.2 / Evaluation Guide / Revision 1.0
20
The effectiveness of SECURE Email Gateways anti-spam measures canbe checked by using the various reports or the real-time graphs in theHealth Center.
If the SECURE Email Gateway is deployed behind other message-transfer
agents (MTAs) in your environment you can still use TRUSTmanager just enter the IP address or hostname of these hosts:
Occasionally, the SECURE Email Gateway may need to process emaildifferently for a specic sender. For example, its possible that for
whatever reason the senders MTA has wrongly ended up on a real-time block list whitelist.
Another common example is where a specic staff members or groups
cannot risk an inaccurate identication of messages as spam a false-
positive but still want any spam marked on the subject line. Hereshow to deal with this:
1. Create an address list for the special group of recipients
In this demonstration SECURE EmailGateway we are detecting spam by the
content, not by the connection. Here,94.9% of mail is spam, while 4.9% of
messages are good
If Suspicious is the only reputationbeing reported, then your TRUSTmanagerconguration is not correctly set
64% of incoming messages are
considered Bad. We could thereforediscard 42m messages (64% of 65m)
during the SMTP connection
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
21/3021
2. Create a new Detect Spam content rule
3. Create a new Detect Spam content rule
4. Add any other content rules to that route
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
22/30
Clearswift SECURE Email Gateway / Version 3.2 / Evaluation Guide / Revision 1.0
22
Blocking FilesMost organisations will want to stop certain le types from being sent or
received. When it comes to inbound messages, the obvious candidatesinclude any le type that could potentially carry a virus, oversized
messages and frivolous attachments, such as MP3s, MPEGs and AVIs. Formessages leaving your organisation concerns include leakage of sensitivedata, any comments or materials that could damage the company brandor reputation, profanity and embarrassing content.
Fortunately, managing these issues while still allowing staff tocommunicate freely is easy with the SECURE Email Gateway.
Well consider the Detect Media Type content rule can help weedout those time-wasting attachments. The advantage of the DetectMedia Type content rule is that it uses binary recognition of the data
to determine the le type. So, even if a le is renamed it will still bedetected. Heres what it looks like:
By selecting this grouping, all executable letypes
can be blocked, or click on the + and select theindividual formats that can be blocked
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
23/3023
Determine what to look for and then dene what to do in the event
that the le type was detected in a message. The options available in
particular content rule are:
Drop the message
Non-deliver the whole message Hold in a message area
Relay to a specic mail server
Deliver the message
Strip the attachment
Add a message header
Annotate the message
Generate an alert
Trigger the message to be encrypted
Obviously, some of these can only be used once like Drop themessage. However, in most cases it is possible to have the SECUREEmail Gateway perform multiple actions based on the detectioncriteria. You could, for example, strip the attachment but still deliverthe message.
This new rule would be added to the appropriate route of email toachieve the desired goal.
Controlling content by keywordOne of the most powerful and popular features of SECURE EmailGateway is the ability to block or reroute messages based upon wordsor phrases found either in any of the following locations:
SMTP headers
Subject lines
Message bodies
Attachments
In terms of attachments, the SECURE Email Gateway is able toextract and analyse documents and les from many common business
applications. These include all versions Microsoft Ofce, OpenOfce and
Adobe PDF les, as well as HTML. Whats more, SECURE Email Gateway
can even separate where in the document the content was detected, beit the body, the headers and footers or even the metadata.
When it comes to search strings and patterns, SECURE Email Gatewaygives customers the freedom to create their own lists of words, phrasesand regular expressions. However, the product includes various ready-made lists. As well, the SECURE Email Gateway can access a special setof Managed Lists: these are built and managed remotely by Clearswift,and are regularly updated with new words and phrases.
These lists of lexical expressions are dened within the References
section of the SECURE Email Gateway. They can be used in multiple
instances of the Text Analysis content rule.
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
24/30
Clearswift SECURE Email Gateway / Version 3.2 / Evaluation Guide / Revision 1.0
24
Dening the list
The lexical expression lists are essentially collections of words,phrases, common expressions, operators and special tokens. Each entryin the list carries an expression value, from 1 to 10; there is also aspecial instant trigger value. By associating different values to eachphrase we can ensure that a degree of sensitivity is achieved.
Credit card numbers provide a good example of the usefulness ofspecial tokens. Obviously, every credit card number is different, soSECURE Email Gateway can employ a credit card token as a pattern-matching tool. In other words, the credit card token looks for asequence of numbers that match the known credit card. The tokenlooks for strings of digits between 13 and 18 characters in length andprexes commonly used by the major credit card providers. A checksum
formula is also applied to ensure that the match is accurate.
If the credit card token is assigned the aforementioned instant value,then as soon as the SECURE Email Gateway detects a message containingcredit card number a trigger event will take place: the message could bequarantined, for instance.
However, to allow for the free ow of information the expression value
can be altered. Change the credit card tokens expression value to 3, say and set a threshold of 10 in the content rule and users would be ableto send messages containing up to three credit card numbers. Attemptingto send four credit card numbers, though, would trigger an event.
Simple phrases, Tokens and Regular expressionscan be mixed to provde the exibilty required for
detecting content violations
Date regularexpression
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
25/3025
Creating the content ruleA new Detect Lexical Expression content rule can be created andcongured for use.
Whilst creating this particular policy rule you can dene where in themessage you want to check, what the necessary threshold will be totrigger a violation, what the scoring algorithm will be and also what to dowhen a violation does occur.
Once this has been created it should be added to the appropriate PolicyRoutes and the conguration needs to be committed.
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
26/30
Clearswift SECURE Email Gateway / Version 3.2 / Evaluation Guide / Revision 1.0
26
Managing EncryptionClearswift SECURE Email Gateway supports multiple methods to encrypt
data from one organisation to another, including TLS, S/MIME and PGP.Theres also an ad-hoc method of encryption, for password-protectingmessages sent to external organisations and people. This wide choiceof different techniques allows an organisation to engage in securecommunications to a wide range of receiving systems.
This table of typical uses provides a guide to the various types ofencryption offered by the SECURE Email Gateway:
USE CASE METHOD
All messages to particular domain must be encrypted TLS
Messages sent to a domain must be secured overthe internet but do not need to be secured to
the desktop
TLS, S/MIME,PGP
Messages sent to a domain must be secured over theinternet but only to a group of named individuals
S/MIME, PGP
Messages sent to recipients who are familiar withencryption software on their system and mustreceive the message in a secure fashion
S/MIME, PGP
Messages encrypted at the desktop, content checkedat the corporate gateway and delivered to therecipients desktop in an encrypted format
S/MIME, PGP
Messages sent to recipients who have no desire forany encryption software on their system and mustreceive the message in a secured fashion
Ad-hoc
Messages sent to recipients that should only beencrypted based on the presence of certain content,such as credit card numbers
S/MIME, PGP,Ad-hoc
Encrypting a messageEncrypting an email requires appropriate keys or pass phrases that canbe used to convert the unsecured data into a secure format.
Both S/MIME and PGP employ a public/private keys format (S/MIMEkeys are also known as certicates), while the ad-hoc method relies
on a single pass phrase. The special keys required for S/MIME or PGPcan be generated automatically by the SECURE Email Gateway, a keygenerator tool (such as GnuPG) or by using a third-party service such asVerisign, Thawte or GlobalSign. These keys can be separated out into aprivate part, which must not be disclosed to anyone else, and a publicpart that can be distributed to anyone.
First, though, S/MIME and PGP keys must be imported into the SECUREEmail Gateways Certicate Store. To do this, click the System tab
followed by Certicate Store then Partners like this:
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
27/3027
It is possible to import the S/MIME and PGP certicates in the following
key formats: PEM, ASC, B64, CER and P7B.
With the keys loaded into the Certicate Store, it is possible to create
encryption endpoints which dene the certicates and encryption
method to use for particular email recipients. Here, well consider anexample recipient called Bob Smith, whose PGP key has already beenloaded into the Certicate Store:
Were going to create an encryption endpoint for any email messages sentto him via the SECURE Email Gateway. Click New in the Mail EncryptionEndpoints and follow the screen options. It would look like this:
Click Save and this new endpoint will be listed in the EncryptionEndpoints section of the Systems Center, here:
Select the key to use for this endpoint orselect password to use the ad-hoc method
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
28/30
Clearswift SECURE Email Gateway / Version 3.2 / Evaluation Guide / Revision 1.0
28
As such, we are now able to enforce an encryption policy for email sentto [email protected].
To do this, we would create an email policy for messages sent to thisaddress. Then, every email sent from your organisation to [email protected] will be encrypted using his key. This is achieved by creating anew policy route, in the Policy Center:
So, assuming the message is processed and does not get quarantined, itwill be encrypted using Bobs certicate details and sent to him.
The SECURE Email Gateway can also force encryption based on triggeringof a particular content rule. You might, for example, employ theDetect Lexical Expression rule to check for sensitive words or phrasesby referencing the Condential Material expression list and, if found,
encrypt the message automatically. Heres how to do it:
To make encryption even simpler, it is possible to create an endpoint that
uses password protection. The password can be a phrase dened by andknown to both sender and recipient, or it can be generated automaticallyby the SECURE Email Gateway. When this option is selected, the senderreceives an acknowledgement of the password via email, like this:
Address List entry for Bob Smith. This could be a generic addresslist for all recipients of encrypted email
Enable encryption
Keyword list to search against
Where in the message to scan for keywords
Threshold value to trigger on
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
29/3029
Its also possible to congure the SECURE Email Gateway to encrypt
based on the type of les sent. For example, the act of sending an
Excel spreadsheet could trigger an encryption event, either for allmessages or to particular recipients only (like an external accountingrm, say).
For further informationTechnical Guides: http://www.clearswift.com/knowledge-and-insight/resources/technical-guides
Clearswift knowledge base: http://kb.clearswift.com/
Technical Support:http://www.clearswift.com/support/support-services
Clearswift user discussion forums:
http://web2.clearswift.com/support/msw/forums/
Decrypting MessagesFinally for this guide we will cover decrypting messages. This isstraightforward in the SECURE Email Gateway. Simply save the messagerecipients private key in the Corporate tab of the Certicate Store and
set it as a default key. You should see that the envelope icon will behighlighted for that key. Then, congure a policy route that will apply
decryption using the key.
We hope that this brief guide has given you a head start in yourevaluation of Clearswift SECURE Email Gateway. Of course, theresplenty more to explore. For more help or guidance either follow thelinks below or simply give us a call wed love to hear from you.
-
8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide
30/30