Content filtering and management has become far more sophisticated, allowing companies to write their data policies into code and enforce them with software.

by Alex Goldman ISP-Planet Managing Editor [May 10, 2007]

Reading, UK-based content filter provider Clearswift is one of several companies bringing major advances in the technology to businesses around the world. Gone are the days of simple keyword filtering. Instead, the Clearswift can help companies deploy a comprehensive desktop surveillance package that permit allowed activities while preventing what's prohibited.

When we last spoke to Clearswift in 2004 (Business E-Mail Control) the company was working with ISPs. Now that these services are being sold to the world's largest companies, ISPs are no longer an important customer.

That's not to say that Clearswift has this growing market to itself. Provilla helps prevent employees from exporting data (Provilla Plugs Leaky Endpoints on Enterprise IT Planet) and Reconnex helps companies create rules covering corporate IP (Don't Lose Sight of Valuable IP on Enterprise IT Planet).

There's no question this is a big market. Clearswift alone claims 17,000 business customers with 25 million end users. The vast majority (about 80 percent) are enterprise customers. The rest are small business, ISP, or other customers.

All of these content filtering companies seem to be touting research showing that companies lose data from their networks and that these losses cost a great deal of money. Clearswift brought almost 30 color printed pages detailing employer and employee attitudes to content, the internet, and security. Unusually for such data, it contained separate answers from the U.S. and UK.

The bottom line, however, is that corporations often expect employees to avoid accessing certain sites but did not know whether or not the employees obeyed directives or whether or not the company had ever lost data due to proscribed behavior.

Attitudes vary widely by age. Younger workers expect not only to be allowed to read news on the internet but also to be able to listen to music and to discuss work-related issues on social networking sites.

Web 2.0, Clearswift says, represents a new threat to corporations, involving not just a loss of employee productivity but perhaps reputation or secrets.

Fighting back with comprehensive security
Clearswift can solve all of these problems with a suite based on its MIMEsweeper engine. The name of the product refers to minesweepers, defenseless ships that sail into neutral or even enemy waters to clear paths through minefields wide. The bravery of British minesweepers during World War II is part of that nation's folklore.

Andy Morris, Clearswift director of product marketing, says that success depends on the software correctly accomplishing three tasks. "We have to define a granular policy. Then we have to enforce that policy. And we have to manage the deviants."

A granular policy might, for example, be that you cannot send corporate data to a recipient outside the corporation unless you're at the C-level or are in PR. Another policy might be that you cannot send MS Word documents outside the corporation because they could contain version data, comments, or deleted text.

The key is to delve deeply, a technique that Morris calls "recursive decomposition." That means that you look into the MS Word .doc and take out the images in it and look into those, and so on. "We can handle over 200 file formats," he says.

If there's a problem, the software will inform the employee and their manager. This allows the company to decide who watches a CEO's e-mail, one of many difficult political issues that a corporate IT department must manage. "We can download the corporate hierarchy from the LDAP or Domino www.ibm.com/lotus/domino server," says Morris.

Pattern matching is more sophisticated than it was in the past. "We can search for the word 'press' and the word 'release.' We can block the word 'breast' unless it occurs near 'cancer,' 'chicken,' or 'duck.' We upload new dictionaries every day."

Do you employ linguists? "We have a multi-lingual threat team."

Morris adds that the company's success in the Japanese market has led it to develop expertise in non-Roman character systems.

The company works with specialists for specific categories, from regulatory compliance to pedophilia (on which it consults the UK's Internet Watch Foundation).

The company has software algorithms to identify social security numbers and credit card numbers. While the use of a single credit card number on amazon.com might be allowed, the uploading of a text document with four credit card numbers might be suspicious and could be blocked.

In order to track leaks, the company can fingerprint a document. This involves changing words or phrases in each copy of a document so that if that document is quoted, the quote can be traced to a single source.

"Preventing data leakage is the driving force behind our corporation," Morris says.

But tracking web and e-mail usage is not enough, Morris says, because the bad guys now assume those are protected. "Viruses started on e-mail, shifted to the web, and are now transmitted over IM," he says. The same progression is occurring with data leakage.

He says that at most companies, the problem is not bad people doing bad things, but good people making simple mistakes. Most recently, Hewlett Packard was forced to issue a press release with updated financial results after those results were accidentally e-mailed to a single outside person. The Financial Times was one of several commentators to call into question HP's corporate processes, noting, "leaks of sensitive financial information in the run-up to a company's earnings report are unusual, and could add to concerns about HP's internal controls in the wake of its boardroom spying scandal last year."

It's clear there's an issue that software like MIMEsweeper can solve.

Putting it in a box
The company released a box, the Clearswift MIMEsweeper Web Appliance CSW250, which runs Linux in an off the shelf Dell 1U server. The box incorporates some applications from third parties.

It uses EarthLink's Aluria spyware. Morris says that rather than compile a burdensome list of every possible attack, Aluria works against those threats that are actually present on subscribers' PCs. "It is a more timely system, I believe," he adds.

It uses Kaspersky anti-virus for a simple reason. "They come top in every test," says Morris.

The Linux is a locked down version of Red Hat.

The future of content control
Clearswift aims to control even more avenues of data leakage in the future. The company is close to completing a solution to control e-mail using the same protocols a company already has in place for e-mail and the web, allowing the customer to set the same policies in the same piece of software.

The company is working on adding control of USB data. "Microsoft Vista allows administrators to block USB or other ports," says Morris, "but that's not good enough. MIMEsweeper will allow a user to copy personal data or PR data to a CD or USB drive but block sensitive information."

Pricing and availability
The product is available now as software or installed on a Dell server.

Pricing for ISPs is per user, but is negotiable.

The product is available through resellers and VARs. Its top U.S. distributors are COMPUTERLINKS and Alternative Technology.

—End