Clearswift & Sandbox Technology. Version 1.1

Similar documents
SEG vs Office 365 Security Features. Feature outline

Frequently Asked Questions (FAQ)

Ports and Protocols. Clearswift SECURE ICAP Gateway v4.3. Version 01 14/03/2016. Clearswift Public

Ports and Protocols. Clearswift SECURE ICAP Gateway v4.8. Version 2.0. July Clearswift Public

Clearswift SECURE Exchange Gateway V4.8

Clearswift SECURE Exchange Gateway V4.9

Ports and Protocols. Clearswift SECURE ICAP Gateway v4.9. Version 2.3. November Clearswift Public

Clearswift SECURE Web Gateway V4.x

Clearswift SECURE Gateway V4.x

Clearswift SECURE Gateways

Clearswift SECURE Gateway V4.x

Ports and Protocols. Clearswift SECURE Web Gateway v4.x. Issue /04/2017. Clearswift Public

Clearswift SECURE Gateway V4.9

Clearswift Gateway Installation & Getting Started Guide. Version 4.1 Document Revision 1.4

Ports and Protocols. Clearswift SECURE Web Gateway v4.x. Version 2.2. October Clearswift Public

Installation & Getting Started Guide. Version Document Revision 1.0

Clearswift SECURE Gateway Installation & Getting Started Guide. Version 4.3 Document Revision 1.0

Clearswift SECURE Gateway Installation & Getting Started Guide. Version Document Revision 1.0

Product Information Bulletin. Clearswift SECURE Gateway 4.7

SECURE Gateway v4.7. TLS configuration guide

Clearswift Managed Security Service for

Clearswift SECURE Gateway Installation & Getting Started Guide. Version Document Revision 1.0

Clearswift SECURE Exchange Gateway Installation & Setup Guide. Version 1.0

Clearswift SECURE Gateway Installation & Getting Started Guide. Version Document Revision 1.0

SECURE Gateway with Microsoft Azure Installation Guide. Version Document Revision 1.0

Clearswift SECURE Gateway Installation & Getting Started Guide. Version Document Revision 1.0

Installation & Getting Started Guide. Version Document Revision 1.0

Augmenting existing security infrastructure to mitigate information borne risks

Clearswift SECURE ICAP Gateway Installation & Getting Started Guide. Version Document Revision 1.0

Installation & Getting Started Guide. Version Document Revision 1.0

Best Practice Guide. Encryption and Secure File Transfer

SECURE Gateway FAQ

Clearswift Hosting Options

Clearswift SECURE Exchange Gateway Installation & Getting Started Guide. Version Document Revision 1.0

PCI Compliance Best Practice:

Clearswift SECURE Gateway Installation & Getting Started Guide. Version Document Revision 1.0

Fighting Spam, Phishing and Malware With Recurrent Pattern Detection

Clearswift SECURE Exchange Gateway Installation & Getting Started Guide. Version Document Revision 1.0

GFI MailSecurity 2011 for Exchange/SMTP. Administration & Configuration Manual

Block Threats Before They Reach Your Network Make Downtime a Thing of the Past. Comprehensive and reliable protection

Clearswift SECURE Gateway Installation & Getting Started Guide. Version Document Revision 1.0

The Open Group Certification for People. FAIR Program Configuration

Clearswift SECURE Exchange Gateway Installation & Getting Started Guide. Version Document Revision 1.0

Postini Message Security Using Postini with Google Apps Education Edition

Extract of Summary and Key details of Symantec.cloud Health check Report

What s New in BID2WIN Service Pack 4

COMPUTER & INFORMATION TECHNOLOGY CENTER. Information Transfer Policy

Block Threats Before They Reach Your Network Make Downtime a Thing of the Past. Comprehensive and reliable protection

TrendMicro Hosted Security. Best Practice Guide

SOLUTION MANAGEMENT GROUP

Symantec Security.cloud

Correlation and Phishing

On the Surface. Security Datasheet. Security Datasheet

Message Manager Administrator Guide for ZA

Compliance Guardian 3

AVEVA Global. Release 12.0.SP6 WCF. User Bulletin

ISO27001:2013 The New Standard Revised Edition

Clearswift SECURE Exchange Gateway Installation & Getting Started Guide. Version Document Revision 1.0

CAS Quick Deployment Guide January 2018

Security Advisory Relating to the Speculative Execution Vulnerabilities with some microprocessors

Sophos Central Admin. help

GFI product comparison: GFI MailEssentials vs. McAfee Security for Servers

Using Trustwave SEG Cloud with Cloud-Based Solutions

Symantec Encryption Management Server and Symantec Data Loss Prevention. Integration Guide

SLA. Service Level Agreement v1.0. Published: September 2014

Information Security Controls Policy

Essential Steps to Security. A Clearswift Best Practice Guide

IBM Next Generation Intrusion Prevention System

Message Manager Administrator Guide

Service Description Safecom Simple Mail Relay Version 3.5

Clearswift SECURE Exchange Gateway Installation & Getting Started Guide. Version Document Revision 1.0

Installation Guide. CompanyCRYPT v1.4.5

ADVANCED ENDPOINT PROTECTION TEST REPORT

Security Advisory Relating to the Speculative Execution Vulnerabilities with some microprocessors

Payflow Cookbook for Fixed Length Record Downloads

Office 365 Buyers Guide: Best Practices for Securing Office 365

1. Determine the IP addresses of outbound servers

SolarWinds Mail Assure

CloudSOC and Security.cloud for Microsoft Office 365

SECURE INFORMATION EXCHANGE: REFERENCE ARCHITECTURE

TOPS iq CUSTOM GRID LAYOUTS MANUAL. By TOPS Software, LLC Clearwater, FL

GUIDE. MetaDefender Kiosk Deployment Guide

Integrating Microsoft Forefront Threat Management Gateway (TMG)

Security Gap Analysis: Aggregrated Results

Archiving Service Reports Guide

Symantec Protection Suite Add-On for Hosted Security

GFI product comparison: GFI MailEssentials vs Symantec Mail Security for Microsoft Exchange 7.5

Distributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015

Avoka Transact Reference Architectures. Version 4.0

The Credential Phishing Handbook. Why It Still Works and 4 Steps to Prevent It

GFI Product Comparison. GFI MailEssentials vs Sophos PureMessage

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd

Compliance Guardian 3

Installation Guide. CompanyCRYPT v1.4.5

CNSS Advisory Memorandum Information Assurance December 2010 Advisory Memorandum

Competitive Matrix - IRONSCALES vs Alternatives

Quick Start Guide P OWERL INK C ONNECT

GFI product comparison: GFI MailEssentials vs. Trend Micro ScanMail Suite for Microsoft Exchange

Astaro Security Gateway Evaluation Request Form

Corporate Information Security Policy

Transcription:

Version 1.1 01/08/2017

Copyright Published by Clearswift Ltd. 1995 2017 Clearswift Ltd. All rights reserved. The materials contained herein are the sole property of Clearswift Ltd unless otherwise stated. The property of Clearswift may not be reproduced or disseminated or transmitted in any form or by any means electronic, mechanical, photocopying, recording, or otherwise stored in any retrievable system or otherwise used in any manner whatsoever, in part or in whole, without the express permission of Clearswift Ltd. Information in this document may contain references to fictional persons, companies, products and events for illustrative purposes. Any similarities to real persons, companies, products and events are coincidental and Clearswift shall not be liable for any loss suffered as a result of such similarities. The Clearswift Logo and Clearswift product names are trademarks of Clearswift Ltd. All other trademarks are the property of their respective owners. Clearswift Ltd. (registered number 3367495) is registered in Britain with registered offices at 1310 Waterside, Arlington Business Park, Theale, Reading, Berkshire RG7 4SA, England. Users should ensure that they comply with all national legislation regarding the export, import, and use of cryptography. Clearswift reserves the right to change any part of this document at any time.

Contents 1 Introduction... 4 2 Mail Flow process... 5 2.1 SECURE Email Gateway Policy configuration... 6 2.2 Active Code release... 7 3 Benefits... 9 4 Outgoing messages... 9

1 Introduction With the introduction of Sandbox technology to address targeted threats and malicious active code, a new problem has arisen. The main issues around Sandbox technology are the following: Cost of per message to be scanned Hardware cost & throughput requirement Virtual aware malware Time Released malware The use of Clearswift s Adaptive Redaction Structural Sanitization, will mitigate all active code from Microsoft Office formats, Open Office, HTML, RTF and PDF files. The best practice of the using the Structural Sanitization is to hold a copy of messages that have been successfully redacted of active content. An annotation is also advised to inform users both internally and externally that the message has been amended according to the company policy. The risk is apparent when the user contacts the IT department to ask for the message with the active code. This can occur when the user either does not understand the risk of the active code or when the original message is a well formatted phishing email / attachment. In addition to the above risks, users may be tempted to ask for the original message with the active code if the sender is trusted. This is where the insider threat can occur if the trusted sender has been compromised. As with all security approaches there is no silver bullet to address all security risks. This combined with the need for business communications to continue can cause compromising risks within security policies. By utilizing either Clearswift s award winning SECURE Email Gateway OR Clearswift ARgon for Email in conjunction with a Sandbox technology, a proper balance can be achieved.

This document outlines how using both technologies can protect the organization whilst reducing costs, time and false positives on active code. 2 Mail Flow process The below diagram shows the mail flow process of using both Clearswift and Sandbox technology: Start - new email Does it contain Active Content? Yes Can it be redacted? Yes Deliver Redacted message. Hold original. End No Process as normal No Hold the message. Inform recipient Does the client need the message and Active content? Yes Relay message to Sandbox server(s) Re-process the held original message End The mechanism for the relay to the sandbox server is that all mails are tagged with an X-Header regardless of whether the message contains active content or not. When the message is reprocessed the message goes through the evaluation of the rules again and an additional content rule will be triggered looking for the X-Header added in the first processing of the message.

2.1 SECURE Email Gateway Policy configuration The SECURE Email Gateway policy has to have another triggered content rule for the reprocessed messages to add a different action whilst allowing normal messages not be triggered for the relay to Sandbox content rule. The simple design from the content rules aspect is: The processing flow is as follows: Rule 1 Lexical Expression content rule. This rule is only triggered when the message is Reprocessed. The rule is a Lexical based content rule looking for the X- Header added from rule 2 below. The action is to relay the message to the Sandbox server. The Sandbox relay is adding the below X-Header to the message: The action of detecting the X-Header is: The Disposal action of the Relay is set as Original Message

Rule 2 Detect Active Content content rule. Adds the X-Header e.g. SAND- ACTIVE2020 (this value could be anything required): The X-Header is added to all messages that contain active code only. Rules 3 to 8 are normal mail flow scanning Rule 9 is the Structural Sanitization rule that removes the active content then delivers as normal. A copy of the message is then held. Rule 10 & 11 are standard rules for non-rfc compliance, System failure 2.2 Active Code release For any message that has been redacted and a copy has been held a user can request the original message with the active code to be released. This mechanism would also be valid for messages that the active code could not be redacted for any reason. The system administrator can then select the required message and Reprocess it e.g. OR through the message view itself:

By taking the action of reprocessing the message, the message will now go through all content rules again. The second scan will now show the X-Header added by content rule 2. This can be seen in the raw message: Content rule 1 will now match this X-Header and route the message to the Sandbox server for additional scanning.

3 Benefits The benefit of utilizing both technologies means that the mail flow is not delayed needlessly. The organisation is protected by the removal of the active content BUT allowing the message and attachments through to the recipients. If the Sandbox server solution is priced per message the final cost would be greatly reduced as only messages that are identified as business mail by the recipient and the requirement for the active code will be sent to the Sandbox solution. 4 Outgoing messages The solution was designed around inbound messages. However the same principle could be applied to outbound messages. The policy could redact active code. Then, if required, reprocess the message and relay to the Sandbox server. The criteria would be that the Sandbox server can deliver messages to the Internet.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback