Full Text

In the second round of our Rolling Review of data loss prevention systems, we took Code Green's CI 1500 Content Inspection Appliance for a spin. Having reviewed Safend Protector, which is primarily a host-based DLP offering, we were eager to try out a true network-layer DLP product.

Founded in late 2004 by the same team that built SonicWall, Code Green had initial success by aiming at banks and financial institutions. Now the regulatory climate has accelerated the company's expansion into healthcare, retail, and other sectors where robust DLP is required to ensure compliance and protect privacy and intellectual property.

Our Rolling Review seeks to evaluate vendor DLP solutions in many areas, including endpoint protection, data discovery, reporting, threat detection and response, range of communication channels that can be protected, along with pricing and ease of management. The CI 1500 performed well in many areas, and not so well in others.

The appliance is a rebranded Dell PowerEdge server running a modified version of Red Hat Linux Enterprise under the hood. It ships with eight Ethernet interfaces that serve a multitude of capabilities, including interfaces for mirrored packet analysis, messaging analysis, ICAP redirection, and device management.

The appliance itself is relatively simple to set up> - all that's required is a little work at the Linux console to get your management network interface running, after which all device management is Web-enabled.

Look Out For Leaks

A quick look at the management GUI reveals Code Green's emphasis on robust pattern matching as critical data traverses the LAN/WAN via SMTP, HTTP/S, FTP, and other TCP protocols. Out of the box, the CI 1500 contains an impressive array of patterns and file filters that can be used to detect leaks, including filters for credit card and Social Security numbers, stock ticker symbols, and unique filters that can determine who's shopping their resumé out to your competitors.

The simple-to-use Boolean engine lets administrators refine or marry multiple pattern policies, and develop complex expressions that pinpoint and detect the most troublesome data leaks. Most environments will be able to implement policies right away using the out-of-the-box patterns, but creating custom patterns on the CI 1500 could have been a little easier. User-defined patterns must be entered...