Adaptive Cyber Security & Data Loss Prevention

Clearswift Product & Solution Guide

www.clearswift.com
Table of Contents
Introduction 3

Clearswift SECURE Gateways 4

Clearswift SECURE Email Gateway (SEG) 8

Clearswift SECURE Exchange Gateway (SXG) 9

Clearswift ARgon for Email 10

Clearswift SECURE Web Gateway (SWG) 11

Clearswift SECURE ICAP Gateway (SIG) 12

Clearswift Critical Information Protection Server 13

Clearswift IG server (IGS) 15

Gateway Deployment Options 16

Support and Professional Services 17

Summary 18

About Clearswift 19

2 www.clearswift.com
Introduction
Clearswift is trusted by organizations globally
to protect their critical information, giving them
the freedom to securely collaborate and drive
business growth. Our unique technology supports a
straightforward and ‘adaptive’ data loss prevention
solution, avoiding the risk of business interruption
and enabling organizations to have 100% visibility
of their critical information 100% of the time.
Our track record in innovation includes developing many of the
features the security industry now considers standard, including:
• Deep Content Inspection (DCI)
• Policy-based encryption
• Inbound and outbound content scanning across multiple
communication channels
• Internal content scanning for collaboration software
Clearswift continues to lead the IT security industry with the
deployment of production-ready appliances, virtual gateways,
hosted and managed Cloud deployments. Using powerful,
effective and tested content-aware policies, these solutions
protect our clients, employees and trusted third-parties.
As business practices change to adapt to the continued growth of
Cloud, big data and BYOD (Bring Your Own Device) coupled with
the increasing amount of collaboration organizations now face,
Clearswift continues to innovate and adapt our solutions.

3
An adaptive approach to securing your critical information
Securing business critical information from Common functionality & consistent policies
internal and external threats The Clearswift SECURE Gateways rely on shared core technology
With Web and Email traffic still being the primary point of exit to make them easy to deploy and manage as well as ensuring
for every organization’s information, and the entry point consistency across the different communication protocols. Clearswift
for collaborative content from trusted 3rd parties, it makes made its name with its innovative, world class Deep Content, and
sense to protect them with consistent and complementary it is this engine which lies at the heart of all the Gateways.
technologies. Whether you have an on-premise or cloud
based security strategy, a Clearswift solution can be used Deep Content Inspection
in multiple deployment modes to replace or augment your Deep Content Inspection identifies sensitive data during
existing technology. filtering of information through the Gateways. The Deep
Web and Email Gateways can be joined together so that they Content Inspection engine is responsible for:
can share policy items such as dictionaries, templates and rules, • True file type detection
and have policy defined via a single console.
• Text extraction
While security solutions can be notoriously difficult to use and
• Text scanning
manage, the Clearswift solution has been designed with the
administrator and the user in mind; focused on masking the • Data Modification
sophistication of the solution, making them both easy to use Clearswift has developed its own innovative extraction and
and easy to manage. scanning engine, enabling it to determine additional important
information. The ability to detect whether text is in a document’s
Easy to use, efficient to manage header, footer or main body, for example, becomes important
With installations on preconfigured hardware, on a customer’s when designing detection policies. Without this additional
preferred hardware supplier or with vSphere, Hyper-V, or Cloud intelligence, false positives can become unmanageable and the
deployments such as AWS or Azure, clients can be up and ready to solution ineffective. Deep understanding of document types and
configure a Gateway with their policies in less than 30 minutes. the information they contain has also enabled the development
of a new technology, Adaptive Redaction, which allows documents
Preconfigured and sample rulesets, including dictionaries for
to be modified and critical information that could cause a data
PCI and PII, coupled with an intuitive user interface is provided
leak to be removed.
for each configuration of client-specific policies. With a consistent
policy management framework and user interface style across Once the inspection has been carried out, policies can
products, system administrators can be easily cross-trained be applied. The most common policies are those around
between products, reducing training overhead. Data Loss Prevention.

Administrators will save time thanks to automated downloads

of updates, scheduled reporting, off-box backups, database
optimization and application monitoring and alerting.

4 www.clearswift.com
Data Loss Prevention
Data Loss Prevention (DLP) is built in as standard for the The key to an effective DLP solution is ease of policy definition
SECURE Gateways and relies upon the information being and flexibility in its use. A simple approach enables even the
passed from the Deep Content Inspection engine in order to smallest IT department to put effective policies together quickly
make decisions. DLP is direction agnostic, which is to say and efficiently.
that it can be used to prevent information from entering While traditional DLP solutions operate with a ‘stop and block’
an organization as well as leaking out. With the increase action on information which violates policy, the new Adaptive
in legislative requirements, DLP is becoming essential for Redaction technology offers further flexibility, leading to an
organizations of all sizes. Once thought to be only the preserve Adaptive Data Loss Prevention (A-DLP) approach; one that is
of global organizations, it can now be easily deployed by even better suited for today’s digital landscape and collaborative
the smallest. organization.
Scanning for textual items within messages and attachments
allows for the detection and redaction of sensitive information
before it leaves your Gateway, including:

• Full Unicode support allowing keyword search of single

and double-byte text
• Support for regular expressions based on POSIX standards
• Multiple pre-defined dictionaries supplied as standard
(GLBA, SEC, SOX, etc.)
• Search patterns constructed from words, phrases and tokens
• Predefined policies for PCI & PII (credit card, social security,
passport numbers, identities etc)
• User definable policies which can be combined with
existing expressions and tokens
• Boolean AND, OR, XOR and ANDNOT
• Positional operators NEAR, BEFORE, AFTER and FOLLOWEDBY
• Full and partial document fingerprinting using a centralised
multi-protocol solution
• Structured data search to look for database content

5
Adaptive Redaction Threat protection
The Clearswift SECURE Gateways and ARgon for Email have While much is made in the press as to the effectiveness of threat
options for Adaptive Redaction to be included as part of the protection measures such as anti-virus (AV) solutions in today’s
A-DLP actions. Standard DLP relies on detecting business critical age of Advanced Persistent Threats (APTs) and other advanced
information and blocking it at the Gateway. However, Adaptive threats, AV is still an efficient method of dealing with the millions
Redaction provides the option to automatically remove the data of viruses and other malware which are present in email and
that violates policy and allow the remaining information to on the Internet. Clearswift offers different Cloud-assisted AV
continue to its destination. There are three common Adaptive solutions from Sophos or Kaspersky that offer heuristics and
Redaction options: behavioral scanning. AV definitions are updated automatically
by the Gateways to ensure that the infrastructure is always
1. Data redaction protected. Many organizations prefer the additional layer of
protection that running products from different AV vendors at the
This is the policy-based removal of words, phrases and tokens. In
Gateway and endpoint offers.
order to maintain document integrity, these are replaced with an
alternative character, for example ‘X’. For credit card tokens, there
is an option to replace everything but the last four digits. The importance of people
2. Document sanitization Understanding the information that is being sent is only part of the
story. Clearswift Gateways integrate with directory systems such as
Today’s electronic documents contain information other than that
Active Directory to provide additional context, enabling policies which
which can be seen - there is hidden meta-data, such as document
take both people and role based groups into account. This means
properties, ie name, subject, keywords, printers, windows version
that the CEO can have a different policy from an individual based in
etc. as well as revision history. This can all be automatically
finance, for example, or a group of engineers. This added dimension
removed to prevent accidental data leaks.
of policy definition ensures that the system remains flexible, easy
to deploy and simple to manage.
3. Structural sanitization
With the ever increasing risk of malware in the common file
formats (e.g. Microsoft Office documents, Adobe pdf, etc.), the
Gateways can detect and remove Active Content from files. The
sanitized document is delivered to the intended destination
without the associated security risks present.
Adaptive Redaction, like DLP, is direction agnostic, so it works in
both directions. As well as being used to prevent social security
from leaving the organization, for example, it can also prevent
them from being received. Web pages which contain javascript
can now be disabled from executing, ensuring a safe viewing
experience. Organizations who use social media sites can often
find employees unable to view a page due to offensive comments,
Adaptive Redaction ensures that this problem does not occur.
In the case of business proposals, it is not uncommon to base
them on an existing business proposal for a different client. This
has caused embarrassment in the past with the client able to look
at revision history or meta-data and see the original information.
Document sanitization ensures that this won’t happen.

6 www.clearswift.com
Reporting
Any security solution today needs to be intrinsic to an Information
Governance or compliance programme. The SECURE Gateways
offer extensive reporting facilities in support of these requirements,
enabling system administrators to rapidly create both management
and realtime reports. As reports are often required to be shared,
these can be created in different formats, whether that be HTML
or PDF as a textual representation, or whether the data be exported
to CSV for import into a spreadsheet.
For organizations with a Security Information and Event
Management (SIEM) solution, the Gateways are compatible
with various platforms, including:
• RSA Envision
• HP ArcSight
Easy to use policy definition:
• Splunk where policies are being applied and what they are looking for
Gateways can be monitored using SNMP/SCOM management
stations and they can also create SMTP and SNMP alarms to
alert administrators to issues more quickly. When an issue is
discovered, easy access to granular log files minimizes the
time to resolution.
All changes to system configurations are audited, and with role
based access control it is simple to delegate responsibilities and
detect whether personnel are attempting to circumvent policy.

7
Clearswift SECURE Email Gateway

The Clearswift SECURE Email Gateway (SEG) is the Encryption

award winning, market leading solution for securing With the growing need to collaborate securely, organizations
your email communications, enabling your organization need methods of encrypting content that are easy to use from
to balance the need to protect critical information with the senders’ and recipients’ perspective and also comply with
the ability to continuously collaborate; on premise, in organizational security and regulatory requirements.
the Cloud or bringing requisite Enterprise security to an The SEG offers a wide range of channel and message level
Office365 environment. Offering the latest in inbound encryption to provide organizations with the security to ensure
threat protection, the SEG prevents sensitive data being their privacy commitments are honored. These include:
leaked via both incoming and outgoing email - reducing • TLS
the risk of threat to your organization. • S/MIME
• PGP
Threat protection
• Ad-Hoc password protected
The Clearswift SECURE Email Gateway comes with multi-layer
threat defences, with a choice of a single or dual AV engine (Sophos, • Portal (pull and push)
Kaspersky) and true file type detection coupled with Active Code These methods can be used in conjunction with each other: for
detection/sanitization to identify unknown threats. The AV engines example, ad-hoc password protected files can be sent via the Portal.
use heuristics and Cloud based signature pre-warnings of new With the PKI methods of S/MIME and PGP, key management gains
malware exploits to reduce the chance of zero-day attacks. importance - and the SEG has features to perform automatic
A multi-layer spam defence consisting of network based key harvesting, Online Certificate Status Protocol (OCSP) and key
reputation pre-detection followed by content based message server lookups to reduce the admin overhead even more.
analysis permits for a detection rate in excess of 99% with
minimal false positives. Spam management can be managed by ImageLogic
end users using portal, digests, Outlook plugin’s and iOS devices.
In the past, it was just pornographic images which needed to
As with anti-virus, the definitions are constantly updated to ensure be blocked. While the same is true today, the Email Gateway
comprehensive up-to-the-minute protection against all the latest threats. ImageLogic functionality can also be used to protect intellectual
Message Sanitization permits URLs, Active Code and HTML to be property contained in images from leaving the organization.
removed from the message making it totally safe
Personal message management
Administrators can also delegate message release to the
The nuisance of spam continues
endusers. It’s common for users to be given access to manage
to be a burden for organizations
99.9% and the SEG combines a number spam messages that ‘might’ be legitimate and allow them to be
of filtering technologies to deliver whitelisted so that they won’t be blocked again. The SEG extends
99.9%+ detection rates. this capability so that end users can be responsible for releasing
other message violations coming in and leaving the organization
based upon corporate culture and policy.
Multiple Technologies Provide
Comprehensive Spam Protection The SEG also provides a number of methods which allow the end-
Connection/Network Level Checks
user to manage their mail via an email digest, web portal or via
80-90%+ of spam rejected with these filters an app for Apple iPhone and iPad devices.
For example, lawyers working on cases where profanities appear
Message Reputation
SPF/DKIM/DMARC

Validate Sender

Bulk Detection

Spam Content

in court documents could trigger policy violations and be blocked;

Tricks Engine
Greylisting
Reputation

Anti-Spoof

Phishing
LDAP
BATV

DKIM

RBL

Personal Message Management allows them to be granted

permission to release the messages without administrator
intervention, using a simple hyperlink.
Content Level Checks
>99.9% spam detection with Of course every transaction is also audited for compliance purposes.
these filters

8 www.clearswift.com
Clearswift SECURE Exchange Gateway

The Clearswift SECURE Exchange Gateway enables Messaging policies

organizations to apply data loss prevention
Email will continue to be the dominant communications medium
policies to internal email communications. This
for many years to come and every company is different so having
solution can identify and prevent policy violations flexibility to create policies that are appropriate to deal with
and can stop sensitive or inappropriate data business problems is essential.
from being shared internally and externally by
Most organizations apply controls to messages to and from the
monitoring incoming and outgoing email traffic.
internet, but seldom consider risks of internal messaging. The
SXG platform is designed to deal with the concerns of internal
Deployment messages and focuses on Data Loss Prevention and the prevention
Ease of deployment enables organizations to be able to deploy of unacceptable messages and attachments inside the business.
the product quickly into their Exchange 2010, 2013 and 2016
Policies can be granular, created for individuals or user groups
environment. The SXG can be deployed to filter traffic or in
obtained from Active Directory, so policy rules can be created
monitor mode to allow the product to identify policy violations
and applied to the appropriate senders and recipients.
without interrupting message flow.
Integration with the SECURE Email Gateway permits policy, Data Loss Prevention
message management reporting to be performed at a single
With so much sensitive information available, organizations must
management console.
take the risks of corporate confidentiality at every point in their
To mirror the resilient and high availability configurations infrastructure, not just at the egress points.
implemented for Exchange Servers, the SXG preferred
The SECURE Exchange Gateway features all the standard
deployment configuration is for 2 x SXG instances that execute
content filtering and A-DLP functionality including integration
in an Active-Active mode, balancing the workload automatically.
with the Clearswift IG server to provide full and partial
document fingerprinting.
Internal scanning
With a growing need to ensure that internal communications are
acceptable to the business and that confidential content is not
sent to recipients who should not receive that content.
Rules can be created based on senders, recipients, file types, sizes
and of course the content of the messages and their attachments.
This technology uses client-server architecture to ensure that
although additional security is being applied there is no noticeable
difference to the performance of the Exchange system.

Exchange 2010, SECURE Exchange

2013 and 2016 Gateway
environment
Secure
connection

Outlook or
OWA Client

9
ARgon for Email

ARgon uses unique Adaptive Redaction technology ARgon can be used in environments with no DLP solution or to
from Clearswift and tackles the problems caused augment an existing one. In both cases, ARgon removes next
by traditional Data Loss Prevention (DLP) solutions generation information threats from both inbound and outbound
email. For those with an existing DLP solution, ARgon reduces
by automatically removing only the content which
the false positives by automatically removing the content
breaks policy and then sending the rest of the
which would cause the DLP solution to ‘stop & block’ the
email and attachments onwards. This enables
communication, whilst still delivering the legitimate content.
continuous collaboration, safe in the knowledge
that critical information is protected. There are three key features within Adaptive Redaction
that ARgon for Email utilises are:
• Data Redaction
DLP effectiveness is determined by the accuracy and the
Removes visible content that breaks policy from
workflow of the product. Many DLP solutions are purchased
email and attachments.
and never deployed because they are too hard to configure or
they generate too many false positives, resulting in increased • Document Sanitization
operational overheads and decreased productivity through Removes document meta-data, revision history, etc.
disrupted communications. • Structural Sanitization
Removes active content embedded in inbound emails
and documents.

Deployment
ARgon is deployed between the email hygiene (and/or DLP)
service and the internal email server.

Internet Clearswift
Email Gateway/ ARgon for Email Email
Managed Service Server

• ARgon for Email uses standard SMTP messaging technology Quarantine

to enable compatibility with any email gateway solution The separation of hygiene services and Argon content
• The email gateway service can be provided by any vendor inspection/remediation, allows policy breach events to be sent to:
and located on-premise or hosted • IT personnel - to focus on harmful viruses and malware;
• The email server can be Exchange, Lotus Notes, • Business/audit personnel to focus on sensitive content violations
Domino, or Groupwise
• Proof of Value trials can use either ‘Side Car’ or
‘In Series’ deployments

10 www.clearswift.com
SECURE Web Gateway

The Internet can now be considered an extension Remote client option

of your own infrastructure with more companies The SWG supports remote clients, meaning that even if the user
adopting cloud based services such as Salesforce, is not connected to the organization’s network, the device will
Office365 and Dropbox. be subject to corporate security policies. This option can also be
deployed on BYOD platforms ensuring that corporate information
Deployment is kept safe no matter where it is being accessed from.

Ease of deployment enables organizations to be able to deploy the

product quickly into their infrastructure. The SWG can be deployed Website categorization
either as a forward (explicit) proxy, Transparent (WCCP) proxy or in Embedded into the SWG is a URL filtering engine with over 50
conjunction with Firewalls that support policy based routing. million URLs which are updated daily and sorted into more than
80 different categories, including Phishing, Malware and Security
HTTP/S scanning Risk. Malware definitions are refreshed hourly to supplement the
integrated anti-virus scanning of any downloads.
More and more organizations are now securing their sites using
HTTP/S to prevent eavesdropping on browser sessions. This Along with the URL database, there is a real time categorizer
technology can render some content scanning solutions unusable, which detects page content as it is being downloaded. This allows
but the SWG has an integrated SSL decryption engine so that these the SWG to determine whether pages contain content that might
sessions are automatically decrypted and passed to the content be pornographic, use remote proxies or include hate or violence,
scanning engine to ensure no policy violation can take place. amongst other content.
With the increase in the amount of personalized content delivered
Flexible policies through social networking pages, this feature ensures that
The Internet can now be considered an extension of your own employees are kept safe from pages which are on reputable
infrastructure with more and more companies adopting cloud sites but have been hijacked or abused.
based services such as Salesforce for CRM, Office365 for
messaging structure and sites like Dropbox for file sharing.
With such diverse business requirements, it’s necessary to
provide security profiles to ensure that users both in the office
and working remotely are presented with policies that enable
them to work effectively and securely.
As well as required access to business sites, a number of
organizations will permit their staff to use social networking
sites in a controlled manner.
Organizations need to be able to define who is using these
services based upon their authenticated ID or Organization
Grouping, when they are using the sites and also for how long.
This enables rules to be created, such as:
• HR department can use LinkedIn and Facebook all day
• 
All other users can view LinkedIn between 12:00 and 14:00
for 1 hour maximum
• All other users can view Facebook between 12:00 and 14:00
for 1 hour maximum and can update their status, but not Easy to use policies:
how granular policies can be applied to categorized
perform any file uploads website as well as social networks

Of course any content posted will still be subject to the corporate

security policies for that individual.

11
Clearswift SECURE ICAP Gateway

The SECURE ICAP Gateway is designed to co-exist Managing data securely

with your existing web security provider using The SECURE ICAP Gateway provides all the standard content
industry standard ICAP functionality including filtering and A-DLP functionality such as Adaptive Data Redaction,
F5 Networks, Blue Coat and Barracuda Networks. Structural and Document Sanitization. The SIG can also support
integration with the Clearswift IG server to provide full and partial
Deployment document fingerprinting.

The likes of F5 Networks and BlueCoat proxy servers are well

known to network administrators to provide both proxy and network
bandwidth management capabilities. They also provide an interface
to allow 3rd party solutions such as Anti-virus and Data Loss
Prevention solutions to connect via the ICAP. Connecting the SECURE
ICAP Gateway to the third party devices allows the network security
features of the device to be complimented by the Clearswift adaptive
data loss prevention functionality.
ICAP
Third Party
Enabling policies Web Gateway

We actively increase, rather than hamper, employee productivity

SECURE ICAP
by facilitating employee engagement with collaborative online Gateway

technologies through our flexible web 2.0 policy rules.

Data Loss Prevention
Adaptive Redaction
User identities are authenticated by the ICAP proxy and passed to Threat Protection
the SECURE ICAP Gateway so that granular user policies can be
applied to the content coming in and out of the organization.
The SECURE ICAP Gateway goes beyond simply keeping your
networks free of viruses, inappropriate content and harmful
executables. It enables complete, granular control over the
information that you access or share online, whether it’s limiting
recreational browsing, or preventing sensitive data from leaking into
status updates using the Clearswift Adaptive Redaction functionality.
The Clearswift SECURE ICAP Gateway enables organizations to
reap all the benefits that collaborative web 2.0 technologies have to
offer, safe in the knowledge that your sensitive data, IP and brand
reputations are protected.

12 www.clearswift.com
Clearswift Critical Information Protection
Management Server & Agent

By controlling where sensitive data resides and Context-aware Data in Use (DIU) policies
how it is used on endpoint devices, organizations Flexible policies and context-aware content inspection mean
can manage information security, governance and that you no longer have to choose between the productive use
compliance risks and identify control priorities. of removable media and unacceptable risk. A policy which is too
restrictive means that people either cannot work effectively, or they
The Clearswift Critical Information Protection will find ways to bypass their security policy. Rules can be created
(CIP) Management Server and Agent supports a that block all spreadsheets containing particular keyword terms
combination of security features – including device from being copied to external devices. Alternatively, these files can
control, deep content inspection, remediation be encrypted when transferred – which ensures that the contents of
actions, encryption and comprehensive auditing. a USB cannot be read if it was to be left behind in a taxi or in another
public place.
Deep content inspection
Clearswift CIP is a fully content-aware endpoint data loss prevention Discovering Data at Rest (DAR)
solution that provides complete visibility and control of data By using the Clearswift Deep Content Inspection Engine, critical data
transferred from the endpoint and stored on it. The transfer of can be discovered wherever it is stored on desktops, notebooks,
critical information can be logged, blocked or encrypted and the servers, shared networks or cloud collaboration apps e.g. Dropbox.
solution provides automated policy-based remediation. The Critical This enables organizations to audit and manage critical information
Information Protection Agent scans files for sensitive content and cleanup within data at rest. As with ‘data in use’ policies, built-in
based on a granular organizational policy it provides the necessary and customizable lexical expressions are included, which enables
flexibility to permit multiple behaviors, depending on the user and discovery of required critical information as detailed in the likes of
destination of file operations. Data Protection Acts of the Länder, Privacy Act, PCI, HIPAA and GLBA.
Running in the background, utilizing advanced throttling techniques,
Device control the agent silently discovers critical information without interrupting
The ability to control users connecting personal USBs or smart end user activity. This provides unprecedented insight into potential
devices to the corporate network has become a critical security data protection vulnerabilities that exist on your networks and systems.
requirement. Sensitive data can be lost and malicious applications
can be introduced to networks due to the uncontrolled use of Educate users
removable media. The CIP integrated device control provides
The key to an effective information security management policy is
granular management of removable media, permitting the
educated end users. The CIP can notify users of the risks involved
legitimate productivity-enhancing use of these devices whilst
when transferring critical information to unprotected devices,
reducing network risks and support costs – resulting in increased
allowing them to specify a reason for the activity before the file is
data security.
allowed to be transferred.

13
Protect critical information to comply with regulations with regulation, while facilitating the legitimate and productive
Staying within the bounds of a regulatory framework is paramount. use of removable media. Flexible policies can be built to enable
By encrypting files, organizations can ensure that they comply the transfer of non-sensitive data such as sales brochures, whilst
encrypting and protecting files that do contain critical information.

Integrated policy management The results are provided by Clearswift’s reporting function, which
The interface of the Critical Information Protection Management shows where critical information resides, who is using endpoint
Server is powerful, yet simple to use. With pre-defined lexical devices and what information is being transferred to unsecured
expressions, file name lists and media types, it’s easy to build devices. Reports will generate a detailed audit of discovered date,
policies, manage violations and report on trends and behavior. In devices connecting, and the information transferred to and from
this way, valuable insight is provided without consuming valuable the device by each user. The audit is unnoticeable to the end user,
admin resource. so that data and device details can be collected without the user
changing their behavior. This helps organizations to understand the
Integration with the award-winning Clearswift SECURE Email and usage patterns and business requirements for removable media.
Web gateways enables teams to share policy elements, which
ensure the consistent application of content rules and compliance
Flexible deployment options
with regulations.
You decide how you want to buy and deploy the Critical Information
Protection Management Server. It’s supplied either as a
The Critical Information Protection Agent enforces
pre-installed hardware appliance, as a software image that
flexible, content-aware policies and can carry out
can be loaded on a choice of hardware platforms – or virtualized
different actions depending on the content policy. in a VMware environment.

Discover critical information at rest on endpoint

devices and take appropriate remediation actions
according to policy, reducing the risk of breaching
Block data protection regulations.

Encrypt

Notify

Audit Move

Notify

Reporting and Monitor Mode

Clearswift is able to provide a useful proof-of-value exercise by
running the CIP Agent in ‘Monitor Mode’, where organizations can
see the results of their policies without the operation executing in
‘Active’ mode.

14 www.clearswift.com
Clearswift Information
Governance Server

Deployment Document owners are also notified of any violations if that

The Clearswift Information Governance Server (IGS) is deployed document or even a fragment of it is uploaded to a website, sent
centrally in an organisation. Running on a Linux platform, this internally or emailed to an external recipient, depending on your
integrates with your own environment for enterprise single sign deployed policy.
on and support for for current SECURE Email, Web, Exchange
and ICAP gateways; our architectural strategy provides future Document track ‘n’ trace
Gateway integration. The IG server is not just a repository of document fingerprints;
it is also used to store transactions from all of the connected
Document management Gateways. This data store can then be mined to show information
Businesses have to be more dynamic when it comes to security. flows and relationships. The information analytics provided will
The IG server permits users to register sensitive documents allow the ability to follow a piece of data across multiple protocols
through a simple-to-use web interface or a windows client. providing the CISO with unique insights to how and where their
information is going.

SECURE Email SECURE Web

Gateway Gateway

Internet Traffic Check and Track

Check and Track

SECURE ICAP
Gateway

Check and Track

IG SERVER

Internet Traffic Check and Track Register etc

Sensitive
Content

SECURE Exchange
Gateway

FILE SERVER

15
Gateway deployment options Hosting & Cloud options
Clearswift offers a straightforward, secure and cost-effective
The Clearswift security solutions are available with hosted solution to protect your organization; allowing
a range of deployment options to fit your existing organizations to have complete control over a dedicated system
IT infrastructure and reduce the time and costs whilst reducing their on-site footprint; including hardware, power,
associated with deployment. rack space and maintenance costs.
Our hosted solution supports today’s collaboration model, whilst
For the quickest return on investment, and to reap efficiency
bringing award winning security to critical information allowing
savings, simple deployment is essential. Clearswift’s options
organizations to achieve their desired operational efficiencies
give you total web and email security that works how you do.
safe in the knowledge that communications remain safe and
compliant in the Cloud.
Hardware deployment options
Customers who embrace public cloud deployments such as AWS
The Clearswift SECURE Web and Email Gateways are available
will be pleased to know that the Clearswift Gateways are also
as pre-configured appliances ready for immediate hardware
deployment at your network perimeter. A range of hardware supported within this environment.
performance profiles allow you to select the correct unit for your
filtering needs and provide scope for future growth. Hardware Virtualization deployment options
deployment options from Clearswift are also backed by ‘Next The Clearswift SECURE solutions also support virtualization using
Business Day’ or ‘Four-hour’ onsite service options. VMware and Hyper-V for email filtering, allowing the creation of
private cloud security systems for greater network management
Software deployment options flexibility. Your deployments can then be assembled from a
combination of physical and virtualization servers according to
The Clearswift SECURE solutions are also available for
your specific business needs and environment.
deployment on your own server hardware, allowing you to
maintain consistency in your environment using systems from
your preferred vendor. The SECURE Gateways operate on a
Peered Gateways
hardened Linux distribution, offering ultimate flexibility for your If more than one Clearswift Gateway is deployed, or more than
own hardware deployment choices. one type of Gateway (e.g. Web and Email) is deployed, then
integration occurs at all points. Peered Gateways share common
policy and system settings, ensuring that, should one Gateway
fail, the remaining Gateway will be able to pick up the load. With
more than one Gateway deployed, administrators can use a
single interface to enforce a consistent policy across multiple
communication protocols.

Peered Email and Web Gateways permit policy

changes from a single console

16 www.clearswift.com
 ”
World class products,
24/7 support and
professional services
Support and
organization
”
Professional Services
The development of world class products
is complemented with a 24/7 support and
professional services organization.

Standard Support Premium Support

The Standard Support offering gives a highly reactive and The Premium Support offering is a highly personalized service,
responsive 24/7 service, enabling Clearswift to take immediate delivering additional services through a dedicated Support
ownership of reported issues, providing full visibility of progress Account Manager, inclusive of best practice consultation, on-site
and status through the end-to-end management of incidents. support days and regular on-premise service reviews in true
partnership with our clients.
Advanced Support
An Advanced Support offering is available, recognizing the Professional Services
business critical nature of Clearswift solutions. It delivers The Professional Services organization offers our clients help in
enhanced support capabilities, including automated service all aspects of securing their infrastructure. It can offer Gateway
monitoring and reporting and regular service reviews to further infrastructure design, installation and configuration services.
secure consistent operational availability through a more Clearswift Professional Services also offers policy design services
proactive level of support. and system upgrade and system health check support.

17
Summary
Clearswift offers a straightforward, manageable Offering protection from both inbound and outbound threats,
approach to adaptive data loss prevention, suitable Clearswift takes a proactive approach to data loss negating
for organizations of all sizes, bringing award today’s threats such as the insider threat, and malicious cyber
winning technology to secure and support your attacker activity. With a Clearswift solution in place, you can be
rest assured that your organization remains secure at the same
organization today. And tomorrow.
time as business activity and collaboration remains consistent
and agile.

Clearswift SECURE Gateway functionality summary table:

Key Feature SECURE Email SECURE Web SECURE SECURE ICAP

Gateway Gateway Exchange Gateway
Gateway

Deep Content Inspection

Data Loss Prevention

Anti-virus * *

Encryption*

Remote Client Support*

Text Redaction*

Document Sanitization*

Structural Sanitization*

Standard / Advanced* /
Premium* Support

Message Sanitization

Professional Services*

*Additional cost option

18 www.clearswift.com
Notes

19
 Clearswift is trusted by organizations globally to protect their critical
information, giving them the freedom to securely collaborate and drive
business growth. Our unique technology supports a straightforward and
‘adaptive’ data loss prevention solution, avoiding the risk of business
interruption and enabling organizations to have 100% visibility of their
critical information 100% of the time.

As a global organization, Clearswift has headquarters in the United States,

Europe, Australia and Japan, with an extensive partner network of more
than 900 resellers across the globe.

UK Germany United States

Clearswift Ltd Clearswift GmbH Clearswift Corporation
1310 Waterside Im Mediapark 8 309 Fellowship Road, Suite 200
Arlington Business Park 50670 Köln Mount Laurel, NJ 08054
Theale, Reading, Berkshire Tel: +49 (0)221 828 29 888 Tel: +1 856-359-2360
RG7 4SA Technical Support: +49 (0)800 1800556 Technical Support: +1 856 359 2170
Tel : +44 (0) 118 903 8903 Email: info@clearswift.de Email: info@us.clearswift.com
Sales: +44 (0) 118 903 8700
Technical Support: +44 (0) 118 903 8200 Japan
Email: info@clearswift.com Clearswift K.K
Shinjuku Park Tower N30th Floor
Australia 3-7-1 Nishi-Shinjuku
Clearswift (Asia/Pacific) Pty Ltd Tokyo 163-1030
Level 17 Regus Tel: +81 (3)5326 3470
Coca Cola Place Technical Support: 0800 100 0006
40 Mount Street Email: info.jp@clearswift.com
North Sydney NSW 2060
Tel: +61 2 9424 1200
Technical Support: +61 2 9424 1210
Email: info@clearswift.com.au

www.clearswift.com | © Clearswift 2016