EdgeWave

Group1's Inside View...

Formerly St. Bernard Software, this manufacturer has specialized in Web content filtering for over a decade. Based on this ample experience, their iPrism appliance line has matured and improved through the years.

The current generation of iPrism appliances provides quality content recognition, advanced features, and some of the best price-perfomance in the industry.

 

Is EdgeWave's iPrism the right product for you?

We will be happy to discuss your current network environment, your content filtering goals, and share our real world experience with EdgeWave's iPrism product line.

Please give us a call at (800)738-3570, or drop a quick email to .

15

105


EdgeWave

Detailed EdgeWave info...
(provided by the manufacturer)

With Internet-based threats evolving dramatically, you need a Web security solution that can keep up with the dangers emerging daily.

iPrism Web Security from EdgeWave combines simplicity, performance and value to deliver multilayered protection from threats such as malware, botnets, viruses, spyware, circumvention tools, anonymous browsing, IM, P2P, and inappropriate content.

iPrism Web Security, powered by exclusive iPrism technology offers the security of a high-performance appliance and the flexibility and scalability of a feature-rich, software-based solution. Our iPrism technology, with its hardened and optimized operating system and unique kernel-level filtering combines with powerful appliances to bring you comprehensive, accurate and secure Web access management, with no latency.

  • iPrism offers universal interoperability on any platform and in any network environment, delivering Internet security at the gateway, to help enforce your Internet acceptable use and security policies.
  • iPrism seamlessly integrates with your directory services to automate authentication for fast and easy deployment across your organization.
  • Our exclusive Hybrid Remote Filtering assures policy enforcement for all on-premises or remote employees without using VPN, DMZ deployments or PAC files.
  • Simple to set up and requiring virtually zero maintenance, iPrism Web Security allows your organization to mitigate the risks of legal liability, defend against security breaches, and prevent productivity loss.

Lowest Total Cost of Ownership (TCO)
iPrism Web Security, is affordably priced and as a dedicated Internet filtering appliance, there is no need for any additional software or hardware. With virtually no maintenance required, our solution frees IT personnel to focus on other security issues.

Award Winning Technology
iPrism Web Security continues to earn industry recognition including 5 stars across the board in the 2011 SC Magazine's Group Test of Web Content Management solutions. iPrism was also chosen as the recommended solution by SC Magazine.

iPrism Offers Comprehensive Web Security
iPrism Web Security offers a combination of robust features designed to deliver unmatched protection from Internet-based threats such as malware, botnets, viruses, spyware, circumvention tools, anonymous browsing, IM, P2P, and inappropriate content.

As a self-contained appliance-based solution, iPrism offers universal interoperability on any platform and in any network environment, delivering Internet security at the gateway, to help enforce your Internet acceptable use and security policies. iPrism seamlessly integrates with your directory services to automate authentication for fast and easy deployment across your organization:

Multi-Layered Security Threat Protection
iPrism's unique combination of enforcement methods assures powerful protection from botnets, malware, viruses, phishing and other threats. These methods include integration with ThreatSTOP's outbound anti-botnet technology, the 100% human-review iGuard URL database, integrated AV engine, and iPrism's unique Circumvention Defense Network. Together they deliver unrivalled protection to your organization and are easily enabled via simple check boxes, rather than complex multi-dimensional rule sets.

Proprietary Technology
iPrism technology is port-agnostic providing comprehensive coverage across your network. Its exclusive transparent bridge deployment won't introduce latency to your network traffic no matter how busy your network gets. With filtered traffic throughput speeds over 500 Mbps, even networks with the largest pipelines are easily managed by iPrism's combination of in-line deployment and kernel-level filtering technology.

Hybrid Remote Filtering Requiring no VPN or Hardware in the DMZ
With iPrism's exclusive hybrid technology, you can manage remote users easily with no VPN tunnels, no DMZ proxy deployments and no browser-specific PAC files required, assuring bandwidth conservation and no latency. iPrism's hybrid technology uses a location-aware remote filtering client and the Amazon Web Services distributed data center to ensure enforcement of your AUP across all users, on or off-premises.

Most Comprehensive and Accurate URL Database
EdgeWave maintains its own URL database, with 80 categories containing millions of websites. This allows you to easily customize your filtering to fit the exact requirements of your acceptable use policy. iPrism assures automatic, daily database updates, and crucial security categories, including anti-botnet and anti-circumvention defense, are updated hourly.

 

Features

Exclusive Transparent Bridge Mode Deployment
iPrism's standard deployment and proprietary port-agnostic, kernel-level filtering combine the accuracy and security of pass-through filters with the speed and coverage of a pass-by or sniffer-type solutions, giving you the best of both worlds. Unlike proxy-based user-level filtering solutions, our kernel-level filtering means latency is never introduced. However, the iPrism appliance can still function as a direct proxy when deployed in Transparent Bridge Mode, working seamlessly in a wide range of network scenarios involving mixed platforms, legacy systems and other variants. iPrism h-Series appliances include a built-in, high-speed network failover circuit to mitigate introducing a single point of failure, and load balancing is supported.

iGuard Database with iPrism Automated Rating Protocol (iARP)
The iPrism 100% human-reviewed iGuard database includes the iARP feature, which further refines Web filtering by sending your most frequently-accessed unrated URLs to the iGuard team automatically to be added to your and all our customers' database.

Exclusive iPrism Hybrid Remote Filtering
iPrism's new Remote Filtering extends comprehensive, flexible Web security to your corporate laptop and other remote or roaming users with an exclusive hybrid technology that makes deployment simple and seamless. Unlike any other remote filtering solution on the market, iPrism's proprietary technology delivers powerful Web security to your remote users without using your VPN and without adding any hardware in your DMZ or requiring browser-specific PAC files. Using a combination of iPrism Remote Filtering Client (for both Windows and Mac) and proven Amazon WS Data Center cloud service, iPrism Remote Filtering delivers comprehensive Internet security to your employees no matter where they are located. iPrism Remote Filtering's centralized administration and reporting assures AUP and security policy enforcement as well as comprehensive reporting across your organization.

Outbound Anti-Botnet and Inbound Antivirus Protection
iPrism Web Security provides continuous defense against dangerous botnets by leveraging the ThreatSTOP Botnet Threat List to stop the "phone-home" mechanism that enables stealth, bot-related malware to steal identities or data and commit illegal or malicious actions within and outside your network. When combined with our four-factored antivirus engine that blocks malicious inbound traffic, you get multi-layered protection from damaging botnets, viruses and malware to protect your organization without incurring false positives or latency.

Centralized, Multi-User Admin and Reporting with Granular Override Management and SSO
iPrism gives you the flexibility to define roles for policies, reports, and other facets of administration with eight pre-defined and customizable roles that you can delegate to any person within the organization (local or authenticated users). And unlike any other solution, iPrism has a granular override feature that allows you to delegate override privileges to a secondary administrator or even provide self-override roles to some end-users. iPrism's browser-based user interface offers single sign-on (SSO) access for comprehensive administration and reporting capabilities via any browser. In addition, multiple delegated administrators can log into the UI simultaneously for increased efficiency. This is ideal for situations requiring more flexible policy enforcement, or for large organizations trying to optimize resources.

Application Controls
iPrism offers application controls that reduce the risks associated with unsanctioned application communications. These applications, which include popular IM and P2P protocols, not only erode productivity and drain bandwidth; they can open serious security gaps where bot-related malware and viruses can invade your network. iPrism allows you to monitor and block IM and P2P applications such as Skype and FTP with a simple set-and-forget check box.

Enhanced Directory Integration
Unlike some competitors, iPrism employs on-box user authentication rather than user identification giving you significant advantages. Because iPrism complies with Microsoft Best Practices and does not require a separate off-box agent, you achieve automated authentication with more security, less bandwidth drain and no latency. iPrism authentication incurs no OS conflicts and eases your administration duties by integrating seamlessly with all major network directories including Novell Netware Directory Services (NDS), Windows Active Directory (including one-way outgoing trust support) for Window 7 and also Mac clients using AD 2003/2008 and Mac OSX Snow Leopard. In addition, as an LDAP variant, it is possible to integrate iPrism Web Filter with OSX Server Open Directory (LDAP v2/v3).

iPrism iLearn Center Embedded Video Tutorials
The iPrism iLearn Center offers exclusive video tutorials that are embedded in the new iPrism user interface. This enhanced user support feature allows you to manage your Web filter configuration and policy settings on-the-fly, shaving hours off the time you spend on IT administration tasks. The iLearn Center houses a series of short video tutorials that walk you through specific iPrism tasks without requiring you to log out and access a manual or knowledgebase. These concise, easy-to-use materials include text as well as videos covering a wide range of iPrism capabilities. The iLearn Center tutorials are conveniently accessible through the new iPrism Web-enabled user interface from a central help page and also via icons located at relevant points throughout the iPrism UI.

Seamless Terminal Server Integration
iPrism's unique auto-login feature allows terminal server users to maintain their productivity without incessant authentication requests. iPrism's unique "session based" authentication technology lets you use Auto-login to simplify the authentication process without installing any software on your terminal or AD servers. This seamless integration is verified by the fact that iPrism is the only Citrix Ready appliance-based Web Filter on the market, assuring consistent policy application whether your users are Web surfing from their desktops or via Citrix or other terminal server systems.

Comprehensive Logging, Real-Time Monitoring and Reporting On-Box
iPrism's comprehensive on-box reporting requires no additional hardware or software and includes real-time monitoring and email alerts that give you highly accurate and timely visibility on Internet activity across your organization. Historical reports can be generated using a variety of available templates or you can customize reports to suit your needs. Reports can be scheduled by day week or month and can run in the background — freeing you to take care of other projects while your reports are automatically generated. You can also assign designated users the right to run the Reports Manager, allowing you to use your IT resources more efficiently. Email alerts are generated when security problems are detected allowing you to quickly mitigate threats before they cause damage.

If you have multiple iPrisms deployed across your large enterprise and distributed network, the iPrism Enterprise Reporting Server (ERS) delivers comprehensive aggregate reports on all Web activity quickly and easily.

Anti-Circumvention and Anonymous Browsing Protection
Employees who try to get around your Web security measures by using circumvention tools, proxies or anonymizer websites, will have their attempts blocked at every turn by iPrism's multi-layered approach:

Circumvention Defense Network (CDN)
iPrism's unique CDN protects your organization from circumvention attempts by gathering intelligence on thousands of externally-hosted non-Web servers used to circumvent your network security by re-routing Web requests. We collect these IP addresses in the cloud and analyze them against known legitimate sites to mitigate false positives and immediately and continuously download the results to your iPrism. iPrism inspects outbound traffic and enforces monitoring and blocking of circumvention tools — including UltraSurf, Tor and JAP clients — attempting to connect to their server networks.

Dynamically-Detected Proxies
Using deep packet inspection with real-time pattern rules, iPrism monitors and blocks websites or private servers leveraging script-based proxy tools, including PHProxy and CGIProxy, to anonymously redirect web requests.

Anonymizers
The iGuard analyst team continuously monitors message groups and other anonymizer listing sites for new anonymizer URLs, and updates the database hourly.

Active Domain IP Address Mapping and SSL Certificate Inspection
Administrators always know where users are going on the Web because HTTPS traffic is enforced and reported using domain names, instead of IP addresses, in both transparent bridge and proxy mode deployments. This mapping feature blocks the ability to circumvent iPrism using IP addresses.

EdgeWave h-Series Appliances
iPrism's powerful line of high-performance hardware offers a full range of appliances designed to deliver optimum performance and blazing Web security throughput speeds to organizations of all sizes no matter how big your pipeline. All of the h-Series models share a hardened and optimized OS for complete interoperability. Also, many h-Series models offer dual hot-swappable hard drives and power supplies for enhanced reliability.

 

System Administration

iPrism Web Security Assures Ease-of-Use with Flexible Admin Roles and Granular Override Delegation.

In accordance with our goal to keep daily administrative requirements to a minimum, our Web security solution gives IT professionals unrivalled flexibility in managing their resources with the Admin Roles feature. Using the browser-based central management console, IT Managers can easily share administrative tasks by assigning a wide range of roles and privileges to others in their department or the company. Choose from eight pre-defined, customizable roles or create new roles to suit your specific requirements. You can also restrict privileges to managing or reporting on specific users or networks and accountability is assured by using administrator logs to audit system configuration changes in real-time.

Benefits of iPrism's Multiple Administration Roles:

  • Allows you to more efficiently manage your IT department and resources by delegating administrative tasks
  • Enhances our already low TCO by providing superior flexibility in distributing and managing roles and tasks
  • Assures that you maintain the security level of your department when you assign roles by authenticating per directory service group membership or via locally defined credentials

iPrism's Exclusive Override Delegation Feature
iPrism Web Security offers a highly granular override management feature that no one else in the industry offers. It allows administrators to address end-users' override requests by delegating override privileges to a secondary administrator or even providing self-override roles to some end-users. This should be welcome relief to IT administrators who must deal with repetitive requests from multiple users going to the same blocked page or individual users going to multiple blocked pages.

  • The benefits of override granularity and enhancement include:
  • Streamlines the time-consuming task of fulfilling override requests
  • Allows you to delegate override privileges to others in your organization, even non-IT personnel
  • New enhancements offer more override duration options and enable overrides that allow time-limited access per a different user's profile.

This flexibility is extremely beneficial in environments where you may want to grant privileges for special projects or times such as:

  • Teachers who may want to apply their profile categories to students as they work on a particular assignment.
  • Business departments that require temporary access to content that might be blocked normally.
  • HR or Legal departments engaged in special projects.
  • However you choose to delegate roles, you maintain override control with the ability to lock website categories from being overridden, monitor and revoke active overrides in real-time or report on overridden access

iLearn Videos for Instant Assistance
iPrism includes a series of integrated, on-demand instructional videos designed to help administrators navigate basic Web Filtering features. We know IT Administrators are busy and don't always have time to consult a manual or knowledgebase to complete simple Web filtering tasks. Whether you are new to iPrism Web Security, or just need a quick refresh on a configuration task, the short 3-5 minute iLearn Center video tutorials are designed to quickly walk you through completing common functions, step-by-step without searching through a database or downloading additional materials.

Transparent User Authentication
iPrism offers transparent authentication that allows you to easily delegate administration roles and manage and enforce user policies with flexible granularity.

iPrism makes authentication easy with transparent methodology that allows you to delegate administration roles via group membership to privileges mapping, and have visibility into, manage and enforce user policies via group membership to profiles mapping.

Active Directory & "Auto-Login"
iPrism Web Security supports Microsoft Active Directory (AD) services running on Windows Server 2000, 2003 or 2008. Unlike transparent agent-based user identification methods, Windows or Mac users' identity is not only transparently obtained, but authenticated in real-time, using a secure Microsoft protocol when they are logged into a domain or other realm trusted by iPrism Web Security's configured AD domain controller. iPrism supports redundant domain controllers, one-way outgoing domain trust and hierarchal nested groups.

iPrism's Auto-Login feature uses Kerberos as the primary authentication protocol with NTLMv2 as a backup, which enables the client browsers to respond to authentication requests with no intervention by the user. Many competitors only use NTLMv2, or even NTLMv1 in some deployments, as their primary protocol, which is not recommended by Microsoft.

On-box Kerberos Authentication:

  • Is recommended by Microsoft
  • Uses a "trusted 3rd-party" schema, which is the already trusted domain controller (DC), so it complies with Microsoft best security practices without domain controller changes
  • Is the least noisy protocol because iPrism doesn't need to challenge the client and pass this information to the DC every time, and does not use insecure NetBios requests
  • Is independent of operating systems maintenance or upgradeability concerns, including specific versions or patches, because it doesn't require a separate server to host agents, or client agents on every managed workstation

Mac OSX Client Auto-Login
Mac OSX 10.4/10.5/10.6 clients can also take advantage of iPrism's Auto-Login feature. With Active Directory services running on Windows Server 2003 or 2008, you can achieve authentication by binding the clients to the same domain controller as the iPrism Web Security solution using the Directory Utility. If you do not wish to bind, you can take advantage of Safari browsers' locally cached credentials after a one-time prompt to the user.

Session-Based Authentication & Proxy Mode
Unique "session-based" authentication method enables auto-login for multi-user workstation environments such as Citrix or Microsoft Terminal Services. Users are allowed to maintain their productivity without incessant authentication requests, while administrators do not need to install agent software on servers, ensuring that uniform user-based policy enforcement is being enabled across your organization.

Novell eDirectory Support
iPrism Web Security supports Auto-Login feature when using Novell eDirectory as the LDAP server and Novell login clients on user machines.

LDAP Support, Captive Portal & Local Users
iPrism Web Security supports manual login feature via captive portal or basic authentication when using a LDAP v1/2/3 compliant directory service, including Mac OSX Server Open Directory or OpenLDAP, or Local Users.

In some multi-user workstation environments, it may be preferable to explicitly request users' credentials by presenting a customizable authentication page via a captive portal. Optionally, this page can be sent over secure SSL-encrypted traffic.

For guests or delegated administrators who do not have user accounts defined in an existing domain group, iPrism Web Security allows you to locally-define a local user's credentials.

iPrism Users spend 50% less time on Web Filtering compared to Websense and SurfControl
A new study by independent research consultants Robert Hale and Associates found that iPrism Web Filter users spend one-half the time spent by Websense and SurfControl users on their Web filtering tasks. The study results have strong implications for organizations looking to reduce total cost of ownership while maintaining robust network security.

A summary of study findings includes:

  • For all companies and all parameters surveyed, Websense and SurfControl customers spent twice as much time in the first year as EdgeWave iPrism users. EdgeWave iPrism users spent an average of 483 hours per year, Websense users spent 1,040 hours and SurfControl users spent 910 hours.
  • The dramatic difference in hours spent was across all tasks associated with a Web filter that were measured including set up and installation, management and administration, hardware maintenance and reporting.
  • The study found that EdgeWave iPrism users need to re-boot less often then Websense and SurfControl users.
  • A larger number of Websense and SurfControl customers have switched to iPrism than have iPrism customers switched to either Websense or SurfControl.

Why is TCO Important?
When calculating the total cost of ownership (TCO) of any hardware or software product, the acquisition price is just part of the equation. According to a recent Gartner report, TCO can be up to 4.5 times higher than your initial acquisition price. Gartner states that the main variable driving up TCO is labor costs. The good news is that labor costs are actually the most manageable part of the equation. This TCO study shows you how dramatically iPrism cuts the time your IT staff will spend on all tasks associated with web filtering compared to Websense and SurfControl. The difference directly affects your bottom line.

Hardened OS and Kernel-Level Filtering
iPrism's combination of FreeBSD OS and kernel-level filtering assures a hardened and optimized operating system, better performance and complete interoperability on any platform.

iPrism Web Security uses FreeBSD as the basis for its hardened and optimized operating system. FreeBSD was chosen because it offers better performance and more security and compatibility features than many other operating systems in use today.

Because iPrism Web Security has its own OS, it can provide complete interoperability with any platform you are using. By employing the exceptional stability of the FreeBSD OS, we have built a Web security solution that is customized and configured to run uninterrupted on our h-Series appliances, ensuring continuous Web filtering protection from the moment of deployment. Also, as a completely self-contained solution, iPrism Web Security is transparent to the end-user and can be installed into any network without additions to workstations or any added software.

Neither network architecture changes nor alterations to existing firewalls and/or routers are required to operate the iPrism Web Security solution in its most common installation, transparent bridge mode. Operating in the less common proxy mode requires minor modifications to network routers and a slightly longer installation time. However, we offer IT administrators the option of multiple deployment modes making it one of the most flexible and extensible Web filtering solutions on the market.

Kernel-Level URL Filtering Technology
iPrism Web Security's software is compiled into the FreeBSD OS at the kernel level to deliver near zero-latency URL filtering with 100% traffic inspection and enforcement. Unlike many other URL filtering solutions that process requests from the application layer, our content filtering gives you the speed of pass-by with the accuracy of pass-through technologies. When combined with the speed of the h-Series appliances, the performance is unrivalled.

In transparent bridge mode, which is the standard deployment, requests for the Internet pass through the iPrism Web filter and go to the Internet. While this is taking place, the Web filter is making a decision on whether or not to block the requested URL. As the URL request returns from the Internet, if the Web filter is configured to block the website, the user is redirected to an announcement that the page has been blocked and the request itself is discarded. If the site is allowed, then the URL filter allows the site to be passed back to the user.

Since the URL filtering decision is being made while the remote site is working on the URL request, the Web filter is able to process URL requests with no apparent network slowdown. For users, this means less frustration, fewer help desk calls and more efficiency in enforcing your corporate AUP.

iPrism Delivers Hack-Proof Security
Another advantage of a hardened and optimized OS is security. iPrism Web Security is commonly installed between your firewall and internal systems with all Internet traffic routed through it. This positions the iPrism solution as your strongest defense against Internet-based threats.

iPrism Delivers Hassle-Free System Upgrades
Another advantage of the integrated OS and software, is that administrators do not need to manage OS and software updates separately, which often require more tedious technical tasks and more time.

iPrism Policy Rules and Enforcement
iPrism Web Security offers flexible policy rulesets that allow you to manage your acceptable use and security policies with accuracy and granularity.

iPrism Web Security offers flexible policy rulesets that allow you to manage your acceptable use and security policies with accuracy and granularity. It enables you to log both Web and application activity on your network and protect against security threats while minimizing productivity loss, mitigating bandwidth degradation and assuring your organization's compliance with regulatory requirements.

Web-Based Categories
iPrism Web Security is the only Internet filtering solution on the market that uses a one-hundred percent human-reviewed ratings database, known as iGuard. Powered by a team of trained analysts and iPrism automated rating protocol (iARP™), iPrism delivers over 99% Web coverage with near 100% accuracy of the 10-20 million most frequently visited websites. Unlike other solutions that focus on rating quantity over quality, this minimizes false positives and assures that each site rated by iGuard has a higher degree of accuracy when compared to heuristic analysis or blended classification technologies, resulting in better enforcement of your acceptable use policy and increased ability to mitigate risks.

iGuard Analyst Team
A team of multi-lingual web content experts rates sites by domain, specific URL and/or general IP address into 70 categories using documented detailed criteria that also allows the creation of custom local categories for flexible policy setting. You receive daily database updates and hourly updates on sites that have contain security risks such as botnets, spyware, malware, and phishing. In addition to the typical categories for restricting access to adult content, gambling, dating and the like, iGuard also categorizes websites that offer anonymous browsing, so users can't avoid policy enforcement through circumvention; malware sites, to keep users from having their computers infected; and web-based email and IM sites so you can control personal email and IM use, if necessary.

Automated Rating Protocol
Another tool for defending against anonymous browsing is the proprietary iPrism Automated Rating Protocol (iARP™) feature. This adds more protection by compiling unrated URLs, accessed by your employees, and sending them to the iGuard team where they are analyzed, categorized and returned to your iPrism with your daily or hourly database updates

Award-Winning Inbound Malware Protection
iPrism Web Security offers onboard Antivirus with detection capabilities that have won awards from leading certification authorities, including VB 100, West Coast Labs and ICS. Even if you are already using an antivirus solution, our antivirus adds another layer of security by scanning all incoming HTTP traffic and blocking malware before it can reach your end-users.

Anonymous Proxy Detection
Anonymous proxy sites are pervasive and easy to build. The Internet landscape is littered with sites that offer proxy site-building scripts and instructions for enabling them via free hosting services. The frequency with which purveyors of this circumvention technique are able to erect these sites has made the conventional defenses of many Web security solutions ineffective. As soon as one site is located and blocked, another one emerges. iPrism's dynamic script-based (i.e. PHProxy, CGIProxy) proxy site detection helps thwart these circumvention attempts by identifying proxy sites on the fly, giving you much better defense against this difficult threat.

iPrism Leverages ThreatSTOP Botnet Threat List
iPrism Web Security leverages the ThreatSTOP Botnet Threat List to prevent bots from 'phoning home' by contacting command and control hosts outside your network. Once a bot has been detected and blocked, administrators can be alerted via Email Alerts or Real-Time Monitor so they can later remediate compromised endpoints with the security of knowing that the immediate threat has been mitigated. iPrism on-box reporting will show compliance with regulations that protect users' identities and data.

EdgeWave Circumvention Defense Network
iPrism's new Circumvention Defense Network blocks attempts by client-side circumvention tools to connect to their network of proxy or re-routing servers, rendering them harmless and protecting your organization from the damage circumvention can cause including regulatory compliance infractions, data leakage and exposing your network to security breaches. Once the circumvention threat has been blocked, iPrism's Email Alerts and Real-Time Monitor features can be used to address the transgressors and take more serious action if required. iPrism's historical reporting features can document that regulatory compliance, your acceptable use policy and security policies are being enforced.

Protocol Pattern Detections
Detects 10s of client-side applications (potentially 100s of different versions) sharing a standard protocol for comprehensive application control including IM, P2P and FTP protocols:

  • Instant Messaging (IM) application protocols over any port including Skype
  • Peer-to-Peer (P2P) application protocols over any port
  • File Transfer Protocol (FTP) over any port

Browser-Based Anonymous Proxy Defense
iPrism protects against attempts to circumvent your network Internet security via browser-based anonymous proxies.

Circumventing your network Internet security can be attempted in a variety of ways including by accessing anonymous proxies. This occurs when a user goes outside your network to connect with one of hundreds of thousands of publicly or privately hosted proxy servers. Without an integrated solution, your IT administrator may spend many hours manually monitoring and blocking these proxy sites in order to protect your organization from the risks associated with anonymous browsing.

iPrism defends against Internet access via browser-based anonymous proxies with a multi-layered approach that conserves your IT resources while effectively protecting your network.

Dynamically Detected Proxies
Anonymous proxy sites are pervasive and easy to build. The Internet landscape is littered with sites that offer proxy site-building scripts and instructions for enabling them via free hosting services. The frequency with which purveyors of this circumvention technique are able to erect these sites has made the conventional defenses of many Web security solutions ineffective. As soon as one site is located and blocked, another one emerges. iPrism's dynamic script-based (i.e. PHProxy, CGIProxy) proxy site detection helps thwart these circumvention attempts by identifying proxy sites on the fly, giving you much better defense against this difficult threat.

What are Anonymizers?
Anonymizers are web-based proxy servers that forward client requests to other servers. Their popular appeal lies in the fact that they remove identifying information of the user before they take them to a site.

  • In schools and libraries, anonymizers are the most popular tool students use to access top social Web destinations such as YouTube, MySpace and Facebook, typically blocked by school IT staffs
  • CIPA violations resulting from anonymizer use by students can jeopardize a school qualifying for critical e-Rate funds
  • In the workplace, anonymizers give employees access to offensive or illegal content by making end-runs around corporate network defenses. Even if these events are isolated, they can precipitate costly and public lawsuits if co-workers are exposed to harmful content
  • Violations of acceptable use and security policies can have serious legal and regulatory consequences for organizations that fail to protect their workers from inappropriate content or data theft
  • Anonymizers create huge network security holes, hacker portals for data theft, spyware, viruses and worms
  • Anonymizer sites and fringe sites that offer illegal or offensive content often covertly deliver malware. Even if the original computer user logs off, the machine can start delivering offensive popups to other users who log on to that computer.

Outbound Anti-Botnet & Inbound Antivirus Protection
iPrism leverages powerful third party resources and our own unique technology, to provide outbound protection against dangerous botnets and inbound virus and malware defense

iPrism Web Security includes multi-layered protection from damaging botnets, viruses and malware that can impact both outbound and inbound Internet traffic. By leveraging powerful third party resources and iPrism's unique technology, you are assured continuous protection from these dangerous threats.

Botnets are Pervasive and Dangerous
Bots are autonomous applications that are often malicious in nature. Cybercriminals create bots for financial gain, forming vast networks of these applications that can infect networks and do massive damage before they are detected. It is estimated that as many as 25% of computers connected to the Internet may be infected by botnets. These infected systems are often referred to as "zombies". Once a bot 'phones home' to one of thousands of command and control hosts, it becomes one of millions forming a botnet.

Botnet invasions can have serious consequences including:

  • Financial loss, including regulatory non-compliance fines and litigation associated with the theft of sensitive customer/client/patient data or intellectual property leakage
  • Damage to ereputation from phishing sites or proxy nets
  • The hassle and cost of having to take preventive measure in the case of click fraud, DDoS and SPAM
  • The cost of procuring and implementing multiple solutions to detect or prevent compromised endpoints as recommended by many IT security vendors
  • The costs associated with acquiring expensive startup anti-botnet appliances

iPrism Leverages ThreatSTOP Botnet Threat List
iPrism Web Security leverages the ThreatSTOP Botnet Threat List to prevent bots from 'phoning home' by contacting command and control centers outside your network. Once a bot has been detected and blocked, users are alerted via email and Real-Time Monitor so they can later remediate compromised endpoints with the security of knowing that the immediate threat has been mitigated. iPrism on-box reporting will show compliance with regulations that protect users' identities and data.

This approach offers significant advantages over any botnet defense our competitors are able to offer:

  • ThreatSTOP continuously updates their Botnet Threat List, based on four feeds from three industry-leading sources: Abuse.ch, ShadowServer and Cyber-TA. iPrism leverages these continuous updates to respond to new botnet threats immediately.
  • The ThreatSTOP List is a proven service with no known false-positives and its experts constantly update their feed sources and correlation engines to mitigate false positives from blocking legitimate traffic.
  • The ThreatSTOP Botnet Threat List is cloud-based and synchronized hourly through EdgeWave's Circumvention Defense Network. This intelligence of thousands of known, active malicious botnet hosts are sent to your on-premises iPrism where enforcement occurs and botnets are stopped.
  • iPrism Web Security enforces the ThreatSTOP list by inspecting outbound traffic and monitoring and blocking bot-related malware attempting to "phone home"
  • iPrism Outbound Botnet Protection incurs No known false positives
  • It does not require tweaking rules such as reputation score thresholds
  • This technology adds 5-10% catch rates to your existing AV, anti-malware defense
  • It assures the preservation and non-repudiation of logged records
  • It performs without adding any network latency

Award-Winning Inbound Malware Protection
iPrism Web Security offers onboard Antivirus with detection capabilities that have won awards from leading certification authorities, including VB 100, West Coast Labs and ICS. Even if you are already using an antivirus solution, our antivirus adds another layer of security by scanning all incoming HTTP traffic and blocking malware before it can reach your end-users. Our antivirus engine employs port-agnostic real-time scanning of web traffic for threats, known and unknown, on all allowed web pages using a unique four-factored system for dynamically detecting and blocking Internet-based viruses, worms and other malware. Our four-factored AV technology includes:

  • A massive signature database that's updated every 15 minutes
  • Advanced Heuristics that help limit the size of antivirus definition files and keeps iPrism ahead of virus creators.
  • Emulation that simulates execution of a program to detect the Windows operating system calls the program attempts. This allows our Antivirus engine to identify malicious behavior in a safe environment separate from the host operating system.
  • Neural Network Detection that works intelligently, learning from the behaviors and characteristics of identified malware code to identify and block new threats.
  • The antivirus runs "on-box", meaning simple deployment and management, and no extra hardware is required.

iPrism Comprehensive On-Box Reporting
iPrism offers a wide range of standard and customizable reports on-box with no additional hardware or software required to easily generate the management reports you need.

Today's organizations depend on the Internet but the Web is fraught with threats both external - from botnets, spyware, malware and phishing, and internal - through employee abuse or negligence. You may have written a solid and binding Acceptable Use Policy (AUP) or Security Policy but how can you know if your users are abiding by the policies.

Reporting is a critical tool that supplies the visibility you need to assure that internal policies are being enforced and the proof required to make sure you are complying with regulatory requirements such as CIPA, HIPPA, SOX, GLBA and others.

Accurate Filtering Means Accurate Reporting
Most software-based solutions use "pass-by" filtering technology. The trouble with pass-by is that it can be overwhelmed when Internet traffic is high, resulting in missed packets. If a packet slips past your filtering solution, so does the opportunity to report on it because, from the solution's perspective, the event never occurred. However, the reality is that the event did occur and because of this scenario you have introduced doubt into the accuracy of your reporting.

With iPrism Web Security's next-generation kernel-level filtering and transparent bridge deployment, you no longer have to worry about missed packets and you can ensure that your reports are generated from accurate and reliable data, and presented in a meaningful format.

Long-Term Data Log Retention
iPrism allows you to retain Internet data logs on-box to assure you can address legal or regulatory compliance issues with accurate historical reporting should the need arise. Your organization's Internet usage data can be retained for up to a year, depending on the number of workstations and volume of Web traffic.

Email Alerts
When acceptable use or security policy infractions occur, or when circumvention attempts, malware or other problems are detected by your iPrism, you are immediately notified via email that an event has occurred. This allows you sufficient time to react and remediate problems, assuring you stay one step ahead of emerging threats.

Real-Time Monitoring (RTM)
With this features you can monitor your web and application traffic on-demand. And you can configure RTM to monitor all or per-user traffic or only those critical events occurring outside of your acceptable use policy or security policies. In those cases, RTM becomes an important diagnostic tool, helping you determine where security holes have opened and where policy violations are occurring.

Comprehensive Reporting That's Easy-to-Use
The on-box reporting package includes tools such as the Report Wizard that make obtaining and presenting the information you need easy and intuitive. Using the Report Wizard, you can create a report from scratch or use a pre-existing report template. The Wizard walks you through all the necessary steps from the criteria you want to apply through to a finished report. You can create reports for multiple types of web and application traffic so you are assured thorough reporting coverage of your entire organization.

Tabular Views Mean Drill-Down Efficiency
The iPrism Web Security reporting package is the only solution that offers tabular reporting views as you drill down. This means that you can create a report, drill-down to a different view, and access your previous view via tabs along the top of the screen. This unique feature gives you the maximum flexibility to explore your data dynamically, without running multiple reports or losing unsaved reports. It also allows you to quickly compare data between multiple reports.