charter for services to manage support and deploy iprism · report malware and to support and...

CM Security Ltd DALTON HOUSE 60 Windsor Avenue London SW19 2RR 1

This document is confidential.

It may not be used or passed to anyone other than intended recipient without agreement from its author.

This document is intended only for the use by Edgewave customers who are in business discussions with

C M Security Ltd: The EMEA Distributor

Charter for Services to Manage Support and deploy iPrism

Published 2007, revised in 2010, 2015 and 2016 by CM Security Ltd

http://www.edgewave.com/


EDGEWAVE INC Edgewave Inc develops and markets Internet security appliances and services that empower IT professionals to effectively, efficiently and intelligently manage their enterprise’s Internet-based resources. Originally founded in 1995 as a market-leader in data security with its flagship product, Open File Manager™, the company is now recognized for delivering today’s #1 Web filtering and security appliance, iPrism®. With millions of end users worldwide in more than 15,000 enterprises, educational institutions, SMB, and government agencies, Edgewave strives to deliver simple, high performance solutions that offer excellent value to our customers. Based in San Diego, California, St. Bernard (OTCBB: SBSW) markets its solutions through a network of value added resellers, distributors, system integrators, OEM partners and directly to end users.

Distribution of Edgewave Edgewave Inc provides its security products, outside the USA, through a global network of Value Added Distributors (VAD). The order process and payment for the provision of subscription contracts and appliance sales are made to the VAD who acts as a conduit to provide the administration of order processing, collection of fees, appliance sales and Consultant Technical Support The authorised VAD must have a de facto standard model to act on behalf of Edgewave with Consultant business advisers and Technical Support resources. These resources enable an authorised VAD to negotiate contract pricing; qualify as an architect of system proposals, and have the resources to effectively advise and assist end user clients on network integration; traffic routing; monitoring compliance to and enforce published IT security and network use policy; as well as coordinate the installation of the Secure Web Gateway System to block and report Malware and to support and maintain a best practice to filter out malicious content, improve bandwidth utilization, manage the use of IM, peer to peer applications and social networking and to create and interpret web monitoring reports that act as a major aid to their end user clients business security. The VAD will manage all appliance warranty claims and is authorised to install and advise the channel on best practice to exploit the web content filtering features that will protect their Internet users, reduce their total cost of ownership and help the end user rationalise their hardware estate . Whilst authorised resellers undergo training, and enjoy financial benefits, the VAD will provide end user prospective customers with technical and business benefit help to scope the implementation of a web filtering project. Typically, a VAD must have product demonstration


facilities and resources, plus, provision to provide products for evaluation and have administration systems to accept orders between Edgewave and its end users. Subscription contracts for the secure web gateway products and its web content filtering product: iPrism® are between the end user and Edgewave

Edgewave has three main regions outside the USA of VAD cover. The primary region is EMEA, Asia/Pacific, Latin and South America. This network of cover and the responsibilities given to the VAD throughout the world contribute to make Edgewave a global provider of web security products.

EMEA The territory known as EMEA covers UK and Ireland, Europe (North and South including Baltic regions and Mediterranean Europe, Middle East, Africa and the region known as Eastern Europe (Lithuania, Latvia and Estonia) Russia is also in this territory as too is Serbia Bulgaria and Turkey. C M Security Ltd is the authorised distributor for EMEA. C M Security Ltd has a network of resellers throughout EMEA, in Germany, Holland, Sweden, Belgium and South Africa.

C M Security Ltd C M Security Ltd was appointed EMEA Distributor for Edgewave in November 2007. C M Security Ltd has a proven high-level of technical competency of Edgewave products, and in particular integration with Citrix networks, Windows Client Server networks VLAN and has its own cloud hosted service from a data centre in Berkshire and Surrey where clustered virtual servers are based to provide Cloud web and email filtering monitoring and management

In some cases C M Security Ltd will integrate and install the Secure Web Gateway iPrism in large corporate networks because its technical and project management skills will bring wider technical benefit for the end user as well as financial benefit that is greater than the reseller. C M Security Ltd have extensive project management skills which they have used successfully in the global Banking, Finance, Insurance, Public Sector Organisations and Regulatory bodies. These skills can be put to use to integrate and install the Secure Web Gateway on an end user network and assist with the demonstration of product features, in particular the pass to WCCP CISCO protocol (where appropriate) , customisation of pages, real time monitoring, setting group security policy, rule base set up and malware protection


Implementation and Support Services from CM Security Ltd The list below is not an exhausted list but an indication of the challenges that iPrism Secure Web Gateway will meet and address. C M Security Ltd will provide the necessary skills and resources to assist the reseller meet these challenges and deliver these features and benefits to the reseller’s end user clients. This coverage makes Edgewave Secure Web Gateway effectively and successfully comparable to any alternative product of its type on the market

1.1 Enable the monitoring of compliance to and enforce published IT security and network user policies by being able to block access to sites whose contents are considered unacceptable by the applicable policies and ethical guidelines. The iPrism appliance is a fully scalable product line. Appliances start with 35G through to 500G. iPrism Secure Web Gateway’s easy-to-use policy-based framework with granular filter exceptions, override permissions, and role-based delegated administration provide simplicity as well as flexibility.

1.2 Block and report on malware that lurks on infected websites and that could affect

unsuspecting browser clients. In particular Botnet groups whose prevalence has increased. The steep rise in Malware contained within the most innocent of web sites is detected in two ways: i) By a sites rating using a humanly-reviewed database that is the most accurate in the industry: iGuard and ii) a real-time malware scanning engine from Kaspersky and integrated on the single self-contained iPrism appliance. Packet headers are checked and intercepted for malicious content.

1.3 Integration with AD, LDAP and remote users, whether Client Server LAN , Citrix Server

based computing, VLAN, WAN help and support. Maximising network HA, failover, fault

tolerance will be provided on request

1.4 Management and set up of ACL (Access Control Lists, Bandwidth Quotas, Real time

monitor and general reporting including customisation are all addition services provided

under the Tiered support packages

1.4.1.1 Tier One £1500 plus VAT per year (two proactive site visits per year)

1.4.1.2 Tier Two £2500 plus VAT per year (four proactive site visits per year)

1.5 Edgewave has an agent for remote client filtering which works uniquely as follows:


HYBRID REMOTE FILTERING TECHNOLOGY FROM EDGEWAVE.

This technology is unique in the industry and the VAD is encouraging resellers to review and

offer this functionality to its end users.

Using a combination of iPrism Remote Filtering Client (for

both Windows and MAC) and Edgewave Data Center

cloud service, iPrism Remote Filtering delivers

comprehensive Internet security to your off-premises

users. iPrism’s exclusive approach assures you the same

level of flexible policy enforcement and comprehensive

reporting for all your employees, whether inside or

outside your organization’s network.

iPrism’s unique approach to remote and mobile filtering

includes communications between the iPrism appliance

and the iPrism remote client software. The Edgewave

Data Center functions as a go-between, making sure the

iPrism remains secure and conserving bandwidth. Each

component has a role in assuring that iPrism performance

and security are never compromised. All of the

monitoring and filtering of your organization’s

Internet activities are handled by the iPrism,

while the data center stores policies from the

iPrism and applies them to your remote and

mobile users in accordance with your

acceptable use policy (AUP). When a remote

user accesses the Internet, the client software

is connected to the data center and receives a

disposition for the Web request based on its

iGuard database URL rating and the user’s

policy. The data center tells the client to block

or allow a site and to monitor or not to

monitor the user’s Internet activity

Periodically, the client sends logs of all your users’

Internet activities on remote PCs or Macs to the data

center. Your iPrism pulls these logs on-demand and

adds them to the local iPrism reports database. This

gives you a single source of management reports for

all users whether on or off-premises. iPrism’s unique

technology allows you to compile reports from

across your organization and drill


1.4 Provide a Secure Gateway for access to the Internet which filters out malicious content

for a user base starting at 50 users and beyond in the enterprise. As an example the

enterprise appliance supports bandwidth up to 100 Mbps and will handle 1,300

transactions a second (i.e. web requests). Edgewave has customers with between

15,000 and 20,000 users using a single 100h appliance (Enterprise Model)

1.5 Reducing bandwidth loss is one of four key business objectives for all web content filtering solutions, not just iPrism, along with reducing productivity loss, security threat risk exposure and legal liability risk exposure. The web content filtering mantra is to use the filtering functionality provided to block high-bandwidth category groups and/or file types, which is the cause of the problem, versus applying a patch to one symptom of the problem. In some cases, the Acceptable Usage Policy (AUP) may not allow this, in which case a simple intercept page, which is custom configurable with the iPrism toolkit will be designed and used to pre-warn the users to avoid or restrict their access time. Passing the intercept page simply requires user re-authentication with their credentials. It is worth mentioning that the more bandwidth improves the more users will exploit the improvement. It is therefore better to use best practice, restricting access, filtering out bad practice with content filtering policy. iPrism’s reports will quickly be able to demonstrate the bandwidth savings (aka. ROI) by actively enforcing the AUP.

1.6 Manage the use of IM, peer to peer applications and social networking. iPrism can block

IM and P2P by detecting the initial login request using port-agnostic packet pattern detection techniques and dropping those packets in addition to the more basic filtering techniques of detecting initial login requests destined to certain IP or URL addresses. This is available to any application that utilizes the following most popular world-wide IM protocols: AIM, Yahoo, MSN or Google; or the most popular world-wide P2P protocols: Kazaa, Bit Torrent, Filetopia, DirectConnect, iTunes, eDonkey, Gnutella, WinMX or WASTE.

Social network site usage can be monitored in real-time, reported on, or access can be

restricted by blocking a pre-defined category within the appropriate web profile

assigned to different user groups. Some categorized social networking sites include

FaceBook, Hi5, YouTube, Twitter, Google Wave, MySpace, Digg, KoobFace and LinkedIn.

1.7 Effectively report on Internet use trends, using iPrism’s award-winning reporting tools

in several tests for ease-of-use. Using the Report Wizard, you can create, run and/or

schedule a report from scratch, use one of 9 most requested pre-defined report

templates or a user-defined template shared by another administrator you delegated to

help unburden your monthly IT tasks. You can create reports for multiple types of traffic

including web, IM and P2P protocols so you are assured thorough reporting coverage of

user trends. It takes little time or skill to create a report that shows a list of the biggest

users (by AD account name) of bandwidth or web site categories over the predefined

period selected. Tabular reporting views are available as you drill down to more

detailed or different views of data, allowing you to easily access the previous view via

tabs along the top of the screen for maximum flexibility to explore data dynamically,


without running multiple reports or losing unsaved reports. Real-time Monitoring

(RTM) enables viewing web, IM or P2P trends on-demand for all or per-user traffic or

only those critical events occurring outside of your acceptable use policy or security

policies. In those cases, RTM becomes an important diagnostic tool, helping you

determine where security holes have opened and where policy violations are occurring

instantly.

An example of Edgewave iPrism reports shown below:


Edgewave and its VAD in EMEA have assembled an additional list of typical considerations that end user clients need to know in selecting a Secure Web Gateway system. These considerations, in no particular order, have previously been made by a combination of corporate clients throughout EMEA. Value Added Resellers will find these sometimes critical considerations answered as follows

2.1 Edgewave and equipment being proposed has proven security effectiveness

and experience within the market place.

iPrism Secure Web Gateway is a world-wide established product selected by over 5000

customers supporting millions of users in corporate companies, government agencies,

public sector organisations, educational intuitions and global corporate businesses. In

EMEA alone the client list adds up to an accepted confirmation that Edgewave Secure

Web Gateway has security effectiveness and experience within the market place. Some

of the clients who have been subscribing and are currently continuing to subscribe for

the Secure Web Gateway are shown below and overleaf:


iPrism has also received numerous awards for its value, simplicity and performance:

2.2 The Edgewave Secure Web Gateway systems product range starts at an entry level of 50

users to SME and the Enterprise. The latest version 8 has unleashed comprehensive

security of the perimeter:


All iPrism appliance models from Edgewave are 1U high rack-mountable appliances (1.75” x 14”

x 25.6” with 50lb weight). iPrism 150G and 500G also have built-in redundancy with raided

server drives and multiple power supplies

2.3 It is important to state that filtered traffic by iPrism is an unnoticeable 3 milliseconds

considered the inherent latency to access external web servers hosting the site. This is

achieved using the kernel-level filtering architecture, described in more detail in

paragraph 2.9

2.4The URL categorisation database (iGuard) is updated regularly on an hourly and daily

basis.

Edgewave is a founding web filtering vendor that for over 14 years has populated the

granular 80-category iGuard database using a fully-staffed human review team to very

accurately categorize and maintain the top 10-20 million web sites (aka. domains, IPs or

individual URLs) on the Internet that 99.9% of your end users may visit daily. This accuracy

is to ensure virtually no false positives, whereas vendors that rely on dynamic classifiers

often claim 98% accuracy that only is based on pornography and unspecified accuracy for

all other categories. False positives can quickly consume an administrator’s daily tasks for

a 3,000+ user organization that will generate over 100,000 web requests daily. For

example, a 2% false positive rate would result in 2,000 custom filter exceptions and/or

overrides to manage. Human reviewers can categorize an individual web page (URL)

different than the parent web site (domain), whereas dynamic classifiers will not

categorize a new individual web page (i.e. www.website.com/newpage) within an already

categorized parent web site (www.website.com). iGuard’s 100% human-reviewed

accuracy will also ensure that reports will fully comply with audits or regulations. The

iGuard team uses several private and public acquisition sources to obtain web sites to

categorize, including the iPrism customer base and the Internet Watch Foundation.

2.5 iPrism can be deployed transparently using its unique non-proxy transparent bridge

deployment with transparent time-based authentication for which client workstations do

not need to be re-directed to the web gateway, yet concurrently can also support client


workstations re-directed to iPrism’s built-in proxy with transparent session-based

authentication. Alternatively, iPrism can use a proxy-only deployment and supports

WCCPv2-enabled switches/routers to enable transparency to client workstations. For

remote branch office or mobile laptop users, a remote filtering hybrid client installed on

Windows or Mac enables uniform (or modified) policy enforcement without requiring a

publicly-available proxy deployed in the DMZ or a VPN client backhauling web traffic

through the web gateway, yet aggregates log data for uniform monitoring and reporting.

2.6 All iPrism systems are managed and controlled by European-based English speaking

engineers who will support and maintain the implementation, when or if required by

resellers/end users. Any faults reported during office hours are handled immediately. On

site attendance by certified engineers is available and chargeable at 1000 euros per day. If

site attendance is required any fault reported before 12.00 CET mid-day (office hours) can

expect to see a support technician on the same day. Faults reported after mid-day can

expect to see a support technician next working day. In most cases support calls will be

resolved without on site support. Remote and telephone support is standard practice as is

often resolved immediately. Fault reporting response is handled by C M Security Ltd

directly

2.7 Management, data analysis and reporting can all be achieved through iPrism’s web-based

management console; the reporting module will open a Java runtime environment but is

still initiated through the web interface. Reports are live data that can be manipulated,

sorted, and drilled down which is why the Java environment is utilized. Edgewave are able

to provide instructions to setup a tunnel from iPrism or ERS to their support team for

remote troubleshooting

Multiple administrators roles can be created with varying levels of access and delegated

permissions by feature and/or profile; and are authenticated by user credentials via local

user database or directory service integrations.

2.8 iPrism supports the WCCP v1 and v2 protocol for fault tolerance by automatic detection

and rerouting to eliminate network downtime in the event that iPrism is turned off,

disconnected, or a system failure occurs. For WCCP v2 specifically, iPrism supports:

• Specification of up to 32 routers (unicast IP addresses only)

• Optional specification of a service group password if desired

The support for this protocol has already been tested and proven successful by the Cisco

network engineers for HTTP traffic.


2.9 The loading of web pages is uniquely minimal thanks to kernel-level policy engine

enforcement for passive monitoring or active filtering. When iPrism is running in non-

proxy transparent bridge mode, web requests are passed at the network layer which

avoids increasing response times. This works by passing a web request directly to the web

server, while the request is being downloaded iPrism rates the site. Before the web server

has returned the request page

iPrism is ready to pass or block

the request. Also, the on-box URL

database and real-time malware

scanning engine ensures no extra

latency is added by off-box

lookups, whereas other vendors’

on-premise solutions rely partly

on off-box databases with 200 or

more milliseconds of latency.

2.10 iPrism requires no server-based authentication/authorization (aka. user ID) agents the

implementation is much easier to initially setup and maintain when upgrading to a new

software release. The installation technicians comfortably work in and out of office hours,

quite often continuing their assignments beyond a normal 8 hour day assuming that

access is provided to enable this practice

2.11 The total cost of ownership of an iPrism Secure Web Gateway is known to be lower than

its rivals. A recent independent study published by Robert Hale & Associates in March

2009 showed that Edgewave’s Web Filter solution was considerably less total cost of

ownership over 3 years than its top rivals in on-going monthly maintenance costs alone in

regards to system

administration, policy

management,

reporting and 3rd-

party hardware. The

iPrism is a self-

contained platform

with no OS

dependencies as is

the case when off-

box server-based authentication/ authorization agents and/or reporting software is

installed on 3rd-party servers running Windows or Linux. OS dependencies include

regularly patching OS vulnerabiltiies, resolving system software conflicts with the OS or

other 3rd-party software, and waiting for system software support for new OS versions

(i.e. Windows 2008 Server). Also, the iPrism has automatic (or manual) system upgrades

so you will receive the most recent features and protection without any additional

maintenance tasks.


The total cost of ownership over three years is considerably cheaper in subscription

payment than the price model for 12 months or 24 months.

The pricing model is CAPEX for the appliances (one off cost FOB San Diego) plus 12, 24 or

36 months apliance warranty subscripiton plus seat subscription license (also 12, 24 or 36

months options) The appliance warranty is obligatory with seat licensing and must co-

term with seat subscripiton license term. 36 months pricing represents near 35% saving

compared to 12 months options.

2.12 The iPrism Secure Web Gateway appliance is updated regularly as previously mentioned. The iPrism Secure Web Gateway does not use 3rd party databases, preferring to use a 100% human-reviewed iGuard database. This means that each site rated by iGuard has a higher degree of accuracy when compared to heuristic analysis or blended classification technologies, resulting in better enforcement, monitoring and reporting of your acceptable use policy and increased ability to mitigate risks.

iGuard categorizes sites into more than 80 groups updated daily and allows the creation of custom categories for flexible policy setting. In addition to the real-time malware scanning engine updated every 5 minutes, there are 4 security-focused categories updated hourly: phishing, spyware/adware, malware and anonymizer.

iPrism Automated Rating Protocol (iARP), sends your organization's most frequently accessed unrated URLs directly to the iGuard analyst team at St. Bernard where they can be categorized and added to your database in order to create local filters. This not only further refines the filtering process; it can also reduce management costs.

SafeSearch blocks thumbnail images on Google searches, an important consideration for schools where students need protection or any organization wanting to avoid the legal ramifications of objectionable Web images in the workplace.

2.13 When deployed in non-proxy transparent bridge mode, iPrism Secure Web Gateway can

check and intercept packets across all ports for the following web protocols: HTTP, HTTPS, FTP-over-HTTP and HTTP proxies (for anonymizer defense) and the following non-web protocols: AIM, Yahoo, MSN, Google, Kazaa, Bit Torrent, Filetopia, DirectConnect, iTunes, eDonkey, Gnutella, WinMX, WASTE, UltraSurf domain and Google Web Accelerator domain. When deployed in proxy-only mode, the iPrism can proxy (or filter encrypted requests) over standard ports for the following web protocols: HTTP, HTTPS and FTP-over-HTTP.

2.14 iPrism will integrate with Active Directory in both Windows Server 2003 and 2008 environments without requiring any server-based agents installed on multiple domain controllers due to a built-in authentication server supporting NTLM and Kerberos protocols for any (and mixed) deployment mode(s). Users within these environments do not need to re-authenticate if transparent authentication (aka. auto-login) is enabled and client workstations do not to be re-directed if deployed in transparent bridge mode. This is one of iPrism’s strongest benefits.


2.15 Unique within iPrism’s latest software release is a newly updated user interface that

features fully-integrated video tutorials that demonstrates exactly how to use many system capabilities without requiring administrators to manually search through PDF or hardcopy help guides. Some vendors have over 3,000 pages of documentation required to fully learn their products; however, iPrism’s in-system video-based help is a click away and additional detailed documentation is literally 1/10th that of several other vendors’ comparable Secure Web Gateway solutions.

2.16 Iprism’s UNIX-based OS is a customized, optimized and embedded version of FreeBSD so

that only components required by iPrism are installed; reducing the risk of attack on unnecessary services. UNIX itself is one of the most complex operating systems to hack, but to protect the appliance further in the event that somebody did gain access to the appliance, the OS is restricted as the root account required to hack the appliance is disabled. There is no root level access to iPrism. iPrism should sit behind the corporate firewall so any attack in theory would come from internally and with the soon-to-be-released remote filtering hybrid solution, iPrism is the first solution in the market not to require a publicly-available appliance deployed in the DMZ to enforce policies for remote or mobile off-premise users. Edgewave have customers in many sectors including military organisations and the defence sector, to date they are not aware of an appliance successfully being hacked. There has also been no officially cited vulnerabilities published (i.e. www.secunia.com). Software patches and hotfixes are applied regularly when available.

2.17 Warranty procedure for the appliance covers free 48/7 swap out. Faults should be initially

reported to Security Ltd who will verify that the appliance is legitimately in need of warranty swap, providing it has not been deliberately or maliciously or intentionally damaged and authorise a replacement. Faulty appliances are then returned after the RMA is issued and a new appliance replacement despatched to the site from where it was installed.

2.18 Edgewave co-sponsored a comprehensive web security report published by Osterman

Research, a leading industry analyst covering the Secure Web Gateway market, which is available from C M Security Ltd. Some of the issues covered are summarised overleaf

charter for services to manage support and deploy iprism · report malware and to support and...

Documents