charter for services to manage support and deploy iprism · report malware and to support and...
TRANSCRIPT
CM Security Ltd DALTON HOUSE 60 Windsor Avenue London SW19 2RR 1
This document is confidential.
It may not be used or passed to anyone other than intended recipient without agreement from its author.
This document is intended only for the use by Edgewave customers who are in business discussions with
C M Security Ltd: The EMEA Distributor
Charter for Services to Manage Support and deploy iPrism
Published 2007, revised in 2010, 2015 and 2016 by CM Security Ltd
CM Security Ltd DALTON HOUSE 60 Windsor Avenue London SW19 2RR 2
EDGEWAVE INC Edgewave Inc develops and markets Internet security appliances and services that empower IT professionals to effectively, efficiently and intelligently manage their enterprise’s Internet-based resources. Originally founded in 1995 as a market-leader in data security with its flagship product, Open File Manager™, the company is now recognized for delivering today’s #1 Web filtering and security appliance, iPrism®. With millions of end users worldwide in more than 15,000 enterprises, educational institutions, SMB, and government agencies, Edgewave strives to deliver simple, high performance solutions that offer excellent value to our customers. Based in San Diego, California, St. Bernard (OTCBB: SBSW) markets its solutions through a network of value added resellers, distributors, system integrators, OEM partners and directly to end users.
Distribution of Edgewave Edgewave Inc provides its security products, outside the USA, through a global network of Value Added Distributors (VAD). The order process and payment for the provision of subscription contracts and appliance sales are made to the VAD who acts as a conduit to provide the administration of order processing, collection of fees, appliance sales and Consultant Technical Support The authorised VAD must have a de facto standard model to act on behalf of Edgewave with Consultant business advisers and Technical Support resources. These resources enable an authorised VAD to negotiate contract pricing; qualify as an architect of system proposals, and have the resources to effectively advise and assist end user clients on network integration; traffic routing; monitoring compliance to and enforce published IT security and network use policy; as well as coordinate the installation of the Secure Web Gateway System to block and report Malware and to support and maintain a best practice to filter out malicious content, improve bandwidth utilization, manage the use of IM, peer to peer applications and social networking and to create and interpret web monitoring reports that act as a major aid to their end user clients business security. The VAD will manage all appliance warranty claims and is authorised to install and advise the channel on best practice to exploit the web content filtering features that will protect their Internet users, reduce their total cost of ownership and help the end user rationalise their hardware estate . Whilst authorised resellers undergo training, and enjoy financial benefits, the VAD will provide end user prospective customers with technical and business benefit help to scope the implementation of a web filtering project. Typically, a VAD must have product demonstration
CM Security Ltd DALTON HOUSE 60 Windsor Avenue London SW19 2RR 3
facilities and resources, plus, provision to provide products for evaluation and have administration systems to accept orders between Edgewave and its end users. Subscription contracts for the secure web gateway products and its web content filtering product: iPrism® are between the end user and Edgewave
Edgewave has three main regions outside the USA of VAD cover. The primary region is EMEA, Asia/Pacific, Latin and South America. This network of cover and the responsibilities given to the VAD throughout the world contribute to make Edgewave a global provider of web security products.
EMEA The territory known as EMEA covers UK and Ireland, Europe (North and South including Baltic regions and Mediterranean Europe, Middle East, Africa and the region known as Eastern Europe (Lithuania, Latvia and Estonia) Russia is also in this territory as too is Serbia Bulgaria and Turkey. C M Security Ltd is the authorised distributor for EMEA. C M Security Ltd has a network of resellers throughout EMEA, in Germany, Holland, Sweden, Belgium and South Africa.
C M Security Ltd C M Security Ltd was appointed EMEA Distributor for Edgewave in November 2007. C M Security Ltd has a proven high-level of technical competency of Edgewave products, and in particular integration with Citrix networks, Windows Client Server networks VLAN and has its own cloud hosted service from a data centre in Berkshire and Surrey where clustered virtual servers are based to provide Cloud web and email filtering monitoring and management
In some cases C M Security Ltd will integrate and install the Secure Web Gateway iPrism in large corporate networks because its technical and project management skills will bring wider technical benefit for the end user as well as financial benefit that is greater than the reseller. C M Security Ltd have extensive project management skills which they have used successfully in the global Banking, Finance, Insurance, Public Sector Organisations and Regulatory bodies. These skills can be put to use to integrate and install the Secure Web Gateway on an end user network and assist with the demonstration of product features, in particular the pass to WCCP CISCO protocol (where appropriate) , customisation of pages, real time monitoring, setting group security policy, rule base set up and malware protection
CM Security Ltd DALTON HOUSE 60 Windsor Avenue London SW19 2RR 4
Implementation and Support Services from CM Security Ltd The list below is not an exhausted list but an indication of the challenges that iPrism Secure Web Gateway will meet and address. C M Security Ltd will provide the necessary skills and resources to assist the reseller meet these challenges and deliver these features and benefits to the reseller’s end user clients. This coverage makes Edgewave Secure Web Gateway effectively and successfully comparable to any alternative product of its type on the market
1.1 Enable the monitoring of compliance to and enforce published IT security and network user policies by being able to block access to sites whose contents are considered unacceptable by the applicable policies and ethical guidelines. The iPrism appliance is a fully scalable product line. Appliances start with 35G through to 500G. iPrism Secure Web Gateway’s easy-to-use policy-based framework with granular filter exceptions, override permissions, and role-based delegated administration provide simplicity as well as flexibility.
1.2 Block and report on malware that lurks on infected websites and that could affect
unsuspecting browser clients. In particular Botnet groups whose prevalence has increased. The steep rise in Malware contained within the most innocent of web sites is detected in two ways: i) By a sites rating using a humanly-reviewed database that is the most accurate in the industry: iGuard and ii) a real-time malware scanning engine from Kaspersky and integrated on the single self-contained iPrism appliance. Packet headers are checked and intercepted for malicious content.
1.3 Integration with AD, LDAP and remote users, whether Client Server LAN , Citrix Server
based computing, VLAN, WAN help and support. Maximising network HA, failover, fault
tolerance will be provided on request
1.4 Management and set up of ACL (Access Control Lists, Bandwidth Quotas, Real time
monitor and general reporting including customisation are all addition services provided
under the Tiered support packages
1.4.1.1 Tier One £1500 plus VAT per year (two proactive site visits per year)
1.4.1.2 Tier Two £2500 plus VAT per year (four proactive site visits per year)
1.5 Edgewave has an agent for remote client filtering which works uniquely as follows:
CM Security Ltd DALTON HOUSE 60 Windsor Avenue London SW19 2RR 5
HYBRID REMOTE FILTERING TECHNOLOGY FROM EDGEWAVE.
This technology is unique in the industry and the VAD is encouraging resellers to review and
offer this functionality to its end users.
Using a combination of iPrism Remote Filtering Client (for
both Windows and MAC) and Edgewave Data Center
cloud service, iPrism Remote Filtering delivers
comprehensive Internet security to your off-premises
users. iPrism’s exclusive approach assures you the same
level of flexible policy enforcement and comprehensive
reporting for all your employees, whether inside or
outside your organization’s network.
iPrism’s unique approach to remote and mobile filtering
includes communications between the iPrism appliance
and the iPrism remote client software. The Edgewave
Data Center functions as a go-between, making sure the
iPrism remains secure and conserving bandwidth. Each
component has a role in assuring that iPrism performance
and security are never compromised. All of the
monitoring and filtering of your organization’s
Internet activities are handled by the iPrism,
while the data center stores policies from the
iPrism and applies them to your remote and
mobile users in accordance with your
acceptable use policy (AUP). When a remote
user accesses the Internet, the client software
is connected to the data center and receives a
disposition for the Web request based on its
iGuard database URL rating and the user’s
policy. The data center tells the client to block
or allow a site and to monitor or not to
monitor the user’s Internet activity
Periodically, the client sends logs of all your users’
Internet activities on remote PCs or Macs to the data
center. Your iPrism pulls these logs on-demand and
adds them to the local iPrism reports database. This
gives you a single source of management reports for
all users whether on or off-premises. iPrism’s unique
technology allows you to compile reports from
across your organization and drill
CM Security Ltd DALTON HOUSE 60 Windsor Avenue London SW19 2RR 6
1.4 Provide a Secure Gateway for access to the Internet which filters out malicious content
for a user base starting at 50 users and beyond in the enterprise. As an example the
enterprise appliance supports bandwidth up to 100 Mbps and will handle 1,300
transactions a second (i.e. web requests). Edgewave has customers with between
15,000 and 20,000 users using a single 100h appliance (Enterprise Model)
1.5 Reducing bandwidth loss is one of four key business objectives for all web content filtering solutions, not just iPrism, along with reducing productivity loss, security threat risk exposure and legal liability risk exposure. The web content filtering mantra is to use the filtering functionality provided to block high-bandwidth category groups and/or file types, which is the cause of the problem, versus applying a patch to one symptom of the problem. In some cases, the Acceptable Usage Policy (AUP) may not allow this, in which case a simple intercept page, which is custom configurable with the iPrism toolkit will be designed and used to pre-warn the users to avoid or restrict their access time. Passing the intercept page simply requires user re-authentication with their credentials. It is worth mentioning that the more bandwidth improves the more users will exploit the improvement. It is therefore better to use best practice, restricting access, filtering out bad practice with content filtering policy. iPrism’s reports will quickly be able to demonstrate the bandwidth savings (aka. ROI) by actively enforcing the AUP.
1.6 Manage the use of IM, peer to peer applications and social networking. iPrism can block
IM and P2P by detecting the initial login request using port-agnostic packet pattern detection techniques and dropping those packets in addition to the more basic filtering techniques of detecting initial login requests destined to certain IP or URL addresses. This is available to any application that utilizes the following most popular world-wide IM protocols: AIM, Yahoo, MSN or Google; or the most popular world-wide P2P protocols: Kazaa, Bit Torrent, Filetopia, DirectConnect, iTunes, eDonkey, Gnutella, WinMX or WASTE.
Social network site usage can be monitored in real-time, reported on, or access can be
restricted by blocking a pre-defined category within the appropriate web profile
assigned to different user groups. Some categorized social networking sites include
FaceBook, Hi5, YouTube, Twitter, Google Wave, MySpace, Digg, KoobFace and LinkedIn.
1.7 Effectively report on Internet use trends, using iPrism’s award-winning reporting tools
in several tests for ease-of-use. Using the Report Wizard, you can create, run and/or
schedule a report from scratch, use one of 9 most requested pre-defined report
templates or a user-defined template shared by another administrator you delegated to
help unburden your monthly IT tasks. You can create reports for multiple types of traffic
including web, IM and P2P protocols so you are assured thorough reporting coverage of
user trends. It takes little time or skill to create a report that shows a list of the biggest
users (by AD account name) of bandwidth or web site categories over the predefined
period selected. Tabular reporting views are available as you drill down to more
detailed or different views of data, allowing you to easily access the previous view via
tabs along the top of the screen for maximum flexibility to explore data dynamically,
CM Security Ltd DALTON HOUSE 60 Windsor Avenue London SW19 2RR 7
without running multiple reports or losing unsaved reports. Real-time Monitoring
(RTM) enables viewing web, IM or P2P trends on-demand for all or per-user traffic or
only those critical events occurring outside of your acceptable use policy or security
policies. In those cases, RTM becomes an important diagnostic tool, helping you
determine where security holes have opened and where policy violations are occurring
instantly.
An example of Edgewave iPrism reports shown below:
CM Security Ltd DALTON HOUSE 60 Windsor Avenue London SW19 2RR 8
Edgewave and its VAD in EMEA have assembled an additional list of typical considerations that end user clients need to know in selecting a Secure Web Gateway system. These considerations, in no particular order, have previously been made by a combination of corporate clients throughout EMEA. Value Added Resellers will find these sometimes critical considerations answered as follows
2.1 Edgewave and equipment being proposed has proven security effectiveness
and experience within the market place.
iPrism Secure Web Gateway is a world-wide established product selected by over 5000
customers supporting millions of users in corporate companies, government agencies,
public sector organisations, educational intuitions and global corporate businesses. In
EMEA alone the client list adds up to an accepted confirmation that Edgewave Secure
Web Gateway has security effectiveness and experience within the market place. Some
of the clients who have been subscribing and are currently continuing to subscribe for
the Secure Web Gateway are shown below and overleaf:
CM Security Ltd DALTON HOUSE 60 Windsor Avenue London SW19 2RR 9
CM Security Ltd DALTON HOUSE 60 Windsor Avenue London SW19 2RR 10
iPrism has also received numerous awards for its value, simplicity and performance:
2.2 The Edgewave Secure Web Gateway systems product range starts at an entry level of 50
users to SME and the Enterprise. The latest version 8 has unleashed comprehensive
security of the perimeter:
CM Security Ltd DALTON HOUSE 60 Windsor Avenue London SW19 2RR 11
All iPrism appliance models from Edgewave are 1U high rack-mountable appliances (1.75” x 14”
x 25.6” with 50lb weight). iPrism 150G and 500G also have built-in redundancy with raided
server drives and multiple power supplies
2.3 It is important to state that filtered traffic by iPrism is an unnoticeable 3 milliseconds
considered the inherent latency to access external web servers hosting the site. This is
achieved using the kernel-level filtering architecture, described in more detail in
paragraph 2.9
2.4The URL categorisation database (iGuard) is updated regularly on an hourly and daily
basis.
Edgewave is a founding web filtering vendor that for over 14 years has populated the
granular 80-category iGuard database using a fully-staffed human review team to very
accurately categorize and maintain the top 10-20 million web sites (aka. domains, IPs or
individual URLs) on the Internet that 99.9% of your end users may visit daily. This accuracy
is to ensure virtually no false positives, whereas vendors that rely on dynamic classifiers
often claim 98% accuracy that only is based on pornography and unspecified accuracy for
all other categories. False positives can quickly consume an administrator’s daily tasks for
a 3,000+ user organization that will generate over 100,000 web requests daily. For
example, a 2% false positive rate would result in 2,000 custom filter exceptions and/or
overrides to manage. Human reviewers can categorize an individual web page (URL)
different than the parent web site (domain), whereas dynamic classifiers will not
categorize a new individual web page (i.e. www.website.com/newpage) within an already
categorized parent web site (www.website.com). iGuard’s 100% human-reviewed
accuracy will also ensure that reports will fully comply with audits or regulations. The
iGuard team uses several private and public acquisition sources to obtain web sites to
categorize, including the iPrism customer base and the Internet Watch Foundation.
2.5 iPrism can be deployed transparently using its unique non-proxy transparent bridge
deployment with transparent time-based authentication for which client workstations do
not need to be re-directed to the web gateway, yet concurrently can also support client
CM Security Ltd DALTON HOUSE 60 Windsor Avenue London SW19 2RR 12
workstations re-directed to iPrism’s built-in proxy with transparent session-based
authentication. Alternatively, iPrism can use a proxy-only deployment and supports
WCCPv2-enabled switches/routers to enable transparency to client workstations. For
remote branch office or mobile laptop users, a remote filtering hybrid client installed on
Windows or Mac enables uniform (or modified) policy enforcement without requiring a
publicly-available proxy deployed in the DMZ or a VPN client backhauling web traffic
through the web gateway, yet aggregates log data for uniform monitoring and reporting.
2.6 All iPrism systems are managed and controlled by European-based English speaking
engineers who will support and maintain the implementation, when or if required by
resellers/end users. Any faults reported during office hours are handled immediately. On
site attendance by certified engineers is available and chargeable at 1000 euros per day. If
site attendance is required any fault reported before 12.00 CET mid-day (office hours) can
expect to see a support technician on the same day. Faults reported after mid-day can
expect to see a support technician next working day. In most cases support calls will be
resolved without on site support. Remote and telephone support is standard practice as is
often resolved immediately. Fault reporting response is handled by C M Security Ltd
directly
2.7 Management, data analysis and reporting can all be achieved through iPrism’s web-based
management console; the reporting module will open a Java runtime environment but is
still initiated through the web interface. Reports are live data that can be manipulated,
sorted, and drilled down which is why the Java environment is utilized. Edgewave are able
to provide instructions to setup a tunnel from iPrism or ERS to their support team for
remote troubleshooting
Multiple administrators roles can be created with varying levels of access and delegated
permissions by feature and/or profile; and are authenticated by user credentials via local
user database or directory service integrations.
2.8 iPrism supports the WCCP v1 and v2 protocol for fault tolerance by automatic detection
and rerouting to eliminate network downtime in the event that iPrism is turned off,
disconnected, or a system failure occurs. For WCCP v2 specifically, iPrism supports:
• Specification of up to 32 routers (unicast IP addresses only)
• Optional specification of a service group password if desired
The support for this protocol has already been tested and proven successful by the Cisco
network engineers for HTTP traffic.
CM Security Ltd DALTON HOUSE 60 Windsor Avenue London SW19 2RR 13
2.9 The loading of web pages is uniquely minimal thanks to kernel-level policy engine
enforcement for passive monitoring or active filtering. When iPrism is running in non-
proxy transparent bridge mode, web requests are passed at the network layer which
avoids increasing response times. This works by passing a web request directly to the web
server, while the request is being downloaded iPrism rates the site. Before the web server
has returned the request page
iPrism is ready to pass or block
the request. Also, the on-box URL
database and real-time malware
scanning engine ensures no extra
latency is added by off-box
lookups, whereas other vendors’
on-premise solutions rely partly
on off-box databases with 200 or
more milliseconds of latency.
2.10 iPrism requires no server-based authentication/authorization (aka. user ID) agents the
implementation is much easier to initially setup and maintain when upgrading to a new
software release. The installation technicians comfortably work in and out of office hours,
quite often continuing their assignments beyond a normal 8 hour day assuming that
access is provided to enable this practice
2.11 The total cost of ownership of an iPrism Secure Web Gateway is known to be lower than
its rivals. A recent independent study published by Robert Hale & Associates in March
2009 showed that Edgewave’s Web Filter solution was considerably less total cost of
ownership over 3 years than its top rivals in on-going monthly maintenance costs alone in
regards to system
administration, policy
management,
reporting and 3rd-
party hardware. The
iPrism is a self-
contained platform
with no OS
dependencies as is
the case when off-
box server-based authentication/ authorization agents and/or reporting software is
installed on 3rd-party servers running Windows or Linux. OS dependencies include
regularly patching OS vulnerabiltiies, resolving system software conflicts with the OS or
other 3rd-party software, and waiting for system software support for new OS versions
(i.e. Windows 2008 Server). Also, the iPrism has automatic (or manual) system upgrades
so you will receive the most recent features and protection without any additional
maintenance tasks.
CM Security Ltd DALTON HOUSE 60 Windsor Avenue London SW19 2RR 14
The total cost of ownership over three years is considerably cheaper in subscription
payment than the price model for 12 months or 24 months.
The pricing model is CAPEX for the appliances (one off cost FOB San Diego) plus 12, 24 or
36 months apliance warranty subscripiton plus seat subscription license (also 12, 24 or 36
months options) The appliance warranty is obligatory with seat licensing and must co-
term with seat subscripiton license term. 36 months pricing represents near 35% saving
compared to 12 months options.
2.12 The iPrism Secure Web Gateway appliance is updated regularly as previously mentioned. The iPrism Secure Web Gateway does not use 3rd party databases, preferring to use a 100% human-reviewed iGuard database. This means that each site rated by iGuard has a higher degree of accuracy when compared to heuristic analysis or blended classification technologies, resulting in better enforcement, monitoring and reporting of your acceptable use policy and increased ability to mitigate risks.
iGuard categorizes sites into more than 80 groups updated daily and allows the creation of custom categories for flexible policy setting. In addition to the real-time malware scanning engine updated every 5 minutes, there are 4 security-focused categories updated hourly: phishing, spyware/adware, malware and anonymizer.
iPrism Automated Rating Protocol (iARP), sends your organization's most frequently accessed unrated URLs directly to the iGuard analyst team at St. Bernard where they can be categorized and added to your database in order to create local filters. This not only further refines the filtering process; it can also reduce management costs.
SafeSearch blocks thumbnail images on Google searches, an important consideration for schools where students need protection or any organization wanting to avoid the legal ramifications of objectionable Web images in the workplace.
2.13 When deployed in non-proxy transparent bridge mode, iPrism Secure Web Gateway can
check and intercept packets across all ports for the following web protocols: HTTP, HTTPS, FTP-over-HTTP and HTTP proxies (for anonymizer defense) and the following non-web protocols: AIM, Yahoo, MSN, Google, Kazaa, Bit Torrent, Filetopia, DirectConnect, iTunes, eDonkey, Gnutella, WinMX, WASTE, UltraSurf domain and Google Web Accelerator domain. When deployed in proxy-only mode, the iPrism can proxy (or filter encrypted requests) over standard ports for the following web protocols: HTTP, HTTPS and FTP-over-HTTP.
2.14 iPrism will integrate with Active Directory in both Windows Server 2003 and 2008 environments without requiring any server-based agents installed on multiple domain controllers due to a built-in authentication server supporting NTLM and Kerberos protocols for any (and mixed) deployment mode(s). Users within these environments do not need to re-authenticate if transparent authentication (aka. auto-login) is enabled and client workstations do not to be re-directed if deployed in transparent bridge mode. This is one of iPrism’s strongest benefits.
CM Security Ltd DALTON HOUSE 60 Windsor Avenue London SW19 2RR 15
2.15 Unique within iPrism’s latest software release is a newly updated user interface that
features fully-integrated video tutorials that demonstrates exactly how to use many system capabilities without requiring administrators to manually search through PDF or hardcopy help guides. Some vendors have over 3,000 pages of documentation required to fully learn their products; however, iPrism’s in-system video-based help is a click away and additional detailed documentation is literally 1/10th that of several other vendors’ comparable Secure Web Gateway solutions.
2.16 Iprism’s UNIX-based OS is a customized, optimized and embedded version of FreeBSD so
that only components required by iPrism are installed; reducing the risk of attack on unnecessary services. UNIX itself is one of the most complex operating systems to hack, but to protect the appliance further in the event that somebody did gain access to the appliance, the OS is restricted as the root account required to hack the appliance is disabled. There is no root level access to iPrism. iPrism should sit behind the corporate firewall so any attack in theory would come from internally and with the soon-to-be-released remote filtering hybrid solution, iPrism is the first solution in the market not to require a publicly-available appliance deployed in the DMZ to enforce policies for remote or mobile off-premise users. Edgewave have customers in many sectors including military organisations and the defence sector, to date they are not aware of an appliance successfully being hacked. There has also been no officially cited vulnerabilities published (i.e. www.secunia.com). Software patches and hotfixes are applied regularly when available.
2.17 Warranty procedure for the appliance covers free 48/7 swap out. Faults should be initially
reported to Security Ltd who will verify that the appliance is legitimately in need of warranty swap, providing it has not been deliberately or maliciously or intentionally damaged and authorise a replacement. Faulty appliances are then returned after the RMA is issued and a new appliance replacement despatched to the site from where it was installed.
2.18 Edgewave co-sponsored a comprehensive web security report published by Osterman
Research, a leading industry analyst covering the Secure Web Gateway market, which is available from C M Security Ltd. Some of the issues covered are summarised overleaf