Clearswift SECURE Email Gateway Evaluation Guide

8/2/2019 Clearswift SECURE Email Gateway Evaluation Guide

1/301

Clearswift SECURE

Email GatewayVersion 3.2

Evaluation Guide

Revision 1.0


2/30

Clearswift SECURE Email Gateway / Version 3.2 / Evaluation Guide / Revision 1.0

2

IntroductionThank you for taking the time to evaluate Clearswift SECURE

Email Gateway.

Modern business simply couldnt function without email. However,both incoming and outgoing messages can pose signicant risks to

the security of company networks and condentiality. It is therefore

vital that an organisations email gateway is able to mitigate spam,

neutralise viruses and prevent data leaks without hindering the free

ow of messages.

The Clearswift SECURE Email Gateway is a trusted email gateway

security solution that gets the balance right.

This evaluation guide explores and explains some of the many benets

of the SECURE Email Gateway. Rather than overwhelm you with an in-

depth analysis of every feature our intention is to present the essentialinformation that will allow you to continue to explore and evaluate of

SECURE Web Gateway at your own pace.

Note that this guide assumes that you have already followed the

Clearswift SECURE Email Gateway Getting Started Guide. As such, you

should have completed the Initial Setup Wizard and be able to log in to

SECURE Email Gateway. If this is not the case then the Getting Started

Guide can be found on the Technical Guides area of the Clearswift

website please read it before proceeding.

Well start with a brief overview of what you can expect to see the

user interface. As thats a bit of a mouthful, well call it the UI fromhereon. Heres an overview of what well cover:

Dening an anti-spam policy for your organisation

Tailoring anti-spam policy for specic groups or departments

Blocking unauthorised attachments while allowing the free ow

of information

Performing keyword searches across messages and their attachments

Safely encrypting email sent to external organisations


3/303

The UIWhen you rst log in you will be presented with this Home page:

The Home page is the starting point for managing SECURE EmailGateways features and for implementing and maintaining an effective

spam policy for your organisation. It is supported by a further six pages,or Management Centers, displayed as tabs across the top of the GUI Policy, Message, Report, System, Health and Users. Lets take a closerlook at these...

The Home page presents an overview of SECURE Email Gateway. It isthe rst page displayed each time you log in.

The Policy Center lets you dene and maintain an Acceptable Usage

Policy (AUP) for your organisation. This involves creating rules to

manage information owing in to and out of your organisation. Use thePolicy Center to create rules and routes that determine which emailaddresses and domains are allowed or blocked and who is allowed tosend and receive messages.

The Message Center manages held, or quarantined, email messages.It also offers the ability to run the message-tracking tools,allowing you to trace the paths of any email passing through theSECURE Email Gateway.

The Report Center provides access to the monitoring capabilities ofSECURE Email Gateway. It collates and presents information on theactivities of users, including the most popular email domains, thebusiest users and the types of attachments sent and received. It can

also generate detailed reports on incoming spam and detected viruses.


4/30


4

The System Center is used to manage some of the more technicalaspects of SECURE Email Gateway. The most important settings willhave been congured during the Initial Setup Wizard, so theres not too

much to worry about with this Center. However, they can be editedfrom here at any time.

The Health Center is the place to view real-time usage information forSECURE Email Gateway. Key metrics available here include such as thespam and virus proles, SMTP connections, processor usage, system

update information and the volume of encrypted/decrypted messagesthat have been processed.

The Users Center control access to the aforementioned managementCenters. Use it to create new administrative users, allowing access toall or selected Management Centers.

This evaluation guide will focus on the most important ManagementCenters, offering simple guidelines on making the most of them.

Policy CenterWell start by exploring the Policy Center. It is likely that the majorityof your of time will be spent here, creating and managing the rulesthat dene the email policy. The good news is that the SECURE Email

Gateway comes with a default email policy that can be ne-tuned

quickly and easily to meet your organisations specic needs.

The policy is dened in SECURE Email Gateway using a combination

of content rules, policy routes and Clearswifts TRUSTmanager andSpamLogic technologies to identify and lter 99.5% of spam and prevent

malware infections.

In simple terms, content rules examine every message passing throughthe SECURE Email Gateway, performing a variety of security checks.These rules can be created and reused multiple times to enable the email

administrator to manage even complex policies with ease. A plain-Englishexample of a content rule could be written like this: Detect condential

material in outbound messages and inform IT security personnel. Toview current content rules simply click the Content Tools link

These content rules become part of policy routes. So, again in plainEnglish, a route might be thought of along these lines: Outboundmessages from the sales department. As such, messages can besubjected to different sets of rules dependent on the route throughwhich theyre owing. Click Mail Policy Routes to see the default settings.

As well, Clearswifts SpamLogic technology allows for a global spampolicy for each SECURE Email Gateway. You might, for example, congure

SpamLogic to reject all messages that come from known spam sources.For exibility it is also possible to create a special Spam Content Rule

for a particular group of recipients. To explore these options, just clickSpamLogic Settings.


5/305

CONTENT

RULE

DESCRIPTION USES CAN CAUSE

MESSAGE

QUARANTING

Add Disclaimer Places annotation at the top or bottom of the

message body (e.g. Company Disclaimer)

Message

Annotations

No

Add DisclaimerConditionally

Places annotation at the top or bottom of themessage body (e.g. Company Disclaimer)based on specied conditions, such as a

particular word or phrase being present in orabsent from the message

MessageAnnotationsLexicalExpressions

No

Detectlenames

Checks the message for attached les and

then checks if they match the names from adened list

Filenames Yes

Detect Lexicalexpression

Checks the message for specic words, phrases

or patterns against a dened dictionaryLexicalExpressions

Yes

Detect Spam Overrides the global spam policy for thisparticular direction of email trafc Yes

Detect Virus Denes the behaviour when a message witha virus is detected. For example, a messagesubject to this rule may be held or deleted

Yes

DigitalSignatureValidation

If the message has been digitally signed,this rule checks to see if all or some of thesignatures are valid

Yes

Encryption orDecryptionFails

Denes how to process the email if there is

a failure when trying to either encrypt ordecrypt a message

Yes

MessageModication

Fails

Denes how to process the email if there isa failure when trying to modify the message(when adding a disclaimer, for example)

Yes

MessageProcessingFails

Denes how to process the email if there is

a failure when trying to process the message(when parts of the message are corrupt, forexample)

Yes

Message SizeRestriction

Dened the behaviour when messages which is

over a certain size is processedYes

All trafc Special rule to force the disposal of a messagebased purely on who is sending or receivingthe message

Disposalactions

Yes

Detectunacceptableimages

Checks message to see if they contain imagesthat have either been dynamically classied

as unacceptable or whether the SystemAdministrator has preclassied them as

acceptable or unacceptable

Pre-classied

imagesdened in

Policy >ImageLogic

Yes

Click Mail Zero Hour Malware, meanwhile, to determine how the SECUREEmail Gateway will react to attachment-laden messages containingconrmed or suspected malware. Its worth noting at this point that

these checks are run early in the sequence of message examination. Assuch, messages may be rejected or quarantined before the SECURE Email

Gateway anti-virus engine is run.

Content RulesAs noted, Clearswift SECURE Email Gateway uses content rules inconjunction with routes to manage the free ow of information via

email. This table describes the available content rule types:


6/30


6

Content rules are constructed using items from the content referencesections in order to dene the detailed part of the security check that

is being performed on that message.

These base rules can be re-used throughout the policy. It is advisablewhen creating the rules to use sensible names as it will make theAcceptable Use Policy self-documenting.

Policy RoutesWhen a message is received by the SECURE Email Gateway it isprocessed against the security policy in the following order:

1. [optional] Global spam policy

2. [optional] Global anti-malware checks

3. Identify most appropriate policy route based on sender and recipientof that message. Then

a. Process message using each content rule in that policy route

b. Determine the outcome for the message dependent on thetriggered rules

Policy routes are listed in a table format, which the SECURE EmailGateway processes from top to bottom. The rst route that provides a

match for the sender and recipient email addresses will be evaluated.If no route is matched, a nal catch-all route is used to dene the

default actions for the message.

Denes what the

content rule has tolook for

usesModied

with generates

Denes how messages

are modied

Denes notications

and what happensto messages (held,relayed or deleted)

Default action forall messages

Address Lists based on manual and LDAPentries dened in the Email Addresses

in the Policy Center

Catch-all route. If messages are processed here, then it islikely that you have incorrectly congured the policy routes

Spam and Malware Policy


7/307

Ordering of policy routes is important. Explicit rules should be placedat the top of the list, with less-specic rules below them. Why? Well,

consider this following example routing table:

ROUTE NUMBER FROM TO

1 *@clearswift.com *@hotmail.com

2 *@clearswift.com [email protected]

3 [email protected] [email protected]

Remember, routes are process from top to bottom. So, if the SECUREEmail Gateway was evaluating messages using this routing table thenemails sent from [email protected] to [email protected] wouldmatch Route 1 right away, and be processed accordingly. In otherwords, even though Route 3 provides an explicit match it would neverbe reached because the message wouldve already been picked up byRoute 1. But reverse the order of the table (from 1-2-3 to 3-2-1) andthe explicit route would be able to do whatever job is required.

Remember, too, that each route has a specic series of rules to be

performed against the messages. The order of these rules is similarlyimportant, as they are evaluated from left to right.Consider this example:

At a casual glance, this may seem like an effective route. However, theorder of these rules isnt terribly sensible. The Detect Condential

Material rule performs a keyword search on the message body, lookingfor sensitive words and phrases. But, there is little point performingsuch a search if the message contains a virus. Messages carrying virusesare likely to be deleted, so performing the keyword search rst is a

waste of time and resources. By the same token, it is more sensibleto add legal disclaimers after all the other rules have been processed.Here, then, is a more efcient order for this particular set of rules:

1. Drop messages containing a virus

2. Detect Condential Material

3. Detect Credit Card Lexical Expression

4. Add Legal Disclaimer


8/30


8

Message CenterThe Message Center is the place to manage held, or quarantined,

email messages. As detailed earlier when discussing the SECURE EmailGateway GUI, the Message Center also offers the ability to run themessage-tracking tools and identify messages that are pending delivery.

It is possible to create administrator accounts that have privilegessufcient only to manage a subset of the quarantine areas. Similarly, it

is access to the SECURE Email Gateways message-tracking feature canbe restricted. Note that the security for these sections is managed inconjunction with the User Center.

The maximum size of the message areas is dictated only by the amountof free disk space available to the system. The actual number ofquarantine areas is also unrestricted. However, its worth noting thatSECURE Email Gateway is not designed as a message archive. As such,we wouldnt recommend long-term archival of messages.

Drilling down into a particular area exposes all the messages in that

area. To do this, just click the plus (+) symbol alongside an area.Here, weve drilled down into the Condential area:

Its possible to drill down still further, to view information about aparticular message. To do this, simply double-click the message:

Batch operations allow for massoperations (delete, release etc.)on messages that match a specic

search query

Query the tracking historyto identify when and how amessage was processed

Messages areas with count and totalsize for that particular area. If thisSECURE Email Gateway is peered itwill show a consoildated view of allmessages areas across all peers

Messages that are waiting to beprocessed, waiting for delivery andwaiting for a retry event if the initialdelivery attempt was unsuccessful

Available message handling Page length Page controls


9/309

Clearswift SECURE Email Gateway offers a very powerful message-tracking feature, allowing authorised administrators to be able tosearch the message-processing logs. This is useful for tracking what hashappened to a particular message.

When you start Message Tracking you can dene you search criteria

based on numerous elds such as sender, recipient, subject, sending

host, received date and on which gateways the search is to run

Flexible search criteria allow for generic or precise reporting onmessages that have been accepted or rejected on this SECURE EmailGateway or one of its peers. Heres an example search results:

As before, it is possible to drill down to a particular message justdouble-click:

This panel explains which set of policy rules wereapplied to this message and triggered content rule

Explanation to show where in the message the violation occurred

Next hop delivery with timestamp


10/30


10

Report CenterClearswift SECURE Email Gateway includes versatile management and

reporting facilities, all controlled from a simple web-based interface.Dozens of ready-made report templates are included and new ones canbe created quickly and simply. Better still, SECURE Email Gatewaysreports are interactive: drill down on the y to get to the data you need

quickly and avoid producing useless reports. Heres what it looks like:


11/3011

Obvious, most relevant report groups will depend on your organisation.However, here are a few pointers for useful reports that will providea good place to start your exploration of SECURE Email GatewaysReport Center:

Top Addresses. Use this group of reports to nd the biggest senders of

message in your organisation. Note that its possible to view reportsboth on volumes of messages owing in and out.

Threats Summary. This report, which youll nd in the Threats group,

gives an overall view of the number of messages that have beendetected with viruses, spam or other content check.

Message Processing Rates. These reports, found in the GeneralProcessing group, can provide an at-a-glance view of peak emailsending/receiving times.

Reports can be run by selecting the report and pressing View, or bysimply double-clicking the report name.

The provided reports display user activity for all users. It is likely,though, that youll want reports to focus on specic user groups

or individuals over a specic time periods. Moreover, it is useful to

schedule reports for automatic delivery, rather than executing themon a manual basis. As such, wed advise tweaking some of the report-ltering parameters to create reports tailored for your organisations

needs. Here, for example, are the parameters for the provided AverageMessage Processing Lag Per Day report:

Changing a reports lters is easy. First click to highlight the report that

is the closest match for your reporting requirements. Now click Copy tocreate a copy of the report that can be edited as necessary. To changeany of the lter parameters, just click the appropriate tab:

The lter parameters and their meaning should be self-explanatory. Note

that in order to generate reports based on domains or address routes;these will obviously need to be created prior to customising a report.

When creating a report notice that its icon changes to include a blueperson. Create a report with a schedule and a little clock icon is

added, too.

Parameters for that report


12/30


12

SECURE Email Gateways reports are interactive. As such, it is possible todrill down on data to receive a more detailed report. For example, afterrunning the Top Virus Names report, clicking on the virus name will runanother report to show the list of senders of that particular virus.


13/3013

System CenterThe System Center provides access to settings that dene how the

SECURE Email Gateway operates and how it interacts with componentsin your existing environment. Heres what it looks like:

The System Center is split into three sections - Monitoring & Control,Conguration and Appliance Version & License. Lets explore these in

more depth.

Monitoring and ControlThe Logs & Alarms section allows the administrator to be able to viewthe logs that been generated by the SECURE Email Gateway. Each log isautomatically rolled over at the end of the day and held for 30 days. Ifyou require a longer retention periods, then use the Backup & Restorefeature in the System Center or create scripts to move the les off the

SECURE Email Gateway installation as and when required.

Tools fordiagnosingconnectivityissues

Optionsto viewwhole login browserwindowor mail toyourself

Log data is exposed in the GUI anddoesnt require administrators to accessoperating system


14/30


14

As well, you can use this section to modify how SECURE Email Gatewayhandles triggered alerts. By default alerts will be displayed in the GUI. Ifdesired, use the relevant option to send an alarm by email or SNMP.

The Service Control section offers administrators with sufcient

privileges the ability to gracefully shut down individual services or theentire SECURE Email Gateway.

Conguration

The majority of the options found in the System Settings sectionwill have already been dened in the Initial Setup Wizard. Should

adjustments need to be made when moving the SECURE Email Gatewayfrom a test to a live deployment, though, they will most likely beenacted here:

Perhaps obviously, SECURE Email Gateway SMTP conguration is managed

in the SMTP Settings section of the product lets you dene the SMTP

conguration of the product.

Shutdownoption. Availableto administrators

with shutdownaccess rights

IP Address, Subnet, DefaultGateway and hostnamedened here

This section needs tocompleted for HTTP accessvia a proxy

SSH is off by default,but can be enabledfor a subset of IPaddresses

Access control to themanagement interface isdened here

Time settings such as NTPserver are dened here


15/3015

The PMM Settings section is the place to congure SECURE EmailGateways Personal Message Management (PMM) feature. Its possible,for instance, to specify the format of the message such as text andcompany logo and how frequently the users will receive messagesshowing messages held for them.

The administrator can afford end users control over the delivery ofcertain emails. Messages identied as spam, for example, could be

released if the user determines that the email is in fact legitimate.Alternatively, certain staff may be given the right to release outboundmessages that would otherwise be blocked by the SECURE EmailGateway. These PMM features can be enabled on an individual, group orcompany-wide level. To do this click the Policy tab followed by Manage

Disposal Actions.

Add routinginformation for yourinternal domains here

Dene the IP addresses

of internal hosts who arepermitted to the gateway

Enable for PMM

Control what users will be able to selfrelease messages


16/30


16

The pink cells indicate a Full Distribution. At these times, SECURE

Email Gateway will send notications to all users showing all heldmessages. The green cells indicate a Partial Distribution: thisgenerates notications only for users for whom new messages have

been held since the last full distribution.

SECURE Email Gateway also offers the ability for users to add emailaddresses (including full domains) to a whitelist, to prevent thesemessages being held. These options are also managed from this part ofthe UI.

Clearswift knows that many organisations will deploy more than oneSECURE Email Gateway. This affords common policy, common messagemanagement and common reporting but the Gateways must rst be

peered together. This is a straightforward process. Simply enterthe IP address and user credentials of an additional peer in the PeerAppliances section. Clearswift SECURE Web Gateway devices canalso be added to the peer group, allowing policy to be shared andsimple administration from a unied interface. Here is what the Peer

Appliances section looks like youd just click New to add a peer:

The SECURE Email Gateway product is of course very reliable. However,

the Backup & Restore section provides a simple way to schedule anautomatic backup of policy, system settings and the auditing databaseto an FTP server. Heres a typical view:

The PMM notications are sent to users according to a schedule. To view

or edit this, click the System tab followed by PMM Settings then PMMService Settings. Heres what youll see:


17/3017

The SECURE Email Gateway stores the last 20 congurations online,

each is tagged with the reason why the conguration was made, by

whom and from where. Previous copies of policy cab easily be madeinto the live version, if a change made needed to be reverted.

Change history, who, what, wherefrom and when

Previous policy congurations that

be restored or backed up


18/30


18

Appliance Version & LicenseSECURE Email Gateway is able to automatically update its anti-virus and anti-spam defences, without administrator intervention.Similarly, updates to the SECURE Email Gateway itself are alsodownloaded automatically. However, it is important to understandthat these product updates are NOT applied without action from theadministrator. This is where the Appliance Version & Upgrades sectioncomes in. The administrator is notied of new releases, via GUI alerts

and optional SNMP or SMTP alerts, and then must decide what action totake. This screenshot shows the Appliance Version & Upgrades sectionon a SECURE Email Gateway that has had some upgrades applied:

Self-testing the SECURE Email GatewayOne of the SECURE Email Gateways strengths is its comprehensivecollection of self-test features. These save time wasted on needlesssupport calls, allowing you to detect and resolve issues quickly andeasily. Click the System tab to return to the System Centers home pageand youll see these options displayed in the left-hand control panel:

It is impossible to consider all possible permutations of situations thatmay lead to problems but a good rst step would be the Connectivity

Test just click the link. This provides conrmation that the SECURE

Email Gateway is connected and able to communicate before deciding

which areas should be the focus of subsequent troubleshooting steps.And be reassured that when expert help is needed, Clearswift can becontacted 24 hours a day, 7 days a week.


19/30


20/30


20

The effectiveness of SECURE Email Gateways anti-spam measures canbe checked by using the various reports or the real-time graphs in theHealth Center.

If the SECURE Email Gateway is deployed behind other message-transfer

agents (MTAs) in your environment you can still use TRUSTmanager just enter the IP address or hostname of these hosts:

Occasionally, the SECURE Email Gateway may need to process emaildifferently for a specic sender. For example, its possible that for

whatever reason the senders MTA has wrongly ended up on a real-time block list whitelist.

Another common example is where a specic staff members or groups

cannot risk an inaccurate identication of messages as spam a false-

positive but still want any spam marked on the subject line. Hereshow to deal with this:

1. Create an address list for the special group of recipients

In this demonstration SECURE EmailGateway we are detecting spam by the

content, not by the connection. Here,94.9% of mail is spam, while 4.9% of

messages are good

If Suspicious is the only reputationbeing reported, then your TRUSTmanagerconguration is not correctly set

64% of incoming messages are

considered Bad. We could thereforediscard 42m messages (64% of 65m)

during the SMTP connection


21/3021

2. Create a new Detect Spam content rule

3. Create a new Detect Spam content rule

4. Add any other content rules to that route


22/30


22

Blocking FilesMost organisations will want to stop certain le types from being sent or

received. When it comes to inbound messages, the obvious candidatesinclude any le type that could potentially carry a virus, oversized

messages and frivolous attachments, such as MP3s, MPEGs and AVIs. Formessages leaving your organisation concerns include leakage of sensitivedata, any comments or materials that could damage the company brandor reputation, profanity and embarrassing content.

Fortunately, managing these issues while still allowing staff tocommunicate freely is easy with the SECURE Email Gateway.

Well consider the Detect Media Type content rule can help weedout those time-wasting attachments. The advantage of the DetectMedia Type content rule is that it uses binary recognition of the data

to determine the le type. So, even if a le is renamed it will still bedetected. Heres what it looks like:

By selecting this grouping, all executable letypes

can be blocked, or click on the + and select theindividual formats that can be blocked


23/3023

Determine what to look for and then dene what to do in the event

that the le type was detected in a message. The options available in

particular content rule are:

Drop the message

Non-deliver the whole message Hold in a message area

Relay to a specic mail server

Deliver the message

Strip the attachment

Add a message header

Annotate the message

Generate an alert

Trigger the message to be encrypted

Obviously, some of these can only be used once like Drop themessage. However, in most cases it is possible to have the SECUREEmail Gateway perform multiple actions based on the detectioncriteria. You could, for example, strip the attachment but still deliverthe message.

This new rule would be added to the appropriate route of email toachieve the desired goal.

Controlling content by keywordOne of the most powerful and popular features of SECURE EmailGateway is the ability to block or reroute messages based upon wordsor phrases found either in any of the following locations:

SMTP headers

Subject lines

Message bodies

Attachments

In terms of attachments, the SECURE Email Gateway is able toextract and analyse documents and les from many common business

applications. These include all versions Microsoft Ofce, OpenOfce and

Adobe PDF les, as well as HTML. Whats more, SECURE Email Gateway

can even separate where in the document the content was detected, beit the body, the headers and footers or even the metadata.

When it comes to search strings and patterns, SECURE Email Gatewaygives customers the freedom to create their own lists of words, phrasesand regular expressions. However, the product includes various ready-made lists. As well, the SECURE Email Gateway can access a special setof Managed Lists: these are built and managed remotely by Clearswift,and are regularly updated with new words and phrases.

These lists of lexical expressions are dened within the References

section of the SECURE Email Gateway. They can be used in multiple

instances of the Text Analysis content rule.


24/30


24

Dening the list

The lexical expression lists are essentially collections of words,phrases, common expressions, operators and special tokens. Each entryin the list carries an expression value, from 1 to 10; there is also aspecial instant trigger value. By associating different values to eachphrase we can ensure that a degree of sensitivity is achieved.

Credit card numbers provide a good example of the usefulness ofspecial tokens. Obviously, every credit card number is different, soSECURE Email Gateway can employ a credit card token as a pattern-matching tool. In other words, the credit card token looks for asequence of numbers that match the known credit card. The tokenlooks for strings of digits between 13 and 18 characters in length andprexes commonly used by the major credit card providers. A checksum

formula is also applied to ensure that the match is accurate.

If the credit card token is assigned the aforementioned instant value,then as soon as the SECURE Email Gateway detects a message containingcredit card number a trigger event will take place: the message could bequarantined, for instance.

However, to allow for the free ow of information the expression value

can be altered. Change the credit card tokens expression value to 3, say and set a threshold of 10 in the content rule and users would be ableto send messages containing up to three credit card numbers. Attemptingto send four credit card numbers, though, would trigger an event.

Simple phrases, Tokens and Regular expressionscan be mixed to provde the exibilty required for

detecting content violations

Date regularexpression


25/3025

Creating the content ruleA new Detect Lexical Expression content rule can be created andcongured for use.

Whilst creating this particular policy rule you can dene where in themessage you want to check, what the necessary threshold will be totrigger a violation, what the scoring algorithm will be and also what to dowhen a violation does occur.

Once this has been created it should be added to the appropriate PolicyRoutes and the conguration needs to be committed.


26/30


26

Managing EncryptionClearswift SECURE Email Gateway supports multiple methods to encrypt

data from one organisation to another, including TLS, S/MIME and PGP.Theres also an ad-hoc method of encryption, for password-protectingmessages sent to external organisations and people. This wide choiceof different techniques allows an organisation to engage in securecommunications to a wide range of receiving systems.

This table of typical uses provides a guide to the various types ofencryption offered by the SECURE Email Gateway:

USE CASE METHOD

All messages to particular domain must be encrypted TLS

Messages sent to a domain must be secured overthe internet but do not need to be secured to

the desktop

TLS, S/MIME,PGP

Messages sent to a domain must be secured over theinternet but only to a group of named individuals

S/MIME, PGP

Messages sent to recipients who are familiar withencryption software on their system and mustreceive the message in a secure fashion

S/MIME, PGP

Messages encrypted at the desktop, content checkedat the corporate gateway and delivered to therecipients desktop in an encrypted format

S/MIME, PGP

Messages sent to recipients who have no desire forany encryption software on their system and mustreceive the message in a secured fashion

Ad-hoc

Messages sent to recipients that should only beencrypted based on the presence of certain content,such as credit card numbers

S/MIME, PGP,Ad-hoc

Encrypting a messageEncrypting an email requires appropriate keys or pass phrases that canbe used to convert the unsecured data into a secure format.

Both S/MIME and PGP employ a public/private keys format (S/MIMEkeys are also known as certicates), while the ad-hoc method relies

on a single pass phrase. The special keys required for S/MIME or PGPcan be generated automatically by the SECURE Email Gateway, a keygenerator tool (such as GnuPG) or by using a third-party service such asVerisign, Thawte or GlobalSign. These keys can be separated out into aprivate part, which must not be disclosed to anyone else, and a publicpart that can be distributed to anyone.

First, though, S/MIME and PGP keys must be imported into the SECUREEmail Gateways Certicate Store. To do this, click the System tab

followed by Certicate Store then Partners like this:


27/3027

It is possible to import the S/MIME and PGP certicates in the following

key formats: PEM, ASC, B64, CER and P7B.

With the keys loaded into the Certicate Store, it is possible to create

encryption endpoints which dene the certicates and encryption

method to use for particular email recipients. Here, well consider anexample recipient called Bob Smith, whose PGP key has already beenloaded into the Certicate Store:

Were going to create an encryption endpoint for any email messages sentto him via the SECURE Email Gateway. Click New in the Mail EncryptionEndpoints and follow the screen options. It would look like this:

Click Save and this new endpoint will be listed in the EncryptionEndpoints section of the Systems Center, here:

Select the key to use for this endpoint orselect password to use the ad-hoc method


28/30


28

As such, we are now able to enforce an encryption policy for email sentto [email protected].

To do this, we would create an email policy for messages sent to thisaddress. Then, every email sent from your organisation to [email protected] will be encrypted using his key. This is achieved by creating anew policy route, in the Policy Center:

So, assuming the message is processed and does not get quarantined, itwill be encrypted using Bobs certicate details and sent to him.

The SECURE Email Gateway can also force encryption based on triggeringof a particular content rule. You might, for example, employ theDetect Lexical Expression rule to check for sensitive words or phrasesby referencing the Condential Material expression list and, if found,

encrypt the message automatically. Heres how to do it:

To make encryption even simpler, it is possible to create an endpoint that

uses password protection. The password can be a phrase dened by andknown to both sender and recipient, or it can be generated automaticallyby the SECURE Email Gateway. When this option is selected, the senderreceives an acknowledgement of the password via email, like this:

Address List entry for Bob Smith. This could be a generic addresslist for all recipients of encrypted email

Enable encryption

Keyword list to search against

Where in the message to scan for keywords

Threshold value to trigger on


29/3029

Its also possible to congure the SECURE Email Gateway to encrypt

based on the type of les sent. For example, the act of sending an

Excel spreadsheet could trigger an encryption event, either for allmessages or to particular recipients only (like an external accountingrm, say).

For further informationTechnical Guides: http://www.clearswift.com/knowledge-and-insight/resources/technical-guides

Clearswift knowledge base: http://kb.clearswift.com/

Technical Support:http://www.clearswift.com/support/support-services

Clearswift user discussion forums:

http://web2.clearswift.com/support/msw/forums/

Decrypting MessagesFinally for this guide we will cover decrypting messages. This isstraightforward in the SECURE Email Gateway. Simply save the messagerecipients private key in the Corporate tab of the Certicate Store and

set it as a default key. You should see that the envelope icon will behighlighted for that key. Then, congure a policy route that will apply

decryption using the key.

We hope that this brief guide has given you a head start in yourevaluation of Clearswift SECURE Email Gateway. Of course, theresplenty more to explore. For more help or guidance either follow thelinks below or simply give us a call wed love to hear from you.


30/30

Documents

Clearswift SECURE Email Gateway Evaluation Guide