CI-1500

The initial offering from Code Green Networks, the Content Inspection (CI) 1500 appliance is a hardened Linux-based 2U box that is deployed at the network perimeter (off of a network TAP). The appliance allows for the registration/identification of sensitive data, the creation and management of data handling policies, and the automatic monitoring of outbound network traffic for sensitive data. Setup and management of the appliance is via a Web-based interface, and according to the vendor the device can be deployed and operational between 30 and 60 minutes.

To identify sensitive data in unstructured documents, the appliance leverages Deep Content Fingerprinting technology, based on research conducted at Stanford University. In brief, the appliance learns what data is considered sensitive to the organization by automatically crawling designated file systems (Windows, Linux/UNIX) or Content Management Systems (initially EMC Documentum and Stellent are supported, via Connector components); or reading content directly supplied to it via E-mail or Web upload from the administrator or designated users. The appliance then creates and stores a digital fingerprint of this information, "... a series of sliding hashes that are mathematically reduced to uniquely represent a document and all of its constituent parts." This fingerprint is then stored in the appliance itself. Up to 1 TB of fingerprint data (which the vendor states is a "much smaller" representation of the original data) can be registered on the appliance, and the fingerprint itself is irreversible (the original data cannot be reconstructed from the fingerprint).

Information that is fingerprinted can be designated as either "Redlist," (sensitive information that should not be transmitted), or "Greenlist," messages that are ok to transmit. According to the vendor, the separation and identification of both red and green list data assists the appliance in the reduction of false positive identifications.

The appliance then monitors outbound network traffic along routable TCP protocols, including HTTP, FTP, and SMTP. It collects the information sent, fingerprints it, and then compares the resulting fingerprints to those in its repository. If a match is found, the appliance takes action according to administrator defined policies; which can include logging the incident (syslog is supported), alerting appropriate individuals, and/or blocking the transmission entirely. The appliance itself includes a built-in MTA (Mail Transfer Agent), and thus supports multiple E-mail specific actions on identified sensitive information; including blocking, quarantining, or rerouting. The vendor states that their Deep Fingerprinting technology enables the appliance to recognize both full documents as well as partial data fragments, regardless of position; and the process is able to fingerprint over 390 different document formats, including MS Office, drawings, image files, and more.

In addition to the recognition of specified document information, the appliance can also recognize data patterns (such as credit card numbers, etc.). Support is provided for both user- and pre-defined patterns, including the detection of British, Danish, Finnish, German, Norwegian and Swedish national identity numbers.

Other features of the appliance include the ability to fingerprint and detect data written in any language and any character set; support for role-based queries and workflow-based incident management, including routing and commenting; and color-coded reporting.

The 2U CI-1500 boasts two dual-core Xeon CPUs, 1.2TB of RAID-5 storage, and 8GB of RAM. It is initially offered in three flavors, serving 250, 1000, and unlimited users; and is available now. Pricing starts at $25,000 (for 250 network users or less).

Visit the Code Green Networks Web site for further information.

product submission by EITPlanet Staff

Latest category updates via our RSS feed