Code Green Networks Content Inspection Appliance
Strengths: Easy-to-use, supporting over 400 file formats, a very good performer on smaller enterprises.
Weaknesses: Only manages the network leakage vector; no support for peripherals without the add-in CI Agent.
Verdict: If you have a small-to-medium-sized enterprise and want to manage data leakage through the network, this is a good product for you.
SummaryThe Code Green Networks CI-1500 Content Inspection Appliance, v4 is a good middle of the road extrusion detection appliance. It works in three modes: packet monitor, MTA (email) inspection, and ICAP (internet content adaptation protocol) agent for use with a Blue Coat Proxy SG server. Using the ICAP agent, the content inspection appliance (CI) can identify and reroute HTTP, HTTPS and FTP traffic as needed. As a packet monitor, the CI cannot block traffic. Installed using a tap (such as our network critical tap), it watches packets and reports policy violations. The MTA configuration reroutes email and manages it according to applicable rules, including automatically encrypting sensitive information using PGP (pretty good privacy).
We like the email and ICAP capabilities, but the packet inspection would be more useful if it could perform blocking as well. However, given that most data leakage is through email, the separate email capability handles that problem nicely, and if you want other protocols you can implement the ICAP. The CI-1500 does not provide protection against data leakage through peripherals. [Code Green says it facilitates this through a separate product called CI Agent that sits on the desktop and performs that function; because it is a separate product, in accordance with our testing policy we did not test it. CI Agent integrates tightly with the Code Green platform].
We found this appliance easy to set up and get going, but the configuration of the various capabilities was a bit challenging. The appliance uses separate ports for its three capabilities, and each needs to be configured for use. However, documentation is excellent and it did not take us long to insert it into our test bed.
Once up and running, the CI performs very well. We had no problems with it and it behaved as we expected. The CI-1500 supports up to 5,000 users, and the smaller CI- 750 supports up to 250. These products are aimed at small- to medium-sized businesses.
The web site is good, but could use more support content. A 24/7 premium support package also is available.
Priced at $25,000, this is not a cheap product given its focus on data leakage only through the network. However, for a smaller organization with only that particular need, its ease of use and good performance make it a bit better than average value.