Content Inspection

With more companies relying on the Internet for information and services, malicious code attacks are a regular and crucial hazard. Such attacks have been known to destroy or steal business-critical information and bringing companies' eBusiness to a striking halt. With eTrust Content Inspection you can rely on real-time attack intervention: automatic detection, blocking and notification of all types of potentially malicious content such as Java, ActiveX, VBScript, viruses, e-mail attachments, and improperly digitally signed objects.

eTrust Content Inspection complements firewalls, inspecting each Java applet and verifying each ActiveX control' credentials, even within compressed files. It enables secure eBusiness transactions by verifying digital signatures for Java, ActiveX and other digitally signed objects and validating each digital certificate. The product also scans for viruses using CA's award-winning scanning engine. It intercepts inbound objects at the Content Inspection gateway, where both the analysis and comparison of each executable with the security plan is done on the fly in real time, without decreasing network performance.

eTrust Content Inspection is a suite of gateway based, object oriented security programs which may coexist with and complement other security tools in the corporate network, such as Checkpoint's Firewall-1, the Microsoft Proxy Server and the Netscape Proxy Server, or may function as a Standalone gateway. eTrust Content Inspection is integrated within these Internet gateway servers in order to detect and protect the workstations from unwelcome downloadables.

Architecture

Management Level There are three eTrust Content Inspection Management Level tools - the Control Center, the Policy Manager and the Audit Viewer. These tools are installed on the same machine. The Control Center provides a management center where updated policy plans from the Policy Manager, and data regarding objects analyzed at the Gateways , are received. The Policy Manager is used to setup the security policy plans and to distribute them to the Gateways and Control Center. The Audit Viewer is used to audit the status of all objects entering the network via the gateways, including objects that were blocked because they posed a security threat. Gateway Services Level The Gateway application level supervises the Internet traffic, and intercepts and inspects all inbound objects passing thru the HTTP Protocol.  It verifies the digital signatures of signed objects, extracts compressed files and then performs the key task of analyzing each object, in order to verify that it adheres to the security standards of the organization.  Workstation Solution Level The Desktop Edition is the workstation security solution which complements the Gateway services. While the Gateway inspects all applets arriving at the organizational gateway for potentially harmful code, the Desktop Edition observes the behavior of applications and data at the workstation level and prevents activities that create security breaches.

Features

Centralized Management Central management is administered through the Control Center. This provides the control of enterprise security by a security officer without affecting user operation. Digital Signature Technology Performs policy-based digital signature analysis of objects at the gateway level. The signatures of signed Java applets, ActiveX and compressed objects are verified, and then the product goes one step further by authenticating the Certificate Authorities that issue the digital certificate in question. This is facilitated by a built in list of reliable and recognized Certificate Authorities provided with the software. Client Notification The product has a default client notification feature, allowing the system administrator to compose a company-specific message, which is displayed on the screen when an applet is blocked. Another client notification feature is the icon-tag, which is automatically attached to a downloaded file containing mobile code. Downloadable File Formats eTrust Content Inspection contains a known "Downloadables" database which supports the blocking of known Java and .OCX ActiveX downloadables as well as .EXE executable files and compressed files (.CAB, .JAR, .ZIP). A basic list of sample hostile executables comes predefined with the product, and the administrator may identify known downloadables to be "fingerprinted" and added as they are encountered for the first time. Ease of Implementation The product is completely open and extensible, and user transparent. This makes it easy to install and implement in any configuration, without any need to reconfigure clients, or modify existing applications. eTrust Content Inspection comes fully equipped with a generic security plan and predefined events, which can be easily implemented, or customized to suit the particular security needs of any organization. Internally Generated Malicious Code The Desktop Edition is designed to work on the local workstation, to control access to sensitive local data, and to protect the hardware and resources. This is done by demarcating sensitive data and applications in a Personal Security Zone. Other applications that are not trusted and those that are totally unknown are prevented from accessing this personal security zone without the express permission of the user. Platform Support eTrust Content Inspection has been designed to work on all platforms, and can be configured to work with three different external applications, which capture the inbound network traffic and assemble the files for inspection.  Anti-Virus Feature In addition to specifying levels and file types to scan, users can scan in real-time mode or on the fly.