eSafe Smart Suite Release Notes

8/3/2019 eSafe Smart Suite Release Notes

1/8

2010 SafeNet, Inc. All rights reserved. Page 1 of 8 www.safenet-inc.com

CCoonntteennttSSeeccuurriittyy

eSafe SmartSuite

Release NotesVersion: 8.5.25.0

Release Notes Issue Date: June 20, 2010

About this release

These release notes provide a list of the latest additions to eSafe SmartSuite. eSafe SmartSuite is acomprehensive, proactive and future proofed content security solution that goes beyond leading-edgetechnology.

This release of eSafe SmartSuite focuses on the enhanced Data loss /leak prevention (DLP) feature that

includes DLP policies, dictionaries, and profiles that extends eSafes content security and CMF (ContentMonitoring and Filtering) abilities. It also features improvements to the central management feature, andvarious changes to the eSafe Security Center (GUI) that makes for a better user experience, includingmedia control, actionable management, improved alerting capabilities, web quarantine reports and more.

This version is an evolution of eSafe SmartSuite V8.0 which was released in Q4 of 2009. For detailedinformation on that release, please refer to the eSafe SmartSuite Release Notes for V8.0.

Availability

eSafe SmartSuite is only available for new installations on the following platforms:

eSafe XG110 appliances

eSafe HG200 appliances



IBM Blade Center, HS21/HS22 Blade

VMware ESXi (*)

eSafe SmartSuite is available for the following implementation/installation modes:

Web Security Gateway

o In-line Bridge/Cluster

o eSafe Router/Cluster

o eSafe Proxy


2/8

eSafe SmartSuiteRelease Notes


o eSafe ICAP

o eSafe Forwarding Proxy

o eSafe Web SSL

Mail Security Gateway

*Note:eSafe on VMware is available only for the following implementation modes:

Web Security Gateway

o eSafe Proxy (includes WCCP support)

o eSafe Web SSL

Mail Security Gateway

Upgrade Information

Currently, this version does not support automatically upgrading from previous versions of eSafe; it is onlypossible to perform new installations.

At this stage, users who wish to upgrade their eSafe machines must install eSafe SmartSuite, and thenapply the same configuration as the previous installation. Further details are available at the end of theserelease notes.

Installation Instructions

Note:Due to the GUIs new look and feel, the minimum screen resolution should be 1024 x 768.

Detailed installation instructions appear in the eSafe SmartSuite Deployment Guide. A separate document isavailable with instructions for installing on VMware.

Take note that the following ports need to be opened when a firewall exists between the eSafe applianceand the Security Center:

Port 43970 Security Center (Regular protocol)

Port 5432 Security Center (eSafe internal SQL)

Port 8888 Security Center (Dashboard updates)

Port 37233 Webmin management

Port 22 SSH remote control

Port 8787 Security Center (Log collector)

Note:As of this version, we have eliminated the need for an internal USB on XG appliances. Installation orreimaging the appliance is done via the external USB only. For further details see the following document:http://upd5.esafe.com/pub/autoupdate/ver85/product/XG-HG_Appliance_USB_Installation.pdf


3/8



New Features and Enhancements in eSafe SmartSuite V8.5

eSafe SmartSuite V8.5 includes the following new features and enhancements:

DLP:

New DLP capabilities with enhanced features for enforcement, monitoring, and classification ofsensitive files sent via email and web upload.

Supports analysis of more than 150 file types, including:

o MS Office documents, Open Office, and PDF files

o HTML, email, source code files

o Archived files

New options allow taking specific actions when detecting data that matches the DLP dictionaries,including:

o Report:Logs all file properties in the event log.

o Block:Blocks outgoing files/email.

o Notify sender:Sends a notification to the email sender (for mail events only).

o Archive:Archives the file/email in a special repository for later investigation.

o Forward file/email by email:Forwards the file/email to a special DLP inspector email address.

Includes more than 20 predefined out-of-the-box dictionaries that support Unicode.

Includes predefined out-of-the-box DLP alerts with predefined Smart Alerts.

Central Management:

Improved Central Management experience allows getting an instant overview of whats happening onthe gateway by monitoring traffic, getting alerts, investigating events, and taking immediate action. Thecentral management features include:

o Single sign-on

o Centralized machine tree with easy navigation between machines

o Support of data aggregation and statistics for groups/clusters

o Central log server

o Real-time indicators about machine status

o Advanced role-based administration.


4/8



Note:Since this version uses the new central management and log server, when installing an eSafemachine, the Central Management option must be enabled. When installing eSafe in a multiple eSafemachine environment (more than one machine), one machine must be installed with the CentralManagement module, and all others without. Only one central management machine is allowed perorganization. In large environments (above four eSafe machines), it is recommended to install thecentral management/log server as a standalone machine that does not intercept or scan traffic.

Direct Connection: By default, the eSafe Security Center connects to the central machine which allowsmonitoring and managing all machines in the organization. In case of an emergency or if you need tomanage a specific machine NOT via the eSafe Security Center management server, you can connectto the machine directly (with limited capabilities), using the following eSafe management command:"C:\Program Files\eSafe\eSafeMNG\8.5\esafemng.exe" /log /p2p

Productivity Improvements

This version includes various Productivity Improvements, including:

o Controlling and blocking streaming traffic per URL category with profile and streamingproperties (RTSP, RTP, MMS, Flash, etc.).

o New warn/gray URL filter categories per policy and overriding rules (Coaching).

o Support for non-inspected SSL sites per URL category. (Only eSafe Web SSL)

Monitoring and Reporting

Enhanced Smart Alerts with granular DLP alerts.

Allowing fast Smart Alert rule creation when viewing Track & Care events.

Dashboard Enhancements

Enhanced Dashboard graphic charts with drill-down capabilities by double-clicking on the chart orlegend to see actual events for a specific query.

Support for 4Eye log viewing. When viewing information in the Dashboard and Track & Care screens,users will see anonymous details. In order to see real data, a secondary administration password isdefined (4Eye), allowing viewing of actual information.

User Management

Proxy authentication to support multiple AD Domains.

Added a new feature that allows end users to view quarantined email via Web-based reports, andmanage/release quarantined email. This Web-based quarantine report supports NTLM Authentication

and multiple domains.

Globalization Support

This version includes Unicode support to allow globalization of the Security Center UI and data.

Performance Enhancements

This version includes a new results scanning cache.


5/8



Improved web performance using real-time HTTP gzip compression allows content real-time extractionand data analysis of content reaching eSafe in compressed format.

Improved URL Filter performance using internal cache and restructuring.

Restructured the AppliFilter engine to improve efficiency and performance.

Known Limitations

GUI:

In the event that an eSafe appliance is reconfigured or the operation mode is changed, the appliancemust be deleted from the list of machines in the eSafe Security Center and added manually.

The number of days (currently 10 days) that the database records are saved can only be changedmanually via the esaferep.ini file on the eSafe Appliance, and requires restarting the eSafe service.

When viewing the Security Center screen at the recommended resolution of 1024 x 768, the Updates

tab under Policy Settings disappears from view on laptops. (Tip: After selecting the eSafe machineyou want to manage, hide the machine tree in order to see all the tabs.)

DLP:

When eSafe is configured to check outgoing traffic for spam, by design, this traffic will not be checkedfor DLP rules.

Encoded file names inside archive files may be replaced with question marks in the DLP logs.

MS Office 2007/2010 files appear in the DLP report as archive files since these file are actually archiveformats.

Deployment:

This version does not allow upgrades from previous versions; it only supports new installations.

When installing eSafe Web Bridge mode with mail support, make sure that the inner and outer NIChave real IP addresses, or else SMTP will not function.

When working with eSafe in ICAP mode, file compression (gzip) must be turned off at the proxy side.

Management:

Change Configuration events may appear several times in the log for the same event. This is due tothe fact that the changes are done on all the remote machines and are therefore also logged as eventsin the central machine.

Central management machines only support English language user names, passwords, and machinenames.

When the Syslog method is selected for Smart Alerts, the alert event is written in the central machinemessage file and not at the remote eSafe machine. Make sure to define SNMP and Syslog servers atthe Central Management machine as well.

When defining a Smart Alert on a machine that is part of a group/cluster, the smart alert definitions aresaved locally and are not deployed to other machines in the group/cluster.


6/8



When defining LDAP parameters in the LDAP Settings screen, only the DN is supported (domain/userformat is not supported).

eSafe Quarantine:

Releasing email from the quarantine report sent by email doesn't work in Windows Live Mail (on

Windows 7). To solve this, use the new web-based quarantine report.

The Web Quarantine only supports log-in names that use English characters.

The Web Quarantine Report can only be created in English and does not support additional languagesat this stage.

When using the Web Quarantine Report, the LDAP server must be defined. By default the WebQuarantine Report works with HTTPS protocol and therefore a permanent certificate must be issued.For instructions on changing the default protocol from HTTPS to HTTP, see the relevant technical notein the Knowledge Base.

eSafe Web SSL:

In eSafe Web SSL, the website IP address (source IP address) is the same as the URL host andappears as 127.0.0.1, due to the fact that eSafe Web SSL uses the internal parent proxy and doesntknow the real IP address.

URL Filter:

When an HTTPS site is found to belong to a restricted category, an appropriate HTML warning doesnot appear, only a standard browser message notifying that Internet Explorer cannot display thewebpage appears.

The URL Filter redirect warning page (block or gray list mode) cannot be displayed in HTTPS (SSLtraffic protocol), due to technical limitations that prevent changing page content (unless using the eSafe

Web SSL product).

eSafe Cluster

Initially defining a cluster requires logging on to eSafe Security Center via the central machine, defining anew cluster, dragging the eSafe machine (which appears under the ALL branch in the machine tree) to thecluster, and then define the other cluster members.

eSafe Appliance Manager:

When defining the hostname in the eSafe Appliance Manager (Settings > Host Name & DNS), define ahostname shorter than 15 characters.

The LCD display on the HG200 appliance can no longer be used to reconfigure the appliance; it onlysupports viewing the status and changing IP addresses.


7/8



Appendix: Upgrade Instructions

Follow the instructions below to upgrade from an earlier version of eSafe:

1. On the current eSafe machine, create a zip files with the following files:

esafecfg.ini

applifilter2.ini

esafenipca.ini

esdspsrv.dat

2. Install eSafe v8.5 on the machine.

3. Connect to the new machine via the v8.5 GUI.

4. Import the files from the zip file you created in step 1.

5. Restart the eSafe services.


8/8



About SafeNet

In 2007, SafeNet was acquired by Vector Capital, a $2 billion private equity firm specializing in the technology sector.Vector Capital acquired Aladdin in March of 2009, and placed it under common management with SafeNet. Together,these global leading companies are the third largest information security company in the world, which brings to market

integrated solutions required to solve customers increasing security challenges. SafeNets encryption technologysolutions protect communications, intellectual property and digital identities for enterprises and governmentorganizations. SafeNets software protection, licensing and authentication solutions protect companies information,assets and employees from piracy and fraud. Together, SafeNet and Aladdin have a combined history of more than 50years of security expertise in more than 100 countries around the globe.For more information, visit http://www.safenet-inc.com.

Contact Information

For more information, please contact SafeNet Technical Support at:

800-545-6608 (USA)

410-931-7520 (International)

[email protected]

Revision 16, 6/20/2010

eSafe Smart Suite Release Notes

Documents

Transcript of eSafe Smart Suite Release Notes