iPrism Secure Web Gateway

Detailed Product Specifications

EdgeWave iPrism Web Security provides real-time protection against advanced threats to ensure the security of your staff and data.

iGuard URL Analysis

iGuard is the real-time URL analysis capability behind iPrism. iGuard combines human review with next-generation technology to provide the most accurate website assessments with the lowest false positive and false negative rates in the industry. Only a human reviewer can determine the true intent of a website. The cyber security analysts behind iGuard are an experienced group of multi-lingual web content experts who characterize sites by domain, specific URL and/or general IP address into 80 categories, using documented, detailed criteria.

You receive daily iGuard database updates, and hourly updates on sites containing the most emergent web security risks such as botnets, spyware, malware, and phishing. With iGuard’s combination of advanced technology and human review, false positives and false negatives are virtually eliminated. See the classification system used (pdf).

Kaspersky Anti-Virus

Kaspersky SafeStream II anti-virus scanning with real-time data stream scanning of http and https traffic. Includes Zero day high-risk and infected URL feed with up to the minute updates.

Secure Traffic Analysis

iPrism includes HTTPS SNI and Host Certificate inspection with full TLS decryption for policy compliance and content inspection. Additionally, selective TLS interception is configurable via destination domain and/or website category.

Application Filtering

iPrism offers application controls that reduce the risks associated with unsanctioned application communications. These applications, which include popular IM and P2P protocols, not only erode productivity and drain bandwidth; they can open serious corporate web security gaps where bot-related malware and viruses can invade your network. iPrism allows you to monitor and block IM and P2P applications such as Skype and FTP with a simple set-and-forget check box.

Outbound Anti-Botnet Protection

iPrism provides continuous defense of both inbound and outbound filtering of Internet traffic. Leveraging its unique botnet threat database, iPrism stops the “phone-home” mechanism that enables stealth, bot-related malware to steal identities or data and commit illegal or malicious actions within and outside your network. Once a bot has been detected and blocked, users are alerted via email and Real-Time Monitor so they can remediate compromised endpoints.

iPrism on-box reporting will show compliance with regulations that protect users’ identities and data. You get constant botnet malware protection because the botnet threat index, provides real-time updates to stop new botnet threats. The iPrism threat index has no false-positives and performs without incurring any network latency for the best botnet protection.

Anti-Circumvention and Anonymous Browsing Protection

Employees who try to get around your Web security measures by using circumvention tools, proxies or anonymizer websites, will have their attempts blocked at every turn by EdgeWave iPrism Web Security’s multi-layered approach:

  • Dynamically-Detected Proxies – Using deep packet inspection with real-time pattern rules, iPrism web security software monitors and blocks websites or private servers leveraging script-based proxy tools, including PHProxy and CGIProxy, to anonymously redirect web requests
  • Automated Rating Protocol (iARP™) – Another tool for defending against anonymous browsing employs automatic anonymous proxy detection as part of the iPrism proprietary Automated Rating Protocol (iARP). This technology, which can be used to detect proxy settings, adds more protection by compiling unrated URLs, accessed by your employees, and sending them to the iGuard team where they are analyzed, categorized and returned to your iPrism with your daily or hourly database updates
  • Circumvention Defense Network (CDN) – iPrism’s unique CDN protects your organization from circumvention attempts by gathering intelligence on thousands of externally-hosted non-Web servers used to circumvent your network security by re-routing Web requests. We collect these IP addresses in the cloud and analyze them against known legitimate sites to mitigate false positives and immediately and continuously download the results to your iPrism. iPrism inspects outbound traffic and enforces the monitoring and blocking of circumvention tools – including UltraSurf, TOR and JAP clients – attempting to connect to their server networks.CDN also blocks client-side tools that are hard to detect by classic web filters, because new versions are constantly being released. These tools work by connecting to a growing number of externally-hosted servers that proxy or re-route the original Web request, evading your Internet site blocker. iPrism’s stops attempts by circumvention tools to connect to their network proxy or re-routing servers, rendering them harmless and protecting your organization.
  • Instant blocking and alerts – Once iPrism determines that the circumvention threat has been detected, iPrism’s Email Alerts and Real-Time Monitor features can be used to block the internet sites and take more serious action if required. iPrism’s historical reporting features can document website blocker activity that regulatory compliance, your acceptable use policy and web security policies are being enforced.Currently, the iPrism circumvention website blocker feature monitors and blocks UltraSurf, Tor and JAP. However, new circumvention attempts are continuously being detected in the cloud, so your iPrism Website blocker capabilities can stay ahead of emerging threats.
  • Active Domain IP Address Mapping and SSL Certificate Inspection – Administrators always know where users are going on the Web because HTTPS traffic is enforced and reported using domain names, instead of IP addresses, in both transparent bridge and proxy mode deployments. This mapping feature blocks the ability to circumvent iPrism Web Security using IP addresses.
  • Anonymizers – The iGuard analyst team continuously monitors message groups and other anonymizer listing sites for new anonymizer URLs, and updates the database hourly.

Industry-leading web security, deployable in any scenario for any organization. EdgeWave iPrism Web Security offers the cyber security of a high-performance appliance and the flexibility and scalability of a feature-rich, software-based web filter solution. Our technology, with its hardened and optimized operating system and unique kernel-level filtering, combines with powerful appliances to bring you comprehensive, accurate and secure Web access management, with no latency.

Multi-Layered Web Security Threat Protection

EdgeWave iPrism Web Security’s unique combination of enforcement methods assures powerful protection from botnets, malware, viruses, phishing and other threats. These methods include integration with a comprehensive botnet threat index, the 100% human-review iGuard URL database, integrated AV engine, and iPrism’s unique Circumvention Defense Network. Together they deliver unrivalled web security protection to your organization and are easily enabled via simple check boxes, rather than complex multi-dimensional rule sets.

Unmatched Web Security & Stability

iPrism’s on-premises appliances have secure connections and hardened OS that make it impervious to external threats and web security breaches. In addition, even internal corruption due to power loss or disconnect isn’t a problem because our appliances are optimized for uptime and rapid reboot.

Highest Performing Technology

EdgeWave iPrism Web Security technology is port-agnostic providing comprehensive coverage across any network. With filtered traffic throughput speeds over 1 Gbps, even networks with the largest pipelines are easily managed by iPrism. And iPrism’s remote web filter feature ensures complete Internet protection even with the most remote devices.

Hardened OS and kernel-level URL content filtering

iPrism’s combination of FreeBSD OS and kernel-level URL content filtering assures a hardened and optimized operating system, better performance and complete interoperability on any platform. iPrism Web Security uses a Linux-based OS as the basis for its hardened and optimized operating system. FreeBSD was chosen because it offers better performance and more security and compatibility features than operating systems.

Because iPrism’s URL content filtering solution has its own integrated OS, it can provide complete interoperability with any platform you are using. By employing the exceptional stability of a Linux-based OS, we’ve built a URL content filtering solution that is customized and configured to run uninterrupted on our h-Series appliances, ensuring continuous URL filtering protection from the moment of deployment. Also, as a completely self-contained solution, iPrism Web Security is transparent to the end-user and our URL filtering appliance can be installed into any network without additions to workstations or any added software.

Neither network architecture changes nor alterations to existing firewalls and/or routers are required to operate the iPrism URL content filtering solution in its most common installation, transparent bridge mode. Operating in the less common proxy mode requires minor modifications to network routers and a slightly longer installation time. However, we offer IT administrators the option of multiple deployment modes making it one of the most flexible and extensible web URL filtering solutions on the market.

Kernel-Level URL Filtering Technology

iPrism Web Security’s URL content filtering software is compiled into the FreeBSD OS at the kernel level to deliver near zero-latency URL filtering with 100% traffic inspection and enforcement. Unlike many other URL filtering solutions that process requests from the application layer, our URL content filtering gives you the speed of pass-by with the accuracy of pass-through technologies. When combined with the speed of the h-Series URL filtering appliance, the performance is unrivalled.

In transparent bridge mode, which is the standard deployment, requests for the Internet pass through the iPrism Web filter and go to the Internet. While this is taking place, the Web URL filter is making a decision on whether or not to block the requested URL. As the URL filter request returns from the Internet, if the URL filter is configured to block the website, the user is redirected to an announcement that the page has been blocked and the request itself is discarded. If the site is allowed, then the URL filter allows the site to be passed back to the user.

Since the URL content filtering decision is being made while the remote site is working on the URL request, the Web filter is able to process URL filtering requests with no apparent network slowdown. For users, this means less frustration, fewer help desk calls and more efficiency in enforcing your corporate AUP.

Hack-Proof Security

Another advantage of a hardened and optimized integrated OS is security. iPrism combines URL filtering software on the URL filtering appliance, which is commonly installed between your firewall and internal systems with all Internet traffic routed through it. This positions our web security solution as your strongest defense against Internet-based threats.

Hassle-Free System Upgrades

Another advantage of the integrated OS and URL filtering software, is that administrators do not need to manage OS and software updates separately, which often require more tedious technical tasks and more time.

Transparent User Authentication

iPrism offers transparent authentication that allows you to easily delegate administration roles and manage and enforce Internet usage policy with flexible granularity. iPrism makes authentication easy with transparent methodology that allows you to delegate administration roles via group membership to privileges mapping, and have visibility into, manage and enforce Internet usage policy via group membership to profiles mapping.

Helps enforce Internet Usage Policy

iPrism offers transparent user authentication that allows you to easily delegate administration roles and manage and enforce Internet usage policy with flexible granularity. iPrism makes web user authentication easy with transparent methodology that allows you to delegate administration roles via group membership to privileges mapping, and have visibility into, manage and enforce Internet usage policy via group membership to profiles mapping.

Active Directory & “Auto-Login”

iPrism Web Security helps you accurately enforce employee Internet usage policy with support for Microsoft Active Directory (AD) services running on Windows Server 2000, 2003 or 2008. Unlike transparent agent-based user identification methods, your Internet usage policy is easily upheld because Windows or Mac users’ identity is not only transparently obtained, but authenticated in real-time, using a secure Microsoft protocol when users are logged into a domain or other realm trusted by iPrism’s configured AD domain controller. iPrism supports redundant domain controllers, one-way outgoing domain trust and hierarchal nested groups, enabling accurate enforcement of your organization’s Internet acceptable use policy.

iPrism’s Auto-Login feature uses Kerberos as the primary user authentication protocol with NTLMv2 as a backup, which enables the client browsers to respond to authentication requests with no intervention by the user.

On-box Kerberos Authentication:

  • Is recommended by Microsoft to seamlessly enable user authentication and enforcement of your Internet acceptable use policy.
  • Uses a “trusted 3rd-party” schema, so it complies with Microsoft best security practices without domain controller changes
  • Is independent of operating systems maintenance or upgradeability concerns, because it doesn’t require a separate server to host agents, or client agents on every managed workstation allowing you to enforce your Internet use policy easily and accurately

Mac OSX Client Auto-Login

Mac OSX 10.4/10.5/10.6 clients can also take advantage of iPrism’s Auto-Login feature. With Active Directory services running on Windows Server 2003 or 2008, you can achieve user authentication by binding the clients to the same domain controller as the iPrism Web Security solution using the Directory Utility. If you do not wish to bind, you can take advantage of Safari browsers’ locally cached credentials after a one-time prompt to the user.

Session-Based Authentication & Proxy Mode

Our unique “session-based” user authentication method enables auto-login for multi-user workstation environments such as Citrix or Microsoft Terminal Services to easily enforce Internet use policy uniformly. Users are allowed to maintain their productivity without incessant authentication requests, while administrators do not need to install agent software on servers, ensuring that uniform user-based Internet use policy enforcement is being enabled across your organization.

Novell eDirectory Support for Accurate Internet Usage Policy Enforcement

iPrism Web Security supports Auto-Login feature when using Novell eDirectory as the LDAP server and Novell login clients on user machines.

LDAP Support, Captive Portal & Local Users

iPrism Web Security supports manual login feature via captive portal or basic user authentication when using a LDAP v1/2/3 compliant directory service, including Mac OSX Server Open Directory or OpenLDAP, or Local Users.

In some multi-user workstation environments, it may be preferable to enforce employee Internet usage policy by explicitly request users’ credentials via a customizable user authentication page accessed through a captive portal. Optionally, this page can be sent over secure SSL-encrypted traffic.

For guests or delegated administrators who do not have user accounts defined in an existing domain group,iPrism Web Security allows you to assure enforcement of Internet usage policy by defining local user’s credentials locally.

For a white paper on formulating your own Internet usage policy, get our e-Policy Guide with a free employee Internet usage policy template.

A corporate web security suite for fast reporting, alerts and monitoring that’s easily deployed across all access points. iPrism Web Security provides flexible administration and deployment options so you can set and enforce Internet usage policies tailored for your organization to ensure the safety and security of your staff and data.

Flexible Policy Rules

iPrism offers flexible policy rule sets that allow you to manage your acceptable use and security policies with accuracy and granularity. It enables you to log both Web and application activity on your network and protect against security threats while minimizing productivity loss, mitigating bandwidth degradation and assuring your organization’s compliance with regulatory requirements.

iPrism Web Security’s policy engine offers flexible policy rulesets that allow you to manage your acceptable use and security policies with accuracy and granularity. It enables you to log both Web and application activity on your network and protect against web security threats while minimizing productivity loss, mitigating bandwidth degradation and assuring your organization’s compliance with regulatory requirements.

The iPrism Policy Engine – Web-Based Categories

iPrism Web Security is the only Internet filtering solution on the market that uses a one-hundred percent human-reviewed ratings database, known as iGuard. Powered by a team of trained analysts and iPrism automated rating protocol (iARP™), iPrism delivers over 99% Web coverage with near 100% accuracy of the 10-20 million most frequently visited websites. Unlike other solutions that focus on rating quantity over quality, this minimizes false positives and assures that each site rated by iGuard has a higher degree of accuracy when compared to heuristic analysis or blended classification technologies, resulting in better enforcement of your acceptable use policy and increased ability to mitigate risks.

iGuard Analyst Team for Network Policy Control

A team of multi-lingual web content experts rates sites by domain, specific URL and/or general IP address into 70 categories using documented detailed criteria that also allows the creation of custom local categories for flexible policy setting. You receive daily database updates from our policy engine and hourly updates on sites that contain security risks such as botnets, spyware, malware, and phishing. In addition to the typical categories for restricting access to adult content, gambling, dating and the like, iGuard categorizes:

  • websites that offer anonymous browsing, so users can’t circumvent policy enforcement
  • malware sites, to keep users from having their computers infected
  • web-based email and IM sites so you can control personal email and IM use, if necessary

Automated Rating Protocol – Another tool for defending against anonymous browsing is the proprietary iPrism Automated Rating Protocol (iARP™) feature. This adds more protection by compiling unrated URLs, accessed by your employees, and sending them to the iGuard team where they are analyzed, categorized and returned to your iPrism with your daily or hourly database updates.

The iPrism Policy Engine – Dynamically-Detected Ratings

Award-Winning Inbound Malware Protection – iPrism Web Security offers onboard Antivirus with detection capabilities that have won awards from leading certification authorities, including VB 100, West Coast Labs and ICS. Even if you are already using an antivirus solution, our antivirus adds another layer of security by scanning all incoming HTTP traffic and blocking malware before it can reach your end-users.

Anonymous Proxy Detection

Anonymous proxy sites are pervasive and easy to build. The Internet landscape is littered with sites that offer proxy site-building scripts and instructions for enabling them via free hosting services. The frequency with which purveyors of this circumvention technique are able to erect these sites has made the conventional defenses of many Web security solutions ineffective. As soon as one site is located and blocked, another one emerges. iPrism’s dynamic policy engine offers script-based (i.e. PHProxy, CGIProxy) proxy site detection that helps thwart these circumvention attempts by identifying proxy sites on the fly, giving you much better defense against this difficult threat.

iPrism Policy Engine – Non-Web Applications & Protocols

iPrism Web Security leverages its unique botnet technology to prevent bots from ‘phoning home’ by contacting command and control hosts outside your network. Once a bot has been detected and blocked, administrators can be alerted via Email Alerts or Real-Time Monitor so they can later remediate compromised endpoints with the security of knowing that the immediate threat has been mitigated. iPrism on-box reporting will show compliance with regulations that protect users’ identities and data.

EdgeWave Circumvention Defense Network

iPrism’s new Circumvention Defense Network blocks attempts by client-side circumvention tools to connect to their network of proxy or re-routing servers, rendering them harmless and protecting your organization from the damage circumvention can cause including regulatory compliance infractions, data leakage and exposure to security breaches. Once the circumvention threat has been blocked, iPrism’s Email Alerts and Real-Time Monitor features can be used to address the transgressors and take more serious action if required. iPrism’s historical reporting features can document that regulatory compliance, your acceptable use policy and security policies are being enforced.

Protocol Pattern Detections

Our policy engine detects 10s of client-side applications (potentially 100s of different versions) sharing a standard protocol for comprehensive application control including IM, P2P and FTP protocols:

  • Instant Messaging (IM) application protocols over any port including Skype
  • Peer-to-Peer (P2P) application protocols over any port
  • File Transfer Protocol (FTP) over any port

iPrism Web Security offers a wide range of standard and customizable on-box reports with no additional hardware or software required to easily generate the management reports you need. Web Security reporting is a critical tool that supplies the visibility you need to assure that internal policies are being enforced and the proof required to make sure you are complying with regulatory requirements such as CIPA, HIPPA, SOX, GLBA and others.

Accurate Filtering Means Accurate Reporting

Most software-based solutions use “pass-by” filtering technology. The trouble with pass-by is that it can be overwhelmed when Internet traffic is high, resulting in missed packets. If a packet slips past your filtering solution, so does the opportunity to report on it because, from the solution’s perspective, the event never occurred. However, the reality is that the event did occur and because of this scenario you have introduced doubt into the accuracy of your web filter reporting.

With iPrism Web Security’s next-generation kernel-level filtering and transparent bridge deployment, you no longer have to worry about missed packets and you can ensure that your Internet filter reports are generated from accurate and reliable data, and presented in a meaningful format.

Long-Term Data Log Retention

iPrism Web Security allows you to retain Internet data logs on-box to assure you can address legal or regulatory compliance issues with accurate historical on-box reporting, should the need arise. Your organization’s Internet usage data can be retained for up to a year, depending on the number of workstations and volume of Web traffic.

Email Alerts

The iPrism Web Security Solution goes beyond web filter reporting, offering effective, automatic email alerts. When acceptable use or security policy infractions occur, or when circumvention attempts, malware or other problems are detected by your iPrism, you are immediately notified via email that an event has occurred. This allows sufficient time to react and remediate problems, assuring you stay one step ahead of emerging threats.

Real-Time Monitoring (RTM)

Tired of waiting to generate network filter reporting? With this feature you can monitor your web and application traffic on-demand. And you can configure RTM to monitor all or per-user traffic or only those critical events occurring outside of your acceptable use policy or security policies. In those cases, RTM becomes an important diagnostic tool, helping you determine where web security holes have opened and where policy violations are occurring.

Comprehensive On-Box Reporting That’s Easy-to-Use

The on-box reporting package includes tools such as the Report Wizard that make obtaining and presenting the information you need easy and intuitive. Using the Report Wizard, regular web filter reporting is easy, with simple reports from scratch or pre-existing report templates. The Wizard walks you through all the necessary steps from the criteria you want to apply through to a finished report. Create web security reports for multiple types of web and application traffic so you are assured thorough reporting coverage of your entire organization.

Tabular Views Mean Drill-Down Efficiency

The iPrism Web Security reporting package is the only solution that offers tabular web filter reporting views as you drill down. This means that you can create a report, drill-down to a different view, and access your previous view via tabs along the top of the screen. This unique feature gives you the maximum flexibility to explore your data dynamically, without running multiple reports or losing unsaved reports. It also allows you to quickly compare data among multiple web security reports.

Citrix Ready

Citrix Partner - Citrix Ready

iPrism is the only appliance-based Web security solution that has been proclaimed Citrix Ready by Citrix Engineers. If you use Citrix, your environment can cause special challenges when you need to deploy an Internet security solution. Recent tests conducted by Citrix engineers confirm that the iPrism Web Security solution surpasses all competitors in its ability to easily integrate within a Citrix environment without degrading performance.

iPrism is the only appliance-based Web security solution that has been proclaimed Citrix Ready by Citrix Engineers. Find out why iPrism is the best choice for virtual desktop environments such as Citrix and others. If you use Citrix, your environment can cause special challenges when you need to deploy an Internet security solution. Recent tests conducted by Citrix engineers confirm that the iPrism Web Security solution surpasses all competitors in its ability to easily integrate within a Citrix environment without degrading performance. That’s why iPrism has been named a Citrix Ready solution.

Terminal Services with iPrism Web Security Offers Significant Advantages in Virtual Desktop Environments

One of the main reasons that terminal services with iPrism Web Security is the only Citrix Ready appliance based Web filter and ideal for your Citrix environment is our unique auto-login feature. When this feature is deployed, users are allowed to maintain their productivity without incessant authentication requests. This ensures that uniform policy application and enforcement are being enabled across your organization.

  • Our unique “session based” authentication technology allows you to use auto-login and greatly simplify the authentication process
  • Our terminal services technology allows Citrix users to easily apply unique policies to individual users and document their activity
  • This authentication feature is enabled without installing any software on the Citrix or AD servers
  • Our technology ensures consistent policy application whether Citrix users are Web surfing from their desktop or via Citrix systems
  • If you require more aggressive security because of the shared nature of terminal server clients, you can easily configure iPrism Web Security to require manual authentication.

Deploying iPrism Web Security in a Citrix Environment is easy

iPrism in Citrix Environment configurationIt only takes a few steps to install iPrism Web Security in your Citrix virtual desktop environment:

  • Install our appliance upstream of your Citrix server, and inline with your Firewall
  • Create profiles and policies in the Appliance Manager
  • Enable auto-login
  • Establish session-based authentication for Citrix
  • Block, monitor and report on all thin/fat client use

iPrism Web Security & Terminal Services Offers 5-Star Features

  • Antivirus – Includes a powerful, four-factored antivirus engine at no extra charge
  • IM and P2P protocol management
  • Spyware, malware and phishing blocking (hourly updates)
  • Comprehensive drill-down reporting and real-time monitoring
  • Authentication – Active Directory and LDAP Authentication simplify IT administration tasks
  • 100% human reviewed database
  • Mobile and Remote Filtering – Easily extend AUP and security policy enforcement to your mobile and laptop users
  • Delegated Administration – Assign administrative tasks to others in your organization

iPrism offers flexible deployment options that deliver comprehensive interoperability and powerful Web security in a wide range of network platforms and configurations. As a stand-alone appliance with no additional software or servers required, iPrism Web Security has greater flexibility in adapting to a wide range of network scenarios involving mixed platforms, legacy systems and other variants.

Transparent Bridge

Installing iPrism in its typical Transparent Bridge Mode combines the accuracy and security of pass-through filters with the speed of a pass-by or sniffer-type solution, giving you the best of both worlds:

  • iPrism is deployed in-line between the firewall and the switch
  • Pass-thru traffic is securely monitored defeating any attempts to circumvent the Web filter
  • Pass-by traffic is picked up and pages are blocked according to your organization’s policies
  • Filtering occurs at the kernel level, which means latency is less likely to occur
  • Single Point of Failure issues are eliminated with the Bypass Module on the NIC because any problems with the Web filter will not affect normal network operations or performance

Proxy

In explicit proxy mode, the iPrism web security appliance is not inline and you must configure client browsers to send their Web requests directly to the iPrism. Proxy deployment provides tighter control of user desktops than transparent bridge.

  • In proxy mode, the iPrism is installed right off the switch and workstations are pointed to the iPrism via a proxy statement.
  • When a user sends a request for a web page, it goes unimpeded through the switch to the iPrism, The URL is copied and forwarded to the Internet through the switch and the request returns from the Internet through the firewall and switch and back to the iPrism
  • The webpage requested is analyzed by the iPrism and will be monitored or blocked according to your organization’s policies
  • In Proxy mode users can be required to login to each session explicitly which may be preferable for classrooms and other settings where computers are shared

Mixed Mode

Flexible transparent deployment means the iPrism appliance can still function as a direct proxy when deployed in Transparent Bridge Mode. The iPrism Web Security appliance is installed between the switch and the router and all Internet requests are handled via the iPrism. Mixed mode configuration can be used to support mixed protocol, mixed user, mixed machine or mixed authentication environments where greater deployment flexibility is required.

  • This deployment allows one group of users to be proxied to the iPrism while the other is connected via transparent bridge.
  • Functioning in both modes simultaneously allows greater flexibility in deployment.
  • Proxy functionality is available for multi-user workstations or as an alternative to our Remote Filtering solution for remote users who may not use the same web security gateway to the Internet as on-site users

Citrix Virtual Desktop Support

iPrism is the only appliance-based Web security solution that has been proclaimed Citrix Ready by Citrix Engineers. If you use Citrix, your environment can cause special challenges when you need to deploy an Internet security solution. Recent tests conducted by Citrix engineers confirm that the iPrism Web Security solution surpasses all competitors in its ability to easily integrate within a Citrix environment without degrading performance. Learn More

VLAN Support

iPrism supports VLANs and can be installed on a trunked port. If your network includes VLANS, you can easily set up iPrism to filter VLAN tagged traffic. You can also configure your iPrism to enforce policy on a per VLAN basis by creating separate network entries for each VLAN on the network list. This will allow you to manage non-authenticated traffic and admin privileges such as overrides.

Fits Any Network

iPrism simply fits in networks of all shapes and sizes. Scales both large and small, distributed or centralized and integrates with mixed networks including Terminal Services.

Security Deployment with iPrism simply fits in networks of all shapes and sizes.

  • Scales both large and small.
  • Distributed or centralized.
  • Mixed networks including Terminal Services.

All security deployment configurations build on one or both of our two core modes of installation:

Transparent Bridge Mode
iPrism Transparent Bridge Mode Configuration

Proxy Mode
iPrism Proxy Mode Configuration

From there, you can introduce…

Citrix Deployment
 iPrism Citrix Deployment Configuration
Multi-Site Security Deployment
iPrism Multi-Site Deployment

And scale for size and complexity…

Complex Multi-Site School Deployment
iPrism Complex Multi-Site School Deployment Configuration
Complex LAN
iPrism Complex LAN Configuration

High Availability Deployment

IPrism High Availability deployment allows you to avoid disruption of your Web monitoring, blocking and reporting, by installing two iPrism appliances in parallel in a single network, with one designated as the Primary and the other as the Secondary. The Primary iPrism manages your organization’s Web access, while the Secondary iPrism remains in standby mode.

High Availability networks and systems are becoming increasingly important for organizations and businesses in every industry. The legal and regulatory requirements, to which many organizations must comply, make assuring maximum uptime of Internet security a critical consideration. That’s why iPrismincludes a new high availability deployment that allows you to avoid disruption of your internet security monitoring, blocking and reporting, by installing two iPrism appliances in parallel in a single network, with one designated as the Primary and the other as the Secondary. The Primary iPrism manages your organization’s Web access, while the Secondary iPrism remains in standby mode. When the Primary becomes unavailable due to either a hardware failure or a system crash in one of the critical modules to iPrism, the Secondary iPrism immediately connects and begins working as a bridge. Paired iPrisms for high availability use the management interface to keep track of each other’s current running status, so the Secondary iPrism is alerted to failure in the Primary either by communication over this interface, or when the Primary iPrism disappears from a clustering environment. iPrism’s Central Management console allows you to easily and immediately port all your configuration settings to the Secondary iPrism should you require failover. This assures that your Internet security continues unimpeded and your Internet logs, reporting and policy enforcement are seamlessly enabled.

iPrism High Availability Pairing Assures True Failover Protection
Multi-Layered iPrism High Availability True Failover Protection

Cloud-based remote filtering.

iPrism Web Security offers Cloud-Based Remote Web Filtering that employs proprietary technology to bring powerful Enterprise Web filtering to all your users, regardless of their location, without using your VPN, deploying any Web filtering hardware in the DMZ or requiring any PAC file implementations. iPrism Cloud-based Web Security eliminates browser latency while delivering secure and comprehensive Web access management to all your off-premises users, for the best laptop web security possible.

iPrism Remote Filtering

Easy set-up and provisioning: Once you install the Remote Web Filtering Client software, you can manage and report on remote users easily from iPrism’s browser-based central management console. And unlike remote filtering solutions from other vendors, such as Web filtering proxy solutions, iPrism eliminates administrative burdens:

  • No additional system modules to install off-box and on your server. Cloud Web filtering with iPrism is a true hybrid.
  • Eliminates the insecurity of copying users’ directory service credentials off-premises
  • No emails required to educate roaming users on self-provisioning

Secure Client-Based Hybrid Web Filtering Technology: Unlike other vendors that rely on PAC file-based hybrid solutions, iPrism uses lightweight, low-latency, tamper-proof and application-agnostic client software. This unique combination of hosted Web filtering and the iPrism Remote Web Filter appliance eases the burden on IT Admin resources:

  • Eliminates the need to restrict users’ workstation privileges
  • No need to restrict application usage
  • No changes to or restrictions on users’ browser proxy settings

Accurate Off-Premises Policy Enforcement: The iPrism Remote Web Filter client is location aware, which means you can apply and enforce the same or a different policy for roaming users, whether on- or off-premises relative to the corporate network. This also allows users to negotiate captive portals encountered at wireless hotspots such as airports, hotels, coffee houses and others while using remote filtering and laptop web security that’s smart, safe, and secure.

Centralized Administration and Reporting: Real-time monitoring and drill-down reporting work the same for your remote users as for those on-premises. That’s cloud-based web filtering from EdgeWave. You can run separate reports on remote users, isolate an individual remote user or include remote users in regular company-wide reports.

Bandwidth Conservation – No Latency: Unlike other remote web filters, iPrism helps conserve your bandwidth, because there are no VPN tunnels and no deployments in your DMZ to hog network bandwidth so low latency is assured.

Distributed Data Center: A nationwide network of powerful, distributed data center cloud services supports iPrism’s Remote Filtering so your users never encounter availability issues.

How Remote Filtering Works

Our unique hybrid approach to remote filtering includes communications between the Web Filter and the Remote Filtering Client. The data center cloud service functions as a go-between, making sure the Web filter remain secure and conserving bandwidth.

iPrism Remote Filtering Setup Demonstration iPrism Remote Filtering Establishes Policy – The iPrism Remote Filter defines policies for your remote users in accordance with your acceptable use policy (AUP). These policies are then pushed to the Data Center, where they are stored securely and confidentially to be applied to your remote clients once the laptop web security appliance is enabled.
iPrism Remote Cloud Filtering Enforces Policy – When a remote user accesses the Internet, the client software is connected to the data center and receives a disposition for the Web request based on its iGuard database, URL rating and the profile that applies to the remote client. Remote filtering then steps in, the data center tells the client to block or allow a site and to monitor or not to monitor the user’s Internet activity. iPrism Remote Cloud Filtering Setup Demonstration
Data Logs Allow iPrism to Generate Comprehensive Reports iPrism Remote Cloud Filtering Sends Logs and Generates Reports – Periodically, the client sends logs of all your users’ Internet activities on remote PCs or Macs to the data center. These logs are pulled on-demand and added to the local reports database. This gives you a single source of management reports for all users whether they are on-premises or using cloud-based remote filtering. Our unique web security technology allows you to compile reports from across your organization and drill down to a single user, regardless of location.

Our unique hybrid approach to remote filtering includes communications between the Web Filter and the Remote Filtering Client. The data center cloud service functions as a go-between, making sure the Web filter remain secure and conserving bandwidth.

iPrism Remote Filtering Establishes Policy – The iPrism Remote Filter defines policies for your remote users in accordance with your acceptable use policy (AUP). These policies are then pushed to the Data Center, where they are stored securely and confidentially to be applied to your remote clients once the laptop web security appliance is enabled. iPrism Remote Filtering Setup Demonstration
iPrism Remote Cloud Filtering Setup Demonstration iPrism Remote Cloud Filtering Enforces Policy – When a remote user accesses the Internet, the client software is connected to the data center and receives a disposition for the Web request based on its iGuard database, URL rating and the profile that applies to the remote client. Remote filtering then steps in, the data center tells the client to block or allow a site and to monitor or not to monitor the user’s Internet activity.
iPrism Remote Cloud Filtering Sends Logs and Generates Reports – Periodically, the client sends logs of all your users’ Internet activities on remote PCs or Macs to the data center. These logs are pulled on-demand and added to the local reports database. This gives you a single source of management reports for all users whether they are on-premises or using cloud-based remote filtering. Our unique web security technology allows you to compile reports from across your organization and drill down to a single user, regardless of location. Data Logs Allow iPrism to Generate Comprehensive Reports

Get a live demo and find out how much better security can be.