1. CCPSP Clearswift ARgon for Email
ARgon for provides organizations with a solution to rapidly protect their critical information without harming productivity, or replacing their current operational infrastructure.
Exam

2. What is Argon for Email? Adaptive Redaction solution
Complements existing security and Data Loss Prevention (DLP) solutions
Addresses issues with traditional DLP solutions
Delivers enhanced
Risk mitigation
Critical information protection
ARgon allows us to rapidly provide clients with an Adaptive Redaction solution
Complements existing security and Data Loss Prevention (DLP) solutions
Addresses issues with traditional DLP solutions
Stop and block
False positives
Barrier to business
High management overhead
Delivers enhanced
Risk mitigation
Stop spear phishing attacks traditional defenses miss
Critical information protection
Remove sensitive information

3. Clearswift ARgon for Email
Users
Gateway/ Managed Service
Server
Internet
Clearswift ARgon for
Users
Quickly slots in between server and boundary system
Immediately delivers enhanced protection from emergent threats, such as Advanced Persistent Threats, by purging common document formats of active content
Provides improved protection of critical information by sanitizing and redacting sensitive information
Does this without harming productivity, or requiring client to replace their current operational infrastructure

4. Complementary, Not Duplication
Anti Virus
Anti Spam
Reporting
DLP Policies
Data Redaction
Document Sanitization
Structural Sanitization
3rd Party Gateway 
 (Additional Feature) û
ARgon for
Adaptive Redaction
One of the barriers to selling a SEG/SXG to a client interested in the AR features is the areas of significant overlap with their existing solution
ARgon for designed to avoid significant areas of overlap
This removes potential barriers to sale
Avoids a rip and replace conversation
Augments existing gateway technologies

5. What’s the value to you? Overcome “we’ve got one already” objection
Complements existing portfolio
Faster sales
Growing market
DLP 26%
SEG 2%
SWG 7%
Source: Gartner “Forecast: Information Security, Worldwide, , 2Q14 Update”
Overcome “we’ve got one already” objection
No overlap with existing solution
No need to wait for renewal date
No need to wait for client dissatisfaction
Complements existing portfolio
Not rip and replace conversation
Sits alongside existing range of solutions
Grow revenue pool
Once we have demonstrated value that Adaptive Redaction brings to , can sell additional, complementary solutions to protect Internet, Exchange traffic and endpoint
Faster sales
ARgon – 1 quarter
Traditional DLP – 9 to 12 months
Growing market
Information security market grow 7.9% in 2014
DLP fastest growing segment at 19%
Gartner report shows global spend CY13-18
DLP 26% (18% in US)
SEG 2% (0.6% in US)
SWG 7% (5% in US)

6. CCPSP Clearswift ARgon for Email
Why Does a Client Need ARgon for ?

7. New Information Risks Targeted attacks Hidden information Users
Document + Malicious Active Content
Document + Malicious Active Content
Document + Malicious Active Content
Users
Gateway/ Managed Service
Server
Internet
Document + Sensitive Information
Document + Sensitive Information
Users
Targeted attacks
Common “business” file formats used
Active content typically used to initiate attack
New exploits
Traditional signature based AV often misses these
Heuristic scanning more successful at detecting, but often dialed back to reduce false positives
Hidden information
Metadata
Processes not being followed
Employees not trained appropriately
Document + Sensitive Information

8. Traditional DLP Pain Points
Long time to become effective
Stops the whole transmission
Large manual processing overhead
Can miss “hidden” sensitive information
Long time to become effective
Expensive to purchase and configure - take months or even years of external consultants’ time before they become truly effective
“Protect” phase of the project often pushed back as scale of issue becomes more apparent
Stops the whole transmission
Stop and block
Delay valid business communications
Large manual processing overhead
False positives
Impacts productivity
Too much noise – can mask the real problems
Can miss “hidden” sensitive information
Metadata

9. Clearswift ARgon for Email
Instant risk mitigation
Protects critical information, reduces traditional DLP false positives and enables secure continuous collaboration
Document + Malicious Active Content
Sanitized Document
Users
Gateway/ Managed Service
Server
Internet
Clearswift ARgon for
Instant risk mitigation
Out of the box default policies
Protection from day 1
Removes sensitive content, document properties, macros and scripts
Protects critical information, reduces traditional DLP false positives and enables secure continuous collaboration
Redacted and Sanitized Document
Document + Sensitive Information
Users

10. Adaptive Redaction Data redaction Document sanitization
Remove sensitive information
Document sanitization
Remove meta-data, version and document history
Structural sanitization
Removes active content
Key value add
Out of the box policies, applicable to all organizations
Data redaction
Gateway detects sensitive information and replaces it with series of *s
Document sanitization
Remove meta-data, version and document history
Structural sanitization
Removes active content
Encryption
Supports: Transport Layer Security (TLS) – maintain compatibility with what existing systems expecting

11. Data Redaction
Problem
Risk that confidential information may be shared inappropriately
Business stops due to conventional DLP ‘stop and block’ functionality
Real risks lost amongst noise
Solution
Automatically remove sensitive information from s and documents
Share information without breaking legislative requirements (e.g. PCI DSS)
Avoid unnecessary barriers
Identify real risks
For example
Remove expletives from web pages – so instead of blocking the page and the comments, display it without the offensive content
Remove URLs which point to malware
Remove specific words or tokens from documents, replace a credit card number with ‘**** **** **** 1234’
Business benefit
Share information without breaking legislative requirements, for example PCI DSS
Improved collaboration speed

12. Data Redaction Detects sensitive information and removes it
How
Detects sensitive information and removes it
Redacted document delivered
Policy driven
Automated
Works in both directions
**** **** ****
Detects sensitive information and removes it
Triggered by lexical analysis (e.g. Credit Card numbers, patient IDs, intellectual property, etc.)
Redacted document delivered
Policy driven and automated
Works in both directions
Document + Sensitive Information
Gateway/ Managed Service
Senders
Server
Clearswift ARgon for
Redacted Document
Recipients

13. Supported File Types File Type Extensions HTML .htm .html
Microsoft Word document (2007+)
.docx .docm .dotx .dotm
Microsoft Excel spreadsheet (2007+)
.xlsx .xlsm .xltx
Microsoft PowerPoint presentation (2007+)
.pptx .pptm .potx .ppsx .ppsm .thmx
OpenOffice Writer
.odt
OpenOffice Calc
.ods
OpenOffice Impress
.odp
OpenOffice Graphic
.odg
OpenOffice Master
.odm
OpenOffice Math
.odf
Adobe PDF (portable document format)
.pdf
Rich Text Format encoded document
.rtf
Notepad/Plain text
.txt

14. Document Sanitization
Problem
Organizations need to collaborate with third parties
Sensitive information can be exposed in meta-data, track changes, quick save, etc.
Users often not aware of risk
Solution
Automatically detect and remove sensitive information from documents
Prevent embarrassing disclosures
Users can still share documents without unnecessary barriers
Study by market research firm Vanson Bourne titled "The Cost of Sharing,“
90% of documents in circulation began as something else
57% of respondents were not aware that metadata may still exist in the document
Google: Private financial forecasting was revealed when hidden data was left in a PowerPoint presentation before posting it for the Wall Street community.
Microsoft: Hidden data in Microsoft Office documents was discovered by the Associated Press and showed that Microsoft's advertising campaign highlighting a customer that switched from Apple to Microsoft was actually a member of their PR firm.
Whole Foods: Hidden information in court documents disclosed that Whole Foods planned to close stores, revealed how Whole Foods negotiates with suppliers as well as other closely guarded marketing strategies.
ATT: Confidential information contained in a PDF file revealed that ATT was spying on their customers.
The British Prime Minister's Office: Hidden data in the UK government's "Dodgy Dossier," the document that helped propel the country into war, revealed a student paper was the source of the document.
Barclays: An Excel spreadsheet contained 179 contracts within hidden columns that were then accidentally submitted in Barclays' buyout offer of Lehman Brothers assets.
Alcatel: A security vulnerability in Alcatel's DSL modems was revealed in document metadata.
The United Nations: Metadata revealed the UN office doctored a report on the murder of former Lebanese Prime Minister Rafik Hariri.
Democratic National Committee: Judge Sam Alito inadvertently revealed his true beliefs on immigration laws and other issues when memos were released containing blacked-out data.
Westpac: This oldest bank in Australia revealed a full year of profit results via metadata before it was finalized and lodged with the Australian Stock Exchange.
Merck: Metadata revealed that the company deleted vital information concerning the arthritis drug Vioxx, resulting in users having false information on heart attack risk associated with taking the drug.
Sun Life Financial: Hidden data found in a document forced the company to release its fourth-quarter and year-end results ahead of schedule.

15. Document Sanitization
What they thought they sent
What they actually sent
What we sent for them
What types of hidden data and personal information are stored in Word documents?
Several types of hidden data and personal information can be saved in a Word document. This information might not be immediately visible when you view the document in Office Word 2007, but it might be possible for other people to view or retrieve the information.
Hidden information can include the data that Office Word 2007 adds to a document to enable you to collaborate on writing and editing it with other people. It can also include information that you deliberately designate as hidden.
Word documents can contain the following types of hidden data and personal information:
Comments, revision marks from tracked changes, versions, and ink annotations - If you collaborated with other people to create your document, your document might contain items such as revision marks from tracked changes, comments, ink annotations, or versions. This information can enable other people to see the names of people who worked on your document, comments from reviewers, and changes that were made to your document.
Document properties and personal information - Document properties, also known as metadata, include details about your document such as author, subject, and title. Document properties also include information that is automatically maintained by Office programs, such as the name of the person who most recently saved a document and the date when a document was created. If you used specific features, your document might also contain additional kinds of personally identifiable information (PII), such as headers, send-for-review information, routing slips, and template names.
Headers, footers, and watermarks - Word documents can contain information in headers and footers. Additionally, you might have added a watermark to your Word document.
Hidden text - Word documents can contain text that is formatted as hidden text. If you do not know whether your document contains hidden text, you can use the Document Inspector to search for it.
Document server properties - If your document was saved to a location on a document management server, such as a Document Workspace site or a library based on Microsoft Windows SharePoint Services, the document might contain additional document properties or information related to this server location.
Custom XML data - Documents can contain custom XML data that is not visible in the document itself. The Document Inspector can find and remove this XML data.
Last summer, The Washington Post published a letter sent to the police that included sensitive information, including names and telephone numbers, the publication used black boxes to mask the details. The boxes, however, were easily removed with the proper software.
'Unix and Linux users can turn tools such as Antiword and Cadoc to turn the document, including its text information, into a simple text file,' Ward reports. Other hidden text that could be accessed by such programs include:
Text from other documents open at the same time
headers and server information
Printer names
Data about the terminal on which the document was written
Where the document is saved
Document version number and format

16. Document Sanitization
Detects and removes
All/selected document properties
Revision histories
Policy driven
Automated
Detects and removes
All/selected document properties
Revision histories
Default policy removes all
Policy driven
Automated
Document + Sensitive Information
Sanitized Document
Senders
Server
Clearswift ARgon for
Gateway/ Managed Service
Recipients

17. Supported File Types File Type Extensions
Microsoft Word document (2007+)
.docx .docm .dotx .dotm
Microsoft Excel spreadsheet (2007+)
.xlsx .xlsm .xltx
Microsoft PowerPoint presentation (2007+)
.pptx .pptm .potx .ppsx .ppsm .thmx
OpenOffice Writer
.odt
OpenOffice Calc
.ods
OpenOffice Impress
.odp
OpenOffice Graphic
.odg
OpenOffice Master
.odm
OpenOffice Math
.odf
Adobe PDF (portable document format)
.pdf

18. Structural Sanitization
Problem
Risk of malware embedded in common file formats
Threat increasing
Common vector for exploits leading to loss of data
Solution
Automatically detect and remove active content
Improved defense from malware
Users can still transmit/receive valid content
Problem
Risk of malware embedded in common file formats
Macros, scripting, etc.
Threat increasing
Common vector for exploits leading to loss of data
Trying to sneak malware into a target organization using file types the users will trust
Solution
Automatically detect and remove active content
Improved defense from malware
Users can still transmit/receive valid content
We don’t become an unnecessary barrier to critical business traffic

19. Structural Sanitization
Removes active content from communications
Protects against embedded APTs
Ensures information is shared safely and without disruption
All active content removed
Removes active content from communications
Default policy removes all from incoming
Protects against embedded APTs
Ensures information is shared safely and without disruption
Sanitized Document
Document + Macros + Embedded DLLs
Recipients
Server
Clearswift ARgon for
Gateway/ Managed Service
Senders

20. Supported File Types File Type Extensions HTML .htm .html
Microsoft Word document (2007+)
.docx .docm .dotx .dotm
Microsoft Excel spreadsheet (2007+)
.xlsx .xlsm .xltx
Microsoft PowerPoint presentation (2007+)
.pptx .pptm .potx .ppsx .ppsm .thmx
OpenOffice Writer
.odt
OpenOffice Calc
.ods
OpenOffice Impress
.odp
OpenOffice Graphic
.odg
OpenOffice Master
.odm
OpenOffice Math
.odf
Adobe PDF (portable document format)
.pdf
Rich Text Format encoded document
.rtf

21. ARgon Benefits – No DLP Not disruptive Quickly reduce risk posture
Reduce management overhead
Identify real issues
Rapid ROI
Not disruptive
Talk about how can complement existing boundary solution
Not stop and block
Quickly reduce risk posture
Guard against new risks/targeted attacks
Protect critical information
Won’t eliminate threat entirely, but some better than none
Versus “proper” DLP where acquisition is 9 to 12 months, then often years before the “protect” phase goes live
Reduce management overhead
Reduce false positives
Less time vetting and releasing valid business messages
Identify real issues
Reduce noise
Baby steps – start with what you know and then discover what you don’t
Rapid ROI
Start protecting yourself from day one

22. ARgon Benefits – Existing DLP
Complementary
Quickly reduce risk posture
Reduce management overhead
Identify real issues
Rapid ROI
Complementary
Talk about how can complement existing DLP solution
Not stop and block
Quickly reduce risk posture
Guard against new risks/targeted attacks
Protect critical information
Won’t eliminate threat entirely, but some better than none
Reduce management overhead
Reduce false positives
Less time vetting and releasing valid business messages
Identify real issues
Reduce noise
Baby steps – start with what you know and then discover what you don’t
Rapid ROI
Increase protection from day one

23. Why don’t I just sell a SEG/SXG?
Argon for
SXG
3rd party gateway compatibility û 
Inbound
Outbound
Internal
Anti-virus ü
Cost option
Anti-spam
Reporting
AR focused
DLP policies
Adaptive Redaction
Default AR policy
Encryption
TLS only
IG Server integration
Roadmap
Time to protection
ARgon – 1 quarter
SEG – 2 quarters
SXG – 4 quarters
Inbound, outbound and internal, plus AR:
SXG
Don’t want to touch Exchange, want to replace existing boundary solution
SEG
Don’t want to touch Exchange, don’t want to replace existing boundary solution
Argon
ARgon features:
Default AR policy
Data Redaction
Document Sanitization
Structural Sanitization
Analyse Properties
Lexical Analysis
Detect Media Type
Detect Filenames
Majority of hygiene features removed:
SpamLogic
ImageLogic
Attachment Limiter
Message size limiter
Structural Validation (not to be confused with Structural Sanitization)
Message Archiving (Relay and BCC)
Ability to licence an Anti-Virus option will be left in place, although not necessarily promoted.

24. Included and Excluded Features
Data Redaction
SpamLogic
Document Sanitization
ImageLogic
Structural Sanitization
Attachment Limiter
Analyze Properties
Message size limiter
Lexical Analysis
Structural Validation
Detect Media Type
Message Archiving (Relay and BCC)
Detect Filenames
Included
Data Redaction
Document Sanitization
Structural Sanitization
Analyze Properties
Lexical Analysis
Detect Media Type
Detect Filenames
Excluded
ImageLogic
Attachment Limiter
Message size limiter
Structural Validation
Message Archiving (Relay and BCC)

25. ARgon Deployment - Platforms
Developed on SEG V4 core technology
Red Hat Enterprise Linux x64 6.6
64 bit operating system
Physical/soft appliance
Virtual appliance
vSphere
Hyper-V
No hosted service at launch
Developed on SEG V4.0 core technology, so same deployment options
Red Hat Enterprise Linux x64 6.6
64 bit operating system
Physical/soft appliance
Virtual appliance
VMware vSphere 4.1/5.1
Hyper-V R2 Server/2012
No hosted service at launch

26. CCPSP Clearswift ARgon for Email
Building a Business Case

27. Building a Business Case
Risk of new threats and critical information protection
Probability of incident
Accidental and malicious
Complementary offering
Research
Push PoV
Risk of new threats and critical information protection
Are you regulated, for example by the Financial Conduct Authority (FCA) or HIIPA?
Do you have product designs or other Intellectual Property that you need to protect from competitors?
Do you have sales information, for example bid for new contracts or purchase of goods which would be damaging if it fell into the wrong hands?
Are you PCI compliant; would the arrival of credit card information on your network cause a headache for your CIO, CISO, compliance or audit office?
Probability of incident
Have you ever had a data breach? When was the last time?
Have you ever sent an containing critical information to the wrong person?
Have you ever received containing critical information in error?
Have you ever had a malware outbreak on your network caused by embedded active content in a document?
Have you ever suffered embarrassment from revision history being left in a document and accessed by someone who shouldn’t have seen it (e.g. sales proposal)?
Accidental and malicious
Complementary offering
Research
FOCA
Push PoV
Report template

28. ARgon Sales Cycle Awareness and Value Meeting
Operational System Installed
PoV
PoV Results & Business case Report
ARgon Sales Cycle (Awareness, PoV and Business Case, Sign-off) ~ 3 Months [Max]
Cost/Benefit Analysis

29. ARgon Deployment – Proof of Value
Side car deployment
No impact to business
Copies of all live sent to ARgon for analysis
Shows “What would have happened”
Hygiene Gateway
ARgon for
DMZ
Most boundary gateways can deliver original message AND duplicate message for processing on ARgon platform to demonstrate value without interrupting flow
Proof of Value
Side car deployment
No impact to business mail
Copies of all live mail sent to ARgon for analysis
Shows “What would have happened”
Most boundary gateways can deliver original message AND duplicate message for processing on ARgon platform to demonstrate value without interrupting mail flow
Not always possible, but can go in line with policy in Monitor Mode – default policy route
LAN

30. ARgon Deployment – Live Deployment
Located downstream from the existing filtering solution
Located within the internal network
Message management controlled by business units and security
DMZ
Hygiene Gateway
LAN
ARgon for
Live Deployment
Located downstream from the existing filtering solution
Located within the internal network
Message management controlled by business units and security

31. Filtering Rules Outbound Rules Inbound AR Rules Outbound AR Rules
AV + AS
Hygiene rules
Inbound AR Rules
Outbound AR Rules
Separation of rules

32. Message Holding Areas IT Admins AR Business Admins Hygiene
Separation of duties
Copies of redacted/sanitized traffic stored on clean area of network, not DMZ/cloud
Business Admins

33. Services Installation and configuration Advanced policy definition
Out of the box policy
Keep cost of purchase low
Average duration: 1 day
Advanced policy definition
Includes AR Policy Definition Workshop
Advanced policy configuration
Average duration: 3 days
Health check
System and policy review
Training
Duration: 1 day
We have services to offer, but don’t want them to be a barrier to sales
Client can purchase if they don’t have resources available to deploy themselves
However, they are not essential to get ARgon working in their environment
Goal is to skill partners up to deliver these services
Installation and configuration
Basic installation
Out of the box policy
Designed to keep cost of purchase/implementation low
Average duration: 1 day
Advanced policy definition
Includes AR Policy Definition Workshop
Designed for clients requiring advanced policy configuration (e.g. complex data redaction rules)
Average duration: 3 days
Health check
System and policy review
For renewals team
Training
Duration: 1 day

34. Objection Handling Competitor Approach “We’ve got a manual process.”
People forget and make mistakes
Need to ensure employees are trained on latest polices and how to implement them properly
“We’ve already got an gateway/managed service.”
Push new threats and critical information protection
Highlight benefit of reducing management of false positives and “standard” sensitive items
“We use encryption to protect against data loss.”
Highlight that this is only useful when it’s appropriate for that data to be shared with that person
Doesn’t protect against accidental/malicious data loss

35. Objection Handling Competitor Approach
“We’re considering a DLP suite.”
Emphasise that can complement whatever solution they eventually choose
Stress that ARgon can start to mitigate risk from day one
Push new threats and critical information protection
Position away from a full DLP solution
“We’ve got a DLP suite.”
Emphasise that can complement whatever solution they have
Highlight benefit of reducing management of false positives and “standard” sensitive items

36. Competitors Competitor Approach Glasswall Only Structural Sanitization
Symantec
Not on all products (e.g. cloud)
NextLabs
Data Redaction and Document Sanitization at end point (works within clients)
OpenText
Data Redaction and Document Sanitization
Manual/automated process
Mimecast
Document Sanitization
Performed in the cloud solution
Uses the Microsoft Document Inspector and removed revision history, etc.
Can convert file to pdf
Titus
Data Redaction
Manual process that only ‘blacks out' sensitive content
Glasswall
Only Structural Sanitization
Only available via DISARM for on premise messaging/gateway
Symantec
Not on all products (e.g. cloud)
NextLabs
Offers Data Redaction and Document Sanitization at end point (works within clients)
OpenText
May know as Redact-It from IGC
Data Redaction only
Manual/automated process – automated by copying script to folder and placing files in there – not DIM
Mimecast who have document sanitization for their cloud solution. The function is provided by calling Mimecast calling the Microsoft Document Inspector and removing revision history, etc....they can also convert the file to a pdf
Titus - Have text redaction for their Message Classification product...Manual process that only 'Blacks Out' sensitive content

37. Microsoft Document Inspector
Competitors
Competitor
Approach
McAfee Endpoint DLP
Can automate sensitive data [creates clear text]
Authorized user can then review redacted content via ePO
Microsoft Document Inspector
Removes revision history
Manual process
Websense
Data Redaction
Part of Data at Rest DLP function
Adobe Acrobat Pro
Redact text and images
Appligent
Redax product automatically redacts content in PDF documents
OmniX
Automated text redaction for litigation services
McAfee Endpoint DLP - Can automate sensitive data [creates clear text]. Authroised user can then review redacted content via ePO
Microsoft Document Inspector. Removes revision history...Manual process
Websense - can do data redaction as part of their Data at Rest DLP function
Adobe Acrobat Pro...had the ability to redact text and images....Manual Task
Appligent - its Redax product will automatically redact content for PDF documents
OmniX - automated text redaction for litigation services

38. CCPSP Clearswift ARgon for Email
Installation

39. Clearswift ARgon for Email
Users
Gateway/ Managed Service
Server
Internet
Clearswift ARgon for
Users
Deploy in line with existing solutions

40. Platforms Hardware Virtual
Any platform supported by Red Hat Enterprise Linux x64 6.6
Virtual
VMware vSphere 5.5
Microsoft Hyper-V 2008 R2 server
Microsoft Hyper-V 2012 R2 server
Hardware
Any platform supported by Red Hat Enterprise Linux x64 6.6
Virtual
VMware vSphere 5.5
Microsoft Hyper-V 2008 R2 server
Microsoft Hyper-V 2012 R2 server

41. ARgon for Email Sizing Message Volume Processor Number of Processors
Memory
Disk
Raid
Low
(<20,000 per hour)
Dual Core 1
4GB
320GB+ SATA/SCSI
Optional
Medium
(<50,000 per hour)
Dual/Quad Core Xeon
High
(<60,000 per hour)
6GB
2 x SAS 15k RPM
Yes (1)
Very High
(>60,000 per hour)
Quad Core Xeon 2
Multiple SAS 15k RPM
Yes (1, 10)

42. Ports and Protocols – External Connections
Description
Protocol
Port
Hostname/URL
Current IP Address
DNS
UDP 53
Product updates
TCP 80
repo.clearswift.net
Online help
apphelp.clearswift.com
RSS Feed
Service availability list
services1.clearswift.net
services2.clearswift.net
services3.clearswift.net
/19
/19
/23
/19

43. Ports and Protocols – External Connections
Description
Protocol
Port
Hostname/URL
Current IP Address
NTP server
UDP
123
time.clearswift.net
Forms part of the
NTP Pool project
License key validation
TCP
443
applianceupdate.clearswift.com
Managed list downloads

44. Ports and Protocols – Internal Connections
Description
Protocol
Port
Comment
FTP
TCP
20,21
For backing up and restoring the system
SSH 22
Secure console access
SFTP Lexical data import
To the server containing the lexical data
HTTP 80
Browser access to the Manage via Inform UI
SNMP alerts
UDP
162
SNMP alerts from the system

45. Ports and Protocols – Internal Connections
Description
Protocol
Port
Comment
LDAP (Address lists)
TCP
389
3268
3269
For accessing directory servers
Accessing Global Catalogue server (normal and secure)
HTTP/S
443
Browser access to the management UI
Peer communications
SYSLOG export
514
To the central SYSLOG server
FTPS Lexical data import
990
To the server containing the lexical data

46. Installation ARgon for Email ISO stored on either Minimum
Removable USB drive
Clearswift AR V4 DVD
Minimum
4 GB RAM
200 GB hard drive
ARgon for ISO stored on either
Removable USB drive
Clearswift AR V4 DVD
Minimum
4 GB RAM
200 GB hard drive

47. Install RHEL 6.6 Insert ARgon for Email disc and reboot
Select Install ARgon for option
Configure network settings
Select language
Select keyboard type
Select time zone
Recommend select System clock uses UTC option
System will reboot
Insert ARgon for disc and reboot
Select Install ARgon for option
Configure network settings
Select language
Select keyboard type
Select time zone
Recommend select System clock uses UTC option
System will reboot

48. ARgon for Email Console
Default credentials
User: cs-admin
Password: password
Use the menu to
Change network settings
Download and apply updates
Reset the user interface access control settings
Reset the admin, or cs-admin passwords
Access the command line
Default credentials
User: cs-admin
Password: password
Use the menu to
Change network settings
Download and apply updates
Reset the user interface access control settings
Reset the admin, or cs-admin passwords
Access the command line

49. Post Installation Wizard
Corporate servers
Boundary solution
Web proxy
Passwords
Use the post installation wizard to configure basic settings
Corporate servers
Boundary solution
Web proxy
Passwords
Same process as SEG V4 – don’t configure IP addresses, etc. here anymore

50. CCPSP Clearswift ARgon for Email
Default Policy

51. Default Policy Monitor routes Remediate routes Detect active content
Lexical analysis
Remediate routes
Structural Sanitization
Document Sanitization
Data Redaction
ARgon for ships with default monitoring and enforcement routes to make POV and deployment more straightforward
Monitor routes
Not possible to run the Adaptive Redaction rules in “monitor mode”
Can use some alternatives set to “Perform no action”, or to deliver and quarantine
Detect active content
Detects same active content as Structural Sanitization rule cleanses
Lexical analysis
Reference list of terms that would be redacted in a live policy
Remediate routes
Structural Sanitization
Document Sanitization
Data Redaction
Common PII and PCI terms

52. Default Policy - Inbound
Sanitize Inbound Active Content
Fail to Modify a Message
Fail to Process a Message
Sanitize Inbound Active Content
Fail to Modify a Message
Fail to Process a Message

53. Default Policy - Outbound
Sanitize Outbound Active Content
Detect and Redact Outbound PCI Text
Detect and Redact Outbound PII Text
Detect and Redact Confidential Material Outbound
Sanitize Outbound Document Properties
Fail to Modify a Message
Fail to Process a Message
Sanitize Outbound Active Content
Detect and Redact Outbound PCI Text (customization suggested)
Detect and Redact outbound PII Text (customization suggested)
Detect and Redact Confidential Material Outbound (customization suggested)
Sanitize Outbound Document Properties
Fail to Modify a Message
Fail to Process a Message

54. Best Practice
Data Redaction, Document Sanitization and Structural Sanitization rules are always enforced
Position within content rules table does not matter
Unless need to deliver and keep copy
Position towards bottom of table
Below quarantine rules
Data Redaction, Document Sanitization and Structural Sanitization rules are always enforced
Position within content rules table does not matter
Unless need to deliver and keep copy
Position towards bottom of table
Below quarantine rules
Avoid delivering something that should have been blocked

55. Best Practice – Disposal Actions
When adding Data Redaction, Document Sanitization and Structural Sanitization rules
On successful
On unsuccessful
Annotations
Informs
When adding Data Redaction, Document Sanitization and Structural Sanitization rules
On successful
Perform no action
Deliver and quarantine
On unsuccessful
Annotations
Informs

56. Message Management Original message Modified message
No redaction or sanitization
Modified message
All redaction and sanitization
Possible to release messages in their original format if required
Policy does need to be configured to redact/sanitize and keep a copy
Original message
No redaction or sanitization
Modified message
All redaction and sanitization

57. Single Quarantine
Client may wish to manage quarantined messages from existing boundary solution
Configure content rule
Primary disposal action: Deliver
What else to do: add X-Header or annotate message
Scan for X-Header/annotation on existing solution
Not suitable for Data Redaction, Document Sanitization and Structural Sanitization rules

58. CCPSP Clearswift ARgon for Email
Lexical Expression Qualifiers

59. Lexical Expression Qualifiers
Search for items which match specific entries in a source file (e.g. Patient ID numbers, credit card numbers, etc.)
Offer improved DLP capabilities
Reduced false positives
Support for 10 million items
Configure qualifier to reference particular data set and unique Key Field
Database
Windows Platform
TSV File
Obfuscated File
Clearswift ARgon for
Search for items which match specific entries in a source file (e.g. Patient ID numbers, credit card numbers, etc.)
Offer improved DLP capabilities
Reduced false positives
Support for 10 million items
You configure a qualifier to reference a particular data set and a unique Key Field

60. Preparing Your Data
Use ffcreate utility to convert TSV files into Gateway compatible data sets
Input files must
Be a flat tab-delimited file
Be encoded in UTF-8
Not contain column headers
Consist of entries on separate rows
Not contain header properties
Use the ffcreate utility to convert tab-separated input files into Gateway compatible data sets
Input files must:
Be a flat tab-delimited file
Be encoded in UTF-8
Not contain column headers
Consist of entries on separate rows
Not contain header properties

61. Preparing Your Data Set
To convert an input file to a data set
Prepare input file as tab-separated data
Save file in a directory
Run ffcreate command line utility in same directory
You need to install one of the following packages:
32 bit:
64 bit:
Configure the key fields and the structure of your output file using the command line:
ffcreate -k <key_name> -s <schema> -i <input_file> -o <output_file>
<key_name> - must consist of alphanumeric characters only: a-z, A-Z and 0-9
<schema> - index of the columns available in your input file
<input_file> - must include the file extension
<output_file> - must append with the extension .leq
Each Key field must match a unique reference in the schema
Import the data set
Automatically
Manually
To convert an input file to a data set:
Prepare input file as tab-separated data
Save file in a directory
Run ffcreate command line utility in same directory
You need to install one of the following packages:
32 bit:
64 bit:
Configure the key fields and the structure of your output file using the command line:
ffcreate -k <key_name> -s <schema> -i <input_file> -o <output_file>
<key_name> - must consist of alphanumeric characters only: a-z, A-Z and 0-9
<schema> - index of the columns available in your input file
<input_file> - must include the file extension
<output_file> - must append with the extension .leq
Each Key field must match a unique reference in the schema
Import the data set
Automatically
Manually

62. Importing Your Data
Use the Lexical Data Import page to configure how and when the Gateway imports your data
Import Schedule
Specify time of day for import
Server Settings
Server type
Address
Port
Use authentication
User name
Password
Use untrusted certificate
Import Files
Select the paths required to
locate your input files
Use the Lexical Data Import page to configure how and when the Gateway imports your data
Import Schedule
Specify time of day for import
Server Settings
Server type
Address
Port
Use authentication
User name
Password
Use untrusted certificate
Import Files
Select the paths required to
locate your input files

63. Creating a Lexical Expression Qualifier
From the Policy Center Home page, click Lexical Expressions
Select the Lexical Expression Qualifiers tab
Click New
Use the Overview section to name your qualifier
Use the Manage Lexical Expression Qualifier panel to configure:
Data Set: the *.leq file containing your data
Key Field: the column (key) in the data set which you want the qualifier to use
Click Save

64. Adding a Qualifier to an Expression
You can only use lexical expression qualifiers with Custom Expressions
To add a qualifier to an expression:
From the Policy Center Home page, click Lexical Expressions
Select the Lexical Expressions tab and edit an expression list/create a new one
Select Custom Expression from the Use drop-down menu
Enter your custom lexical expression, using a Predefined or User defined pattern
The qualifier must be inserted after the PATTERN and before the closing period.
For example: .PATTERN=CCNUMBER|.
Use the Qualifiers tab to select your qualifier and add it to the expression
Click Add

65. CCPSP Clearswift ARgon for Email
Collateral and Roadmap

66. Collateral Sales presentation Solution paper Use case white paper
ARgon vision slides and paper
Objection handling FAQs
Competitive positioning
Telemarketing scripts
Sales presentation
Solution paper
Use case white paper
ARgon vision slides and paper
Objection handling FAQs
Competitive positioning
Telemarketing scripts

67. Roadmap Jan – Feb – Mar Apr – May – Jun Jul – Aug – Sep
2015
2016
Jan – Feb – Mar
Apr – May – Jun
Jul – Aug – Sep
Oct – Nov – Dec
ARgon for V1.0
Adaptive Redaction
English only
ARgon for V1.1
Japanese
ARgon for Web V1.0
Adaptive Redaction
IGS integration
English and Japanese
ARgon for ICAP V1.0
Adaptive Redaction
English and Japanese
ARgon for V1.2
IGS integration
ARgon for ICAP V1.1
IGS integration
All dates and functionality are subject to change
Targeting quarterly releases
ARgon for Exchange V1.0
Adaptive Redaction
English and Japanese
ARgon for Exchange V1.1
IGS integration
Note: All dates and functionality subject to change

68. CCPSP Clearswift ARgon for Email
Frequently Asked Questions

69. FAQ What vendors’ solutions does ARgon work with?
Any solution that can pass SMTP s to ARgon
Does the client need to purchase all 3 AR features?
Yes, they are all included in the subscription cost
Can I peer an ARgon with an SEG/SWG/SXG/SIG?
No, only other ARgon systems
Can I upgrade an ARgon to a SEG?
No direct upgrade path, will require a new installation
Potential to offer service to migrate policy and add hygiene components
What vendors’ solutions does ARgon work with?
Any solution that can pass SMTP s to ARgon
Does the client need to purchase all 3 AR features?
Yes, they are all included in the subscription cost
Can I peer an ARgon with an SEG/SWG/SXG/SIG?
No, only other ARgon systems
Distinction between just AR and full Gateway functionality
We want them to buy full suite
Can I upgrade an ARgon to a SEG?
No direct upgrade path, will require a new installation
Potential to offer service to migrate policy and add hygiene components

70. CCPSP Clearswift ARgon for Email
Summary

71. Clearswift ARgon for Email
Adaptive Redaction solution
Complements existing security and Data Loss Prevention (DLP) solutions
Addresses issues with traditional DLP solutions
Delivers enhanced
Risk mitigation
Critical information protection
ARgon allows us to rapidly provide clients with an Adaptive Redaction solution
Complements existing security and Data Loss Prevention (DLP) solutions
Addresses issues with traditional DLP solutions
Stop and block
False positives
Barrier to business
High management overhead
Delivers enhanced
Risk mitigation
Stop spear phishing attacks traditional defenses miss
Critical information protection
Remove sensitive information

72. Selling Clearswift ARgon for Email
“Providing organizations a solution to rapidly protect their critical information without harming productivity, or replacing their current operational infrastructure.”
for exam
“Providing organizations a solution to rapidly protect their critical information without harming productivity, or replacing their current operational infrastructure.”