Cymphonix Network Composer

Submitted by vendor: BridgeIT
Last updated: 12/28/2010
About Company
Company Name: 
Bridge Information Technology
Number of URLs Company Has Categorized: 
Over 66 Million
# of FTE Maintaining Site List: 
2
Links to Third Party Reviews: 
http://www.libraryjournal.com/article/CA6708592.html; http://www.thevarguy.com/2010/05/07/cymphonix-unveils-security-and-reporting-appliances/; http://bit.ly/cymphonixvideo; http://www.scmagazineus.com/cymphonix-network-composer-7/review/544/
Library References (include Contact Info): 
Tim Linde - Kanawha County Public Library, Charleston, WV - (304) 343-4646 Alex Love - Warren County Public Library, Bowling Green, KY - (270) 781-4882 Scott Jones - Weber County Library, Ogden, UT - (801) 399-8404 Alex Hatley - Corpus Christi Public Libraries, Corpus Christi, TX - (361) 854-2356
Additional Comments About Company: 
Cymphonix produces the industry’s leading Secure Web Gateway device, Network Composer. Network Composer is the only secure web gateway built from the ground up to deliver deep-packet control technology specifically to meet the needs of small and mid-sized networks. Because of its deep-packet control architecture, Network Composer addresses issues with both web content and web application traffic - providing administrators unparalleled visibility, security and control over how and when the Internet is used. Network Composer’s unique interface makes it easy for administrators to quickly identify and control Internet use issues. Bridge Information Technology is an Authorized Reseller of Cymphonix's suite of products and services.
URL to product: 
http://www.cymphonix.com/Libraries.html
Platform and Pricing
Type of Product: 
Network appliance
Platforms Supported: 
All
Does Company Offer Library Discounts?: 
Yes
Cost of One Time Fee (for 50 users): 
Depends on WAN throughput of your network. Call for details.
Cost of Annual Subscription (for 50 users): 
$725.00
Complete Pricing Schedule: 
Contact us for pricing. 1-866-882-7164 or www.cymphonixnc.com
Filtering Technology
Process for Categorizing a Site: 
Cymphonix uses three tools in parallel to manage its Web-filtering task. The first tool is a database of disallowed sites. It's simple and powerful but the problem with using this tool by itself as the main method of Web filtering is obvious: sites change on a daily or even hourly basis. A static defense against a dynamic threat will fail over time. Though this type of tool is simple, fast and excellent at defending against known threats, it's only as good as the last update. Ironically, many vendors go to great lengths to cite the size of their databases as a measure of their product's Web-filtering strength. We think numbers are important, but focusing on just one dimension is misleading. A more important number to consider is how many tools are working together to do the job. We use three. The database is just the first one. The second tool we use is our Keyword Analysis Engine, which scans the URL for text strings that suggest an inappropriate site. This tool is dynamic and can help keep up with the changing environment of the Web. As you know, the limitation of only using keywords for Web filtering is the risk of false positives and false negatives. For example, someone going to visit Essex, Connecticut might want to visit the city's Web site at www.essexct.com beforehand to get information on attractions. It's too bad, but filters using only keywords as their primary defense would block the site. On the other hand, if someone put up a site about the city that included offensive content and named the Web site something innocuous like www.bland.com, keyword filtering would not flag that site. Solutions that rely too heavily on keyword analysis run into a lot of false positives that end up blocking legitimate sites. Lots of appliances use keyword analysis because it is efficient and has a small footprint. That's great if there isn't enough space to create a more sophisticated database with processor-intensive tools. Cymphonix Network Composers have plenty of room and processing power to run multiple tools. That's why we add our third tool, the Real-Time Analysis Engine. This part of the XLi OS scans the actual content of the Web page, as well as the structure, the text, and other content. The Real-Time Analysis Engine then runs a set of heuristics to deduce whether a site that sounds naughty is actually innocent or an innocent site is really the naughty one. Finally, because no single solution, or even the best-engineered trio of solutions, can be a hundred percent tailored to your organization a hundred percent of the time, we also provide an easy way to add, delete, or reclassify sites. And because we know building and maintaining a site list is a lot of work, XLi keeps the list intact when you upgrade or change appliances.
Percentage of Category Decisions Reviewed by Human: 
Description of Each Content Category with Example URLs: 
The Network Composer's database currently lists over 66 million URLs classified into over 90 categories including Pornography, Child Pornography, Mature Content, Drug, Hate, Criminal Skills, Hacking, and Weapons just to name a few. Additionally, because of the dynmaic nature of the Internet, Network Composer provides real time content and keywork analysis of web pages to prevent access to new or changing sites with inappropriate content (in 20 international languages).
Categories Vendor Recommends for CIPA Compliance: 
pornography, child pornography, mature content, drugs, hate, criminal skills, hacking, weapons, etc.
Granularity of Your Block List: 
Block by IP address
Block by hostname
Block by top level domain
Block to page level
Examples of Each Item Selected Above (Granularity): 
The Network Composer enables organizations to get down to granular Internet optimization for elimintating threats while monitoring traffic down to the exact type of content going through the company's pipeline. The appliance can actually give you "deep packet inspection" from layers 3 to 7, along with a real-time HTTPS scan, so you can look into encrypted sessions to make sure they're not security risks. You can choose to filter by active directory group, IP address, MAC address, URL, host, all the way down to filtering the specific content within a webpage.
Frequency of Updates to Blocked Site List: 
Daily
Description of How Updates are Applied: 
Software, firmware, content filter, and anti-virus definitions are automatically updated daily. Filter avoidance definitions are completed hourly.
Block Page Displayed or Blocking Transparent to User: 
Additional Comments on Blocking: 
Network Composer can be configured to display a block page or leave it transparent. Additionally, Network Composer allows you to go beyond traditionaly block/allow rule sets for your network. You can shape and prioritize your traffic the way you see fit. For example, say that you don't want to completely block access to a site such as YouTube.com; however, you want to limit the amount of resources it uses. You simply set up the URL YouTube.com to never use i.e. more than 20% of your bandwidth at any given moment and give it a low priority. This insures that other information in your pipe (such as education and research categories) are given a higher priority and thus, more bandwidth.
Items that Can Be Included on Block Page (if applicable): 
Category causing the block
Customizable message
Password override
Does filter provide dynamic filtering of pages as they are accessed?: 
Yes
Does content filtering work on a weighted system controlled by administrator: 
Describe how dynamic content filter can be changed by administrator, if applicable.: 
Can filter by file type: 
Can block by extension--applies to all categories
Can block by extension within a category
Can block by MIME type--applies to all categories
Can block by MIME type within a category
Can block by protocol--applies to all categories
Can block by protocol within a category
General Administration
Can Have Multiple User/ Filter Profiles: 
Yes
Additional Comments on Filter Profile Options: 
Filter profiles or "groups" can be created as the admin sees fit.
Admin Can Selectively Enable Categories: 
Yes
URLs in Each Content Category Are Viewable: 
Provide URL Lookup: 
Keyword Blocking: 
Admin Can Disable
Admin Can Remove Sites From Category: 
yes
Users Can Recommend URL Recategorization to Company: 
Yes
Admin Can Modify Categorization of URL: 
Yes
Admin Can Add New Categories: 
Yes
Admin Can Add Sites to a Category: 
Yes
Admin Can Block Images But Not Text Within a Category: 
Yes
Reporting Capabilities: 
Powerful tools must be easy to use. Cymphonix Network Composer sees all the traffic in the network. The Dynamic Live Reporting Engine in XLi takes massive volumes of data and correlates and categorizes it. That way, the Network Composer user interface can present the information in a simple way that lets you or your delegated administrators quickly pinpoint issues and take precise action. Reporting can be viewed live and can be exported via via .XLS or .XML file. Reports can also be configured to automatically be emailed to a list of recipients.
Integrates with Directory Service (LDAP, Active Directory or NDS): 
LDAP
Active Directory
NDS
Can import URLs to Always Allow List: 
Can import CSV file of URLs
Number URLs One Can Add to Always Allow List: 
Unlimited
Overriding
Can Filter be Turned off at the Workstation: 
Yes
Describe Process and Options Available for Turning Off Filter at Workstation: 
The administrator has access to the Appliance from any workstation...from any computer anywhere.
Blocked Page Can Be Overridden by Admin: 
Yes
Describe Process and Options For Overriding a Blocked Page: 
Administrator can configure the block page so that a password can be supplied in order to override.
Admin Can Turn Filter Off for a Period of Time: 
Yes
Process and Options for Turning off Filter for a Period of Time: 
Administrator can turn off filtering for a specific user for a specified period of time--totally customizable.
Additional Comments on Overriding Options: 
Internal