As a packet monitor, the CI cannot block traffic. Installed using a tap (such as our network critical tap), it watches packets and reports policy violations. The MTA configuration reroutes email and manages it according to applicable rules, including automatically encrypting sensitive information using PGP (pretty good privacy).
We like the email and ICAP capabilities, but the packet inspection would be more useful if it could perform blocking as well. However, given that most data leakage is through email, the separate email capability handles that problem nicely, and if you want other protocols you can implement the ICAP. The CI-1500 does not provide protection against data leakage through peripherals.
We found this appliance easy to set up and get going, but the configuration of the various capabilities was a bit challenging. The appliance uses separate ports for its three capabilities, and each needs to be configured for use. However, documentation is excellent and it did not take us long to insert it into our test bed.
Once up and running, the CI performs very well. We had no problems with it and it behaved as we expected. The CI-1500 supports up to 5,000 users, and the smaller CI- 750 supports up to 250. These products are aimed at small- to medium-sized businesses.
The web site is good, but could use more support content. A 24/7 premium support package also is available.
Priced at US$25,000, this is not a cheap product given its focus on data leakage only through the network. However, for a smaller organization with only that particular need, its ease of use and good performance make it a bit better than average value.
For: Easy to use, supports more than 400 file formats, a very good performer in smaller enterprises
Against: Only manages the network leakage vector, no support for peripherals
Verdict: For an SME that wants to manage data leakage through the network, this is a good fit