Nexor Watchman for Government Agency

The Challenge

Customers operating in highly sensitive environments need close control over the movement of Restricted information. To work efficiently, staff have to be able to send Restricted and Unrestricted messages from their own workstations. However, this requirement cannot be allowed to increase the risk of Restricted information being accidentally transmitted over Unrestricted networks.

In such a setting, the key requirements are to prevent:

• Users from putting Restricted information in Unrestricted messages
• Restricted messages from travelling across Unrestricted networks.

The Nexor Solution

The cornerstone of Nexor’s solution is its Nexor Watchman product, which is installed – with Nexor Mailer – on both SMTP and X.400 MailGuard servers. Microsoft Exchange Servers are used for Restricted and Unrestricted mailbox servers. Nexor Mailer is used as the network backbone (both X.400 and SMTP). The Nexor Virus Scanner add-on is utilised alongside the SMTP solution.

The first product to deliver automated message filtering based on content, Nexor Watchman assesses message content based on a weighted count of hit words, and then checks the resulting classification against the security label. When checking the message content, both the body of the message and the email headers are read.

Nexor Watchman was utilised in two different ways:

1. Between a Restricted Exchange site and an Unrestricted Exchange site – X.400 mode
   If Nexor Watchman judges the content of a message to be Restricted, it returns the message to the originator with a non-delivery warning explaining the reason for its return.
    
2. Between the corporate network and unclassified customers – SMTP mode
   • Inbound email messages are scanned to determine the classification of the content. If the content is found to be Restricted, an LDAP call is used to determine whether the recipient is located on the restricted Exchange site. If so, the message is relayed to the recipient. If not, the message is not delivered and a non-delivery report (NDR) is sent to the originator.
   • Outbound email messages are scanned to determine if their content is suitable for transmission over an unclassified network. If the content is found to be unclassified, an LDAP call is used to determine whether the originator is permitted to send messages to the recipient. As for inbound messages, the message is delivered or not as appropriate.

Nexor Watchman can also determine if the email is S/MIME encrypted. If it is, only the message header can be scanned but an LDAP call can be used to check whether the user is authorised to send S/MIME encrypted messages to unclassified customer networks.

The Result

Checking content to verify security classification labels greatly reduces the chance of users accidentally including Restricted information in Unrestricted messages. The customer can configure the list of hit words to be as specific or general as required, balancing the need for security against the number of messages that have to be reworded and resent.

Only Unrestricted messages can be sent outside the organisation directly by users, making it impossible for Restricted messages to be sent accidentally over unsecure networks. Restricted messages can be sent only to users who are authorised to read them, which prevents users from accidentally forwarding Restricted information to unauthorised personnel.

In addition to addressing a key security requirement, Nexor Watchman was judged by a major customer to be the best beta product ever received for testing. “Nexor exceeded our expectations by producing an exemplary beta and an excellent product on time and to budget. It is a truly excellent product,” stated a Government agency representative.