SurfControl's SuperScout, like Elron's IM, has two components: Web Filter and Email Filter. Although SuperScout matches the eSniff 1100 and Pearl Echo when it comes to monitoring Internet protocols, Web Filter analyzes only URLs in HTTP traffic and leaves content monitoring to the Email Filter. And though Web Filter provides the most detailed standard reports, it lacks a Web-based management and configuration utility, like those found in the eSniff 1100 and Elron's IM, to facilitate administrative functions and provide remote access to server functions.

Web Filter 3.0.3

SuperScout's installation was uneventful. The product works with both Windows NT 4.0 and Windows 2000. The recommended hardware configuration includes a Pentium III system with 256 MB of RAM and 1 GB of free disk space. We installed both server and client code on the test server, and here SurfControl beat Elron: SuperScout's installation identified both network cards in our test server and gave us the option of binding services to either one (SuperScout supports both 10/100 Ethernet and Gigabit Ethernet NICs). The install wizard also gave us a choice of monitoring all detected workstations or manually selecting them after installation. We chose the first option, and Scout completed the installation by adding ODBC components to a Microsoft Access database. Note that SuperScout, like Elron Internet Manager and Pearl Echo, also supports SQL Server.

Configuration of SuperScout services was accomplished via the client code installed on our server. SurfControl's client lacks the usability of Elron's Java-based client, but it does the job. We first expanded the number of protocols monitored from the default list of HTTPS (HTTP Secure), HTTP, NNTP, telnet and FTP to include SMTP and POP3. Note that only Email Filter analyzes the full content of mail messages. Advanced configuration settings can modify port assignments for any of the monitored protocols, and audit levels can be set globally or per individual user to capture all HTTP traffic or only Web pages, excluding images, for example.

SuperScout service settings can also define user-name support options for Windows NT domains, DNS name resolution and the level of categorization the program uses to label HTTP activity. SuperScout claims to identify more than 1.5 million URLs by category; the common categories we tested for are included, as are more than 35 additional categories. For licensed users, category lists can be configured to download and install automatic updates from SurfControl. Words can be added to default categories, and new categories can be created. Default categories are not customizable, however. After populating the database with client requests, SuperScout accurately classified all URLs and was the only software to capture and report 100 percent of the traffic generated. Note, however, that the full content of pages is not scanned.

Once installation and configuration were complete, the fun began. SuperScout can generate from a Web browser more than 60 standard reports, using all or a subset of the database, and you can define specific criteria via an easy-to-use browser window. Like Elron's IM, SuperScout can provide cost analysis and can schedule reports to run automatically and then be e-mailed to a manager or saved to a shared folder. It would be nice to see these reports exported to HTML, as Pearl Echo does with its log file.

SuperScout also provides the most colorful real-time monitor in the roundup. Color codes match URLs with identified categories, and SuperScout comes with a complete palette to color code all categorizations, not just four categories as with Elron IM. You can see gambling roll by in green and pornography zoom by in red. Slick, but we think administrators have better things to do than watch a real-time monitor, no matter how snazzy.

Email Filter 3.0

Although Web Filter can identify and report on POP3 and SMTP traffic, SuperScout needs Email Filter to analyze the full content of e-mail. A 400-MHz Pentium II system with 128 MB of RAM and 1 GB of disk space must be dedicated to Email Filter. Although the application can be installed directly onto a mail server running Microsoft Exchange or Lotus Notes, SurfControl does not recommend it.

The mail system under review needs a preregistered domain name. Before installing Email Filter, you need the location of the SMTP gateway or MTA (mail transfer agent) and the IP address of the mail relay host, if applicable. If your site does not use a mail relay, the Email Filter server needs a DNS entry as the MX (mail exchange) for the mail server. Incoming mail to the domain first flows to the Email Filter, where it is analyzed, reported and acted on. Then, depending on the action, the mail may or may not be passed on to the mail server. Outgoing mail will move to the Email Filter server, where it will be worked over and, if it's clean, passed on to its destination.

After creating an MX record for our Email Filter server and configuring our mail server to use it as a relay host, we installed the Email Filter server, Message Administrator and Web Message Administrator. We changed the default port to access the Web Message Administrator to 8080. Without restarting the server, we launched the Email Filter server, and the real-time monitor began to list messages to and from our mail server.

Email Filter scans for words and phrases within e-mail messages and attachments using a dictionary. To get information on e-mail traffic, we defined rules triggered by subject dictionaries -- for example, "confidential" and "offensive materials." Unlike Web Filter, Email Filter lets you directly edit the content of dictionaries by selecting or deselecting words. When rules are triggered, a number of possible actions can ensue: allow, isolate, discard or delay relay.

The Email Filter Message Administrator client software can be called from the real-time monitor to review captured or isolated messages, which can be analyzed for the words that triggered the rule. The full content of the message can be displayed as well. Client software lets you forward the message to a manager, include the message in the Risk Filter, return it to the send queue, save it or delete it. These actions can also be performed from the Web Message Administrator.

Email Filter requires Microsoft Data Access Components (MDAC) 2.5 or higher and Microsoft Access 2000 to generate reports and charts using the default STEmailReports.mdb. There is also a version for Access 97. If you don't have Access, the CD contains a version of Access run-time. Report generation, however, is not Web-based, as it is in eSniff 1100, IM and Pearl Echo. Reports must be generated on the Email Filter server or from another PC with the Email Filter client installed.

SuperScout Web Filter 3.0.3, SuperScout Email Filter 3.0. Available: Now. SurfControl, (831) 431-1300, (800) 368-3366; fax (831) 431-1800. www.surfcontrol.com