Your Gate
to a Safe System
About Us
The Threats
Sasa Software was founded in mid 2012 and
specializes in IT security. It is owned by Kibbutz
Sasa, situated on the Meron Nature Reserve in the
northern part of Israel.
Kibbutz Sasa is also the owner of Plasan Sasa,
a leading worldwide armouring company.
Plasan Sasa has been supporting for years the
USA and NATO troops in Iraq and Afghanistan.
Sasa Software’s leading product is the Gate
Scanner which secures incoming data in a very
innovative and sophisticated way.
The Gate Scanner was launched and implemented
at Plasan Sasa and is a fully tested and mature
product.
The Gate Scanner Suite of products are ceritified
by Israeli IT security regulators.
Malicious malwares can penetrate the
network via external devices, e-mail or 3rd
party applications. Once it has penetrated, the
whole database and network performance, are
exposed and in danger.
In most organizations the most neglected IT
security layers are at the Gateway and at the
Endpoint. Overall the main target is to protect
the organizations network data from malicious
malware. This threat is common to any organization
which has any kind of database that needs to be
protected.
The Solution
The Gate Scanner is an offline solution in which all data and files are being transferred through.
The Gate Scanner Suite of products allows organiztions to maintain their daily operations whilst receiving
incoming date which has been scanned, sanitized and approved by the Gate Scanner system, providing the
right protection at the highest level.
2
Yo u r G a te to a S a fe Sys te m
3
Main Features
Our Products
GATE SCANNER Kiosk
Stand alone extensive deep scanning station with various connections.
GATE SCANNER Server
Extensive deep scanning server that can connect to 3rd party applications.
GATE SCANNER
3rd Party API
Interface for linking 3rd party applications straight to the Gate Scanner engine.
GATE SCANNER Desktop
Extensive deep scanning from the users desktop.
GATE SCANNER Injector
One way optical connection between separate networks.
GATE SCANNER Mail
Deep scanning mail system in addition to all mail relay.
GATE SCANNER Secure Browsing Deep scanning for internet downloads.
Accessories
GATE SCANNER Kiosk
Log In
4
Email
choose
Email
address
Connect the
media to Gate
Scanner
Yo u r G a te to a S a fe Sys te m
Files
Choose
requested
files/folders
Converting Files
• Convert graphical formats, office files to PDF,
excel to RTF, word to TIF, PDF to bitmap and
back.
• Extract Macro and embedded elements for
office files.
• Remove Java and embedded elements from PDF.
• XML Parser & Text Parser.
• Clean Meta Data.
Stand for Gate Scanner System.
Media
Scanning and Blocking
• Sophisticated file type identification, with
multi “TrueType” engines.
• Black and white listing.
• Blocks macros, embedded components and
unrecognized file types.
• Deep content search (including archived files).
• Interworks with 5 leading commercial antivirus systems.
• Extensive work load capacity.
• Blackening - prevention of data removal from
the network.
• Simple, user friendly interface.
• Zero Day capabilities.
The Process
Enter user
name and
password
Verify
Validate files
and email
Scan
Take out media
and return to
work station
Notify
Receive Email
notification
Managing Users
• User Verification - log on by local user or
Active Directory or anonymous by e mail only.
• Verification against user e-mail address or
profile groups.
Security
• Anti-tampering process.
• Gate Scanners operating system is sealed,
shielded and encrypted - running by WIN 8
embedded.
• Option to restart the computer upon
completion of each scan.
Managing System
• Multi language user interface.
• Central administration site including full
control, administration and configuration to
every user and station.
• Central Update server .
• Detailed reports and event logs.
Results
Download
the clean
scan results
5
3rd Party API
Application Server
Gate Scanner Server for Applications
• The Gate Scanner Server supports several
different 3rd party applications working
simultaneously.
• Smart Queue Management.
• Each single Gate Scanner engine has a very
high working capacity.
• Upon increase in workload, Gate Scanner
engines can be added in an Active/Active way,
without interrupting the server performance.
• All Gate Scanner features and capabilities are
embedded in the scan engine.
• Use of more than one scan engine requires an
Update Server. This server will receive on-line
updates from the Sasa Software server via the
internet cloud. It will update a single source for
all scan engines.
• User requests and application support operate
simultaneously.
• The server accepts requests from Thin Client
stations, or via Gate Scanner Desktop.
• The Gate Scanner 3rd Party API is operated by
3rd party applications.
• The Gate Scanner Engine capabilities and
performances are identical to the Gate Scanner
Kiosk.
Typical Topology of Integrating Gate Scanner with 3rd Party Applications
WEB
DMZ
IN
rd
Typical Topology of the Gate Scanner Server Solution
3rd party application 1
APPLICATION
GATE SCANNER- 1
INPUT
SOURCE
SOURCE
OUT
3rd party application 1
3rd party application N
APPLICATION
APPLICATION
TARGET
TARGET
GATE SCANNER- 1
GATE SCANNER- N
WRITE
READ
Network
Connection
3rd PARTY
APPLICATION
MANAGEMENT SERVICE
3rd party application N
APPLICATION
LAN
WEB APPLICATION
Server
SCAN ENGINE
• In order to support an increase in workload,
Gate Scanner Engines can be added online in an
Active/Active way, without interrupting server
performance.
OUTPUT
GATE SCANNER- 2
Network
Connection
LOGS
DATA PRIOR TO CHECK
MNG
CONSOLE
UPDATE
SERVER
DATA AFTER CHECK
BACKUP
GATE SCANNER- N
GATE SCANNER- N
Note: 3rd party application is positioned at the source and at the target partition.
6
Yo u r G a te to a S a fe Sys te m
7
Desktop
An innovative solution which allows you the
flexibility of having all the advantages of the Gate
Scanner Kiosk and Multi-Server at your finger tips,
directly from your work station.
All Gate Scanner Kiosk capabilities and advantages
are available from your desktop.
The desktop application allows you to travel with
Injector
your laptop, all you need is to connect to your
server via VPN and you are free to work as if you
were in your office.
Typical Topology of Gate Scanner Desktop Solution
WEB
DMZ
LAN
LAN
Server
UPDATES SERVICE
The Injector Concept - The Gate Scanner Injector is a
unidirectional diode, allowing data to travel from one
network to another in one way only, eliminating any
possibility for data to travel in the opposite direction.
This design and connection does not allow any data
to be extracted from the destination network, thus,
upgrading the network security, protection and
management.
LAN A
LDAP QUERY
MANAGEMENT SERVICE
PC
The Gate Scanner Injector was developed to complete
the Gate Scanner solution, which offers clients an
integrated process of scanning and transferring files
into a network.
The Product Kit includes:
Tx and Rx boxes, Transmitter software, Receiver
software and a Scheduler.
OPTICAL CONNEC TION
LAN
Tx
PC
Rx
LAN
LAN
LAN B
AD
GATE SCANNER
INJECTION SOFTWARE
M.CONSOLE
GATE SCANNER
INJECTION SOFTWARE
SQL LAYER
INTERNET
STMP
LAN A
LAN A
LAN A
BLACKENED
FILE PARTITION
MAIL
SERVER
Typical Topology of Blackening
in Classification Networks to a
Central Network Including the Gate
Scanner Injector.
Typical Topology of Secure
Connection Between Different
Classified Networks Including the
Gate Scanner Injector.
SSL
CLEAN FILE
PARTITION
LAN A
USER PC/
THIN
CLIENTS
UPGRADES & SIGNATURE SITE
8
GS - 1
AD
FOR POLLING ON THE RIGHTS OF NETWORK USERS
FOR SENDING EMAIL NOTIFICATIONS TO THE USER
WHITENING ENGINES
Yo u r G a te to a S a fe Sys te m
A
GATE SCANNER
A
A
LAN B
MAIL SERVER
GS - 1 - GS-N
USER PC/
THIN
CLIENTS
GS - N ***
UPDATE SERVICE
***
B
GATE SCANNER
B
FOR UPDATE & SIGNATURE DOWNLOADS
SEPARATE VLAN BETWEEN SCANNING ENGINES AND SERVER
B
LAN
C
LAN C
C
GATE SCANNER
C
9
Mail
In recent months, corporate mail systems have
become a favorite target of hackers, ransomeware
and malware authors of all sorts. Current mail
infrastructure defenses are inadequate and assaults
over this channel have become a reality for every
organization. With the tremendous potential for
damage, IT security managers seek solutions that
take into account the human factor in the process
– the end user.
Mail System Capabilities:
The Gate Scanner Mail system allows the
organization to carry out a full and thorough scan
of all incoming mail messages, this is done while
maintaining all the capabilities of the engine,
including:
1. 5 antivirus scan engines
2. True Type testing
3. Cleaning embedded elements abilities from files
4. Converting file types
• Support for multiple domains
• Archiving of messages – both original / result
• Real-time notification of administrators
according to the profile / group / domain
• Quarantining of messages – based on
settings
• Black list – blocking of messages based on
domain / user
• Profile management according to target
domain
• White list – bypass according to profile
• Periodic reports
System Deployment
WEB
DMZ
Gate Scanner
Engine 1
LAN
Gate Scanner
Engine N
RECIPIENT
MailBox
SENDER
All Files in EML
Reverse Proxy
OR
Relay
Mail GATEWAY
Mail
Company Emails
Server
Mail Relay
Performance: 30,000 mails/hour, 15 GB /hour • Note – Depending on the quantity of GS
engines and GS type. • Tests done on Virtual server 2008R2, 8GB, Intel Xeon E5640 @ 2.659GHz
10
Yo u r G a te to a S a fe Sys te m
11
Secure Browsing
Our Customers
Gate Scanner Secure Browsing automatically eliminates threats from internet downloads while using
secure browsing solutions. Proxy based solutions, and endpoint containers provide excellent protection by
isolating the user from threats.
Sasa Software has succesfully implemented our solutions in over 150 enterprises including Commercial,
Financial, Educational, Governmental, Medical, Transportation, Industrial, Defense, Energy, Communication
and Telecom companies.
Gate Scanner Secure Browsing safely releases files from the secure browsing platform into the user’s
endpoint, or to another pre-defined destination in the organization.
Typical Topology of Gate Scanner Secure Browsing in DMZ
WEB
DMZ
LAN
Server
SECURE BROWSING
IN DMZ
GateScanner SERVICE
IN
SECURE BROWSING
IN DMZ
INTERNET
UPDATES SERVICE
G.S SERVER
USER PC
M. CONSOLE
SQL LAYER
CLEANED
FILES
FILES
PARTITION FOR
WHITENING
GateScanner SERVICE
OUT
LAN A
SFTP SERVER
UPGRADES & SIGNATURE SITE
Temporary files partition
LAN B
GS - 1
12
Yo u r G a te to a S a fe Sys te m
GS - N
13
Israel Office
Sasa Software (C.A.S) Ltd
Kibbutz Sasa
M.P. Merom Hagalil
13870, Israel
Tel: +972.4.6918959
Fax: +972.4.6918876
[email protected]
US Office
Sasa Software c/o Bavelle Technologies
513 West Mt. Pleasant Ave
Livingston, NJ 07039
Tel: +1-908-378-8889
[email protected]
w w w. s a s a - s o f t w a r e . c o m