Opendium Unified Threat Management

Key Features

Web Filtering

HTTPS filtering, real time content analysis, reporting, BYOD and all of the other features offered by Web Gateway.

Opendium's UTM provides all of the features offered by our Web Gateway product, and many more to protect and manage your network.

Perimeter Firewall

Control external access to services within your network.

The internet is a hostile place, but you can't cut yourself off from its benefits. You can manage risk by choosing which services to expose and which to block with a few clicks. We supply a continually updated library of Rule Bundles to control traffic without needing an intimate knowledge of the protocols being used.

Control Internal Access

Securely divide your network into VLANs and control traffic between them.

Using our unique library of Rule Bundles, you can achieve fine grained control of traffic between your networks. Whether you are segregating your wired network from your Bring Your Own Device wifi, or isolating your servers on a DMZ, Opendium's UTM allows you to control access between your VLANs through the same hierarchical group tree used to configure web filtering. You can control access for your whole network, or refine the policies based on location, user group, time period or even down to the individual user.

Hierarchical Policy Management

Create school-wide policies and then refine them for user groups, time, location and even individual users and devices.

Users, networks and individual devices are organised into a hierarchical tree. You can set global web filtering and firewalling policies for the whole school and then refine them for more specific groups of users, devices or locations. Policies can be set right down to the individual user or device level if required. The unique Time Periods system allows filtering and firewalling policies to be easily tuned based on the time of day and day of the week.

Rule Bundle Library

Use our predefined and constantly updated library of Rule Bundles to control applications.

Controlling applications through a traditional firewall often involves having technical knowledge of the protocols being utilised by those applications. We collect that knowledge together into a library of Rule Bundles so you don't need to know the technical details. Just select an application's Rule Bundle and decide whether to allow or block it.

Firewall By Location and User

Set firewalling policies on user groups or even individual users and adjust them according to the user's location.

While most firewalls only allow you to control traffic from devices based on their IP address, our UTM system also lets you set up firewalling policies to control applications by user group, IP address, location or time period. The unique Virtual Groups system allows almost infinite flexibility to set policies based on a combination of attributes, such as user group and location.

VPN

Interconnect multiple sites or give remote users secure access to your network.

Multiple sites can be connected together into a single network through an encrypted IPSec site-to-site Virtual Private Network and remote users can be given secure access to your network through SSL and L2TP VPNs.

DNS and NTP Interception

Protect your network from VPNs by transparently redirecting DNS and NTP requests to UTM's services.

Many devices ignore your network's DNS and NTP servers and require your firewall to allow their traffic out to arbitrary servers on the internet. The ports that must be allowed can be used by VPNs to bypass your security and monitoring policies. To combat this threat, DNS and NTP requests are transparently intercepted and redirected to the local servers, rather than granting unrestricted access to the internet.

Real-Time Content Analysis

Automatically categorise and block brand new and dynamic web content without waiting for block lists to update.

Traditional web filtering systems simply used large databases of web addresses to identify web sites. The modern dynamic web delivers content that is tailored to the individual users and it is no longer appropriate to rely solely on web address databases. A web page may be categorised as Social Networking all of the time, but content analysis can identify that sometimes it should also be Radicalisation or Self Harm.

Experienced Support Engineers

Always speak directly with an approachable and knowledgeable support engineer.

Opendium was built on the reputation of always offering exceptional support. We recognise that each school is unique and offer several levels of support to meet your needs. You can always speak directly with an experienced engineer in our UK offices, who will endeavour to get to the root of the problem as quickly as possible.

Embedded Video Overrides

Automatically whitelist access to YouTube and Vimeo videos that are embedded in educational web sites.

Educational web sites often use YouTube and Vimeo to host their embedded videos, but it is often not appropriate for schools to allow unrestricted access to all videos hosted on these platforms. Using real-time content analysis techniques, videos which are embedded in designated educational web sites can be automatically whitelisted without needing to allow access to other videos.

Education Focussed

Opendium's UTM is designed exclusively for the education sector by an education focussed company.

Opendium is an education focussed company that has worked closely with schools since 2005 to develop solutions such as UTM exclusively for the education sector. Unlike other solutions that were developed as business products and have been shoehorned into schools, UTM has been designed with educators in mind from the start.

Layer 7 Application Control

Use deep packet inspection to control non-web applications such as Skype.

A traditional firewall controls non-web traffic by allowing or blocking all traffic on specific ports. Some applications such as Skype require thousands of ports to be allowed, which can be used by other software such as games and VPNs. Our UTM product uses deep packet inspection to positively identify the application that is being controlled without allowing free-for-all access for other apps.

Targetted Images Reports

Show thumbnails of concerning images which users have been viewing.

If you are suspicious of a certain user's activities, you can get a good overview with the Images and Web Searches reports. The Images report will show a selection of images that the user has been viewing. The Images report can also be set to target certain categories, which provides a useful overview of concerning images across your entire network. For example, a weekly report of images that the system believes may be pornographic is a good source of information for safeguarding purposes.

Web Search and Word Cloud Reports

Summarise suspicious web searches as easy to understand drill-down reports.

Web searches made through search engines such as Google, YouTube and a wide variety of other websites are categorised and presented as either a list of search queries or a word cloud with concerning phrases highlighted. This provides an at-a-glance report which can be drilled down into to investigate any concerns.

HTTPS Decryption

Protect your users even when they are using secure web sites.

With Trusted Man In The Middle decryption, full filtering and monitoring capabilities, including real-time content inspection, are available even for secure encrypted web sites.

Platform Agnostic BYOD

Support for a wide variety of devices on Bring Your Own Device networks.

Bring Your Own Device networks can be provided with full filtering and monitoring capabilities. Since our UTM does not require any apps to be installed on the device, almost any type of device can be supported, including ChromeOS, iOS, Android, Windows, OS X and Linux.

Scheduled Reports

Automatically produce regular reports and have them emailed to appropriate members of staff.

The latest safeguarding regulations make it clear that schools must monitor the students' internet activity in order to identify those who are at risk. A variety of reports are provided so that you can meet these requirements and UTM can automatically email the latest reports to appropriate staff on a regular basis.

Certified Under UK Guidance

Compliant with the latest Keeping Children Safe in Education, Prevent and Appropriate Filtering guidance.

In recent years, the British government has regularly updated and strengthened the guidance that schools are expected to follow to safeguard the children who are in their care. Schools that relied on Opendium solutions stood in good stead in the face of the new guidance, as it largely codified the good practice that we were already promoting.

UTM is compliant with the Department for Education's Keeping Children Safe in Education statutory guidance, the Home Office's Prevent Duty and is certified as meeting the requirements of the UK Safer Internet Centre's Appropriate Filtering for Education Settings.

We also work closely with the Internet Watch Foundation (IWF) and the Counter Terrorist Internet Referral Unit (CTIRU) to support their work and protect our customers, and the people under their care, from illegal child abuse images and unlawful terrorist content.

Shared Tablet Devices

Reliably monitor and filter users that are using school issued tablets on a one-to-many basis.

Issuing tablets to students on a one-to-one basis is an expensive proposition and many schools choose the cheaper option of temporarily issuing devices to students who return them after a few hours. Without knowing which student has which device, it is impossible for schools to provide age appropriate filtering or to produce safeguarding reports which identify individual. UTM provides a unique solution to this allowing the user to be identified though a captive portal and then automatically logged off once the tablet disconnects from the network.

Instantaneous Web Site Recategorisation

Changes to the categorisation and filtering criteria take effect immediately.

Web pages are categorised through a combination of real-time content analysis and an extensive database of web site addresses. However, as any administrator knows, no filtering system is perfect and it is sometimes necessary to manually block or allow a web site. Filtering changes take effect immediately, so staff can get on with teaching rather than having to wait.

Safe Search Enforcement

Force Safe Search mode on for web searches made through a variety of web search engines.

Search engines such as Google are in a far better position than a school's web filter to filter out inappropriate search results whilst still providing a useful response. Users' searches can be forced to use Safe Search mode on a wide variety of search engines to provide the best and safest user experience.

Anonymous Proxy and VPN Blocking

Prevent attempts to circumvent the school's filtering and monitoring.

A school cannot fulfil its safeguarding obligations if users are using VPNs and anonymous proxies to bypass the filtering and monitoring. Out UTM system includes advanced anti-spoofing technology to block even the most troublesome VPN apps, such as HotSpot Shield.

Staff Overrides

Allow trusted members of staff to override the filters.

Trusted members of staff can be given the ability to temporarily override the filters when a web site is blocked. This allows staff to continue with their work, rather than being held up by an over zealous filter.

Overview and Drill-Down Reporting

Administrators can run reports providing an overview and drill down on the details.

A variety of reports are available which provide an overview of users' activity in an easy to understand format with options to drill down into the nitty-gritty detail.

YouTube Restricted Mode

Force YouTube Restricted Mode on for students to prevent access to inappropriate videos.

YouTube is a great educational resource, but also contains a lot of inappropriate or distracting content which you may want to block. YouTube's Restricted Mode can be forced on, which prevents access to inappropriate videos. When combined with the controls offered by Google's G Suite, members of staff can be given the ability to approve videos that the students can watch.

Zero-Configuration Guest Policies

Filter and monitor guest devices without needing to install custom configuration or certificates.

When you have guests using your network, it is impractical to install certificates on their devices, or to configure complex proxy rules. UTM allows you to set up a guest network which requires none of this, whilst still being able to filter and monitor the traffic.

Web Access Quotas

Ensure that the school's internet connection is used fairly by enforcing download quotas.

Although internet connections are getting faster, the number of bandwidth hungry services is ever increasing. Web access quotas can be configured on each user group to ensure that this limited resource is available to all of your users and not abused by the few.

Variable Granularity Filtering

Filter by the whole web address, just the domain or the web site's content.

We believe you should always be in control of your web filtering. The built in categorisation can easily be overridden for whole domains or individual parts of web sites. Recategorisation takes effect immediately, so there is no need to wait for access to a web site to be allowed or blocked.

IPv6 Compatibility

Compatible with the latest internet protocol version, IP version 6.

Whilst much of the internet still uses the older IPv4 protocol, adoption of IPv6 is rapidly progressing. Networks which do not support IPv6 risk being left behind as new services emerge. You can use our UTM to provide partial IPv6 support without the need to deploy IPv6 across the whole network, or as part of a full network deployment.

Location Based Policies

Adjust filtering policies according to the user's location.

Sometimes it is necessary to change the filtering policies in certain locations. For example, you may choose to relax the sensitivity of the filters in areas where students are under supervision. The unique Virtual Groups system allows almost infinite flexibility to set policies based on a combination of attributes, such as user group and location.

Regular Updates

Hourly updates of the filtering criteria and an intensive research and development programme.

Each UTM system updates its web site categorisation criteria once an hour to ensure the very best accuracy. We also operate an intensive research and development programme, continually providing software updates with new features and improvements.

Automatic User Lockouts

Automatically disable the web access of repeat offenders.

No matter how good a filter is, a persistent user will eventually find a way through it. The filtering policy can be configured such that users who repeatedly trigger the filters for certain categories of content have their web access disabled entirely until a member of staff intervenes.

Content Type Controls

Control the types of file which can be downloaded from the web.

By using content inspection, UTM identifies the type of data which is being downloaded, allowing potential security risks such as executable files to be blocked.

Social Media Controls

Control aspects of social media, such as allowing read-only access.

Set policies which allow users to access social networking websites whilst restricting access to certain features such as Facebook's instant messaging service.

Single Sign-On

Provides a transparent login process through Windows Active Directory, RADIUS and WISPr.

Workstations which are attached to your Windows domain will use Kerberos to authenticate invisibly, whilst UTM will integrate with compatible Wifi controllers to identify users through RADIUS accounting for Bring Your Own Device networks. Devices which support the WISPr protocol will automatically log in on all Wifi networks.

Captive Portal

Require users to sign in through an authentication page before they can access the web.

As well as single sign-on services, networks can be configured to present a captive portal page that users must log into before they can access the web.

Detailed Diagnostic Reports

Administrators can produce extremely detailed reports for diagnosing problems.

Applications frequently do not provide useful error messages, so web traffic logs are invaluable for administrators who need to diagnose and resolve a problem. The forensic detail of the logs recorded by UTM are also invaluable in the event that a serious incident occurs on the school network. Our highly experienced support team are always on hand to help interpret the technical detail.

Real-Time Dashboard

View at-a-glance statistics showing the current network activity.

The UTM dashboard provides an at-a-glance breakdown of your network's current activity, including most popular websites, most common search terms and currently locked out users.

Zero-Configuration HTTPS Filtering

Filter and monitor HTTPS traffic without needing to install custom certificates.

Whilst full HTTPS decryption always offers the best protection, it is not always practical to install certificates on each device. UTM can filter and monitor HTTPS traffic even without full decryption, allowing you to operate a true zero-configuration network.

UK Based Company

Opendium is a British company with a good understanding of the UK's safeguarding requirements.

Across the world, the legal requirements, social norms and operating procedures within schools vary greatly. As a UK based company who primarily supplies British schools, we are intimately familiar with the British education sector. Not only is buying from a local company great for the economy, it also guarantees that you will get a solution that was built to meet the needs of local schools.