Netgear targets SMBs with new security tool

By Joel Snyder, Network World |  Security, antimalware, antispam

Netgear partially works around this by putting fail-open ports on the STM600, which let traffic pass through untouched if the STM600 loses power. We tested this and found that the STM600 is only "mostly" transparent. Both when we power-cycled it, and when it rebooted, we had to clear ARP caches before communications would resume. You've got to be comfortable putting another device in the critical path between your network and the Internet to consider this approach.

Another unusual part of the STM600 configuration is that you don't really make it aware of IP addresses, only ports to scan. This means that, by default, the STM600 will scan traffic to every IP address on the ports you list. That can be a benefit, or it could cause mysterious network problems if you don't realize that even your test lab is being filtered. Fortunately, there is a way to exclude specific IP addresses or subnets from scanning.

Baby steps in e-mail security

We looked at the STM600's e-mail security features, including antispam, content filtering and antimalware to see how it stands up against a well-entrenched and well-funded set of competitors.

Antispam in the STM600 uses a combination of content and reputation filtering, with detected spam e-mail either tagged, blocked outright, or sent to an on-box quarantine server. Spam settings are determined for the entire system, and there is no concept of "suspected spam," which makes the STM600 very inflexible when it comes to antispam deployment.

There is no way to send quarantines to an off-box server, so Netgear provides up to 2GB of space in the STM600 (our system had an internal 160GB hard drive) for your quarantine. We found the quarantine to be particularly primitive, with no security, no directory integration, and no way to search for specific messages.

We tested the antispam performance of the STM600 and found that the catch rate is very similar to other antispam products, although the false positive rate is dramatically higher.

Netgear recently published a test showing the STM600 giving an antispam catch rate within a percentage point of systems from Barracuda Networks and Cisco Ironport. Our testing gave the same ranking, although with a more substantial range of about 3 percentage points between low and high scores. For a typical enterprise user who receives 100 non-spam messages a day, that translates into about 50% more spam in your in-box when protected by the STM600 than when protected by the Cisco Ironport, with seven times the false positive rate.

Originally published on Network World |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

Ask a Question