Netgear targets SMBs with new security tool

By Joel Snyder, Network World |  Security, antimalware, antispam

Our testing also showed that the STM600 is heavily dependent on reputation services for its antispam performance. This means that the STM600 cannot be a "second hop," as without reputation filtering, its antispam catch rate drops to a dismal 71%. Because the STM600 cannot be used effectively without a reputation service, make sure you budget to pay for the required reputation service in addition to Netgear's subscription fees. Netgear puts Spamhaus at the top of its list of reputation services, an excellent choice based on our testing. Current Spamhaus pricing for 600 users is $420 a year.

Although the STM600 can inspect encrypted HTTP traffic, it doesn't inspect encrypted e-mail (SMTP, POP, or IMAP) traffic, which means that any spam that comes in over an encrypted SMTP connection won't get caught. Since about half of the Internet mail is now traveling over encrypted channels, including a substantial amount of spam, the STM600 only makes sense as an antispam appliance if you disable encryption on your SMTP receiver, which seems like a step in the wrong direction.

The same restriction applies if you are doing spam and malware scanning for IMAP and POP users -- the STM600 is only effective for these users when encryption is disabled, which could mean passing plain-text usernames and passwords across the Internet, a severe no-no.

Netgear has positioned the STM600 as a 600-user appliance with published performance of approximately 250 message/sec. Our testing shows that at steady state, the STM600 actually handles between 6 and 8 message/sec with antimalware and antispam scanning. Although that's not as impressive as Netgear's claims, it should be more than enough for a 600-user community, especially with reputation filtering giving the STM600 a huge boost by deflecting 80% to 90% of the messages before they have to be scanned.

We found a different type of performance glitch during our testing when we noticed the STM600 backing up messages and slowing down significantly. We saw slowdowns so significant that sending MTAs would believe the STM600 to be down and queue mail for retransmission. We worked with Netgear's technical support, who initially thought the slowdown to be related to antivirus/antispam signature updates, which occur hourly (using typical settings). Although we never identified the exact cause of the slowdown, Netgear told us that they are designing a different updating strategy to have a lower impact on system performance during signature updates.

Overall, while the STM600 has a reasonable set of antispam features, it doesn't really move the bar when compared either with other low-cost appliances or spam-integrated UTM firewalls.

Web filtering made easy


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question