This article can also be found in the Premium Editorial Download "Information Security magazine: Improving your network security strategy in a recession."
Download it now to read this article plus other related content.
Price: $7,995 plus $3,945 for security subscription
Network firewall vendor Astaro has widened its portfolio with the introduction of the Astaro Mail Gateway, an antispam/antivirus security appliance.
We tested the AMG 4000, the largest of four Mail Gateway appliances, and found it well-suited for the small business market with an easy-to-use management system, appropriate feature set and reasonable antispam performance.
We looked at how well the AMG fared in a real-world test of 10,000 live email messages. Astaro has positioned itself against Barracuda, with a similar feature set and market focus.
We tested sending the same messages through both gateways as they entered our network, with similar results. The AMG caught between 76 percent and 94 percent of spam compared to Barracuda catching between 83 percent and 90 percent. The range of numbers is because both gateways use the concept of "suspected spam," so the figures depend on whether you consider suspected spam to be spam or not. Based on an easy-to-configure policy, the system manager can set spam and suspected spam to be dropped, passed through and tagged, or quarantined. Both gateways had a similar positive false positive count, with Astaro in the range of 7 to 37 messages and Barracuda in the range of 31 to 33 false positives.
Compared to other gateways, though, Astaro could use some work. For example, we also looked at Trend Micro's InterScan Messaging Security Suite, and had a higher spam catch rate of 97 percent and a lower (18) false positive count.
User Features A
The AMG comes out of the block with a nice set of end-user management features. End users will receive daily quarantine reports (if the system manager enables them) by email, with single-click links to release messages. Or, end users can log into a simple Web portal at any time to see their mail logs, quarantined messages, and to manage a trusted sender list.
System Management & Integration A-
The easy-to-use Web interface helped us integrate the AMG into our email network in less than an hour. Linking the AMG to an existing email server, especially Microsoft Exchange, is very straightforward. One of the issues with external antispam gateways is transferring and keeping the email directory updated on the external gateway. Astaro has several mechanisms to do this, and has put in special support to ease synchronization between AMG and Active Directory.
If you want to let users see their quarantine and mail logs, you'll also have to authenticate them, which Astaro made easy with links via LDAP, RADIUS and even TACACS servers. Astaro's directory synchronization and authentication makes life easy for the network manager.
Astaro offers good reporting and mail monitoring, with several levels of instantaneous reports, easy log and quarantine searches, and automatic generation of executive summary reports. What is missing is the ability to dive deeper into each message. The information you might want in order to debug problems is present in separate text-based log files, but none of this is linked to the easy-to-use GUI-based logging. We also found that some of the reports don't add up. For example, although we sent more than 10,000 messages through the AMG, the summary reports only showed about 7,500.
Verdict: An outstanding first offering, the Astaro Mail Gateway should be on the short list of anyone for a simple, small business anti-spam gateway.
Testing methodology: We integrated the AMG 4000 into our production email stream, sending 10,000 messages through the AMG 4000 over about a week.
This was first published in February 2009