AdministrationBroadly speaking, our administration criteria incorporated the ease and flexibility of managing the devices and policies through the central console, particularly a policy/ filter creation/modification capability and the overall usability of the interface.
IronPort begins with a range of content filter options that include various header, attachment, MIME type and envelope scans. Each of these filter types can be broken down into smaller, logical comparative components as needed. A large array of possible actions can then be assigned to each of these filters. Its documentation provides numerous practical examples for implementing these filters.
While IronPort's default policy categories are limited (Whitelist, Blacklist, Suspectlist and Unknownlist), the policy options under each category are extensive, including maximum number of messages per session, banner test, max recipients per hour and using SenderBase. Each of these, in turn, is configurable to a remarkable degree: The SenderBase options alone fill 50 pages of its User Manual.
CipherTrust's granularity of policies and rules are as impressive as IronPort's, but its real jewel is the excellent best practices template it provides to set all of these filters right up front. You download the template with your initial updates, click apply, and the wide range of default settings are made--an astounding array of antispam,
AV, content filtering and other settings. When you consider the 300 different settings available, this makes life a lot simpler for the harried security manager.
Symantec's default policies are the most basic. Its spam filter is set to prefix the e-mail header with the words "Suspected Spam" if it exceeds a specific default threshold. The mail filters are broken down into four basic categories--e-mail firewall, virus, spam and content compliance--but each of these subdivided into only two or three subcategories. For example, the e-mail firewall is broken down into directory harvest, spam and viral attacks.
While the base list of filters is minimal, customers will rely on the BLOC service to provide the granular filter for additional layers of protection.
BorderWare, which provides older antispam technology on its own with a Brightmail afterburner as an option, allows you to select basic filters such as whitelists/blacklists, RBLs, message header and envelope testing, Statistical Token Analysis (a form of Bayesian filtering) and not much else. The only real antispam configuration comes if you choose to add the optional Brightmail engine. You may enable the included proprietary secure Web mail portal--a nice option--which is unique among the four appliances.
BorderWare's really interesting options are in its HALO system managing, clustering, load balancing and stateful failover, including a number of policy thresholds designating the failover device.
Scaling for the EnterpriseWe assessed the deployability of the appliances--the feature sets appropriate for enterprise deployment--including load balancing, clustering, failover and LDAP support.
All of the vendors support failover, load balancing and centralized management. However, only BorderWare natively provides clustering, failover and load balancing via its HALO programs.
The other vendors support external load balancing devices only, and they only support failover via MX record preferences. All four provide a central management console for support of a distributed multiple appliance deployment.
All but Symantec provide support for all industry standard LDAP directories. Symantec currently only supports Sun's Java Messaging System (formerly iPlanet) and Active Directory.
The bottom line is that any of these vendor solutions could support a global enterprise.
This was first published in August 2005