IronPort C-Series Messaging Gateway
Price: $9,995 to $54,950, plus subscriptions
Although IronPort Systems' IronPort C-Series Messag-ing Gateway packages solid third-party antispam and AV tools into one e-mail solution, it's
The Reputation Filters approach is similar to white-lists/blacklists, but the rate of false positives is much lower. IronPort claims a zero rate; we didn't see a single false positive during our testing.
The common problem among spam appliances is that they're reactive. E-mail is allowed to traverse the DMZ before it's scanned for spam and viruses. Reputation Filters prescreen e-mail by checking it against IronPort's global traffic-monitoring network, SenderBase.org. The process is similar to a DNS request, in which the device caches the information locally to reduce latency. The site determines the "reputation" of a given sending domain, and local policies determine whether e-mail is accepted, rejected or simply discarded at the front door. SenderBase.org then kills the TCP handshake of offending IP addresses, conserving bandwidth in the process.
IronPort packages the C-Series solution with another piece of innovative technology: Virus Outbreak Filters (VOFs). When VOFs are enabled, all incoming e-mail is scanned for patterns, such as the frequency of identical attachments that could be a telltale sign of a zero-day malware outbreak. Suspect e-mail is quarantined until the attachments are reviewed by a security manager.
One caveat: VOFs and IronPort's bundled third-party tools (Symantec's Brightmail Anti-Spam and Sophos' Anti-Virus) are all optional buys based on per-user subscriptions and can quickly add to the cost of the basic appliance.
The C-Series appliances are built on IronPort's AsyncOS platform, which supports much greater throughput than an ordinary FreeBSD kernel. It's capable of supporting more than 10,000 simultaneous connections, and the mid-tier C30 barely broke a sweat in our test lab.
Installation is a snap; the C-Series Messaging Gateway can be configured to receive and route e-mail in about 30 minutes. Ad-ministration is as simple as it is powerful. Creating and modifying policies only takes a few clicks, and the appliance allows for custom whitelists, blacklists and rate limiting by domain or IP address.
IronPort's E-mail Security Manager provides security managers with just about every piece of information they could want, such as running counts on messages received, blocked and quarantined. The reporting mechanism is equally impressive. Reports can be generated for everything from mail flow counts to spam numbers.
About the Author
Ryan Guzal is a contributor to Information Security magazine.
This was first published in August 2005