Symantec's Symantec Mail Security 8200 series
Price: Starts at $1,195
Symantec's first e-mail security appliance, the Mail Security 8200 series, is a blend of high-quality antispam technology (Brightmail) and Symantec's antivirus server and policy-based content filtering.
We tested the 8240 model, which is a hardened Unix box that sits as an inline SMTP host intercepting incoming e-mail before it hits the server. It has two IP ports for screening both inbound and outbound messages for up to 1,000 users (the 8260 supports 1,000 users and up).
We sent batches of spam from actual mail received--the usual offers of prescription drugs, guaranteed loans and moneymaking schemes. The 8240 identified the messages accurately as spam and didn't flag any legitimate mail.
It also deters spam attacks by using TCP traffic-shaping, which penalizes the spammer by slowing the rate at which e-mails can be sent. Reputation filters are applied to accept or reject sender IP addresses based on history.
Mail can be deleted, marked as spam or delivered to a spam folder, and the appliance can deter directory harvesting attacks.
The Brightmail Logistics Operations Center, which samples global spam trends, updates spam filters every 10 minutes.
For antivirus protection, the appliance allows security managers to set granular filtering at the MIME level. We were able to block .zip, .sit and .exe file attachments using this feature at the appliance long before they were delivered to the mail server or user inbox. AV filters are updated every 10 minutes.
The 8240 also offers an e-mail compliance capability that allows for the user-configured enforcement of content policies. Default lists of prohibited words can be extended to address corporate requirements for HR policy, protection of intellectual property and regulatory compliance.
We activated the profanity dictionary and sent our test network e-mail messages containing mildly explicit terms. The filter intercepted them and issued a policy violation warning.
Strong policy and regulatory compliance are increasingly important, however, and we'd like to see more sophisticated content analysis, such as out-of-the-box filters for HIPAA. That being said, the 8240 offers a lot of policy customization.
Additional rules can be written easily. Security managers can set specific keyword blocking or filtering on all e-mail fields within a message. For example, we set up an outbound rule that permitted only e-mail from our internal domain and then added the IP addresses we wanted to restrict.
The appliance supports PERL regular expressions to create your own filters; and the easy-to-use Web-based management GUI is a standard tabbed menu format for status, reports, policies, settings, administration and quarantine.
The reporting capabilities are impressive; graphic charts show spam and virus rates per number of e-mails sent and received by the hour, day and week. Reports can be printed, saved as HTML or e-mailed to an admin. Automated reports can be scheduled.
Setup was a snap. We only needed to plug it in and follow the instructions provided on the quick setup guide card. We had the appliance running and configured in less than 30 minutes. The documentation is excellent.
With highly accurate spam detection, Symantec AV, and inbound and outbound e-mail policy enforcement, the 8200 series is a solid new entry in the e-mail security appliance market.
About the Author
George Wrenn, CISSP (firstname.lastname@example.org), is a technical editor for Information Security magazine and a security director at a financial services firm. He's also a fellow at the Massachusetts Institute of Technology.
This review orginally appeared in Information Security magazine.