Tip

Symantec's Symantec Mail Security 8200 series

Symantec's Symantec Mail Security 8200 series
Symantec
Price: Starts at $1,195

Symantec's first e-mail security appliance, the Mail Security 8200 series, is a blend of high-quality antispam

    Requires Free Membership to View

technology (Brightmail) and Symantec's antivirus server and policy-based content filtering.

We tested the 8240 model, which is a hardened Unix box that sits as an inline SMTP host intercepting incoming e-mail before it hits the server. It has two IP ports for screening both inbound and outbound messages for up to 1,000 users (the 8260 supports 1,000 users and up).

We sent batches of spam from actual mail received--the usual offers of prescription drugs, guaranteed loans and moneymaking schemes. The 8240 identified the messages accurately as spam and didn't flag any legitimate mail.

It also deters spam attacks by using TCP traffic-shaping, which penalizes the spammer by slowing the rate at which e-mails can be sent. Reputation filters are applied to accept or reject sender IP addresses based on history.

More Information
Attend our E-mail Security School and learn tactics for securing your e-mail systems while earning CPE credits from (ISC)2.

Mail can be deleted, marked as spam or delivered to a spam folder, and the appliance can deter directory harvesting attacks.

The Brightmail Logistics Operations Center, which samples global spam trends, updates spam filters every 10 minutes.

For antivirus protection, the appliance allows security managers to set granular filtering at the MIME level. We were able to block .zip, .sit and .exe file attachments using this feature at the appliance long before they were delivered to the mail server or user inbox. AV filters are updated every 10 minutes.

The 8240 also offers an e-mail compliance capability that allows for the user-configured enforcement of content policies. Default lists of prohibited words can be extended to address corporate requirements for HR policy, protection of intellectual property and regulatory compliance.

We activated the profanity dictionary and sent our test network e-mail messages containing mildly explicit terms. The filter intercepted them and issued a policy violation warning.

Strong policy and regulatory compliance are increasingly important, however, and we'd like to see more sophisticated content analysis, such as out-of-the-box filters for HIPAA. That being said, the 8240 offers a lot of policy customization.

Additional rules can be written easily. Security managers can set specific keyword blocking or filtering on all e-mail fields within a message. For example, we set up an outbound rule that permitted only e-mail from our internal domain and then added the IP addresses we wanted to restrict.

The appliance supports PERL regular expressions to create your own filters; and the easy-to-use Web-based management GUI is a standard tabbed menu format for status, reports, policies, settings, administration and quarantine.

The reporting capabilities are impressive; graphic charts show spam and virus rates per number of e-mails sent and received by the hour, day and week. Reports can be printed, saved as HTML or e-mailed to an admin. Automated reports can be scheduled.

Setup was a snap. We only needed to plug it in and follow the instructions provided on the quick setup guide card. We had the appliance running and configured in less than 30 minutes. The documentation is excellent.

With highly accurate spam detection, Symantec AV, and inbound and outbound e-mail policy enforcement, the 8200 series is a solid new entry in the e-mail security appliance market.

About the Author
George Wrenn, CISSP (gwrenn@infosecuritymag.com), is a technical editor for Information Security magazine and a security director at a financial services firm. He's also a fellow at the Massachusetts Institute of Technology.

This review orginally appeared in Information Security magazine.

This was first published in October 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.