- High-end hardware
- optional Sophos antivirus and Brightmail anti-spam software
- virus outbreak filters
- some features still configured via command line
- users can’t manage their own security settings or quarantine queues
IronPort sells a range of email security appliances, designed to filter out viruses, spam and bulk mail shots before they get to the company servers. The C60 sits at the top of the C-Series range and can be used to protect large enterprise servers running Microsoft Exchange, Lotus Notes/Domino or Novell’s GroupWise.
Given its hefty £30,000-plus price tag, you expect something special from the C60, and the hardware alone is suitably impressive. Effectively a dual-Xeon server with 3GB of memory and a RAID 10 storage array, the C60 is housed in a massively constructed 2U stainless steel case and comes equipped with dual Gigabit Ethernet ports for LAN attachment and a separate 10/100Mbps port for management.
Deployment is remarkably straightforward. As with other email security appliances, the C60 acts as an MTA (Message Transfer Agent) so all that’s needed are small DNS and/or firewall changes. It can also be used to filter incoming mail, outbound messages or both, as required.
A command-line wizard is used for initial setup but, unlike earlier implementations, the latest 4.0 release of the Unix-derived AsyncOS software can be managed almost entirely via a browser. Some functions, such as LDAP authentication and outbound disclaimers, have still to be configured using Telnet or SSH. However, just about everything else is handled via the GUI with several levels of protection on offer.
The first of these, reputation filters, involves scoring messages against IronPort’s own email database (SenderBase), which holds a variety of data collected from public Internet mail servers. Data such as mail volumes, inbound acceptance policies, relay settings, spam complaints and so on -- in fact, more than 50 different parameters -- are used to build a reputation score. This, in turn, can then be used as a threshold by the C60 when blocking suspect mail.
Next up, messages can be filtered for viruses using an optional Sophos scanner, added to which the latest release of AsyncOS features additional virus outbreak filters to contain suspected attacks before new virus signatures have been developed. Brightmail anti-spam tools from Symantec can also be specified; and, lastly it’s possible to define custom content filters to manage exceptions not handled by any of the other options.
In practice, we found the C60 remarkably easy to deploy, although a fair amount of tweaking and experimentation is required to get the best out of it. We upgraded to the latest software during the evaluation and found the new interface a lot more intuitive and easy to follow. Logging and reporting tools are also improved, and you no longer need a separate quarantine server. However, the amount of disk space available is limited and users can’t manage the quarantine folders themselves.
Cost is another big consideration, as the IronPort C60 is a very expensive solution compared to some of the alternatives. Note, too, that although there are no user limits for the AsyncOS software, the Sophos and Brightmail components are licensed per user on an annual basis.
With the ability to handle over 500,000 messages per hour, the C60 is a hugely scalable solution and one that’s widely deployed by ISPs and large enterprise customers. Just bear in mind that there are lots of alternatives offering similar levels of functionality for less money.