Trend Micro InterScan Gateway Security Appliance

  • Editors' rating
    8.0 Excellent


  • Easy to deploy and manage
  • Excellent malware performance
  • Extremely configurable
  • Helps to enforce company policies


  • Doesn't support P2P or IM scanning
  • Client cleanup requires Windows and Internet Explorer

The InterScan Gateway Security Appliance (IGSA) is Trend Micro's flagship secure content management appliance. Pitched at mid-sized organisations of between 100 and 1000 employees, this bright-red rack-mount appliance is straightforward to install and virtually manages itself. There are also no hidden post-deployment costs, such as expensive client software or updates. You cannot, however, avoid the £496 yearly subscription charge.

Designed to offer a multi-layered approach to threat management, the IGSA covers three main areas: hosted web and email reputationservices and URL filtering; a security-hardened, performance-optimised gateway appliance platform; and Damage Cleanup Services for automated cleansing of desktops from malware or spyware. Unfortunately the latter service only works if the clients on your network are running Windows and Internet Explorer, as it depends on an ActiveX component.

The IGSA hardware platform is based around a 3GHz Pentium 4 processor with 1GB of RAM running a security-hardened Linux operating system. The front of the appliance contains two sun screws for holding the unit in a fixed position in a rack cabinet and a removable bezel. These screws should only be used in conjunction with the supplied rail mounting kit, as they won't support the weight of the appliance alone. At the centre of the bezel is the LCM module, comprising an LCD control panel, a reset button, a Unique ID (UID) button and LED indicators. The 65mm by 16mm LCD displays status and configuration messages in two 16-character rows.

The 5-button control panel is used to navigate the menu system and input data during the configuration process. The LEDs indicate the Power, UID, System, Inspection, and Outbreak states of the unit (Power and UID have one colour each; System, Hard Disk and Outbreak have two colours each). The Unique ID button illuminates a blue LED on the front and rear of the device, which helps administrators locate the device for troubleshooting or maintenance.

The back panel of an IGSA contains the power socket, power switch, two USB ports (reserved for future releases), serial port, fan vent, and LAN ports. The IGSA has three user-configurable copper-based Gigabit Ethernet ports.

In operation
Unlike UTM (Unified Threat Management) appliances, the IGSA sits behind your existing firewall/VPN solution, providing an additional layer to the security of your internet gateway. The latest version of Trend Micro's appliance employs the company's integrated antivirus, anti-spyware, anti-spam, content filtering, URL filtering and anti-bot functionality, so it's a well-rounded offering.

Top ZDNET Reviews

With eight models to choose from (IGSA 100, 200, 300, 400, 500, 600, 800 and 1000), the appliance assigns web sites a 'reputation' based on an assessment of the trustworthiness of a URL, derived from an analysis of the domain. It also protects against web-based threats, including zero-day attacks, before they reach the network, and blocks unwanted email. Real-time scans of SMTP, HTTP, FTP and POP3 protocols allow the IGSA to intercept malicious payloads.

Policy enforcement and compliance notifications for both antivirus and web content will help to simplify management tasks and keep larger organisations in line with regulatory requirements. Automatic updates and a single web-based remote management console also help to reduce the mangement overhead. And because this appliance complements existing firewall and VPN solutions, with transparent installation and no changes to clients required, there should be no effect on the company network.

SMTP and POP3 scanning protects your business from viruses (including unkown ones courtesy of heuristic IntelliTrap technology), spyware/greyware, spam and phishing attacks, and other undersirable content, with the administrator and users being notified when phishing messages are detected. FTP scanning is also supported, while HTTP scanning includes virus and spyware/greyware detection, plus the blocking of pharming and phishing URLs. Anti-spam configuration allows the administrator to set the spam threshold to high, medium or low, as well as specify approved and blocked senders and define certain categories of email as spam.

URL blocking and filtering for the HTTP protocol allows the administrator to define and configure URL filtering policies, while a local cache helps to reduce network traffic. Users are also notified if URL filtering blocks the address they want to access. Trend Micro's Network Reputation Service (NRS) blocks spam by validating the IP addresses of incoming mail against databases (RBL+ and QIL) of known spam sources. Reporting is done via an informative summary screen. The graphical management interface shows the status of various attacks and defences in the last 7 days and the last 30 days for easy reference.

Trend Micro's InterScan Gateway Security Appliance (IGSA) delivers relatively complete protection from viruses, spyware, spam and other threats at the internet gateway. The device is easy to deploy and does a great job of blocking malware, stopping inappropriate content or email, and filtering harmful URLs. It can also save your company time and money by helping you to achieve regulatory compliance, preserve network resource availability and reduce spam so that your employees can be more productive, as well as reduce the administrative effort, cost and downtime caused by spyware and viruses.

The only downside is that the IGSA doesn't allow you to add your own scanning protocols, such as those used by IM or peer-to-peer clients, so you'll have to rely on your external firewall to handle this task. The restriction to Windows and IE clients for the Damage Cleanup Services feature is also a drawback.