IronPort C60 secures e-mail from all sides

IronPort packs effective anti-spam, anti-virus, and more into an easy-to-manage 2U appliance

E-mail administrators have their hands full these days. They have to protect against spam, phishing, viruses, and address-verification robots while ensuring that content policies are enforced and messages properly encrypted. The IronPort C60 addresses all these issues from a single appliance, combining the power of Symantec Brightmail’s anti-spam engine, Sophos anti-virus technology, and IronPort’s Reputation Filters and reporting tools.

There’s plenty of enterprise-level functionality packed into this rack-mount 2U appliance with redundant power supplies. It supports as many as 10,000 simultaneous connections and 500,000 messages per hour, according to IronPort. The C60 also supports a peer-to-peer load-balancing setup, so even the largest companies should be able to use the system. With its support for multiple domains and its centralized management of multiple appliances, the system should be a hit with ISPs, too.

The true test of any anti-spam solution is how well it separates legitimate e-mail from unwanted messages. Here, the C60 fared extremely well, stopping more than 95 percent of spam during my two weeks of testing, with no false positives. Given that the more than 5,000 e-mail messages in my tests included newsletters, marketing materials, press releases, and other messages that are difficult for most filters to discriminate from spam, this represents fantastic performance on the false positives. The number of false positives is a much more important measurement than the total amount of spam filtered.

Various best-of-breed tools bolster the effectiveness of the C60. E-mail administrators will appreciate IronPort’s Reputation Filters and content filtering. Reputation Filters looks for suspicious e-mail, such as a large volume of messages from a single sender, which could be a symptom of an address-verification robot or a virus targeting a computer. Once it identifies a source of suspicious e-mail, the C60 throttles the bandwidth or stops the e-mail altogether, depending on how you configure the box.

IronPort’s Virus Out-break Filters performs a similar function, quarantining suspicious e-mail based on content and the number of incoming e-mail messages with the same signature. This gives the system a chance to stop a virus outbreak even if the system’s anti-virus signatures haven’t been updated. Reputation Filters and Virus Outbreak Filters both use SenderBase, an e-mail traffic monitoring network with more than 50,000 contributing organizations. SenderBase identifies trends in unwanted e-mail, including spam, phishing attacks, and viruses.

In my tests these filters proved very effective. I sent a large volume of e-mail to several hundred addresses, both valid and invalid. The C60 detected the attack and stopped the messages from being delivered.

The C60’s policy engine scans incoming and outgoing e-mail for words and phrases prohibited by corporate policy. It prevents users from sending confidential documents or receiving potentially executable programs, photos, or audio/video files. This feature worked well in my tests. Setup of the more sophisticated functions, such as content management and outbreak filtering, was simple and well documented.

Setting up and configuring the C60 is straightforward but could be easier. To set up and configure the C60, you use a serial terminal or SSH connection via a dedicated management-interface port, which must be on a separate subnet from the LAN or WAN ports. The initial command line configuration includes the basic setup of the mail system as well as IP information.

My initial attempt to configure all three test domains at once, as the documentation suggested, failed. I had to add the other domains via the command line interface, as the GUI doesn’t support that function yet. Each time you make a change via the command line, you must enter a separate command to commit the change, which can be a nuisance. I was using Version 3.4 of the C60. IronPort says that Version 4.0, due out in the third quarter of this year, should address these issues.

Because only one of the three domains was working, I contacted IronPort tech support. The very helpful support technician quickly guided me to correct the problem. One useful feature of the C60 is an optional outgoing VPN tunnel to IronPort tech support, which provides the company’s technicians with access to the system’s logs without punching a hole in your firewall.

The C60’s reporting tools make it very easy to monitor traffic and collect detailed statistics on incoming e-mail. The interface also makes it simple to manage multiple IronPort appliances through a single interface.

The C60’s costs quickly add up. In addition to the initial price of the appliance, you must maintain subscriptions for Sophos Anti-Virus, Symantec Brightmail Anti-Spam, and Ironport’s Outbreak Filter. (None is optional.) However, the savings in administrative time from combining all e-mail security into one system should offset the costs for most organizations, and the pricing for each part is competitive with similar offerings.

The IronPort C60 will be attractive to most large organizations, thanks to its all-in-one integration of e-mail security and its large capacity. Companies looking for similar functionality at lower cost should investigate the C10 and C30 models, which handle as many as 500 and 1,500 users respectively.

InfoWorld Scorecard
Value (10.0%)
Manageability (25.0%)
Setup (20.0%)
Accuracy (25.0%)
Ease of use (20.0%)
Overall Score (100%)
IronPort C60 9.0 9.0 8.0 9.0 8.0 8.6