CSG-2500 stands firm against malware

Not too long ago, all a network admin had to do to ensure that the network was “clean” was to schedule a weekly virus scan and confirm the virus signatures were up to date. This kind of protection was sufficient when the attack vector was based on sharing floppy disks or opening an infected e-mail attachment.

But this isn’t the case anymore. Virus and malware threats are cropping up more in Web traffic than simple infected files. Malware code is hidden in Web pages, packaged as part of “legitimate” software installs and stuffed inside malicious e-mail messages. Preventing it from entering the network requires detection in the data stream at the network edge.

Click for larger view.

The CSG-2500 from CP Secure is a 2U appliance that scans HTTP, HTTPS, FTP, POP3, SMTP, and IMAP traffic in real time without adding excessive latency. It installs as a transparent bridge negating any network changes. Although it falls short in some areas — such as so-so reporting and the absence of IM and CIFS support — it’s still a solid contender for defending the networks of midsize to large organizations.

Setting up the CSG-2500 is fast and easy; I had my test unit online in about 15 minutes. The appliance comes with redundant power supplies, two hard drives in a RAID array, two Gigabit fiber and four Gigabit copper ports with an additional 10/100 administration port. VLAN and fail-over support is built into the appliance, as is optional load balancing.

One feature the company repeatedly stressed during my evaluation was the appliance’s overall performance under load. I tested the CSG-2500 by simulating between 1,000 and 2,000 concurrent users accessing HTTP traffic between a pair of HP ProLiant DL360 G3 servers. Latency ranged from 593ms at 1,000 connections to 1,075ms at 2,000. Throughput for the CSG-2500 under load was from 389Mbps (at 1,000) to 362Mbps (at 2,000).

By way of comparison, I ran the same test mix through a Cymphonix Network Composer DC30X and found latency numbers between 1,178ms and 1,240ms. The Cymphonix unit’s throughput was less than the CP Secure device because of its 10/100Mbps interfaces (a test with no appliance in the mix provided latency values from 50ms to 137ms, and throughput averaging around 888Mbps).

Hold the line

Blocking malware and viruses at the network edge is the first line of defense against network infections. With dual scanning engines from CP Secure and Kaspersky, the CSG-2500 looks inside inbound and outbound traffic. A combination of heuristics and signature-based scanning checks for malware embedded in the TCP traffic stream. When malware is detected, admins can choose from a number of actions, such as blocking, quarantining, or simply auditing the activity.

During my tests, I attempted to download various types of malware and viruses from live Web sites and known infected servers on my test LAN. In all cases the CSG-2500 detected the attempts and processed them according to my policy.