IronPort C60 secures e-mail from all sides

E-mail administrators have their hands full these days. They have to protect against spam, phishing, viruses, and address-verification robots while ensuring that content policies are enforced and messages properly encrypted. The IronPort C60 addresses all these issues from a single appliance, combining the power of Symantec Brightmail’s anti-spam engine, Sophos anti-virus technology, and IronPort’s Reputation Filters and reporting tools.

There’s plenty of enterprise-level functionality packed into this rack-mount 2U appliance with redundant power supplies. It supports as many as 10,000 simultaneous connections and 500,000 messages per hour, according to IronPort. The C60 also supports a peer-to-peer load-balancing setup, so even the largest companies should be able to use the system. With its support for multiple domains and its centralized management of multiple appliances, the system should be a hit with ISPs, too.

The true test of any anti-spam solution is how well it separates legitimate e-mail from unwanted messages. Here, the C60 fared extremely well, stopping more than 95 percent of spam during my two weeks of testing, with no false positives. Given that the more than 5,000 e-mail messages in my tests included newsletters, marketing materials, press releases, and other messages that are difficult for most filters to discriminate from spam, this represents fantastic performance on the false positives. The number of false positives is a much more important measurement than the total amount of spam filtered.

Various best-of-breed tools bolster the effectiveness of the C60. E-mail administrators will appreciate IronPort’s Reputation Filters and content filtering. Reputation Filters looks for suspicious e-mail, such as a large volume of messages from a single sender, which could be a symptom of an address-verification robot or a virus targeting a computer. Once it identifies a source of suspicious e-mail, the C60 throttles the bandwidth or stops the e-mail altogether, depending on how you configure the box.

IronPort’s Virus Out-break Filters performs a similar function, quarantining suspicious e-mail based on content and the number of incoming e-mail messages with the same signature. This gives the system a chance to stop a virus outbreak even if the system’s anti-virus signatures haven’t been updated. Reputation Filters and Virus Outbreak Filters both use SenderBase, an e-mail traffic monitoring network with more than 50,000 contributing organizations. SenderBase identifies trends in unwanted e-mail, including spam, phishing attacks, and viruses.

In my tests these filters proved very effective. I sent a large volume of e-mail to several hundred addresses, both valid and invalid. The C60 detected the attack and stopped the messages from being delivered.

The C60’s policy engine scans incoming and outgoing e-mail for words and phrases prohibited by corporate policy. It prevents users from sending confidential documents or receiving potentially executable programs, photos, or audio/video files. This feature worked well in my tests. Setup of the more sophisticated functions, such as content management and outbreak filtering, was simple and well documented.

Setting up and configuring the C60 is straightforward but could be easier. To set up and configure the C60, you use a serial terminal or SSH connection via a dedicated management-interface port, which must be on a separate subnet from the LAN or WAN ports. The initial command line configuration includes the basic setup of the mail system as well as IP information.