Running e-mail through a gauntlet
IronPort and Mirapoint appliances address manifold threats
The IronPort C-Series appliances offer a number of features designed to reduce loads on the internal network, including SenderBase, which uses a database updated through IronPort to reject e-mail from addresses known to belong to spammers, and a virus-outbreak filter that looks for messages characteristic of new unknown viruses in the early stages of propagation.
Installing the IronPort appliance is a snap, although small-network administrators may be frustrated by the requirement that the management interface be on a different subnet from the e-mail server. A wizard guides you through the initial configuration, and setup of the various features is clear and straightforward, with in-line help that is actually useful.
The appliance can synchronize with an LDAP directory or Active Directory to verify whether incoming e-mails are addressed to valid users. This not only allows IronPort to stop directory harvest attacks but reduces loads on e-mail servers because e-mail to invalid users is dropped before the e-mail server sees it.
IronPort uses SenderBase to prefilter incoming mail -- the idea is not to stop all spam but to reject messages that are from known spammers before they enter the network. After a message has been accepted, it goes through several filters -- the Symantec/Brightmail anti-spam engine, the Sophos anti-virus filter, the virus outbreak filter, and content filters that can be based on a dictionary of phrases, as well as a list of unacceptable attachments.
Setting up policies for content filtering of incoming or outgoing mail is easy. You can create a list of words or phrases and a list of attachments that you’d like to prohibit. You can easily create multiple policies so that, say, HR is notified when someone sends an e-mail containing offensive language, or the CEO is notified when someone alludes to a product that hasn’t been released yet. IronPort also offers turnkey HIPAA, Sarbanes-Oxley, and Gramm-Leach-Bliley filter sets for compliance with these regulations.
The IronPort is also simple to set up in a clustered environment. A peer-to-peer architecture means you have “n + 1” fail-over rather than needing a pair of devices in an active/passive relationship to provide redundancy. Management of all IronPort devices in your network can be done through a single console. In addition to excellent monitoring and reporting, you can track individual messages as they flow through your network, an invaluable tool for troubleshooting problems.
The IronPort turned in an excellent performance, producing only one false positive (a bulk e-mail) and catching 93 percent of spam, with no tuning necessary. The system is easy to set up and configure, and it includes a great set of tools to ensure the security of e-mail for large organizations.
Mirapoint Message Server v. 3.5.9-GR
Mirapoint has two lines of appliances, the RazorGate line, which is strictly an e-mail security gateway, and the Message Server line, which includes an e-mail server along with the security features. I tested a Message Server appliance; the product directly comparable to the IronPort would have been a RazorGate box.