Internet Security Systems' 2004 acquisition of Cobion netted content analysis software and a URL database that added another security layer to the company's Proventia G series security appliances. Today, the Cobion technology helped give birth to a full-fledged mail security appliance, the Proventia Network Mail Security System.
Available by the end of September, the Proventia mail security box combines anti-spam, anti-virus, content filtering, and something you don't see in competing products, intrusion prevention. Senior Product Manager Matthew Ward notes that ISS Proventia intrusion prevention systems are often deployed in front of Sendmail, Microsoft Exchange, IBM Lotus Notes, and even anti-spam devices, because all are afflicted by countless vulnerabilities.
The anti-virus defenses come in two forms: ISS's own behavioral-based Virus Prevention System (VPS), which promises zero-day protection against new viruses and variants, and optional signature-based protection from partner Sophos. Ward claims that VPS captures more than 93 percent of new viruses without a signature update. That includes spyware, trojans, and even rootkits.
As for the anti-spam module, Ward says it is 98 percent effective in identifying spam and phishing "out of the box," adding that you can tighten that down even further with additional tuning. (We're getting awfully close to 100 percent now.) "False positives are approximately one in ten thousand, or 0.01 percent," he says.
If those claims are true, then ISS's spam filtering would rank with the very best we've tested, which are the solutions from Proofpoint and Symantec (see the reviews). We hope to run Proventia through our spam gauntlet and provide the results by year end. Right now another latecomer to the enterprise anti-spam arena, Microsoft Forefront for Exchange Server, is on Logan Harbaugh's test bench. We should have that review for you in the next few weeks.
Like Proofpoint, Symantec, and some other mail security vendors, ISS is beefing up the content filtering to combat outbound risks such as leaks of sensitive information and private data.
"To a large degree we can do that today with lexicon analysis," says Ward. "But we are going to push further into that space by allowing you to configure sensitive directories and then be able to match content on those directories. One of the things this technology is good at is crawling a file share or server and categorizing data in there -- we do that all the time for the Web filtering. We can leverage that technology to classify and make a matching signature for data inside a proprietary document share, for example."
Posted by Doug Dineley on September 12, 2006 03:35 PM
