Fight against viruses, spam and phishing
- By John Breeden II
- Jan 18, 2006
MailFrontier M500 holds up well against emerging e-mail threats| GCN Lab
MailFrontier Gateway Appliance M500
Reviewer's Choice |
It's getting so you can't stick your head out onto the Internet anymore without someone trying to sell you something, infect your computer with viruses or steal your identity. And several attacks developed to go after home users, such as phishing, are mutating to take aim at corporate offices and government agencies.
Into this maelstrom we tossed the new MailFrontier M500 gateway appliance, which scans each and every e-mail coming in or going out of a network. It's the baby brother of the M1000, but is no lightweight. The M500 can handle 1.2 million messages per day, or about 50,000 every hour.
First we set up the M500 on the GCN Lab test network to watch it in normal operation. Then we hooked it up to a test bed powered by two devices from Spirent Communications plc. Using the Spirent Avalanche and Reflector, we could simulate a network of 1,000 busy government users receiving and sending e-mails.
Out of the box, the M500 was not very difficult to set up. It took about an hour, which hardly makes it plug and play, but it was among the easier appliances we've tested to configure. After setup, the M500 will update itself with the most recent malware profiles, and little user intervention should ever be required again.
For testing, our simulated users received a constant stream of messages for half an hour, with all messages routed through the M500. We sent 16,606 viruses though the appliance. Some of these were old, while others were captured within the days leading up to the test. Still other test viruses were created in the GCN Lab specifically for this review. The M500 was rarely fooled. It nabbed 16,584 of the viruses for a 99.86 percent accuracy rate.
As for spam protection, the results were also impressive, though slightly less so. We sent 18,205 spam messages into the appliance over the test period, none of which was more than 48 hours old. The M500 blocked 17,912 messages for a 98.3 percent accuracy rate.
To check for false positives, we crafted 1,000 e-mails that were specifically designed to be legitimate, but in one way or another might trick a device into thinking it was not. Of the 1,000 legitimate e-mails, only three were tagged as potential spam and blocked by the system. That's an impressively low false-positive rate. You have the option of notifying users that a message has been quarantined, so they can tag it as legit, if appropriate.
The M500 also looks at the outgoing e-mail stream. Although it gives outgoing mail the same scrutiny, the appliance is basically scanning for two things. First, it is looking for content that the administrator has deemed sensitive. Financial data and classified information are examples. We found that once data was locked down by the M500, even if we tried to disguise it in another e-mail message, the appliance always caught and quarantined it before it left the network.Anti-phishing protection
The M500 also looks for odd e-mail patterns, such as a volume of similar messages emanating from one user. This could indicate that a zombie client has formed on the network. These are nice features, but nothing we haven't seen before in other mail appliances.
That said, we were extremely pleased to find rock-solid anti-phishing protection. The M500 blocks phishing attacks by checking three things. First it looks at header information to see where a message really came from. Then it looks at the content of a message for red flags. Finally, and probably most importantly, the M500 looks for obfuscation of links or browser vulnerability exploits. If a link says you're going to www.nasa.gov/payroll/password but the link really goes to www.supernet.ru/give/me/money, the M500 knows there's a problem. While the GCN Lab doesn't have an established phishing test, we noticed anecdotally that the M500 quarantined several known scams.
The M500 does a good job stopping all kinds of malware. And the addition of phishing protection goes a long way toward ending an emerging threat to government networks before it gets a running start. It doesn't necessarily stand out from other e-mail security appliances we've tested, but it's worth a look.
John Breeden II is a freelance technology writer for GCN.