Fight against viruses, spam and phishing

MAILFRONTIER GATEWAY APPLIANCE M500

MailFrontier Inc.

(650) 461-7500

www.mailfrontier.com

Price: $21,000 (GSA)

Reviewer's comments: Overall performance was on par with other e-mail appliances we've tested and better in some areas. The M500 was expert at knocking down phishing attacks, something we'd not seen before.

Performance: A

Ease of Use: B+

Features: A-

Value: A-

MailFrontier M500: Performance Results

Virus messages sent:

16,606

Virus messages caught:

16,584

Accuracy:

99.86 %

Spam messages sent:

18,205

Spam messages caught:

17,912

Accuracy:

98.3 %

Rate of false positives:

0.3%

MailFrontier Gateway Appliance M500

MailFrontier M500 holds up well against emerging e-mail threats

| GCN Lab Reviewer's Choice |

It's getting so you can't stick your head out onto the Internet anymore without someone trying to sell you something, infect your computer with viruses or steal your identity. And several attacks developed to go after home users, such as phishing, are mutating to take aim at corporate offices and government agencies.
Into this maelstrom we tossed the new MailFrontier M500 gateway appliance, which scans each and every e-mail coming in or going out of a network. It's the baby brother of the M1000, but is no lightweight. The M500 can handle 1.2 million messages per day, or about 50,000 every hour.

First we set up the M500 on the GCN Lab test network to watch it in normal operation. Then we hooked it up to a test bed powered by two devices from Spirent Communications plc. Using the Spirent Avalanche and Reflector, we could simulate a network of 1,000 busy government users receiving and sending e-mails.

Out of the box, the M500 was not very difficult to set up. It took about an hour, which hardly makes it plug and play, but it was among the easier appliances we've tested to configure. After setup, the M500 will update itself with the most recent malware profiles, and little user intervention should ever be required again.

For testing, our simulated users received a constant stream of messages for half an hour, with all messages routed through the M500. We sent 16,606 viruses though the appliance. Some of these were old, while others were captured within the days leading up to the test. Still other test viruses were created in the GCN Lab specifically for this review. The M500 was rarely fooled. It nabbed 16,584 of the viruses for a 99.86 percent accuracy rate.

As for spam protection, the results were also impressive, though slightly less so. We sent 18,205 spam messages into the appliance over the test period, none of which was more than 48 hours old. The M500 blocked 17,912 messages for a 98.3 percent accuracy rate.

To check for false positives, we crafted 1,000 e-mails that were specifically designed to be legitimate, but in one way or another might trick a device into thinking it was not. Of the 1,000 legitimate e-mails, only three were tagged as potential spam and blocked by the system. That's an impressively low false-positive rate. You have the option of notifying users that a message has been quarantined, so they can tag it as legit, if appropriate.

The M500 also looks at the outgoing e-mail stream. Although it gives outgoing mail the same scrutiny, the appliance is basically scanning for two things. First, it is looking for content that the administrator has deemed sensitive. Financial data and classified information are examples. We found that once data was locked down by the M500, even if we tried to disguise it in another e-mail message, the appliance always caught and quarantined it before it left the network.

Anti-phishing protection

The M500 also looks for odd e-mail patterns, such as a volume of similar messages emanating from one user. This could indicate that a zombie client has formed on the network. These are nice features, but nothing we haven't seen before in other mail appliances.

That said, we were extremely pleased to find rock-solid anti-phishing protection. The M500 blocks phishing attacks by checking three things. First it looks at header information to see where a message really came from. Then it looks at the content of a message for red flags. Finally, and probably most importantly, the M500 looks for obfuscation of links or browser vulnerability exploits. If a link says you're going to www.nasa.gov/payroll/password but the link really goes to www.supernet.ru/give/me/money, the M500 knows there's a problem. While the GCN Lab doesn't have an established phishing test, we noticed anecdotally that the M500 quarantined several known scams.

The M500 does a good job stopping all kinds of malware. And the addition of phishing protection goes a long way toward ending an emerging threat to government networks before it gets a running start. It doesn't necessarily stand out from other e-mail security appliances we've tested, but it's worth a look.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above