By Michael Caton  |  Posted 2006-10-02 Print this article Print

CipherTrust IronMail

The Ciphertrust Ironmail appliances Zero-Day Virus Protection addresses immediate virus threats using a technology Secure Computing calls Trusted-Source. TrustedSource monitors e-mail traffic and creates a reputation score that it associates with a message senders IP address.
In addition, Zero-Day Virus Protection encompasses standard virus detection tools, such as attachment inspection, to help identify if a message is a threat. The combination of TrustedSource information and virus inspection allows Secure Computings threat response team to issue a policy to the CipherTrust IronMail appliance so it can quarantine messages based on the policy.

During tests, CipherTrust IronMail effectively blocked viruses for which signatures hadnt yet been issued. The appliances queue configuration for scanning messages prioritizes CipherTrusts policy filtering using TrustedSource data to initially block or quarantine messages that violate a given rule. This means that the appliance blocks messages from disreputable senders before the messages get into the other queues. In addition, suspicious messages from unknown senders can get pushed to the quarantine.

The appliances Web-based administrative application organizes management essentially by queues. The application uses a tabbed interface to organize information by functionality, compliance, anti-spam, anti-virus, encryption and firewall. Click here to read more about why e-mail security vendors are ride high. We liked this metric-centric approach, but it did mean more clicks for us in our tests. When we set out to manage anti-virus settings, for example, the main view of the anti-virus tab displayed performance metrics for a given queue, requiring navigation to a layer deeper to see or manage settings.

With all its components running, the CipherTrust IronMail appliance performs a number of tasks in the background and consolidates the end results in various queues. The quarantine queue actually comprises policy queues and TrustedSource queues, and it segregates messages accordingly.

The queues provide administrators with a great degree of control over message blocking. When we drilled down into the various queues and looked at individual messages, we could quickly create a specific action rule for a given message. For example, we could drop messages that came from a specific sender or forward ones addressed to a particular user to another users address.

Is Microsoft security pricing: predatory or correctional? Click here to read more. The CipherTrust IronMail appliance gives administrators a high level of control over SMTP traffic, with good support for building broad inbound and outbound message policies. In addition to the Web-based console, the appliance has a command-line interface for initial setup and ongoing administration.

On the reporting side, administrators see a high-level overview of the system performance and state on most of the main screens. We also liked that the product includes almost three dozen preconfigured reports in either HTML or PDF, with a good number of the HTML reports covering compliance issues.

We would have liked the ability to build custom reports using the Web-based interface, but administrators can create reports from the log files.

Technical Analyst Michael Caton can be reached at

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel