Added E-Mail Security Layer

Review: Appliances from Ironport and Secure Computing close the malware-fix gap.

The proliferation of viruses and spam shows no sign of slowing. Traditional anti-virus e-mail gateway products dont always offer immediate protection, but the latest generation of e-mail security appliances does a good job of addressing zero-day virus attacks.

eWeek Labs recently tested IronPort Systems IronPort C600 and Secure Computings CipherTrust IronMail E-series, to determine how effective the appliances are at preventing viruses and spam from reaching end-user in-boxes.

Both products we tested include third-party anti-virus engines, but they also boast a feature that allows each vendors threat response team to create and distribute policies that quarantine suspicious messages in less time than anti-virus vendors typically need to write and deploy a virus definition update.

/zimages/5/28571.gifClick here to read about CipherTrusts

Both the IronPort C600 and CipherTrust IronMail appliances are priced based on the cost of the appliance plus per-seat, per-year pricing for the various subscription services for anti-virus and anti-spam capabilities.

The IronPort C600 costs $54,950, and a subscription for IronPorts policy-based anti-virus technology, Virus Outbreak Filters, costs $42 per seat per year for 100 users. The third-party anti-virus engine the IronPort C600 uses, Sophos Sophos Anti-Virus, costs $3 per seat per year for 10,000 users.

Subscriptions to the two anti-spam engines available—Symantecs Symantec Brightmail AntiSpam and IronPort Anti-Spam—cost $5 and $6 per seat per year, respectively, for 10,000 users.


Pricing for CipherTrust IronMail starts at $19,995 for an appliance capable of handling 2,500 users and includes CipherTrust IronMails Zero-Day Virus Protection and anti-spam engine. Annual subscriptions for the anti-virus signature modules—the McAfee anti-virus engine or the Authentium anti-virus engine—cost $4 per user.

During tests, both products effectively blocked messages containing viruses for which signatures didnt already exist. These "new" viruses typically were variants of existing viruses, such as Clagger or Feebs, but the variants differed enough from the original, highly tuned virus signature from the third-party anti-virus vendor that they would pass through the anti-virus engine undetected.


And herein lies the beauty of these appliances: The IronPort C600 and CipherTrust IronMail systems quarantine suspicious messages—often several hours before a specific signature became available.

The zero-day outbreak filters do add cost to an e-mail infrastructure, but we believe it is worth it considering the cost of cleanup for infected PCs.

Although the products take varying approaches to e-mail security, the effective differences between the two products are in administrative features and reporting. The IronPort C600 made it easier for us to take a hands-on approach to managing the details of messages, while CipherTrust IronMail provided a more metrics-oriented view because of the way the product unifies rules for managing viruses by queues.

These products also provide a broad range of e-mail management and security features. Both provide e-mail gateway services for message routing, and the products provide other policy-based tools for managing message flow, such as filtering for inappropriate language or managing encryption for outbound messages.

Next Page: Testing out IronPort C600