Netgear ProSecure STM600 web security gateway
Although the Netgear ProSecure STM600 doesn't match the feature set and flexibility of some of the high-end web security gateways from vendors such as Bluecoat, Cisco and Trend Micro, it has a robust and solid design appropriate to midsized and small businesses
- Good web interface
- Doesn't match the feature set and flexibility of some high-end web security gateways,
By making a serious attempt to match the web security needs of small businesses, Netgear has created a product that sits between the relatively spare feature set of the UTM firewall and the expensive depth of enterprise-class web security gateways. The Netgear ProSecure STM600 gives network managers an excellent option to add web security at a reasonable price with minimum risk.
Netgear ProSecure STM600: baby steps in email security
We looked at the Netgear ProSecure STM600's email security features, including antispam, content filtering and antimalware to see how it stands up against a well-entrenched and well-funded set of competitors.
Antispam in the Netgear ProSecure STM600 uses a combination of content and reputation filtering, with detected spam email either tagged, blocked outright, or sent to an on-box quarantine server. Spam settings are determined for the entire system, and there is no concept of "suspected spam", which makes the STM600 very inflexible when it comes to antispam deployment.
There is no way to send quarantines to an off-box server, so Netgear provides up to 2GB of space in the Netgear ProSecure STM600 (our system had an internal 160GB hard drive) for your quarantine. We found the quarantine to be particularly primitive, with no security, no directory integration, and no way to search for specific messages.
We tested the antispam performance of the Netgear ProSecure STM600 and found that the catch rate is very similar to other antispam products, although the false positive rate is dramatically higher.
Netgear recently published a test showing the Netgear ProSecure STM600 giving an antispam catch rate within a percentage point of systems from Barracuda Networks and Cisco Ironport. Our testing gave the same ranking, although with a more substantial range of about 3 percentage points between low and high scores. For a typical enterprise user who receives 100 non-spam messages a day, that translates into about 50 percentage more spam in your in-box when protected by the STM600 than when protected by the Cisco Ironport, with seven times the false positive rate.
Our testing also showed that the Netgear ProSecure STM600 is heavily dependent on reputation services for its antispam performance. This means that the STM600 cannot be a "second hop", as without reputation filtering, its antispam catch rate drops to a dismal 71 percent. Because the STM600 cannot be used effectively without a reputation service, make sure you budget to pay for the required reputation service in addition to Netgear's subscription fees. Netgear puts Spamhaus at the top of its list of reputation services, an excellent choice based on our testing.
Although the Netgear ProSecure STM600 can inspect encrypted HTTP traffic, it doesn't inspect encrypted email (SMTP, POP, or IMAP) traffic, which means that any spam that comes in over an encrypted SMTP connection won't get caught. Since about half of the internet mail is now traveling over encrypted channels, including a substantial amount of spam, the Netgear ProSecure STM600 only makes sense as an antispam appliance if you disable encryption on your SMTP receiver, which seems like a step in the wrong direction.
The same restriction applies if you are doing spam and malware scanning for IMAP and POP users - the Netgear ProSecure STM600 is only effective for these users when encryption is disabled, which could mean passing plain-text usernames and passwords across the internet, a severe no-no.
Netgear has positioned the Netgear ProSecure STM600 as a 600-user appliance with published performance of approximately 250 message/sec. Our testing shows that at steady state, the STM600 actually handles between 6 and 8 message/sec with antimalware and antispam scanning.
Although that's not as impressive as Netgear's claims, it should be more than enough for a 600-user community, especially with reputation filtering giving the Netgear ProSecure STM600 a huge boost by deflecting 80 percent to 90 percent of the messages before they have to be scanned.
We found a different type of performance glitch during our testing when we noticed the Netgear ProSecure STM600 backing up messages and slowing down significantly. We saw slowdowns so significant that sending MTAs would believe the STM600 to be down and queue mail for retransmission.
We worked with Netgear's technical support, who initially thought the slowdown to be related to antivirus/antispam signature updates, which occur hourly (using typical settings). Although we never identified the exact cause of the slowdown, Netgear told us that they are designing a different updating strategy to have a lower impact on system performance during signature updates.
Overall, while the Netgear ProSecure STM600 has a reasonable set of antispam features, it doesn't really move the bar when compared either with other low-cost appliances or spam-integrated UTM firewalls.
Join the Good Gear Guide newsletter!
Most Popular Reviews
- 1 Subaru XV 2017 review
- 2 Samsung 2017 QLED Q7 TV: Full, in-depth review
- 3 Kogan Atlas UltraSlim Pro laptop: full, in-depth review
- 4 Gigabyte Aorus GA-AX370-Gaming 5 AMD Ryzen AM4 motherboard review
- 5 Kogan curved 4K UHD 55-inch LED LCD TV review
Latest News Articles
- Hackers use old Stuxnet-related bug to carry out attacks
- A vigilante hacker may have built a computer worm to protect the IoT
- Suspected CIA spying tools linked to hacks in 16 countries
- The iCloud hackers' bitcoin ransom looks like a fake
- WikiLeaks: CIA used bits of Carberp Trojan code for malware deployment
PCW Evaluation Team
A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.
I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.
As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.
I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.
Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!
For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.
- Samsung Galaxy S8 phone: full, in-depth review
- Ryzen 5 vs Intel Core i5 CPU Australian review
- Mass Effect Andromeda review: One for the fans
- Which flagship TV is best? Sony 4K HDR Bravia 2016 versus LG 4K HDR OLED 2016
- 10 Blu-ray movies / Best looking Blu-ray movies
- TPWeb DeveloperNSW
- FTContracts ManagerNSW
- CCSenior Domain ArchitectVIC
- CCSenior System AdministratorQLD
- CCWindows Server EngineerNSW
- CCSecurity ConsultantVIC
- CCSecurity Architect Port MacquarieNSW
- CCDesktop Support/ Field Services EngineerQLD
- FTSenior System AdministratorVIC
- FTAsst. Director - Claim AnalysisACT
- CCSenior Network Architect l CCNP/CCIE R&S l Cisco ACINSW
- FTChange ManagerNSW
- FTSenior / Lead AEM DeveloperNSW
- FTMarket Data Analyst, Investment BankingNSW
- FTInfrastructure Project Manager Office 365 ImplementationVIC
- FTHelpdesk AnalystNSW
- FTSoftware Engineer - Build/Image MaintenanceACT
- FTFront End .Net Developer. Permanent jobACT
- TPEnterprise ArchitectQLD
- FTUser Support AnalystNSW
- FTWindows Server Engineer MCSE, SCCM, SCOM, PowershellNSW
- FTJunior Business Analyst / Project Coordinator dual roleVIC
- FTRecruitment ConsultantSA
- CCTechnical Consutlant - Entry Level - HPSMNSW
- FTSenior Java EngineerWA