Netgear ProSecure STM600 web security gateway
Although the Netgear ProSecure STM600 doesn't match the feature set and flexibility of some of the high-end web security gateways from vendors such as Bluecoat, Cisco and Trend Micro, it has a robust and solid design appropriate to midsized and small businesses
- Good web interface
- Doesn't match the feature set and flexibility of some high-end web security gateways,
By making a serious attempt to match the web security needs of small businesses, Netgear has created a product that sits between the relatively spare feature set of the UTM firewall and the expensive depth of enterprise-class web security gateways. The Netgear ProSecure STM600 gives network managers an excellent option to add web security at a reasonable price with minimum risk.
Netgear ProSecure STM600: baby steps in email security
We looked at the Netgear ProSecure STM600's email security features, including antispam, content filtering and antimalware to see how it stands up against a well-entrenched and well-funded set of competitors.
Antispam in the Netgear ProSecure STM600 uses a combination of content and reputation filtering, with detected spam email either tagged, blocked outright, or sent to an on-box quarantine server. Spam settings are determined for the entire system, and there is no concept of "suspected spam", which makes the STM600 very inflexible when it comes to antispam deployment.
There is no way to send quarantines to an off-box server, so Netgear provides up to 2GB of space in the Netgear ProSecure STM600 (our system had an internal 160GB hard drive) for your quarantine. We found the quarantine to be particularly primitive, with no security, no directory integration, and no way to search for specific messages.
We tested the antispam performance of the Netgear ProSecure STM600 and found that the catch rate is very similar to other antispam products, although the false positive rate is dramatically higher.
Netgear recently published a test showing the Netgear ProSecure STM600 giving an antispam catch rate within a percentage point of systems from Barracuda Networks and Cisco Ironport. Our testing gave the same ranking, although with a more substantial range of about 3 percentage points between low and high scores. For a typical enterprise user who receives 100 non-spam messages a day, that translates into about 50 percentage more spam in your in-box when protected by the STM600 than when protected by the Cisco Ironport, with seven times the false positive rate.
Our testing also showed that the Netgear ProSecure STM600 is heavily dependent on reputation services for its antispam performance. This means that the STM600 cannot be a "second hop", as without reputation filtering, its antispam catch rate drops to a dismal 71 percent. Because the STM600 cannot be used effectively without a reputation service, make sure you budget to pay for the required reputation service in addition to Netgear's subscription fees. Netgear puts Spamhaus at the top of its list of reputation services, an excellent choice based on our testing.
Although the Netgear ProSecure STM600 can inspect encrypted HTTP traffic, it doesn't inspect encrypted email (SMTP, POP, or IMAP) traffic, which means that any spam that comes in over an encrypted SMTP connection won't get caught. Since about half of the internet mail is now traveling over encrypted channels, including a substantial amount of spam, the Netgear ProSecure STM600 only makes sense as an antispam appliance if you disable encryption on your SMTP receiver, which seems like a step in the wrong direction.
The same restriction applies if you are doing spam and malware scanning for IMAP and POP users - the Netgear ProSecure STM600 is only effective for these users when encryption is disabled, which could mean passing plain-text usernames and passwords across the internet, a severe no-no.
Netgear has positioned the Netgear ProSecure STM600 as a 600-user appliance with published performance of approximately 250 message/sec. Our testing shows that at steady state, the STM600 actually handles between 6 and 8 message/sec with antimalware and antispam scanning.
Although that's not as impressive as Netgear's claims, it should be more than enough for a 600-user community, especially with reputation filtering giving the Netgear ProSecure STM600 a huge boost by deflecting 80 percent to 90 percent of the messages before they have to be scanned.
We found a different type of performance glitch during our testing when we noticed the Netgear ProSecure STM600 backing up messages and slowing down significantly. We saw slowdowns so significant that sending MTAs would believe the STM600 to be down and queue mail for retransmission.
We worked with Netgear's technical support, who initially thought the slowdown to be related to antivirus/antispam signature updates, which occur hourly (using typical settings). Although we never identified the exact cause of the slowdown, Netgear told us that they are designing a different updating strategy to have a lower impact on system performance during signature updates.
Overall, while the Netgear ProSecure STM600 has a reasonable set of antispam features, it doesn't really move the bar when compared either with other low-cost appliances or spam-integrated UTM firewalls.
Join the Good Gear Guide newsletter!
Most Popular Reviews
- 1 2016 Ford Mustang EcoBoost review
- 2 Synology DS216+ Review
- 3 Review: TCL C1 series 4K TV
- 4 Sony 75-inch UHD TV (X9400C) review: Sony and Android are a winning duo
- 5 LG 55EG960T OLED UHD TV
Best Deals on Good Gear Guide
Latest News Articles
- Edward Snowden has developed an iPhone case meant to kill surveillance
- No more passwords with Google's Trust API
- A critical flaw in Symantec antivirus engine puts computers at risk of easy hacking
- Malware attacks on two banks have links with 2014 Sony Pictures hack
- Valve cleverly battles Steam cheaters with two-factor authentication
GGG Evaluation Team
First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.
For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.
The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.
The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.
My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.
- FTSocial Media AssistantQLD
- CCChange Portfolio ManagerNSW
- CCSenior Tester - Automation / Telecommunications (Urgent)NSW
- CCStrategic Business AnalystNSW
- CCGeo-spatial AdministratorVIC
- FTApplication Support AnalystSA
- CCTrainer - Windows 10 / Office 2016ACT
- CCContract Analyst Programmer (JAVA/Oracle) 160728/AP/623Asia
- CCSenior Business Process AnalystNSW
- CCPortfolio AnalystVIC
- FTDefence Network Architect | NV2ACT
- FTNetwork Infrastructure SpecialistSA
- CCUser Access Review (UAR) DeveloperVIC
- CCLead Business AnalystNSW
- FTJDE DeveloperVIC
- FTJava DeveloperVIC
- CCPeopleSoft Consultant (Financial)NSW
- CCNetwork ArchitectNSW
- CCBPM Solution ArchitectVIC
- FTGraduate IT supportNSW
- CCProject Manager/ Sr PMO Analyst - Consulting BackgroundNSW
- CCSAP MM / Ariba Functional ConsultantNSW
- CC.Net DeveloperNSW
- CCIT Security ArchitectVIC
- CCBusiness Project ManagerVIC