Netgear ProSecure STM600 web security gateway
Although the Netgear ProSecure STM600 doesn't match the feature set and flexibility of some of the high-end web security gateways from vendors such as Bluecoat, Cisco and Trend Micro, it has a robust and solid design appropriate to midsized and small businesses
- Good web interface
- Doesn't match the feature set and flexibility of some high-end web security gateways,
By making a serious attempt to match the web security needs of small businesses, Netgear has created a product that sits between the relatively spare feature set of the UTM firewall and the expensive depth of enterprise-class web security gateways. The Netgear ProSecure STM600 gives network managers an excellent option to add web security at a reasonable price with minimum risk.
Netgear ProSecure STM600: baby steps in email security
We looked at the Netgear ProSecure STM600's email security features, including antispam, content filtering and antimalware to see how it stands up against a well-entrenched and well-funded set of competitors.
Antispam in the Netgear ProSecure STM600 uses a combination of content and reputation filtering, with detected spam email either tagged, blocked outright, or sent to an on-box quarantine server. Spam settings are determined for the entire system, and there is no concept of "suspected spam", which makes the STM600 very inflexible when it comes to antispam deployment.
There is no way to send quarantines to an off-box server, so Netgear provides up to 2GB of space in the Netgear ProSecure STM600 (our system had an internal 160GB hard drive) for your quarantine. We found the quarantine to be particularly primitive, with no security, no directory integration, and no way to search for specific messages.
We tested the antispam performance of the Netgear ProSecure STM600 and found that the catch rate is very similar to other antispam products, although the false positive rate is dramatically higher.
Netgear recently published a test showing the Netgear ProSecure STM600 giving an antispam catch rate within a percentage point of systems from Barracuda Networks and Cisco Ironport. Our testing gave the same ranking, although with a more substantial range of about 3 percentage points between low and high scores. For a typical enterprise user who receives 100 non-spam messages a day, that translates into about 50 percentage more spam in your in-box when protected by the STM600 than when protected by the Cisco Ironport, with seven times the false positive rate.
Our testing also showed that the Netgear ProSecure STM600 is heavily dependent on reputation services for its antispam performance. This means that the STM600 cannot be a "second hop", as without reputation filtering, its antispam catch rate drops to a dismal 71 percent. Because the STM600 cannot be used effectively without a reputation service, make sure you budget to pay for the required reputation service in addition to Netgear's subscription fees. Netgear puts Spamhaus at the top of its list of reputation services, an excellent choice based on our testing.
Although the Netgear ProSecure STM600 can inspect encrypted HTTP traffic, it doesn't inspect encrypted email (SMTP, POP, or IMAP) traffic, which means that any spam that comes in over an encrypted SMTP connection won't get caught. Since about half of the internet mail is now traveling over encrypted channels, including a substantial amount of spam, the Netgear ProSecure STM600 only makes sense as an antispam appliance if you disable encryption on your SMTP receiver, which seems like a step in the wrong direction.
The same restriction applies if you are doing spam and malware scanning for IMAP and POP users - the Netgear ProSecure STM600 is only effective for these users when encryption is disabled, which could mean passing plain-text usernames and passwords across the internet, a severe no-no.
Netgear has positioned the Netgear ProSecure STM600 as a 600-user appliance with published performance of approximately 250 message/sec. Our testing shows that at steady state, the STM600 actually handles between 6 and 8 message/sec with antimalware and antispam scanning.
Although that's not as impressive as Netgear's claims, it should be more than enough for a 600-user community, especially with reputation filtering giving the Netgear ProSecure STM600 a huge boost by deflecting 80 percent to 90 percent of the messages before they have to be scanned.
We found a different type of performance glitch during our testing when we noticed the Netgear ProSecure STM600 backing up messages and slowing down significantly. We saw slowdowns so significant that sending MTAs would believe the STM600 to be down and queue mail for retransmission.
We worked with Netgear's technical support, who initially thought the slowdown to be related to antivirus/antispam signature updates, which occur hourly (using typical settings). Although we never identified the exact cause of the slowdown, Netgear told us that they are designing a different updating strategy to have a lower impact on system performance during signature updates.
Overall, while the Netgear ProSecure STM600 has a reasonable set of antispam features, it doesn't really move the bar when compared either with other low-cost appliances or spam-integrated UTM firewalls.
Join the Good Gear Guide newsletter!
Most Popular Reviews
- 1 2016 Ford Mustang EcoBoost review
- 2 Review: TCL C1 series 4K TV
- 3 Tech21 Evo Xplorer iPhone case review
- 4 LG 55EG960T OLED UHD TV
- 5 Microsoft Lumia 640 review: Honouring Nokia's legacy
Latest News Articles
- Edward Snowden has developed an iPhone case meant to kill surveillance
- No more passwords with Google's Trust API
- A critical flaw in Symantec antivirus engine puts computers at risk of easy hacking
- Malware attacks on two banks have links with 2014 Sony Pictures hack
- Valve cleverly battles Steam cheaters with two-factor authentication
GGG Evaluation Team
First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.
For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.
The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.
The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.
My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.
- CCTest Analyst - Data MigrationACT
- CCSystems Analyst (IT Security/Network & Systems) 160826/SA/652Asia
- CCChange AnalystNSW
- CCContract Systems Analyst (Datacentre Maintenance) 160817/SA/993Asia
- FTMicrosoft Enterprise Project Management - Technical ConsultantACT
- CCSenior Technology Specialist - Back-end Java/JEENSW
- CCSenior IT Project SpecialistVIC
- FTPrincipal Business Consultant- Wealth ManagementNSW
- FTJr .Net DeveloperVIC
- CCIT Program Manager - TelecommunicationsNSW
- FTProject Administrator (Agile)WA
- CCService Desk Consultant_Level 1ACT
- CCiOS DeveloperVIC
- CCImplementation and Deployment ManagerNSW
- CCSenior Solutions Architect - SIEMVIC
- CCSenior Project ManagerNSW
- CCDB2 Database AdministratorACT
- CCEnterprise Architect ? Big Data AnalyticsNSW
- CCWebmaster content managementACT
- FTJava DeveloperNSW
- CCService Desk AnalystNSW
- CCContract Systems Analyst (Internet/ Intranet) 160902/SA/222Asia
- CCSystem Analyst - NetIQNSW
- FTSAP BASIS HANA ConsultantNSW
- CCProject Manager - PCI DSS / IMACSQLD