Netgear ProSecure STM600 web security gateway
Although the Netgear ProSecure STM600 doesn't match the feature set and flexibility of some of the high-end web security gateways from vendors such as Bluecoat, Cisco and Trend Micro, it has a robust and solid design appropriate to midsized and small businesses
- Good web interface
- Doesn't match the feature set and flexibility of some high-end web security gateways,
By making a serious attempt to match the web security needs of small businesses, Netgear has created a product that sits between the relatively spare feature set of the UTM firewall and the expensive depth of enterprise-class web security gateways. The Netgear ProSecure STM600 gives network managers an excellent option to add web security at a reasonable price with minimum risk.
Netgear ProSecure STM600: web filtering made easy
With its bump-in-the-wire design, the Netgear ProSecure STM600 is easy to slip in and out of small networks to protect end users and control web usage. Web filtering on the STM600 includes antimalware scanning, category-based URL filtering, local block and allow lists, and some very basic content scanning, including blocking certain HTTP download file types and file extensions.
Although the web security settings on the Netgear ProSecure STM600 are system-wide, you do have the capability to apply some per-user rules which will override the basic settings. These can be done based on IP address or based on user authentication. We tested the STM600 by linking it to our corporate directory with RADIUS and Active Directory to verify that we could write rules so that some users could have full internet access with minimal content filtering, while others were restricted to a subset of sites. The mechanisms in the STM600 are a good match for the small business market.
The Netgear ProSecure STM600 can also inspect HTTPS traffic, a critical requirement for any web security gateway. The STM600 does this by signing a new digital certificate for any website protected by SSL. (The STM600 comes with a generic signing certificate, or you can supply your own.)
The Netgear ProSecure STM600 splices together the two encrypted connections: one between the STM600 and the real website, and the other between the STM600 and the end user, enabling it to inspect the traffic as it passes by. Of course, this requires the end user to accept the STM600's signing certificate as authentic or the network manager to pre-load it into end user systems, a necessary inconvenience.
We tested the Netgear ProSecure STM600's ability to identify recent viruses on web pages, in encrypted traffic, and found it lived up to its billing. We also tested the category-based URL filtering, and found about the normal success rate at categorisation and blocking.
An additional feature of the Netgear ProSecure STM600, Application Control, didn't show up as well in our testing. These controls purport to give the network manager greater control over applications. With vendors such as Palo Alto Networks pushing this as a key feature in managing end-user access, we were interested to see how the SMB-focused Netgear would do. Answer: not very well.
On the Netgear ProSecure STM600, Application Control includes four main categories of applications: messaging, media, peer-to-peer, and tools. Each category has between three and six applications. In theory, check the box and you turn off BitTorrent. We tested three of the four categories, but none of the applications we tested (BitTorrent, iTunes Music Store, Google Talk) were successfully blocked. Netgear needs to go back to the drawing board on that one.
Because the Netgear ProSecure STM600 sits in-line for all traffic, whether HTTP or not, we ran performance tests to see how well it would behave under load. Running typical loads through the STM600 with antimalware (but without URL filtering), we saw our system max out at 100 percent CPU around 33Mbps. With HTTPS traffic, the STM600 was about 15 percent slower, decrypting, scanning and re-encrypting at about 28Mbps.
Those speeds are fast enough for a typical small business internet connection. However, if you have bulk traffic in your network, such as backups, it would be better to avoid sending that through the Netgear ProSecure STM600, or make sure that you've configured the STM600 not to scan that traffic based on port number or IP address.
Our most significant criticism of the Netgear ProSecure STM600's design as a web security gateway is that it requires the network manager to know ahead of time all the TCP port numbers used to host malware. While most web traffic is running on Port 80 (or 443 for encrypted traffic), someone hosting malware on Port 81, for example, would be able to fly right by the STM600.
Although the Netgear ProSecure STM600 doesn't match the feature set and flexibility of some of the high-end web security gateways from vendors such as Bluecoat, Cisco, and Trend Micro, it has a robust and solid design appropriate to midsized and small businesses.
Join the newsletter!
Dyson Supersonic™ Hair Dryer Fuchsia/Iron
Panasonic OLED 4K Ultra HD TV - TH-55EZ950U
SanDisk MicroSDXC™ for Nintendo® Switch™
WD MY PASSPORT™ Gaming Storage
Panasonic OLED 4K Ultra HD TV - TH-77EZ1000U
cloudandco Smart Cane
Bang and Olufsen BeoVision 14
WD MY PASSPORT™ X Gaming Storage
Nespresso Creatista Coffee Machine
Apple iPhone X
Toys for Boys
Bose SoundLink Micro
Lego Mindstorms EV3
LaCie Rugged USB-C Portable Hard Drive
Leica M10 Digital Rangefinder Camera
Google Daydream View VR Headset
Onyx Smart Walkie Talkie
Ubiquiti Network’s Front Row Camera
Propel Star Wars T-65 X-Wing Drone
Xbox One X
Toffee Bags Commuter Satchel
Dearear Endear In-ear Wireless Earphones
Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K
PETKIG Go Smart Dog Leash
Amazon Echo Bluetooth Speaker
WD MY CLOUD™ HOME Personal Cloud Storage
Panasonic Hi-Fi - SC-UA7GS-K
Nest Protect Smart Smoke Alarm
Belkin Pocket Power 10,000mAh
iRobot Roomba 980 Vaccum Cleaning Robot
Panasonic Portable Splashproof Fun - RF-D20U
Ikea NORDMÄRKE Wireless Charging Pad
Raspberry Pi Starter Kit
Tile Pro Bluetooth Tracker
Urbanworx Full HD Action Camera
Logitech Doodle Collection Wireless Mouse
3SIXT 3-in-1 Smartphone Lens Kit
Razer DeathAdder Expert Ergonomic Gaming Mouse
Kogan Bluetooth Soundbar
Lexon Flip Alarm Clock
Most Popular Reviews
- 1 Hisense takes the fight to home entertainment heavyweights with flagship Series 8 and 9 ULED TVs
- 2 Sony's latest Ultra HD OLED debuts in Australia
- 3 Panasonic Ultra HD OLED TV Review
- 4 D-Link Omna 180 Cam HD DSH-C310 review
- 5 Oppo A77 smartphone: Full in-depth review
Latest News Articles
- Uber confirms massive 2016 data breach
- D-Link Adds Android Support and Launches Updated App for Omna 180 Cam HD
- Monitoring the home has become more flexible with Uniden’s App Cam Solo
- ESET works with Google to halt dangerous malware
- Cybersecurity is a Shared Responsibility, Warns ESET
PCW Evaluation Team
It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.
Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.
The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.
The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.
The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic
I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.
- Huawei Mate 10 Pro Review
- The Best Australian Black Friday Tech Deals That Aren't On Amazon
- Wolfenstein The New Colossus Review
- Which flagship TV is best? Sony 4K HDR Bravia 2016 versus LG 4K HDR OLED 2016
- 10 Blu-ray movies / Best looking Blu-ray movies
- CCPHP DeveloperVIC
- FTService Desk CoordinatorVIC
- FTInfrastructure/ Hybrid Cloud Architect - Government OrganisationVIC
- FTBig Data ArchitectOther
- TPC++ DeveloperNSW
- CCPega Resources Required - Developers & ArchitectsACT
- FTQuality Assurance ManagerNSW
- TPCommunications & Change AnalystQLD
- FTSolution Architect - Security/DigitalVIC
- FTApplication Support ConsultantVIC
- FTMultiple SOC Analyst RolesOther
- TPIT Business AnalystNSW
- TPPrincipal Project Manager | ApplicationsQLD
- TPSenior Developer/Technical AnalystNSW
- TPProject ManagerACT
- TPProject ManagerVIC
- CCSenior Business AnalystNSW
- CCProject ManagerACT
- CCGeospatial Project ManagerNSW
- CCTechnical LeadACT
- FTAccount Management/Customer Service - MULTIPLE ROLESSA
- TPAPS6 Business AnalystACT
- FTFront End DeveloperOther
- FTTechnical Test AnalystQLD