CP Secure CSG 1500 and Worm Secure 500
Strengths: Very good and scalable anti-malware solution offering heuristic scanning.
Weaknesses: Not the best interface.
Verdict: Strong scalable offering that is well worth shortlisting.
CP Secure offers both Content Security Gateway (CSG) 1500 and a dedicated anti-worm appliance, the Worm Secure 500.
The CSG 1500 is designed to meet the requirements of enterprise-class organizations and offices with up to several thousand nodes. It claims to handle HTTP traffic of 71 Mbps and SMTP traffic of 460,000 email messages per hour. It has dual redundant power supply units and options for failover.
Printed documentation was scant (just one quick set-up sheet), but the information on the bundled CD was comprehensive.
We began with the anti-virus configuration, which allowed us to scan on SMTP, IMAP, Pop3, HTTP, HTTPS and FTP.
The main screen gives a summary page listing all the protocols the unit is scanning, and provides details of files deleted, cleaned or quarantined. Administrators can define rules for dealing with identified viruses.
The WormSecure appliance can be set up in single or multi-bridge modes. As well as the dedicated admin port, there are seven Ethernet Gigabit ports that can be used to protect either six network segments in single bridge mode, or up to three different subnets in multi-bridge mode.
The management GUI presents a set-up wizard to configure the network settings, such as the device’s IP address, system clock, administrator email address for notifications and update settings.
Once this was done, we were presented with the main web-based management console. This ease of deployment is impressive – at this point, the device was up and running, protecting our network from worms.
The main console was informative and intuitive – the clearly laid-out screen gave us a summary of the device status for worm scanning, including pattern and engine firmware versions.
The device can be set to block incoming worms or disconnect the infected host for a set time. In the event of a worm outbreak, the device implements a policy of containment, and quarantines malicious traffic in an infected segment – preventing a worm from spreading across an enterprise infrastructure.