Strengths: Plug and play deployment, excellent value, high URL category filtering and anti-spam performance, https scanning as standard
Weaknesses: No SPI firewall, internal hard disk underused
Verdict: Along with quality web filtering and anti-spam performance, the STM600 looks top value and SMBs will find it very easy to deploy
Netgear signalled its intentions on the SMB web and content filtering market last year with the launch of the STM family of appliances - but it rather jumped the gun, as a number of important features hadn't yet been implemented. The latest firmware upgrade remedies this oversight and in this review we are putting its top-of-the-range STM600 through its paces and looking at the new quarantining, IM and P2P app controls and advanced policy-creation features.
The STM600 targets larger SMBs and has enough grunt to handle up to 600 concurrent users. The value proposition is good, as there are no actual physical limitations to the number of users and - unusually for an SMB appliance - you get https scanning as standard.
This 1U rack system comes with five Gigabit ports, with one for dedicated management access. The remaining four are split into pairs for handling inbound and outbound traffic on two separate networks. They also incorporate hardware failover switches, so if the appliance goes belly up it won't take your internet connections with it.
The STM appliance family is the fruit of Netgear's acquisition of Chinese company CP Secure in 2008 and features its unique stream-scanning technology. It scans and analyses traffic as soon as it starts entering the network and uses a multi-threaded approach. Rather than wait for a whole file to be received, one thread scans the bytes as they come in and another provides close to real-time scanning.
Kaspersky handles anti-virus, while Commtouch's GlobalView looks after URL category filtering. Anti-spam is equally well catered for, as Commtouch steps up again with it RPD (recurrent pattern detection) technology.
Commtouch works with many ISPs, where it creates hashes of every mail passing through their servers, allowing it to provide a method of easily identifying spam.
Installation is as plug and play as it gets, as the STM600 functions as a transparent gateway. It doesn't require any client configuration for it to filter traffic and we had no problems dropping it between our LAN and firewall, using one of the Gigabit port pairs.
The browser management interface isn't pretty, but is easy enough to use and offers a quick-start wizard to get you up and running. Usefully, a default policy is applied to all users and already has basic anti-spam measures and URL filtering activated, so the STM600 can start protecting the network straightaway. All signature and database updates are automated and checks can be as often as every 15 minutes.
The appliance has its own internal user and group database but, along with Radius, it now supports AD server authentication. This is implemented by creating LDAP and Radius domains on the appliance, which are presented to users via a login portal.
This now allows web/URL filtering and application access to be customised with exceptions to the default policy. We were able to create policy exceptions for our AD users, to let them access social networking sites and IM apps during the lunch break period. However, you do have to create individual exceptions for each web category or application.
Netgear delivers a good range of anti-spam measures, as Commtouch's RPD is backed up by RBLs, black and white lists and heuristics. For SMTP, you can tag, block or quarantine suspected spam; for POP3, you can tag them.
Infected mail attachments can be stripped out or quarantined and for SMTP you can apply this to the attachment only or to the entire message. Suspect downloads over https, http and FTP can be quarantined and the STM600 uses its hard disk to store these.
However, despite the size of the installed disk, the STM600 has an upper limit of 2GB for spam and 512MB for malware - throwbacks to when Netgear had originally planned on using flash memory for quarantining. The hard disk would also be an ideal location for using web-page caching to improve download performance.
Anti-spam performance is very good and to test this we set the appliance to tag all suspect messages and used Outlook rules on our clients to move them to separate folders. After a week of scanning live mail, we saw a 96 per cent success rate, with less than four per cent false positives.
The new IM and P2P blocking feature provides a good selection of apps to choose from. We tested using Windows Messenger and Windows Live and once we had blocked MSN Messenger, clients were unable to communicate with each other and subsequent logins were all stopped.
GlobalView offers 64 URL categories and it worked extremely well. With the gambling and games categories blocked, we were unable to access any online bingo or poker sites. Online games were equally inaccessible and the social networking section stopped access to sites such as Facebook and Twitter. A lookup tool is also provided, where you enter a URL and it will tell you which category it comes under.
A dashboard keeps you posted on all activity, blocking actions and detected threats, while extensive reporting provides equally detailed tables and graphs.
Reports can be scheduled to run regularly on areas such as viruses, content filtering and spam activity and the results emailed to multiple recipients, if desired.
Coming in at under £3,000 for a one-year subscription, the STM600 looks comparatively good value. The internal hard disk's potential isn't maximised, but anti-spam and URL filtering performance is very good and deployment doesn't get any easier.