Panda GateDefender Performa SB
Strengths: Swift installation, impressive anti-spam performance, protection profiles offer versatile security measures, well-designed management interface
Weaknesses: Basic IM and P2P app controls, not great value for SMBs
Verdict: An expensive but classy little content security appliance that is easy to deploy and delivers enterprise-level anti-spam and URL filtering performance
Panda has two distinct families of security appliances, with its latest Performa products focusing on providing secure content management at the gateway. The Performa SB on review represents the entry point of four appliances and targets small businesses looking for a single solution for anti-spam, anti-malware and web filtering, plus IM and P2P app controls.
The key differences between the Performa and Integra families are that the latter provides an SPI firewall, intrusion protection and support for IPsec VPNs. The Performa is designed to sit behind an existing firewall and, as it acts as a transparent gateway, should be easy to slip into place with minimum disruption. We certainly had no problems and had inserted the Performa SB between our LAN and WAN in a few minutes.
There are no user restrictions on the appliance, with the only limits being its hardware. The Performa SB can handle up to 40Mbps of HTTP traffic and a maximum of 550 concurrent connections. It has Gigabit LAN and WAN ports and a hardware bypass switch fitted, so if the appliance fails it won't take your internet connection with it.
In previous reviews of Panda's appliances, we criticised the lack of HTTPS scanning; this is now included as standard. There's much more, as the web browser interface has been substantially redesigned and malware scanning performance improved by moving detection off into the cloud - but combining it with a local cache of previously detected malware.
The new management interface is easy to use and opens with a complete graphical summary of all five main security functions, plus appliance performance and traffic throughput. You can change the report period for the status graphs from one day to the past year and a smart feature is the ability to enlarge one for closer examination.
Move the mouse pointer over a graph title and the window below changes to a group of coloured blocks, showing clearly which protocols the security service has been enabled for. Administrative security is good, as console access is only available on a separate IP address and you can create users that have full access, or can only change the protection profiles or can only monitor status and produce reports.
Your next job is to specify the network definitions, which include IP address groups, users and domains. LDAP servers can also be defined and used to download lists of AD users and groups. Definitions are used in protection policies, allowing you to assign a range of security settings/AUPs to users, groups and systems.
Each profile can have unique configurations for anti-malware, content filter, anti-spam and web filtering modules. Profiles are then assigned to sets of definitions; also new is the option to apply one to a group of email users.
Previously, the IM/P2P/VoIP security module could only be used globally and was not available for selection in profiles. This has been changed as well, so you can now apply a range of controls over user activity for these functions.
IM and P2P controls are basic; all you can do is allow or deny a small selection of apps. Apps such as Cyberoam's diminutive CR15wi can control IM logins and block or allow text chats, file transfer and even webcam sharing.
You can apply virus scanning to a range of protocols. For messages generated by viral activity, the message can be deleted, or just the attachment. For other infections, Panda can attempt to disinfect them. If this fails, you can have the message sent to the quarantine area, while for HTTP, HTTPS and FTP you can block transmissions.
Detailed protection reports are provided for all protocols, along with information on detected spam, blocked websites, malware and IM and P2P activity. Security reports show any certificate errors and who was blocked by the explicit proxy. Reports can only be exported to CSV, not PDF.
Panda uses Cloudmark's hosted anti-spam service, which excelled during testing. We used Outlook clients to download mail from live accounts and the Performa was configured to allow spam through, but to tag their subject. We used Outlook's rules to move spam to separate mail folders.
After a week, with our clients running continuously, Performa delivered a clean sheet. It picked up every spam message and tagged nothing as probable spam. For false positives, it only incorrectly identified three messages as spam.
Panda uses the Commtouch URL filtering service, which provides 65 categories. Global filtering can be applied to all users and custom AUPs can be applied.
Commtouch performed very well during testing - with the games and gambling categories blocked, our clients were unable to access any online bingo or poker sites or waste time playing games. It also handled social networking well, with access to the likes of Facebook and Twitter blocked just by enabling a single category.
Panda's latest GateDefender Performa SB benefits from a significant update and delivers plenty of new and welcome features. It is comparatively expensive, but we found it easy to manage and capable of delivering top-class anti-spam performance.