The company yesterday announced the 8100 and 8200 series of appliances, having previously only offered software and hosted service-based mail security products.
The Brightmail-based 8200, in two models, is a typical email security gateway, while the 8100, currently in one model, is a traffic shaper for email traffic streams.
The 8100, and to a much lesser extent the 8200, incorporate some technology gained through the acquisition of source-based spam-blocking firm TurnTide Inc midway through last year.
TurnTide’s technology enables email connections to be throttled before the email is actually sent, based on the reputation of the sending IP address, as determined by Symantec’s Reputation Service.
For example, a connection from a server that has recently sent out lots of spam will be slowed to a crawl, while a connection from an IP address never known to have spammed will get normal throughput.
We throttle the number of messages that can be sent, said Symantec product manager Daniel Freeman. The sender’s mail queue gets incredibly big, so the server will eventually delete them.
Reputation is determined by the same hosted system that has powered other Symantec anti-spam offerings, such as the Brightmail service. The firm says false positives are unlikely to cause major problems.
The beauty of the list is that it is recreated on an hourly basis, said Freeman. It’s not like an RBL [real-time blackhole list] where people can get stuck on it for years.
Similar technology is already on offer from the pure-play spam appliance vendors, such as IronPort, CipherTrust and Mirapoint, though these mostly drop traffic from spamming IPs, rather than throttling.
Like its new competitors, Symantec claims this feature can reduce email traffic by 50%. This should reduce the load on the gateways and the mail servers, reducing the number that need to be bought and managed.
Unlike it’s competitors, Symantec is suggesting a two-box configuration, with the 8100 sitting in front of an 8200 appliance or a mail gateway from a third-party, to aid scalability.
This may not be suited to all buyers’ needs. Appliances can be popular with companies that want to simplify administration and reduce network complexity.
Freeman said that what sets the Symantec box apart from some rivals is that the throttling takes places at the TCP/IP level, as opposed to the SMTP level, which can mean reduced bandwidth costs.
As well as the TurnTide-based 8100, Symantec has launched the 8200 gateways, which comes with a large variety of new features. Freeman said: It’s not just Symantec Brightmail in a box.
The main security upgrade appears to be protection against dictionary harvest attacks, another idea the some of the pure-plays picked up on a while back.
In this kind of attack, a spammer exploits a weakness in SMTP behavior to determine what email accounts are present on a mail server, by bombarding it with SMTP messages to combinations of first names and last names.
Also new in the 8200 boxes are support for LDAP groups, Transport Layer Security, and the Sender Policy Framework – though, not yet Sender ID).
Policy administration has also been souped up, Freeman said, with the addition of user-defined filtering and new administrator reports.
Oddly, at the same time as entering the appliance game, Symantec has extended its relationship with IronPort Systems Inc, now a competitor, for another four years.
IronPort licenses the Brightmail anti-spam engine and the Symantec anti-virus engine to do some of its filtering. IronPort’s appliances have been selling well over the last year.
