BlueCat's Meridius
The price is a little steep, but this turnkey solution effectively scours for spam before it reaches your network.
October 22, 2004
Power of Two
BlueCat has partnered with Commtouch Software, an Israeli security company, to seek out and tag spam before it reaches your front door. It's like having a buddy in the post office throw out your junk mail before it gets to your house.
The vendor calls this optional feature recurrent pattern detection, or RPD. It watches the network for patterns of spamming behavior, prowling for waves of outbreaks and monitoring the speed of distribution inherent in spam blasts. When a large-scale spam attack is spotted, Meridius preflags offending messages regardless of language, content or origin and zaps them on their way through your door. As my test results have shown, RPD works--you wouldn't want to run the appliance without it.
Meridius 3.0 runs a hardened version of Linux on a 1U rack-mount 2.6-GHz Pentium 4 with 1 GB of RAM and an 80-GB drive. Like BlueCat Adonis, Meridius' front LCD provides basic administrative functions, eliminating the need for a keyboard or monitor. The management client works on Windows, Solaris, Linux and Mac OS X machines. The appliance also runs F-Secure's new antivirus engine.Watch It Run
With Meridius in front of my e-mail servers, it acted as a dedicated mail transfer agent and funneled all inbound traffic through it. I also used the box as an SMTP relay appliance to bounce occasional bulk mailings out of the shop.
I used the LCD to configure IP settings during initial setup. Installing the Java management console on a Windows XP client was straightforward; I was in business after half an hour of effort, which included making a few changes to the mail schema. I modified the canned quarantine message with some custom text, set the quarantine autodelete to four days, and linked the live data feeds for antivirus and one of my monitoring terminals via HTML. I didn't implement any custom white- or blacklists (this feature wasn't ready). I just sat back to watch the appliance do its thing for some 900 e-mail accounts.
Tagmastore TimelineClick to Enlarge |
During my three months of testing, the school received 1,180,380 e-mail messages, of which 22,251 (1.9 percent) were virus-infected and 1,004,011 (85.1 percent) were quarantined as spam. Of the quarantined messages, 994,631 (99.1 percent) were tagged by the RPD system, and only 3,907 (0.4 percent) were released as false positives. Meridius' mistaken-catch rate for legitimate messages was less than 0.04 percent.With the new F-Secure antivirus engine, version 3.0 blocks viruses a lot better than its predecessor. In fact, not a single virus got through. Version 2.1, with BlueCat's old antivirus engine, routinely let through compressed, encrypted viruses, which then had to be snagged by my second line of antivirus defense.
New Features
Good • Unique "recurrent pattern detection"• Appliance format Bad • Limited report customization• Somewhat pricey Meridius Security Gateway Appliance 3.0, starts at $9,995 ($17,995 as tested). Available: early November. BlueCat Networks, (866) 895-6931, (905) 882-5691. bluecatnetworks.com/meridius |
On the admin side, 3.0 improves attachment filtering, adds more detailed backup and maintenance options, and lets you cap the number of user whitelist entries. Other bells and whistles include DNS MX lookups, a raft of Web-based reporting options, automatic pulldown of software updates, granular transport settings for domains and subdomains, and IMAP/POP proxies. Although the canned reports are comprehensive, I'd like to see more customization options to help admins ferret out tricky queries--for example, an option to see virus-infected origin domains cross-referenced with the time of delivery.
Version 3.0 also promises user-definable whitelists. These give users the power to control their acceptable sender lists, greatly reducing gripe calls to your e-mail administrator. Users at my school weren't pleased that the old Meridius didn't allow this user customization. Unfortunately, the functionality wasn't ready for testing.
The price tag on the Meridius is a rather steep $15,000 per appliance, including RPD and all other options. This price supports unlimited users and processing up to 250,000 messages per day. Annual maintenance costs $1,800 to $2,800, depending on the hours of coverage for the service contract chosen. Sites under service contract receive all definition files and version upgrades. Using the two-year cost criteria from Network Computing's May 13 comparison of antispam products, Meridius would cost $17.80 per user at a 1,000-client site, placing BlueCat in the middle of the pack on pricing for a midsize organization. This may be out of reach for some shops, but the full feature set of 3.0 makes the BlueCat offering an excellent turnkey solution.
Joe Hernick, PMP, MS, is director of IT at the Loomis Chaffee School. Write to him at [email protected].0
You May Also Like