The InterScan Web Security Appliance (IWSA) 2500 targets enterprises looking for an easily deployable appliance for scanning network traffic at the gateway. It targets viruses, worms, spyware and phishing attempts, and can also detect spyware-related activity on workstations and clean it without requiring an agent to be installed.
The price is high, so you’d expect a decent specification, and Trend delivers a reasonable, if somewhat uninspiring, hardware package. Installation is a simple process, as the appliance can act as a transparent gateway, an HTTP proxy or work alongside an existing ICAP (internet caching acceleration protocol) server. The appliance has five network ports, of which three are activated, and should it fail the ports can drop back to a bypass mode.
For management access, you assign an IP address to the box using its LCD panel and control buttons. Running as a transparent gateway, we had some problems here, as internet access was being blocked and we found the management address needs to be on the same subnet as the LAN. The system must also be physically rebooted after the address has been entered. This means management access can’t be isolated on a separate subnet for greater security. Apart from this niggle, the appliance is easy to manage and monitor, and provides a well-designed web interface.
Policies determine how functions such as virus scanning are carried out, whether ActiveX and Java apps are controlled, what URL filters are applied, and whether usage quotas are enforced. Multiple policies can be maintained and applied to different groups of users that are identified either by IP address, hostname or via LDAP. The appliance is easy to keep up to date. You simply schedule regular downloads of virus signature and scan engine updates, new URL-filtering databases and phishing and spyware patterns.
Trend’s quota feature isn’t as powerful as that offered by Secure Computing’s Webwasher 1000 CSM appliance, which, incidentally, can also scan encrypted HTTPS traffic. All you can do with the 2500 is define monthly limits in megabytes and apply them to different groups. For URL filtering, there are over 60 sub-categories and these can be grouped into five main categories such as non-work-related or prohibited sites. We weren’t impressed with the appliance’s abilities when dealing with spyware, as one test system was infected with SpyWareQuake and SmitFraud after the appliance had been installed. During testing, it remained unaware of this, not acknowledging any spyware-related internet activity from this infected system.
FTP upload and download scanning has a similar level of control as offered by the HTTP scanner, but note that this can only be applied as a blanket to all IP addresses and not selected groups or users. Reporting features are plentiful and these can be run on demand or scheduled at specific times, with a notification email sent on completion.
The IWSA 2500 doesn’t represent the best value and won’t be knocking Clearswift’s MIMEsweeper SMTP Appliance CS500 off our A List. It does offer strong virus scanning and content-filtering features, but quota controls are limited and spyware isn’t handled well.
. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
