Lab test: BorderWare Security Platform
- 10 April, 2008 09:42
The BorderWare Security Platform (v7.1), running on the SP-800 appliance, had the worst false positive performance of any product tested, and by a large margin: nine critical false positives and 171 bulk false positives. Its filtering rate was 96 per cent of spam caught, an acceptable number but below the median. To reduce the false positives, you'll need to count on a training period of several weeks during which users inspect the quarantine carefully and whitelist the senders from whom they want to receive e-mail.
The BorderWare SP-800 is capable in some areas, but difficult to configure. Although LDAP configuration looks organized, it is hard to get right, exacerbated by help examples that are more often misleading than useful. The procedure is extremely clumsy: the initial screens don't suggest proper syntax, so you have to iron out the query in test mode (where help screens do provide useful info), then edit it again in the initial LDAP setup until it finally works. Further, the LDAP settings are not carried over from one part of LDAP to another; you need to configure five different queries to set up for domain, users, mail, aliases, and so forth. Another annoyance, which can't be changed, is that the admin interface times out after 30 minutes.
On the upside, the BorderWare interface is clean and easy to navigate, with context-sensitive help that is generally useful. The content management features were extensive and capable, with pre-built lists of phrases available in several categories and the capability of applying weights so that it takes three or more offensive words from one list, or two or more from another list to trigger the filter, for instance. The SP-800 can also inspect zip archives and hold encrypted e-mail for inspection. The integrated URL filter intended to stop phishing and spyware by blocking downloads and access to malicious sites worked reasonably well, but blocked legitimate sites while allowing access to some bad ones. It stopped 77 per cent of phishing messages and blocked 8 legitimate messages from banking sites.
BorderWare offers extensive enterprise-class features such as access control by user, group, or domain; good reporting and notification controls; policy-based encryption; centralized management of multiple devices; clustering; IM protection; policy-based rules; and the capability to integrate with F5 load balancers.
Pricing for the SP-800 is at the high end of the field, although not out of line for the rich feature set. However, considering the middling filtering accuracy and high rate of false positives, most administrators will want to look at some of the alternatives first.