NETGEAR ProSecure STM150
Prosecure Web and Email Threat Management Appliance

NETGEAR STM150 Overview:

View Product Demo (Pop-up)

The NETGEAR® ProSecure™ STM series of gateway security appliances uses a patent-pending Stream Scanning architecture to deliver best-of-breed business security. ProSecure™ employs millions of signatures to protect against known threats, and in-the-cloud zero-hour protection technology to proactively discover and block any suspected threats that have not yet been identified. Likewise, the NETGEAR® in-the-cloud Distributed Spam Analysis architecture shields networks from spam, phishing attacks, and other Email-borne threats.

Other solutions significantly dilute the efficacy of their offering by either utilizing open source or cutting essential features and services from their enterprise products to fit an SMB price point. But through its patent-pending Stream Scanning architecture, NETGEAR® provides complete enterprise-grade solutions, including advanced scanning technologies such as its comprehensive anti-malware engine, in-the-cloud Distributed Spam Analysis, and a proactive behavioral defense system that eliminates the gap between a vulnerability being exploited and the time it is fixed.

With NETGEAR® ProSecure™ STM, subscriptions are simple with no per-user licensing. ProSecure™ Web and Email subscriptions each contain comprehensive protection for an unlimited number of users.

Key Features & Advantages:

• Inbound/Outbound Web and Email Scanning on a Single Appliance
• Patent Pending Stream Scanning Technology
• Enterprise Class Anti-Malware Protection using Millions of Signatures
• Zero Hour Threat Protection stops Unknown Threats in Real-time
• In-the-Cloud Distributed Spam Analysis Architecture
• Enterprise Class URL Filter Incorporating over 100 Million URLs
• No Per-User Licensing
• Simple Subscription Options

Enterprise-strength Spam, Virus, and Web Filter Security

The ProSecure STM series of Web and email security appliances combine best-of-breed security technologies and patent-pending Stream Scanning Technology to protect businesses against today’s Web and email threats. Viruses and spyware hosted on Web pages, email phishing attacks, spam, malware infected emails, and other threats are now all part of a regular repertoire of sophisticated blended attacks that businesses now face.

While other solutions significantly dilute the efficacy of their offering by either utilizing open source or cutting essential features and services from their enterprise products to cut costs, ProSecure has partnered with industry-leading Kaspersky Lab and Commtouch® to bring best-of-breed enterprise-strength Web and email security technologies to the STM platform.

Web and Email Security - Redefined

ProSecure STM Appliances combine performance with comprehensive security coverage. Patent-pending Stream Scanning Technology enables the use of an extensive virus and malware database while maintaining a high level of throughput and minimizing scanning-induced latency. The flexible modular software design architecture leverages patent-pending Stream Scanning Technology to scan files and data streams up to 5x faster than conventional methods.

The ProSecure STM employs millions of signatures to protect against known malware threats, and advanced behavioral zero-hour protection technology to proactively discover and block any suspected threats that have not yet been identified. The ProSecure STM utilizes a hybrid in-the-cloud Distributed Spam/Web Analysis architecture that shields networks from spam, phishing attacks, malicious Web sites, unwanted content, and other Web and email-borne threats. The STM’s application control feature allows businesses to enforce company network usage policies and preserve productivity by blocking access to public instant messaging and peer-to-peer applications.

With ProSecure STM, subscriptions are simple with no per-user licensing. ProSecure Web and Email subscriptions each contain comprehensive protection for an unlimited number of users.

Revolutionary Stream Scanning Platform

Given the high performance requirements of scanning latency sensitive Web traffic, incorporating enterprise-grade security software technologies into traditional content security platforms has been a very difficult task. That is why the ProSecure STM features patent-pending Stream Scanning Technology which analyzes data streams as they enter the network. The ProSecure Stream Scanning approach is many times faster than that of traditional batch-based scanning methods in which the entire file is buffered before it is scanned.

Because of its nature, traditional batch-based scanning methods introduce latency to network traffic. While latency is more tolerable for email traffic, for large amounts of HTTP Web traffic, such latency often slows Web browsing to a crawl. Content security solutions in the past have tried to overcome the latency issue by minimizing the malware signature set, scanning only a handful of file types, or by avoiding Web traffic scanning altogether. This approach exposes an entire vector of the network to malware-based attacks.

Simple Setup, Ease of Management

The ProSecure STM deploys in-line in a matter of minutes, anywhere in the network. It runs automatically and unobtrusively. There is no need to reconfigure the network, unlike traditional proxy-based solutions. Simply set and forget. Administration is performed through an intuitive Web-based interface. Set granular per user/group-based policies and alerts, check summary statistics and graphical reports, drill down to IP address-level data, send log data to third party syslog servers, and integrate with standard network management tools via SNMP.

For many administrators and IT personnel one of their biggest nightmares is the management of individual licenses or “seats”. Buying additional licenses when computers and personnel are added to the network is time consuming and costly. The ProSecure STM series offers Web and email protection subscriptions with no “per-user” licensing.

ProSecure STM Features and Highlights:

Best-of-breed Anti-malware Engine

• Enterprise-class malware scan engine from Kaspersky Lab
• Over 3 million malware signatures
• Hourly automatic signature updates
• ICSA Labs certified

ProSecure Patent Pending Stream Scanning Technology

• Data streams are processed as they enter the network
• Low latency Web traffic scanning

Distributed Spam Analysis Anti-spam Technology

• Hybrid in-the-cloud architecture
• Gathers threat data from over 50 million global sources
• New spam is classified and detected within minutes
• No learning period, works right out of the box
• Minimal false positives
• Highly adaptive to all types of spam

Distributed Web Analysis URL Filtering

• Next generation hybrid in-the-cloud URL filtering technology
• Hundreds of millions of categorized URLs
• New Web sites are categorized in real-time
• 64 categories
• User- and group-based filtering

Zero Hour Threat Protection

• Heuristic-based detection
• Detect unknown threats at zero hour
• Limits the network’s exposure to new unclassified threats

IM and P2P, Streaming Media, and Toolbar Application Control

• Blocks access to public IM clients
• Blocks peer-to-peer (P2P) traffic
• Blocks streaming media application traffic
• Blocks toolbars and other unwanted programs
• Preserves productivity and saves bandwidth

STM Series Comparison:

There are three models in the ProSecure™ STM series of gateway security appliances. A single ProSecure™ STM can protect against Web- and Email-borne threats, both inbound and outbound. Each STM can support up to hundreds of users, with a maximum HTTP throughput rate of up to 260 Mbps and up to 960,000 Emails per hour.

¹Throughput measured in a lab environment. Actual performance may vary.

Screenshots:

 

Sizing Guidelines:

ProSecure™ STM appliances manage an organization's Internet usage and protects these organizations from Internet borne malware, spam, viruses, and inappropriate web surfing. With the ProSecure™ STM appliance sitting between the organization and the Internet, it is critical that the STM appliance is sized appropriately and matches the performance needs of the organization.

There are no industry-standard metrics for determining the model to select, as every organization is unique and displays different Internet usage characteristics. As such, NETGEAR® uses several specifications to evaluate the applicability of an STM appliance:

Firewall Throughput
A starting point is to estimate the throughput your organization requires between its internal network and the Internet. As the STM appliance sits between your internal network and the Internet, this throughput number is the total amount of traffic that can be passed with the STM in place.

Concurrent Sessions
The number of concurrent clients represents the maximum number of currently active clients that can simultaneously access the Internet through the STM. NETGEAR® STM Appliances' Concurrent Client rating is a number that is measured assuming that each active client is currently engaging in an "average" web browsing session with multiple connections to multiple websites.

In general, your organization's concurrent client count should be less than the total number of users in your organization. For instance, if your organization has 1000 users, perhaps only 800 of those users have Internet access via a computer. Moreover, on the average, perhaps only 75% of those users are in the office at any point in time (75% x 800 = 600 users). Lastly, you may perhaps estimate that only 50% of those users (50% x 600 = 300 users) are actually on the Internet browsing web traffic at a given time.

Concurrently Scanned HTTP Connections
Users who are actively browsing the Internet can typically be estimated to have 5 active HTTP connections at any point in time with a 60% rate of concurrency (yielding 3 connections). This number accommodates averaged situations where some users are heavily browsing the web or using Internet bandwidth intensive applications. Note that the peak number of connections can exceed these estimates if there is extraordinarily heavy usage of Internet bandwidth or connection intensive applications such as Peer 2 Peer applications are being used.

Email Throughput
The rate at which users send and receive Emails varies widely in organizations, and is also dependent on the amount of spam an organization is receiving. For instance, if users, on the average, send and receive 30 legitimate emails per hour and 70% of Email traffic is SPAM, then each user will contribute 100 Emails per hour to the overall system load. A 200 user organization could then be expected to experience an Email load of 200,000 messages per hour.

STM Appliance Model Comparison

Sample Organizations
When sizing an STM for an organization, throughput, concurrent clients, concurrent connections, and Emails processing capability should all be assessed against the characteristics of the organization. In the examples below, we have outlined potential sample organizations and the recommended STM appliances for each organization.

Deployment Guidelines

The ProSecure™ STM gateway security appliance is an inline transparent bridge that can easily be deployed to any point on the network without requiring network reconfiguration or additional hardware.

The following are the most common deployment scenarios for the STM appliance. Depending on your network environment and the areas that you want to protect, you can choose one or a combination of these deployment scenarios.

Gateway Deployment
In a typical gateway deployment scenario, a single STM appliance is installed at the gateway between the firewall and the LAN core switch to protect the network against all Web and Email threats entering and leaving the gateway. In this type of deployment, all STMs scan both Web and Email traffic.

Note: In a gateway deployment, it is recommended to install the STM behind the firewall to employ the firewall's functionality in stopping DoS attacks (which may often be non Web or Email traffic related).

Figure 1: Gateway Deployment

Server Group Deployment
In a server group deployment, one STM appliance is installed at the gateway and another in front of the server group. This type of deployment helps split the network load and provides the mail server with dedicated protection against email-borne malware and spam. In this type of deployment the STM installed at the gateway scans only Web traffic while the STM in front of the server group scans only Email traffic.

Figure 2: Server Group Deployment

Segmented LAN Deployment
In a segmented LAN deployment, one STM appliance is installed in front of each network segment. This type of deployment helps split the network load and protects network segments from Web and Email threats coming in through the gateway or originating from other segments. In this type of deployment, all STMs scan both Web and Email traffic.

Figure 3: Segmented LAN Deployment

ProSecure Technology Solutions:

Web Security

In 2007, security experts received approximately two million unique malware samples. By the end of 2008, that number is projected to surpass 15 million. Web-based threats are an exponentially growing problem, with new threat types and attack vectors continuously emerging. As a result, IT managers must develop comprehensive security measures which consider the wide array of threats.

The ProSecure™ security appliances use a best-of-breed security architecture to protect business networks from viruses, worms, spyware, trojans, rootkits, keyloggers, and other Internet-based threats - without impacting network productivity. All inbound and outbound content over HTTP, HTTPS (secure HTTP), and FTP is inspected for millions of known threats and unknown threats, proactively discovering and blocking threats to the network.

Instrumental to ProSecure™ security appliances, the patent-pending Stream Scanning Technology scans data streams as they enter the network, rather than waiting for the entire communication to download before a scan can be performed. This enables the ProSecure appliance to process large amounts of data quickly, using a single scan to stop malware at the gateway before it infiltrates the network.

ProSecure™ security appliances employ NETGEAR Hybrid In-the-Cloud Distributed Web Analysis technology to filter malicious and unwanted URLs. With a virtually limitless master database of over 100 million URLs located in the cloud divided into 64 categories, data feeds from HTTP connectors deployed "in the cloud" at service providers throughout the world are analyzed and categorized by the NETGEAR URL Classification Center in real-time. The NETGEAR® Distributed Web Analysis URL filtering engine automatically self adapts and categorizes new URLs that have previously been unknown – unlike less effective approaches that force administrators to manually "submit" new entries one by one. The Distributed Web Analysis not only blocks access to unwanted sites, but also blocks sites containing malware and other security threats.

Email Security

The ProSecure™ STM Series is a best-of-breed solution to proactively protect users and IT infrastructure from spam and Email-borne threats. While traditional spam filtering techniques limit their search to specific header content that is often useless against most new threats, the STM Series detects and blocks outbreaks in real time, based on their rapid and wide distribution behavior.

The NETGEAR in-the-cloud Distributed Spam Analysis architecture continuously gathers data from more than 50 million sources from around the world. Using this information, it accurately assesses an Email's legitimacy in real-time by analyzing its distribution patterns, rather than its header information. Once an Email is classified as spam, the scanner assigns it a signature and immediately generates a corresponding pattern file - effectively stopping an outbreak before it becomes widespread.

The benefits of the NETGEAR STM Distributed Spam Analysis architecture include:

• High Detection Rate – blocking upwards of 97% of spam
• Effectiveness against all spam – including double-byte languages and image-based spam
• Low False Positives – Less than 1 in 1.5 million reported false positive

The ProSecure™ security appliances protects business networks from Email-borne viruses, worms, spyware, trojans, rootkits, and keyloggers - without impacting network productivity. All inbound and outbound content is inspected for millions of known threats, as well as scanned to proactively discover and block any suspected threats that have not yet been identified.

Network Security

ProSecure UTM appliances include firewall functionality that deploys an array of network security technologies such as stateful packet inspection (SPI), Intrusion prevention (IPS), and denial-of-service (DoS) protection to protect the network from threats such as hackers, port scans, DoS attacks, and TCP/UDP floods.

The ProSecure UTM's network intrusion prevention and detection system utilizes a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods, preventing hackers from penetrating the network perimeter. IPS is not only important, but a necessity for any network security architecture.

The IPS engine performs protocol analysis, content searching/matching, and can also block or passively detect a variety of attacks and probes, such as buffer overflows, stealth port scans, web application attacks, and SQL injections amongst other attacks. Attacks are dropped as they are taking place.

In addition to protecting the network from outside threats, enforcing company network usage policies can prevent internal users from pulling in threats due to misuse. The ProSecure UTM's application controls can be used t block access to public IM clients such as Skype, Yahoo!® Messenger, MIRC, and MSN® Messenger and save bandwidth by blocking peer-to-peer (P2P) clients like BitTorrent, eDonkey, and Gnutella.

Remote Access

The ProSecure™ UTM appliance with SSL & IPsec VPN offers the best of both worlds by offering two types of virtual private network (VPN) tunnels, Secure Sockets Layer (SSL) and IP security (IPsec), for optimal secure connection to your network. SSL VPN tunnels provide clientless remote access to your corporate data for individual access anywhere and anytime while IPsec VPN tunnels provide both secure site-to-site tunnels and legacy support for client-based remote access.

Working Remotely via SSL VPN Tunnel Protocol Redirection
Because corporate laptops are already loaded with the applications employees need to do their jobs, they require full corporate network access for file sharing and email connectivity. The ProSecure UTM appliance is able to connect to the corporate network using VPN tunneling, enabling users to securely and privately transfer information.

The ProSecure UTM appliance enables easy, secure and cost-effective clientless remote access for any employee without complicated installations or PC administrative access. VPN tunnel protocol redirection enables users with administrative access to their PCs to:

• Use any application on their corporate PC
• No need to install, configure, and maintain IPsec software clients on corporate PCs
• Freedom from complex network limitations associated with IPsec such as NAT Traversal, multiple PCs from one public NAT address, etc.
• Freedom to access VPNs from any PC with a browser
• Use only a browser to connect – no software installation necessary
• Securely connect through a dissolvable Java/ActiveX agent

Figure 1: Connecting through VPN tunnel protocol redirection is as simple as clicking the icon

Figure 2: Dissolvable Java/ActiveX agent

Documentation:

Download the NETGEAR STM Series Datasheet (.PDF)