Panda Software GateDefender Integra 300
Panda's latest Integra family of security appliances moves it firmly into the small business UTM market and in this review we take a look at the top of the range 300 model which is aimed at companies with up to 250 employees.
Traditionally, Panda has focused on anti-virus software solutions but began dabbling with appliances a couple of years ago. It started off with the GateDefender 7100 which offered a simple plug and go anti-virus solution and augmented this with the GateDefender 8000 Series which provided additional anti-spam and content filtering options.
However, neither product range is capable of providing a full UTM solution as they both operate as transparent gateways at Layer 2. As such, they can't deliver firewall and VPN capabilities and Panda refers to them as content management appliances. By functioning at Layer 1 the Integra appliances can deliver the full gamut of security measures which include SPI firewalling, IPsec VPNs, anti-virus, anti-spam, anti-spyware, IPS and, of course, web content filtering.
The appliance is supplied as a 1U rack chassis with a decent specification which includes eight Gigabit Ethernet ports. These can function as LAN, WAN or DMZ ports and be used to provide security to different network segments. Furthermore, you can have multiple WAN ports for failover and a high availability option allows appliances to be clustered together for redundancy.
Installation is fairly straightforward and the appliance can also operate as a Layer 2 transparent gateway if you want, although you can only use the first two Ethernet ports and firewall and VPN functions will not be available making it a rather pointless exercise. For routing you need to manually create LAN and WAN ports and add a special firewall SNAT (secure network address translation) rule before the appliance will work properly. However, the appliance's web interface is well designed and easy to use and Panda also provides a wizard-based routine which steps through the entire process.
Commendably, the appliance blocks all inbound and outbound traffic by default and a single firewall rule needs to be unchecked to deactivate this. The appliance's home page opens up with a comprehensive status report showing each network interface, all enabled and disabled modules, system status and the current load. The Activity option goes into even more detail and shows connections and general throughput for each interface plus lists of files scanned and viruses, spam and spyware caught for each protocol.
Naturally, Panda uses it own anti-virus engine which we've always found has impeccable credentials. It's easy enough to configure as well as you simply decide which protocols you want scanned and how infections are to be handled. The appliance doesn't mess about with SMTP as any infected messages will be erased entirely but for other protocols you can opt to have suspect files either deleted or disinfected. If a file can't be cleaned up then HTTP and FTP transfers will be blocked and for all other protocols the file will be deleted. There's much more under the anti-malware tab as you can activate heuristics to try and sniff out new viruses, block dialler programs and hacking tools, set up anti-spyware and activate phishing protection. For the latter, each message is scanned for known phishing attempts and you can either delete or redirect dubious messages or attach custom warnings to the subject and body.
For anti-spam measures Panda has turned to the third-party MailShell product which we found worked particularly well during testing. We ran the appliance in a live environment for over a week where it picked up over ninety per cent of spam and only a small number of false positives. We used the high sensitivity setting but if you feel Panda is being too aggressive you can drop down to a medium or low sensitivity. Only three actions are provided for spam where you can delete nuisance messages, redirect them to another mailbox or just tag the subject line with a warning. If Panda isn't sure about a message it classes it as probable spam as these can be subjected to the same actions.
Web URL filtering doesn't get any better as Panda has called in Internet Security Systems for this component. It provides a category database which, at the last count, had over 20 million undesirable URLs listed. Unlike hosted URL filtering services, the category database is maintained on the appliance and updated automatically at regular intervals. In theory, the Panda method will be faster as a user request only has to be checked locally whereas for hosted services it must be sent to the remote database. In practise, we've found there's no appreciable difference unless you have a low bandwidth Internet connection. The ISS database provides nineteen main categories and a total of 58 sub-categories plus black and white lists so it's easy enough to create a custom AUP (acceptable use policy) for web access. If a user does try to access a banned web site they will be redirected to a web page that can be customised to suit.
The content filtering component checks inbound and outbound email and applies word and phrase lists to the message body and subject. These need to be created manually but each can contain multiple entries so it's possible to have a range of lists covering different types of message content such as business specific terms or unacceptable language. There's not much you can do if a message gets picked up as it can deleted, redirected or have the subject line tagged with a customisable warning. There's a good range of controls on attachments with options including maximum file sizes, multiple attachments, password protection, file extensions and so on. Content filtering can also be applied to HTTP and FTP traffic for blocking unwanted file downloads and you get the same options available as for mail attachments. However, you can also check web pages for embedded scripts and references to external scripts.
During testing we grew to like the Integra as it was easy to install and configure and is clearly a low maintenance security solution. Larger businesses will probably want more options to customise the extensive range of features on offer but SMBs that want an out of the box total security package would do well to check Panda out.
A smart UTM solution ideally suited to SMBs looking for a one stop shop for all their security needs. It's particularly easy to install and manage and compares very well on price with much of the competition at this level.
1U rack mount chassis 3.4GHz Pentium 4 1GB 266MHz SDRAM 80GB SATA/150 hard disk 8 x Gigabit Ethernet SPI/NAT firewall, scans HTTP, FTP, SMTP, POP3, NNTP and IMAP4 protocols. Options: Firewall/AV/IPS/VPN/CF/AS, 101-250 users; Â£14.06 per user/per yr.