ISS to Unveil IPS-based Email Security

Internet Security Systems' forthcoming email appliance blends traditional mail security with IPS and behavioral analysis

Internet Security Systems (ISS) next week will roll out its first email security appliance, Dark Reading has learned. The new Proventia Network Mail Security System appliance contains not only the traditional antivirus, anti-spam and content-filtering features, but intrusion prevention system (IPS) technology as well as ISS' proprietary behavioral-based virus protection.

"Customers are demanding a greater level of protection across the board," says Dave Ostrowski, senior manager of product marketing for ISS, which is in the process of being acquired by IBM. (See IBM Merger Gets Mixed Responses and IBM Up-Ends Security Services Market.) "And this is part of the trend of consolidating technologies into a single appliance with IPS, mail protection, and virus protection."

ISS' new email appliance is an example of how IPS technology is being folded into other security platforms. (See IPS Technology: Ready for Overhaul.) The appliance, which is based on the same engine as the Proventia IPS platform, can be run in conjunction with it, Ostrowski says. "You can use it in addition to the traditional Proventia IPS at the gateway," he says. "It gives an additional layer of defense for email."

The IPS performs deep-packet inspection for any network traffic that hits the Proventia appliance, which sits in front of the email server. "It looks for any breaches in protocol behavior and scrubs it" at Port 80 or in Sendmail, for instance, says Matthew Ward, senior product manager at ISS. "So what then reaches your email server MTA is clean Port 25 traffic," he says.

The antivirus feature catches known malware at the file level, and ISS' Virus Prevention System (VPS) looks for unknown threats by executing code in virtual "sandbox" to analyze its behavior. "If the behavior is indicative of a virus, it's flagged as a virus," Ostrowksi says. "The main benefit of this is it doesn't require a specific signature" to discover malware in email, he says.

The Linux-based appliance comes with four ports and is aimed at enterprises with 2,500 users and above, and will be available on September 18. Pricing starts at $20,000.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • IBM Internet Security Systems
  • IBM Corp. (NYSE: IBM)
  • Editors' Choice
    Elizabeth Montalbano, Contributor, Dark Reading