Die NETGEAR® ProSecure™ STM Reihe
Für mittelgroße Unternehmen - Spamschutz, Virenschutz und Web Filter Security auf höchstem Niveau
Integrierte Hardware/Software Appliance für den vollständigen Schutz von Web- und e-Mail-Traffic in mittleren Unternehmen. Aktuelle Bedrohungen aus dem Web 2.0 und aus der Cloud werden durch neueste Technologien im Bereich Anti-Malware, Antivirus, Anti-Spam und Anti-Spyware eliminiert. Für mittelgroße Betriebe mit 30 - 600 Benutzern steht ein breit gefächertes Angebot an Appliances zur Verfügung.
In den NETGEAR® ProSecure™ Gateway Security-Appliances kommt die beste verfügbare Sicherheitsarchitektur zum Einsatz, um die Sicherheit Ihres Unternehmens auf höchstem Niveau zu gewährleisten. Der Schutz vor bekannten Bedrohungen basiert auf der Analyse von Millionen Signaturen und in-the-Cloud Zero Hour Protection-Technologie, um proaktiv auch bislang unbekannte Bedrohungen zu erkennen und abzuwehren. Genauso schützt die NETGEAR® in-the-Cloud Distributed Spam -Analyse das Netzwerk auch vor Spam, Phishing-Attacken und anderen e-Mail-basierten Bedrohungen.
Andere Lösungen bieten oftmals keinen ausreichenden Schutz, da sie auf open Source basieren oder einfach nur abgespeckte Enterprise-Lösungen sind, um das SMB-Preisniveau zu erreichen. Durch die patentierte Stream Scanning Technologie ist NETGEAR® jedoch in der Lage, Lösungen anzubieten, die auch in vollem Umfang für große Unternehmen geeignet sind, einschließlich fortschrittlicher Scantechnologien wie z.B. die umfassende Anti-Malware-Engine, in-the-Cloud Distributed Spam-Analyse sowie ein proaktives Abwehrsystem auf Basis von Verhaltensmustern, mit dem die Lücke zwischen der Nutzung einer Schwachstelle und einem entsprechenden Fix geschlossen wird.
Für die NETGEAR® ProSecure™ STM-Abonnements fallen keine nutzerabhängigen Lizenzgebühren an. Die Abonnements für ProSecure™ Web und e-Mail bieten umfassenden Schutz für eine unbeschränkte Zahl an Benutzern.
Key Features & Vorteile:
- Scannen von eingehendem und ausgehendem Traffic mit nur einer einzigen Appliance
- Patentierte Stream Scanning-Technologie
- Enterprise-Class Anti-Malware-Schutz mit Millionen von Signaturen
- Zero-Hour-Schutz vor unbekannten Bedrohungen in Echtzeit
- In-the-Cloud Distributed Spam-Analysearchitektur
- Enterprise-Class URL-Filter für mehr als 100 Millionen URLs
- Keine nutzerabhängigen Lizenzgebühren
- Einfache Abo-optionen
There are three models in the ProSecure™ STM series of gateway security appliances. A single ProSecure™ STM can protect against Web- and Email-borne threats, both inbound and outbound. Each STM can support up to hundreds of users, with a maximum HTTP throughput rate of up to 260 Mbps and up to 960,000 Emails per hour.
 STM Models |
 STM 150 |
 STM 300 |
 STM 600 |
|---|---|---|---|
| Sizing Guidelines | |||
| Customer Type | Small Networks | Medium-sized Networks | Medium-sized Networks |
| Recomended Number of Concurrent Users | 20-150 | Up to 300 | Up to 600 |
| Concurrent Scanned HTTP Connections | 1,000 | 2,000 | 4,000 |
| HTTP Anti-virus Throughput1 | 42 Mbps | 163 Mbps | 260 Mbps |
| SMTP Throughput1 (emails/hour) | 139,000 | 420,000 | 960,000 |
| Content Security | |||
| Web (HTTP, HTTPS, FTP) |  |
|
|
| Email (SMTP, POP3, IMAP) | |
|
|
| Stream Scanning | |
|
|
| Inbound and Outbound Inspection | |
|
|
| Signature-Less Zero Hour Protection | |
|
|
| Malware Signatures | 3 Million+ | 3 Million+ | 3 Million+ |
| Automatic Signature Updates | Hourly | Hourly | Hourly |
| True HTTPS Scanning and Filtering | |
|
|
| Web Content Filters | Filter By: File Extension | ||
| Web Object Filters | ActiveX, Java, Flash, Javascript | ||
| Email Content Filters | Filter By: Subject Keywords, Password-Protected Attachments, File Extension, File Name | ||
| Distributed Spam Analysis | |
|
|
| Distributed Spam Analysis Supported Protocols | SMTP, POP3 | ||
| Anti-spam Real-time Blacklist | |
|
|
| User-defined Spam Allowed/Block Lists | Filter by: Sender Email Address, Domain, IP Address Recipient Sender Email Address, Domain | ||
| Distributed Web Analysis w/ 64 categories | |
|
|
| Instant Messaging (IM) Control | MSN Messenger, Yahoo Messenger, mIRC, Google Talk, QQ, ICQ | ||
| Peer to Peer (P2P) Control | BitTorrent, eDonkey, Gnutella | ||
| Media Application Control | iTunes (Music Store, update), Quicktime (Update), Real Player (Guide), Rhapsody (Guide, Music Store), Winamp (Internet Radio/TV) | ||
| Software Tool Control | Alexa Toolbar, GoToMyPC, Weatherbug, Yahoo Toolbar | ||
| Maximum Number of Users | Unlimited | ||
| User Authentication | Active Directory, LDAP, Radius, Local User Database | ||
| Content Filtering Policies | User, Group, IP Address, Subnet | ||
| Deployment | |||
| VLAN Support | |
|
|
| Logging and Reporting | |||
| Management | HTTP/HTTPS, SNMP v2c | ||
| Reporting | Summary Statistics, Graphical Reporting, Automatic Outbreak Alerts, Automatic Malware Notifications, System Notifications | ||
| Logging | Traffic, Malware, Spam, Content Filter, Email Filter, System, Application | ||
| Log Delivery | Management GUI Query, Email Delivery, Syslog | ||
| Hardware | |||
| Total Gigabit RJ45 Ports | 5 | 3 | 5 |
| Gigabit RJ45 Ports with Failure Bypass | 0 | 2 | 4 |
| Dedicated Management VLAN Ports RJ45 | 0 | 1 | 1 |
| Administration Console Port | RS232 | RS232 | RS232 |
| Form Factor | 1U | 1U | 1U |
| Major Regulatory Compliance | FCC Part 15 Class A, CE mark commercial, VCCI Class A, RoHS, UL listed, C-Tick | ||
| Storage and Operating | Operating Temperature 0-40°C (32°-104°F), Storage Temperature -20-70°C (-4°-158°F) |
||
| Operating Humidity | 5% to 95% RH | ||
| Electrical Specifications | 100-240V, AC/50-60Hz, Universal Input, 1.5 Amp Max | ||
| Dimensions: W x H x D (cm) | 44 x 4.35 x 25.8 | 42.6 x 4.44 x 50 | 42.6 x 4.44 x 50 |
| Dimensions: W x H x D (inches) | 17.3 x 1.7 x 10.2 | 16.8 x 1.75 x 19.7 | 16.8 x 1.75 x 19.7 |
| Weight (kg) | 3.68 | 8.2 | 8.2 |
| Weight (lb) | 8.1 | 18.1 | 18.1 |
| Package Contents | ProSecure Appliance (STM150, STM300, or STM600), Ethernet Cable, Power Cable, Rubber Feet, Warranty Card, Quick Installation Guide, End User License Agreement, CE Document, GPL Notice, Subscription Card (Bundles Only) | ||
| Hardware Warranty | 2 years | ||
1 Testing performed in a lab benchmark environment. Actual performance may vary.
The following screenshots illustrate the Web user interface of the NETGEAR® ProSecure™ STM series of gateway security appliances.
Global Settings › Network Setting › Network Setting
Configure the STM network settings, interface speed/duplex mode, and MTU.
Global Settings › Network Setting › Session Limit
Configure user session limit and session timeout parameters.
Global Settings › Scanning Exclusions
Identify which IPs are to be excluded from security scans. By default, the STM will scan all Web and Email traffic not specifically listed here.
Global Settings › Email Notification Server
Enter account settings for Email notifications. The STM will utilize this information for sending any necessary security alerts.
Global Settings › Setup Wizard › Step 1
The Setup Wizard will guide the Administrator through the remainder of the setup process.
Global Settings › Setup Wizard › Step 2
Enter network settings for the STM.
Global Settings › Setup Wizard › Step 3
Set the system time and local time zone.
Global Settings › Setup Wizard › Step 4
Configure essential Email scanning parameters, including which services and corresponding ports the STM will scan and what action it will take when malware is detected.
Global Settings › Setup Wizard › Step 5
Configure essential Web scanning parameters, including which services and corresponding ports the STM will scan and what action it will take when malware is detected.
Global Settings › Setup Wizard › Step 6
Enter account settings for Email notifications.
Global Settings › Setup Wizard › Step 7
Configure update settings for the STM. Updates to the software, scan engine, pattern file, and oS are performed online and automatically.
Global Settings › Setup Wizard › Step 8
Configure the STM to block URLs from the selected categories. The content filter consists of 64 different categories with a real-time "in the cloud" database of tens of millions of the most relevant URLs.
Global Settings › Setup Wizard › Step 9
This last screen confirms all settings from the previous 8 steps. Clicking "Apply" at the bottom of the screen finalizes these settings and reboots the STM appliance.
Email Security › Policy
Determine which Email services and corresponding ports the STM will scan.
Email Security › Anti-Virus › Action
Determine what action the STM will take when malware is detected.
Email Security › Anti-Virus › Notification
Configure the STM to alert users and/or senders regarding the security status of their Email. Custom alerts can be sent when malware is found, when it is not found, or when a scan has been skipped. Infected attachments can also be replaced with a customized warning message.
Email Security › Anti-Virus › Filter
Configure the STM to filter Email based on keywords in the subject line, or by the file type, name, or password status of attachments. Also tells the STM what action to take when an Email meets any of these pre-determined parameters. Emails and/or attachments can be logged, or blocked and logged.
Email Security › Anti-Spam › Whitelist & Blacklist
Configure white lists and black lists for Email, based on the recipient's IP address, domain, or Email address. Email can also be white listed based on the recipient's domain or Email address.
Email Security › Anti-Virus › Real-time Blacklist
Provides the capability to quickly enable or add real-time blacklists to the STM.
Email Security › Anti-Spam › Heuristic Scanning
Tell the STM what action to take when it finds known or suspected spam. If the STM is behind a proxy server, the login credentials can be entered on this page.
Web Security › Policy
Determine which Web services and corresponding ports the STM will scan.
Web Security › HTTP and HTTPS › Malware Scan
Configure the STM for HTTP and HTTPS malware scanning including what action the STM will take when malware is detected and how to handle files that are larger than the scan exception threshold. A custom notification message will be shown in the browser when malware is detected.
Web Security › HTTP and HTTPS › Content Filtering
Configure the STM to block URLs from the selected categories. The content filter consists of 64 different categories with a real-time "in the cloud" database of tens of millions of the most relevant URLs. Filtering can be designed to be continuously enforced, or only during certain scheduled days/times. URLs can be submitted to check for classification.
Web Security › HTTP and HTTPS › URL Filtering
Configure URL white lists and black lists.
Web Security › HTTP and HTTPS › HTTPS Settings
Configure HTTPS scan settings.
Web Security › HTTP and HTTPS › Certificate Management
Catalogs all certificates for the STM and tells it what Web sites to allow without a corresponding certificate.
Web Security › HTTP and HTTPS › Trusted Hosts
Configure the STM to bypass the HTTPS scanning of specific trusted hosts.
Web Security › FTP
Configure the STM for FTP-based malware handling, including what action the STM will take when infections are found, how to handle messages that are larger than the scan exception threshold, and what file extensions should be blocked.
Administration › Remote Management
Configure the STM for remote management, including ACLs. Access to the STM Web management interface can be restricted based on IP address.
Administration › SNMP
Configure the STM for integration with third party SNMP network monitoring tools.
Administration › Settings Backup & Restore
Enable settings to be backed up or restored - to factory defaults, or from a specified file.
Administration › Software Update
Configure update settings for the STM. Updates to the software, scan engine, pattern file, and oS are performed online and automatically.
Administration › Set Password
Enables Administrator and Guest passwords to be changed.Manage STM Web management interface accounts.
Administration › Time Zone
Set the system time and local time zone.
Administration › System Status
Provides information on the overall status of the STM, including current version and most recent update of all software elements, as well as serial numbers and license keys. Network addresses and interfaces information is also shown.
Administration › Statistics › Statistics
Shows current system resource usage and network traffic status.
Administration › Statistics › Web Usage
Enables customized reports on Web usage for a specified date range.
Monitoring › Security
Shows the current protection status of the network, as well as statistics on malware, files, URLs, and spam the STM has blocked at the gateway.
Monitoring › Diagnostics
Enables diagnostic tools, including ping or trace an IP address, DNS lookup, restarting or shutting down the STM, or generating logs or network usage reports for troubleshooting purposes.
Monitoring › Logs & Reports › Email & Syslog
Tells the STM which logs to generate, when, and how frequently. Also tells the STM whether to send the logs via Email or syslog.
Monitoring › Diagnostics › Alerts
Tells the STM which activities trigger alerts and determines the construct of the malware alert message.
Monitoring › Logs & Reports › Log Query
Enable log files to be generated for a specified set of criteria.
Monitoring › Diagnostics › Generate Report
Enable the generation of Email, Web, or system reports for a specified date range.
Monitoring › Logs & Reports › Scheduled Report
Tells the STM which reports to generate on a regular basis, when and how frequently to generate them, and where to send them.
Support › online Support
Enable a secure online support connection with the ProSecure™ Support Team.
Support › Hot Fixes
Install hot fixes for the STM.
Support › Malware Analysis
Send a suspicious file or suspected malicious Email to the ProSecure™ malware labs for analysis.
Support › Registration
Register and manage the Web protection, Email protection, and Support & Maintenance licenses for the STM.
Sizing Guidelines
NETGEAR® ProSecure™ STM appliances manage an organization's Internet usage and protects these organizations from Internet borne malware, spam, viruses, and inappropriate web surfing. With the NETGEAR® ProSecure™ STM appliance sitting between the organization and the Internet, it is critical that the STM appliance is sized appropriately and matches the performance needs of the organization.
There are no industry-standard metrics for determining the model to select, as every organization is unique and displays different Internet usage characteristics. As such, NETGEAR® uses several specifications to evaluate the applicability of an STM appliance:
Throughput
A starting point is to estimate the throughput your organization requires between its internal network and the Internet. As the STM appliance sits between your internal network and the Internet, this throughput number is the total amount of traffic that can be passed with the STM in place.
Concurrent Clients
The number of concurrent clients represents the maximum number of currently active clients that can simultaneously access the Internet through the STM. NETGEAR® STM Appliances' Concurrent Client rating is a number that is measured assuming that each active client is currently engaging in an "average" web browsing session with multiple connections to multiple websites.
In general, your organization's concurrent client count should be less than the total number of users in your organization. For instance, if your organization has 1000 users, perhaps only 800 of those users have Internet access via a computer. Moreover, on the average, perhaps only 75% of those users are in the office at any point in time (75% x 800 = 600 users). Lastly, you may perhaps estimate that only 50% of those users (50% x 600 = 300 users) are actually on the Internet browsing web traffic at a given time.
Concurrently Scanned HTTP Connections
Users who are actively browsing the Internet can typically be estimated to have 5 active HTTP connections at any point in time with a 60% rate of concurrency (yielding 3 connections). This number accommodates averaged situations where some users are heavily browsing the web or using Internet bandwidth intensive applications. Note that the peak number of connections can exceed these estimates if there is extraordinarily heavy usage of Internet bandwidth or connection intensive applications such as Peer 2 Peer applications are being used.
Email Throughput
The rate at which users send and receive Emails varies widely in organizations, and is also dependent on the amount of spam an organization is receiving. For instance, if users, on the average, send and receive 30 legitimate emails per hour and 70% of Email traffic is SPAM, then each user will contribute 100 Emails per hour to the overall system load. A 200 user organization could then be expected to experience an Email load of 200,000 messages per hour.
STM Appliance Model Comparison
| STM Model Capacity | STM150 | STM300 | STM600 |
|---|---|---|---|
| Throughput (Mb/s) | 43 | 149 | 239 |
| Concurrent Clients | 145 | 333 | 600 |
| Concurrently Scanned HTTP Connections | 1000 | 2000 | 4000 |
| SMTP Throughput (emails / hour) | 139,000 | 420,000 | 960,000 |
Sample organizations
When sizing an STM for an organization, throughput, concurrent clients, concurrent connections, and Emails processing capability should all be assessed against the characteristics of the organization. In the examples below, we have outlined potential sample organizations and the recommended STM appliances for each organization.
| organization Characteristics | Suggested STM Model |
|---|---|
| 10 Mbps Throughput 100 concurrent clients 300 concurrently scanned HTTP connections 100,000 Emails / hour |
STM150 |
| 40 Mbps Throughput 250 concurrent clients 800 concurrently scanned HTTP connections 300,000 Emails / hour |
STM300 |
| 120 Mbps Throughput 500 concurrent clients 1600 concurrently scanned HTTP connections 700,000 Emails / hour |
STM600 |
Deployment Guidelines
The NETGEAR® ProSecure™ STM gateway security appliance is an inline transparent bridge that can easily be deployed to any point on the network without requiring network reconfiguration or additional hardware.
The following are the most common deployment scenarios for the STM appliance. Depending on your network environment and the areas that you want to protect, you can choose one or a combination of these deployment scenarios.
Gateway Deployment
In a typical gateway deployment scenario, a single STM appliance is installed at the gateway between the firewall and the LAN core switch to protect the network against all Web and Email threats entering and leaving the gateway. In this type of deployment, all STMs scan both Web and Email traffic.
Note: In a gateway deployment, it is recommended to install the STM behind the firewall to employ the firewall's functionality in stopping DoS attacks (which may often be non Web or Email traffic related).
Figure 1 Gateway Deployment
Server Group Deployment
In a server group deployment, one STM appliance is installed at the gateway and another in front of the server group. This type of deployment helps split the network load and provides the mail server with dedicated protection against email-borne malware and spam. In this type of deployment the STM installed at the gateway scans only Web traffic while the STM in front of the server group scans only Email traffic.
Figure 2 Server Group Deployment
Segmented LAN Deployment
In a segmented LAN deployment, one STM appliance is installed in front of each network segment. This type of deployment helps split the network load and protects network segments from Web and Email threats coming in through the gateway or originating from other segments. In this type of deployment, all STMs scan both Web and Email traffic.
Figure 3 Segmented LAN Deployment
News & Events
Whitepapers
-
NETGEAR® In-The-Cloud Distributed Spam Analysis Technology: Network Based Protection Against Email-Borne Threats
over the past few years, Email has emerged as the primary vector for an array of computer threats such as spam, viruses, Trojans, and phishing attacks.
Download PDF › -
How Internet Usage Puts Your Business at Risk
Small and mid-size businesses have come to rely heavily on the Internet as an essential part of their day-to-day operations. It offers speedy access to information and enables 24x7 communications with the outside world.
Download PDF › -
The Role of the Internet in the Propagation of Malware
Businesses of all sizes rely on the Internet as an essential component of their daily operations. The company's Web site is a primary entry point to its current and prospective customers, as well as other key stakeholders; employees conduct the majority of their business operations via the Web; and Email has had a profound effect on the speed and efficiency of internal and external communications.
Download PDF › -
Comprehensive Internet Security – Employing A Layered Defense
Aircraft carriers employ a comprehensive layered defense strategy, beginning with proactive detection. Radar is utilized as the first line of defense, to detect any approaching attackers.
Download PDF › -
An In-depth Analysis of SMB vs. Enterprise Security
one of the most commonly used acronyms in business today is "SMB". Yet, most vendors who service both Small and Mid-sized Businesses and Enterprises differentiate the two based either on the company's annual revenue or by its number of employees. However, when it comes to IT security, neither of these measurements is very appropriate.
Download PDF › -
NETGEAR® Stream Scanning Technology
The proliferation of Web 2.0 technologies has dramatically increased the Internet's importance to small and mid-size businesses. However, it has also fueled a variety of new attack strategies, as attackers take advantage of the vast connectivity it provides, coupled with the confidence it elicits among users.
Download PDF ›
Data Sheets
-
STM Series: ProSecure™ Web and Email Threat Management Appliance
Hardware/Software Appliance für den vollständigen Schutz von Web- und e-Mail-Traffic in mittleren Unternehmen. Aktuelle Bedrohungen aus dem Web 2.0 und aus der Cloud werden durch neueste Technologien im Bereich Anti-Malware, Antivirus, Anti-Spam und Anti-Spyware eliminiert. Für mittelgroße Betriebe mit 30 - 600 Benutzern steht ein breit gefächertes Angebot an Appliances zur Verfügung.
Download PDF ›
Case Studies
-
Unity Electronics
NETGEAR® STM Stream Scanning Technology Provides Unity Electronics with Peace of Mind
Read Case Study › -
oregon DEQ
oregon Department of Environmental Quality Cleans Up Hazardous Malware with NETGEAR® STM Stream Scanning Technology
Read Case Study › -
Advanced Reimbursement Management, LLC
Advanced Reimbursement Management Reclaims their Network with NETGEAR® STM Stream Scanning Technology
Read Case Study ›
Entdecken Sie unsere Lösungen
Web Security
Bei unseren Lösungen kommt eine professionelle Enterprise-Class Sicherheitsarchitektur zum Einsatz. Diese schützt Unternehmensnetzwerke effektiv vor Viren, Würmern, Spyware, Trojanern, Rootkits, Keyloggern und unberechtigtem Surfen im Web, ohne die Produktivität einzuschränken.
Netzwerk Security
Firewall-Funktionalität mit einer breiten Palette von Netzwerk-Sicherheitstechnologien, darunter Stateful Packet Inspection (SPI), Eindringschutz (Intrusion Prevention, IPS) und Schutz vor Denial-of-Service-Attacken (DoS).
Email Security
Distributed Spam Analyse-Architektur zum Einsatz, die Ausbrüche von Spam mit Hilfe eines in-the-Cloud-Ansatzes bereits im Keim erstickt. Die patentierte Stream Scanning-Architektur garantiert somit E-Mails ohne Malware.
Remote Access
Die ProSecure UTM-Reihe kombiniert das Beste aus beiden Welten mit zwei Arten von VPN-Tunneln (Virtual Private Network), Secure Socket Layer (SSL) und IP Security (IPsec) für die optimale Anbindung an Ihr Netzwerk.
