Review: Spyware Loses Its Bite
Barracuda Networks' Web Filter 310 uses content filtering and application blocking to protect networks from viruses and spyware. Originally called the Barracuda Spyware Firewall, the company renamed the product to reflect its extensive feature set and capabilities. Despite being heavy on the features, Web Filter 310 remains easy to use and fully customizable.
The appliance prevents new spyware and virus infections from penetrating the network. It takes a multilayered approach to blocking spyware sites, downloads and protocols. For example, spyware is automatically blocked if it comes from a URL previously determined to be malicious.
Barracuda has identified 57 predefined categories ranging from blatant offenders such as porn sites to less-blatant ones such as gambling sites. Along with reputation scoring, Web Filter blocks sites using domain names, predefined categories, URL patterns and MIME type. Web Filter also performs binary content scanning on all files coming in to detect spyware in realtime.
Priced at $1,999, Barracuda Web Filter was a snap to deploy and performed well without complexity. Since it can be placed in front of or behind the firewall, CRN Test Center engineers installed the unit in front of the firewall for testing purposes. The appliance blocked Web sites that had embedded spyware or tried to download spyware onto the test computer. Even better, the appliance detected spyware as it was phoning home on the test machine and prompted engineers to download and run the Barracuda Spyware Removal tool, an Active X control tool. By making the tool immediately available to the user as soon as the infection is detected, the problem is resolved quickly. In addition, because it's an online tool, administrators do not need to preload the tool on all affected client machines.
Although the device's strength lies in blocking spyware, it also blocks unauthorized Web sites, viruses, adware, malicious Web content and unauthorized applications. Web Filter 310 can also block peer-to-peer services, IM, file downloads, Web-based e-mail, music sites, proxies and chat sites.
Barracuda managed to avoid a common trap that other vendors blocking sites based on URL patterns and domain names often fall into: Engineers noticed that while the Barracuda Web Filter blocked porn sites, the appliance allowed oft-banned yet innocent to pass through, such as breast cancer education sites or sites that have trigger words embedded within their otherwise innocuous names.
This product also can set up and enforce Internet usage policies, such as restricting access to certain sites and limiting personal surfing during work hours. The system is LDAP-enabled, giving administrators a way to create and assign policy-driven rules based on individual users or group accounts.
Next: The Bottom Line The Web Filter appliance does not have separate management software but relies on a Web interface to the administration console. Once the appliance is configured during initial setup with an IP address, gateway and DNS information (using a monitor, keyboard and mouse plugged directly into the unit), administrators access the console via a Web browser from any computer on the network. The console, laid out in multitabbed Web pages, is packed with features, and almost every option can be customized. Administrators can immediately test changes made to filtering categories, whitelists and blacklists from within the console.
The most recent firmware update, version 3.1, expands the unit's reporting capabilities. Under this version, administrators can view log history and see reports on user behavior, historical traffic patterns, bandwidth usage, domain requests and Web site categorization. Designed to store approximately six months of traffic history, Web Filter also can drill down from summary reports for further analysis. Administrators can enable syslog messages through the Web console to log what happens to each traffic request performed by users to a text file.
For existing customers running Web Filter with pre-3.1 firmware, the upgrade is very straightforward. The Test Center received a pre-3.1 appliance and upgraded to 3.1 using the admin console within minutes.
Capacity varies by the model in the Barracuda Web Filter family. The Web Filter 310 can support 200 concurrent users, making it ideal for SMBs or branch offices. The high-end 910 model can support 4,500 concurrent users and has hot-swappable RAID and power supplies.
Barracuda Central, the company's technology center, automatically pushes down hourly updates of antispyware rules on to the unit. Energize Updates, as they are called, include databases for spyware removal, signature, Web sites and protocols, as well as antivirus definitions and content filters. As a troubleshooting feature, the unit also can open up a tunnel session with Barracuda Central.
Measuring 16.7 inches wide x 1.7 inches high x 14 inches deep, the steel-black unit is emblazoned with a blue panel in the front corner. It is 1U high, comparable to competitive products. Weighing 17 pounds, the appliance is sleek and attractive.
The 310 model comes with ports for connecting a standard VGA monitor, a keyboard, a mouse, a serial port, several USB ports and three Ethernet ports. One Ethernet port is located at the back of the unit and is used specifically for management. The LAN and WAN ports are located at the front of the unit. The front panel also contains the power button, the reset button and five indicator lights marking power, disk activity, cleaning activity and data transmission.
The company is channel-friendly, claiming more than 90 percent of its sales are driven through partners. Its channel program has five levels. There are no requirements to join at the lowest level, but there are high revenue goals to sustain the top-level discounts.
Barracuda estimates a 10 percent margin at the low end for solution providers. Other revenue opportunities include ongoing subscriptions. Partners interested in reselling premium services are required to undergo training.
All resellers can offer basic support, but only certified resellers can offer in-depth support. Otherwise, Barracuda handles the rest of technical support, including on-site premium programs. It also has an instant replacement service, where the new unit is shipped next business day.