HomeProducts › ProSecure™ STM Series

ProSecure™ STM Series

For Medium Sized Businesses – Enterprise Strength Spam, Virus, & Web Filter Security.

An integrated hardware / software appliance for complete protection of a medium business' Web and email traffic. Modern Web 2.0 & cloud computing threats are mitigated through anti-malware / virus / phishing / spam / spyware technologies. A range of appliances is available for medium businesses with between 30 – 600 users

The ProSecure™ STM series of gateway security appliances uses a patent-pending Stream Scanning architecture to deliver best-of-breed business security. ProSecure™ employs millions of signatures to protect against known threats, and in-the-cloud zero-hour protection technology to proactively discover and block any suspected threats that have not yet been identified. Likewise, the NETGEAR® in-the-cloud Distributed Spam Analysis architecture shields networks from spam, phishing attacks, and other Email-borne threats.

Other solutions significantly dilute the efficacy of their offering by either utilizing open source or cutting essential features and services from their enterprise products to fit an SMB price point. But through its patent-pending Stream Scanning architecture, NETGEAR® provides complete enterprise-grade solutions, including advanced scanning technologies such as its comprehensive anti-malware engine, in-the-cloud Distributed Spam Analysis, and a proactive behavioral defense system that eliminates the gap between a vulnerability being exploited and the time it is fixed.

With ProSecure™ STM, subscriptions are simple with no per-user licensing. ProSecure™ Web and Email subscriptions each contain comprehensive protection for an unlimited number of users.

 

Key Features & Advantages

  • Inbound/Outbound Web and Email Scanning on a Single Appliance
  • Transparent Installation Requires No Network Reconfiguration
  • Patent Pending Stream-Scanning Technology Ensures Minimal Latency
  • Best of Breed Virus Detection Partnered with Kaspersky Lab™
  • Zero Hour Threat Protection stops Unknown Threats in Real-time
  • Hybrid In-the-Cloud Anti-Spam Requires No "tuning" to work
  • Hybrid In-the-Cloud Web Filter & Application Control Enforces Internet Usage Policies
  • Per User/Group Policies – Active Directory & RADIUS integration
  • Simple Subscription Options
  • No Per-User Licensing
 

Certifications

There are three models in the ProSecure™ STM series of gateway security appliances. A single ProSecure™ STM can protect against Web- and Email-borne threats, both inbound and outbound. Each STM can support up to hundreds of users, with a maximum HTTP throughput rate of up to 260 Mbps and up to 960,000 Emails per hour.

STM ModelsSTM Models STM 150STM 150 STM 300STM 300 STM 600STM 600
Sizing Guidelines
Customer Type Small Networks Medium-sized Networks Medium-sized Networks
Recomended Number of Concurrent Users 20-150 Up to 300 Up to 600
Concurrent Scanned HTTP Connections 1,000 2,000 4,000
HTTP Anti-virus Throughput¹ 42 Mbps 163 Mbps 260 Mbps
SMTP Throughput¹ (emails/hour) 139,000 420,000 960,000
Content Security
Web (HTTP, HTTPS, FTP) ✓ ✓ ✓
Email (SMTP, POP3, IMAP) ✓ ✓ ✓
Stream Scanning ✓ ✓ ✓
Inbound and Outbound Inspection ✓ ✓ ✓
Signature-Less Zero Hour Protection ✓ ✓ ✓
Malware Signatures 3 Million+ 3 Million+ 3 Million+
Automatic Signature Updates Hourly Hourly Hourly
True HTTPS Scanning and Filtering ✓ ✓ ✓
Web Content Filters Filter By: File Extension
Web Object Filters ActiveX, Java, Flash, Javascript
Email Content Filters Filter By: Subject Keywords, Password-Protected Attachments, File Extension, File Name
Distributed Spam Analysis ✓ ✓ ✓
Distributed Spam Analysis Supported Protocols SMTP, POP3
Anti-spam Real-time Blacklist ✓ ✓ ✓
User-defined Spam Allowed/Block Lists Filter by: Sender Email Address, Domain, IP Address Recipient Sender Email Address, Domain
Distributed Web Analysis w/ 64 categories ✓ ✓ ✓
Instant Messaging (IM) Control MSN Messenger, Yahoo Messenger, mIRC, Google Talk, QQ, ICQ
Peer to Peer (P2P) Control BitTorrent, eDonkey, Gnutella
Media Application Control iTunes (Music Store, update), Quicktime (Update), Real Player (Guide), Rhapsody (Guide, Music Store), Winamp (Internet Radio/TV)
Software Tool Control Alexa Toolbar, GoToMyPC, Weatherbug, Yahoo Toolbar
Maximum Number of Users Unlimited
User Authentication Active Directory, LDAP, Radius, Local User Database
Content Filtering Policies User, Group, IP Address, Subnet
Deployment
VLAN Support ✓ ✓ ✓
Logging and Reporting
Management HTTP/HTTPS, SNMP v2c
Reporting Summary Statistics, Graphical Reporting, Automatic Outbreak Alerts, Automatic Malware Notifications, System Notifications
Logging Traffic, Malware, Spam, Content Filter, Email Filter, System, Application
Log Delivery Management GUI Query, Email Delivery, Syslog
Hardware
Total Gigabit RJ45 Ports 5 3 5
Gigabit RJ45 Ports with Failure Bypass 0 2 4
Dedicated Management VLAN Ports RJ45 0 1 1
Administration Console Port RS232 RS232 RS232
Form Factor 1U 1U 1U
Major Regulatory Compliance FCC Part 15 Class A, CE mark commercial, VCCI Class A, RoHS, UL listed, C-Tick
Storage and Operating Operating Temperature 0-40°C (32°-104°F),
Storage Temperature -20-70°C (-4°-158°F)
Operating Humidity 5% to 95% RH
Electrical Specifications 100-240V, AC/50-60Hz, Universal Input, 1.5 Amp Max
Dimensions: W x H x D (cm) 44 x 4.35 x 25.8 42.6 x 4.44 x 50 42.6 x 4.44 x 50
Dimensions: W x H x D (inches) 17.3 x 1.7 x 10.2 16.8 x 1.75 x 19.7 16.8 x 1.75 x 19.7
Weight (kg) 3.68 8.2 8.2
Weight (lb) 8.1 18.1 18.1
Package Contents ProSecure Appliance (STM150, STM300, or STM600), Ethernet Cable, Power Cable, Rubber Feet, Warranty Card, Quick Installation Guide, End User License Agreement, CE Document, GPL Notice, Subscription Card (Bundles Only)
Hardware Warranty 2 years

¹ Testing performed in a lab benchmark environment. Actual performance may vary.

The following screenshots illustrate the Web user interface of the ProSecure™ STM series of gateway security appliances.

Sizing Guidelines

ProSecure™ STM appliances manage an organization's Internet usage and protects these organizations from Internet borne malware, spam, viruses, and inappropriate web surfing. With the ProSecure™ STM appliance sitting between the organization and the Internet, it is critical that the STM appliance is sized appropriately and matches the performance needs of the organization.

There are no industry-standard metrics for determining the model to select, as every organization is unique and displays different Internet usage characteristics. As such, NETGEAR® uses several specifications to evaluate the applicability of an STM appliance:

Throughput

A starting point is to estimate the throughput your organization requires between its internal network and the Internet. As the STM appliance sits between your internal network and the Internet, this throughput number is the total amount of traffic that can be passed with the STM in place.

Concurrent Clients

The number of concurrent clients represents the maximum number of currently active clients that can simultaneously access the Internet through the STM. NETGEAR® STM Appliances' Concurrent Client rating is a number that is measured assuming that each active client is currently engaging in an "average" web browsing session with multiple connections to multiple websites.

In general, your organization's concurrent client count should be less than the total number of users in your organization. For instance, if your organization has 1000 users, perhaps only 800 of those users have Internet access via a computer. Moreover, on the average, perhaps only 75% of those users are in the office at any point in time (75% x 800 = 600 users). Lastly, you may perhaps estimate that only 50% of those users (50% x 600 = 300 users) are actually on the Internet browsing web traffic at a given time.

Concurrently Scanned HTTP Connections

Users who are actively browsing the Internet can typically be estimated to have 5 active HTTP connections at any point in time with a 60% rate of concurrency (yielding 3 connections). This number accommodates averaged situations where some users are heavily browsing the web or using Internet bandwidth intensive applications. Note that the peak number of connections can exceed these estimates if there is extraordinarily heavy usage of Internet bandwidth or connection intensive applications such as Peer 2 Peer applications are being used.

Email Throughput

The rate at which users send and receive Emails varies widely in organizations, and is also dependent on the amount of spam an organization is receiving. For instance, if users, on the average, send and receive 30 legitimate emails per hour and 70% of Email traffic is SPAM, then each user will contribute 100 Emails per hour to the overall system load. A 200 user organization could then be expected to experience an Email load of 200,000 messages per hour.

STM Appliance Model Comparison
STM Model Capacity STM150 STM300 STM600
Throughput (Mb/s) 42 160 260
Concurrent Clients 145 333 600
Concurrently Scanned HTTP Connections 1000 2000 4000
SMTP Throughput (emails / hour) 139,000 420,000 960,000
Sample Organizations

When sizing an STM for an organization, throughput, concurrent clients, concurrent connections, and Emails processing capability should all be assessed against the characteristics of the organization. In the examples below, we have outlined potential sample organizations and the recommended STM appliances for each organization.

Organization Characteristics Suggested STM Model
10 Mbps Throughput
100 concurrent clients
300 concurrently scanned HTTP connections
100,000 Emails / hour		 STM150
40 Mbps Throughput
250 concurrent clients
800 concurrently scanned HTTP connections
300,000 Emails / hour		 STM300
120 Mbps Throughput
500 concurrent clients
1600 concurrently scanned HTTP connections
700,000 Emails / hour		 STM600

Deployment Guidelines

The ProSecure™ STM gateway security appliance is an inline transparent bridge that can easily be deployed to any point on the network without requiring network reconfiguration or additional hardware.

The following are the most common deployment scenarios for the STM appliance. Depending on your network environment and the areas that you want to protect, you can choose one or a combination of these deployment scenarios.

Gateway Deployment

In a typical gateway deployment scenario, a single STM appliance is installed at the gateway between the firewall and the LAN core switch to protect the network against all Web and Email threats entering and leaving the gateway. In this type of deployment, all STMs scan both Web and Email traffic.

Note: In a gateway deployment, it is recommended to install the STM behind the firewall to employ the firewall's functionality in stopping DoS attacks (which may often be non Web or Email traffic related).

Figure 1 Gateway Deployment

Server Group Deployment

In a server group deployment, one STM appliance is installed at the gateway and another in front of the server group. This type of deployment helps split the network load and provides the mail server with dedicated protection against email-borne malware and spam. In this type of deployment the STM installed at the gateway scans only Web traffic while the STM in front of the server group scans only Email traffic.

Figure 2 Server Group Deployment

Segmented LAN Deployment

In a segmented LAN deployment, one STM appliance is installed in front of each network segment. This type of deployment helps split the network load and protects network segments from Web and Email threats coming in through the gateway or originating from other segments. In this type of deployment, all STMs scan both Web and Email traffic.

Figure 3 Segmented LAN Deployment

Whitepapers

  • NETGEAR® In-The-Cloud Distributed Spam Analysis Technology: Network Based Protection Against Email-Borne Threats
    Over the past few years, Email has emerged as the primary vector for an array of computer threats such as spam, viruses, Trojans, and phishing attacks.
  • How Internet Usage Puts Your Business at Risk
    Small and mid-size businesses have come to rely heavily on the Internet as an essential part of their day-to-day operations. It offers speedy access to information and enables 24x7 communications with the outside world.
  • The Role of the Internet in the Propagation of Malware
    Businesses of all sizes rely on the Internet as an essential component of their daily operations. The company's Web site is a primary entry point to its current and prospective customers, as well as other key stakeholders; employees conduct the majority of their business operations via the Web; and Email has had a profound effect on the speed and efficiency of internal and external communications.
  • Comprehensive Internet Security – Employing A Layered Defense
    Aircraft carriers employ a comprehensive layered defense strategy, beginning with proactive detection. Radar is utilized as the first line of defense, to detect any approaching attackers.
  • An In-depth Analysis of SMB vs. Enterprise Security
    One of the most commonly used acronyms in business today is "SMB". Yet, most vendors who service both Small and Mid-sized Businesses and Enterprises differentiate the two based either on the company's annual revenue or by its number of employees. However, when it comes to IT security, neither of these measurements is very appropriate.
  • NETGEAR® Stream Scanning Technology
    The proliferation of Web 2.0 technologies has dramatically increased the Internet's importance to small and mid-size businesses. However, it has also fueled a variety of new attack strategies, as attackers take advantage of the vast connectivity it provides, coupled with the confidence it elicits among users.

Data Sheets

  • STM Series: ProSecure™ Web and Email Threat Management Appliance
    The ProSecure STM series of Web and email security appliances combine best-of-breed security technologies and patent-pending Stream Scanning Technology to protect businesses against today's Web and email threats. Viruses and spyware hosted on Web pages, email phishing attacks, spam, malware infected emails, and other threats are now all part of a regular repertoire of sophisticated blended attacks that businesses now face.
    Download PDF ›

Case Studies

Product Documentation

  • STM Reference Manual
    The NETGEAR ProSecure Web/Email Security Threat Management Applicance STM Reference Manual describes how to configure and troubleshoot a ProSecure Web/Email Security Threat Management Applicance STM 150, STM300 or STM600. The information in this manual is intended for readers with intermediate computer and networking skills.
    Download PDF ›

Explore Our Technology Solutions

Web Security

Enterprise-class security architecture to protect business networks from viruses, worms, spyware, trojans, rootkits, keyloggers, and unauthorized Web surfing – without impacting productivity.

 
Network Security

Firewall functionality that deploys an array of network security technologies such as stateful packet inspection (SPI), Intrusion prevention (IPS), and denial-of-service (DoS) protection.

Email Security

A Distributed Spam Analysis architecture that uses an in-the-cloud approach to stop up-to-the-minute spam outbreaks. Patent-pending Stream Scanning architecture ensures email is malware free.

 
Remote Access

The ProSecure UTM series offers the best of both worlds by offering two types of virtual private network (VPN) tunnels, Secure Sockets Layer (SSL) and IP security (IPsec), for optimal secure connection to your network.

Back to Top