WatchGuard XCS 580 v10.0
$6,500: includes hardware, one year email security, one year LiveSecurity Plus; add email encryption for $2,600 per year for up to 500 users; $3,575 annual email subscription and LiveSecurity Plus renewal; multi-year discounts available.
Strengths: Strong feature set and real easy to use.
Weaknesses: We could not test some key features that were not licensed. Need to note the additional cost of advanced features.
Verdict: Everything one needs for a complete email security deployment. That makes this our Recommended product.
The WatchGuard XCS 580 (Extensible Content Security Appliance) is an easy-to-use, all-inclusive email and web appliance that provides security and privacy of inbound and outbound traffic. It provides instant-on data loss prevention, encryption and content filtering with integrated threat prevention for viruses, spam, spyware, phishing and malware attacks, all in a secured appliance. In addition, it protects outbound content against unintentional or malicious data loss, privacy discrepancies and non-compliance with regulations and company policies.
The product is delivered as an on-premise appliance. New to this release is support for virtual deployments. WatchGuard XCSv is a new email and web security solution that provides all the security features of the WatchGuard XCS technology optimized for a VMware or Microsoft Hyper-V virtual machine environment. You can use the WatchGuard XCS Web UI to manage an XCSv devices.
The initial configuration and ongoing management is done through a web browser. Once you configure network information you are using the wizards to configure other protections. Since XCS acts as a mail transport agent (MTA), it can perform content, reputation and authentication checks to email in transit. It can accept or reject it, or apply other modifications and remediation without requiring special configuration of the user's email client or the messaging server. Using TLS, the XCS appliance can provide encrypted channels to protect mail in transit, as well as administrative sessions. Policies based on user identity, network address, email address and other identifying factors can determine annotations, anti-spam, anti-virus and attachment control processing. Content filtering was strong with numerous options for filters, including PII (identification), PCI (payment card) and PHI (health).
The policy editor was well done, easy to use and in this new version allows users to copy and paste existing policies to employ as templates. Policies are used to intercept features, such as anti-virus, spyware, outbreak control, anti-spam actions and thresholds; content controls, such as OCF, attachment scanning, content scanning, document fingerprinting, content rules, pattern filters; configure anti-spam options, such as intercept scanners and component weights; configure email features, such as annotations, encryption, archiving and DomainKeys signing; and web proxy features, such as HTTP/S access, trusted/blocked sites and download/upload limits.
Also new to this release are updates to the data loss prevention wizard. New rules are available to cover magnetic track data and new financial identification numbers and new international personal identification numbers. Reporting was complete: numerous templates are available out of the box. Reports can be customized and come with several delivery options.
Two support options were listed: LiveSecurity Plus and Gold. Both include phone and email support. Pricing was not provided. We did get to experience the support team as the first appliance arrived to our lab with a dead drive. An email got us a quick diagnosis and new box within 24 hours.