WatchGuard XCS770R Email Security Appliance Review

ENEX Testlab Reviews by Matthew Hackling & Matt Tett


In order to improve productivity and minimise risk, most organisations need a reliable method of protecting their employees from unwanted email (spam) and malicious software (malware). In addition, it is also necessary to protect the corporate network by restricting access to inappropriate content.
Web and email content management has evolved. It used to require administrators to install security software onto servers running general purpose operating systems. The next step was a move to appliances with pre-installed operating system and software.
Over the years ‘Cloud-based’ email content management services have emerged. The latest addition, and acronym, to the competitive landscape is that of data leakage prevention (DLP) which complements the technology by attempting to prevent the release of confidential data via email, webmail or social networking websites.
WatchGuard has excelled over the years in producing security appliances in their trademark red that brighten up drab data centers around the globe. These appliances are known to be no-nonsense, cost effective, straight forward to administer and supported by easy to renew subscription services. WatchGuard’s devices are desirable due to their sturdy build quality, consistency, and practical management functionality.
WatchGuard claims the XCS770R’s key features are as follows:
• Combines both email and Web security with DLP in one appliance.
• Next Generation reputation service enabling IP, domain and URL blocking which halts the majority of spam at the connection level, saving bandwidth.
• On-box logging and reporting systems.
• Suited to large businesses and Managed Security Services Providers, with the ability to support 1000’s of domains, fully customise reports and user interface and granular deligated domain administration.
• The DLP engine can be used to provide anti-slander/cyber-bullying controls.
A patented feature, and key differentiator, of the XCS is queue replication providing message-level redundancy. WatchGuard have also included their SecureMail email encryption which is a great feature particularly considering its mobile capabilities (eg Blackberry reader app).
The XCS770R when it comes down to it is a rack mounted Intel quad-core Xeon based server with 4GB of RAM and two 500GB hard drives mirrored with RAID1. It runs a FreeBSD based operating system that is not accessible to the end user, but updated via the ‘secure connection’ feature of the appliance. It has four gigabit Ethernet ports, which can be used for the optional clustering features, or accessing an additional management interface. It has the option of configurationvia Web browser (the recommended method in the manual) or via a keyboard and monitor.
After installation, a feature set linked to the serial number of the appliance can be retrieved via an active internet connection or via ‘cut and paste’ from the WatchGuard website to enable the features of the appliance.
The most popular bundle we initially looked at included 30 days of trial of the McAfee antivirus engine and Brightmail’s email filtering tools (both optional add-ons providing alternatives or multi-layer security), in addition to the year of default Kaspersky antivirus and antispyware. We added a year of SurfControl based Web content filtering which proceeded smoothly and quickly.
Although this integrated anti-virus protection is turned on by default, the appliance is available as a single solution for both email and Web, scanning for malware and spyware is turned off by default. It appears that the appliance’s default configuration is intended to ease rapid integration and troubleshooting by enabling features one at a time to reduce the risk of unintended service interruption.
Basic configuration of the appliance is readily accomplished via the clean, easily navigable Web management interface, with a reboot only required following the change to networking interface related settings. Available settings for email and Web content management are easy to understand and operate.
We did note that the default setting is to block password protected email attachments and malformed email with no email notification (not even to the administrator), this is something to bear in mind when deploying for those conscientious admins out there.
Administration and Management of the appliance is relatively swift and straightforward through a single point of administration. The on box reporting provides an at a glance picture of the current status of the appliance and Web/email activity of the organisation.
We did note some delays in enabling Web content management for objectionable content due to the initial download of the database from SurfControl, but after the initial download it blocked access to objectionable content as expected.
There is also a function to train the DLP engine by uploading sample documents, for document fingerprinting, for example templates of confidential documents, and protects known confidential documents or parts thereof from being transmitted. The XCS can scan over 400 different attachments types — attachment control which adds value to this content scanning. Transparent, policy driven DLP, with multiple remediation actions that can be based on user, group or domain is another key feature.
Read more about key security challenges faced by many CSO's 
While touching the DLP side, it is worthwhile noting that the XCS has the ability to provide transparent, policy-driven DLP with multiple remediation actions. Policies can be based on user, group, or domain. WatchGuard has developed a unique ability to combine IP and domain reputation for more accurate scoring and connection-level management.
This core email content management functionality is enhanced by DLP features to restrict the egress of confidential email attachments and in message contents like credit cardholder information.
The ability to add basic Web content management provides the facility to restrict personnel from accessing objectionable websites, or potentially posting objectionable comments on social networking sites. There may be the option to wring additional DLP type functionality from the appliance to provide Web content management by keyword, however this appliance does not appear to provide the ability to easily restrict the egress of confidential information via Twitter or IM.
In conclusion, the question in our minds was has WatchGuard produced a useful appliance or has it just powder coated a rack mount server red? The answer is that WatchGuard has produced a well integrated product that’s suited to the core intended function of email content management for larger enterprises and service providers.
The XCS770R would be an excellent no-fuss solution for email content management for large business or an ISP due to its easy configuration, scalability and enterprise- class feature set.

Join the CSO newsletter!

Error: Please check your email address.

Tags WatchuardreviewsEnex TestLabwatchguardsecurityemail securityemail security appliancefirst looks

More about BrightmailDLPetworkIntelKasperskyKasperskyLPMcAfee AustraliaSurfcontrolWatchguard

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Enex Testlab

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place