IBM Proventia Network Multi-Function Security (MFS) - MX4006

MX4006 Overview:

IBM Proventia Network Multi-Function Security (MFS) - MX4006 appliance is a unified threat management (UTM) device that provides protection at the gateway and network levels without jeopardizing network bandwidth or availability. It combats a variety of threats at once, such as unauthorized access, network attacks, malicious code, blended threats, content-based attacks, spyware and phishing.

Proventia Network MFS integrates these best-of-breed security modules in a single high performance and easy-to-use UTM appliance:

• Firewall/VPN
• Intrusion prevention
• Anti-virus
• Antispam
• Web/URL filter
• Application protection

Because running multiple security processes across multiple locations is costly and resource-intensive, the centralized, multi-layered approach offered by Proventia Network MFS is a welcome solution for small businesses as well as the distributed enterprise. You gain premium-class protection while maintaining system and network integrity, lowered costs by streamlining IT operations, plus a simplified security solution that helps mitigate the need for specialized in-house security resources.

No single solution is perfect

Single layered security such as a firewall or antivirus protection is no longer enough. Security threats have become more sophisticated in their approaches to attacking businesses. The severity of a security breaches can be disastrous, if not fatal, to an organization. Mediumsized businesses, as well as remote and branch offices, face the same types of Internet threats as enterprise-level networks. The IBM Proventia® Network Multi-Function Security (MFS) MX3006 and MX4006 appliances from IBM Internet Security Systems™ (ISS) provide comprehensive security designed to preemptively stop Internet threats before they penetrate the network and disrupt business operations.

Comprehensive security in a single device

The complexity of the modern security landscape requires businesses to adopt a multilayered approach to security. Proventia Network MFS unites these multiple security technologies into a single appliance. The Proventia Network MFS product family combines:

• Industry-leading Intrusion Prevention System (IPS)
• Stateful firewall
• Signature and behavioral antivirus
• Virtual Private Network (VPN) capabilities
• Content filtering
• Anti-spam

By joining these six security technologies, Proventia Network MFS provides all the security content needed to support enterprise-level networks in a single appliance at a compelling performance price. Proventia Network MFS MX3006 and MX4006 are ideal for moderate-sized business locations, branch offices and retail locations. Consolidating six security technologies into a single 1U appliance enables organizations to benefit from best-of-breed security without needing a host of in-house security experts to monitor and manage network performance. With an all-in-one security approach, and by requiring fewer information technology (IT) resources to manage network security, Proventia Network MFS provides preemptive, industrial-strength protection at a low total cost of ownership.

Flexible and scalable

From the moment organizations attach Proventia Network MFS to the network, the solution provides comprehensive security. For organizations with limited IT expertise, the default settings on Proventia Network MFS provide the security coverage needed to help protect the network from attack.

For businesses with IT expertise, Proventia Network MFS MX3006 and MX4006 can be customized to seamlessly integrate into even the most advanced network environments. Organizations can choose which security modules to utilize, create policies that allow/deny specific Internet traffic and build groups within the network to establish permissions to access certain information.

Proventia Network MFS can also help organizations with multiple sites manage the security posture for all locations from a single site. The security architecture can even be standardized through the use of such custom features such as Locally Resolved Variables. For organizations that have more than ten locations or need advanced reporting features and management capabilities, the IBM Proventia Management SiteProtector™ system can provide a complete set of central management features that help save time and reduce complexity.

Meeting compliance requirements

Business compliance and industry regulations can add a level of complexity to network security, as well as increase cost and drain IT resources in an often already strained department. Proventia Network MFS MX3006 and MX4006 are designed to protect organizations against security threats, safeguard critical data and achieve security requirements for regulations such as the Sarbanes-Oxley Act (SOX), the Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry (PCI) Data Security Standard (Proventia Network MFS helps to achieve 10 out of the 12 security standards defined by PCI Data Security Standard) – without increasing the budget or IT resources. In fact, the Proventia Network MFS family can help reduce IT resource requirements, allowing organizations to focus on revenue-generating activities.

Features & Benefits:

Unified Threat Management and Preemptive Protection with IBM Proventia Network MFS.

Making comprehensive, preemptive protection simple and affordable

IBM Proventia Network Multi-Function Security (Proventia Network MFS) from IBM Internet Security Systems (ISS) offers a range of strong, economical devices that stop Internet threats before they penetrate your network and disrupt your business.

The IBM Proventia product family offers preemptive protection for the IT infrastructure with appliances designed to stop network attacks, and security software that helps to protect servers and desktops from Internet threats. IBM ISS rounds out its product offerings with security consulting and managed services.

Proventia Network MFS combines industry-leading intrusion prevention technology from IBM ISS with firewall, anti-virus tools, Web filtering and anti-spam technology in a single appliance. It provides protection at the gateway and network levels without jeopardizing network bandwidth or availability, and combats a variety of threats at once—such as unauthorized access, network attacks, malicious code, blended threats, content-based attacks, spyware and phishing.

Why multi-function security?

• Firewalls and anti-virus tools are not enough.
  Blended threats and sophisticated hackers bypass and thwart these conventional defenses, disrupting your business.
• Multiple stand-alone solutions are difficult and expensive to manage.
  A stand-alone solution to cover every type of threat creates an expensive and ineffective approach when these defenses do not work in concert.

Why Proventia?

• Best-of-breed security modules are truly integrated—not just bundled open source.
  Each of the security layers—firewall/VPN, anti-virus protection, Web filtering, anti-spam and application protection—found in Proventia Network MFS are competitive as stand-alone products. These modules are carefully integrated into Proventia Network MFS to provide a high-performing, easy-to-configure and easy-to-use unified threat management appliance.
• It includes preemptive protection—to stop threats before impact.
  With intrusion prevention technology pioneered by IBM ISS, Proventia moves you beyond reactive protection to preemptive protection.
• It’s driven by superior technology.
  Proventia is powered by the IBM Internet Security Systems X-Force® research and development team—one of the world’s only security teams to combine vulnerability research with traditional attack research. The X-Force team’s expertise empowers Proventia Network MFS to promptly block over 1,000 types of attacks.
• It is the foundation for the industry’s leading protection warranty.
  When combined with IBM Managed Protection Services, this preemptive protection even comes with a protection “guarantee”*—the industry’s leading performance-based service level agreement (SLA) with a cash-back payment of US$50,000 for any security breach resulting from a successful attack listed on the IBM ISS X-Force Certified Attack List.
• It provides among the best price/performance ratios on the market.
  Proventia Network MFS provides a high level of protection from Internet threats at one of the best price/performance ratios available.
• It’s a welcome solution for the distributed enterprise.
  The appliance enables you to extend reliable preemptive protection to small businesses and remote offices where IT resources are minimal.
• It delivers business continuity and a lower total cost of ownership.
  You gain premium-class protection while maintaining system and network integrity, lowered costs by streamlining IT operations, plus a simplified security solution that helps mitigate the need for specialized in-house security resources.

Unifying one of the world’s best security technologies

Unified on a firewall/VPN platform, complete with anti-virus protection, Web filtering, anti-spam and application protection, Proventia Network MFS coalesces strong security solutions found in complex networks into a single small-form appliance “all-in-one” solution:

• IBM Proventia Intrusion Prevention—IBM ISS is one of the leaders in intrusion prevention. Proventia Network MFS offers you the caliber of protection once reserved for governments and Fortune 500 companies.
• IBM Virtual Patch® Technology—Virtual Patch technology allows you to regain control over ad hoc/emergency patching by shielding vulnerabilities at the network level.
• IBM Proventia Firewall—The firewall is ICSA-certified and provides the functionality needed in your enterprise environment, including allow/deny rules by address/port, named lists of objects and complete connectivity.
• IBM Proventia Signature Anti-Virus—With 100 percent coverage of the Wildlist,1 the gateway anti-virus solution analyzes files from Web sites and Web mail, download sites and e-mail—in real time. It offers security that stops viruses even if desktop protection is disabled/out of date.
• IBM Proventia Behavioral Anti-Virus—The IBM ISS patented** Virus Prevention System (VPS) detects and blocks bad files, including spyware, unknown viruses and unknown worms, without signature updates. Using a behavioral recognition system, VPS analyzes the activities of an executable file to detect whole families of malicious code. VPS has the ability to block more than 93 percent of malicious files without a virus signature update.
• IBM Proventia Web Filtering—With more than 70 million catalogued Web sites, the Proventia Web filter database is exponentially larger than most other databases. It is constantly updated to remain current, with 100,000 new/updated Web pages added daily.
• IBM Proventia Anti-Spam—This powerful technology incorporates ten methods of detection, is 95 percent effective in detecting spam with 1/10,000 false positives, and provides spam database updates every four hours—checking messages against a spam database and defined text categories, and comparing URLs in e-mail messages to the massive Web filter database.

Preemptive protection—tailored to your requirements
Proventia Network MFS appliances are rated for different numbers of users, with models for large enterprise deployments as well as small office/home office (SOHO) or remote office/branch office (ROBO) environments. Multiple appliances can be managed centrally by the IBM Proventia Management SiteProtector™ system.

• IBM Proventia Network MFS MX1004: for up to 100 users
• IBM Proventia Network MFS MX3006: for up to 500 users
• IBM Proventia Network MFS MX5010: for up to 2,500 users

Proventia Network Multi-Function Security Product Demo

Multi-Function Security Features:

Proventia Network MFS offers unified threat management protection (UTM) at the gateway to block known and unknown attacks. It is designed to provide superior, automated protection, flexible deployment and management, simplified security and a lower total cost of ownership than stand-alone security solutions.

Key Features:

• Unified Threat Management (UTM) Protection
  Proventia Network MFS unifies multiple security technologies on a single, powerful engine to provide advanced intrusion prevention, firewall, VPN, vulnerability assessment, behavioral and signature antivirus, antispam and Web filtering protection.
• Powerful Out-of-the-Box Security
  Proventia Network MFS uses ISS' unique vulnerability-based detection and prevention technologies to accurately block attacks, significantly reducing false positives. The default-blocking policy provides out-of-the-box protection against hybrid threats without requiring security expertise. More than 160 built-in rules and more than 2,500 checks are included.
• Virtual Patch Protection
  ISS' Virtual Patch technology allows you to regain control over ad-hoc and emergency patching by shielding vulnerabilities at the network level.
• Spyware Installation Blocking
  Proventia automatically blocks spyware applications at the network level, preventing installation and download to clients.
• Spyware Communication Blocking
  For clients already infected with spyware applications, Proventia prevents spyware intelligence reporting by automatically blocking active spyware application communication.
• High Performance
  Proventia Network MFS protects at wire speed without consuming network bandwidth or disrupting network availability, allowing legitimate traffic to pass unhindered.
• VoIP Protocol Protection
  Proventia Network MFS parses and analyzes the VoIP family of protocols to identify anomalous traffic. This unique type of analysis allows Proventia to identify and block known and unknown threats to your VoIP services, ensuring that your VoIP sessions have the best protection available.
• Reliable
  Proventia Network MFS UTM devices are rack-mounted appliances built on premium Intel equipment. They feature redundant internal cooling fans, power supplies and RAID (redundant) storage to prevent fatal hardware failures.
• Automatic Updates
  Proventia Network MFS is updated automatically via X-Press Update enhancements that deliver the most up-to-date protection against the latest vulnerabilities and threats, eliminating manual updates and downtime. X-Press Updates are compiled by ISS' world-renowned X-Force security intelligence team.
• Easy to Use
  Proventia Network MFS offers flexible configuration options for deployment, response and notification, as well as simple on/off capabilities for activating security content modules. Administrators can choose how they are notified of important security events.
• Built-in Security Intelligence
  Thanks to the built-in X-Force security intelligence, Proventia Network MFS provides easily accessible event details, including full descriptions with recommended actions and responses.
• Centralized Management System
  IBM Proventia Management SiteProtector allows you to control, monitor and analyze events with minimum staff and operational costs. SiteProtector scales easily for large global enterprises.
• World-Class Support
  ISS offers 24/7 global support and service for all components of Proventia Network MFS, including platform updates, technical support and Advanced Exchange replacement.
• Managed Protection Services Guarantee
  When managed by ISS, Proventia Network MFS provides guaranteed protection complete with a money-back warranty if a security breach occurs, the only offer of its kind in the world.

Technical Specifications:

Model:	MX3006	MX4006
Hardware Specification
Form factor	1U tabletop/1U rack-mount	1U tabletop/1U rack-mount
Interfaces (10/100/1000)	Six 10/100 Mbps	Six 10/100/1000 Mbps
Weight	5.5 kg (12 lbs)	6.5 kg (14.33 lbs)
Dimensions (WxHxD)	429x360x44 mm 16.87x14.17x1.73 inches	429x360x44 mm 16.87x14.17x1.73 inches
Enclosure	Fits 19-inch rack/desktop	Fits 19-inch rack/desktop
Serial ports	One	One
UPS support	No	No
AC power	100–127 V at 50–60 Hz; 2 Amps 200–240 V at 50–60 Hz; 2 Amps	100–127 V at 50–60 Hz; 2 Amps 200–240 V at 50–60 Hz; 2 Amps
Operating	5º C–40º C (67º F–130º F)	5º C–40º C (67º F–130º F)
Emissions/Product Safety/Certifications	U.S.: FCC CFR47 Part 15 Class A Europe: CISPR 22 Class A; “CE” Mark of Conformity Japan: VCCI-A Korea: Korean Requirement Class A China: People’s Republic of China commodity inspection law Australia/New Zealand: ACA C-Tick UL 60950-1 1st Edition Underwriters Laboratory, Safety Information CAN/CSA 22.2 No. 60950-1 1st Edition EN60950-1:2001 European Norm IEC60950-1 1st Edition, International Electrotechnical Commission, Safety Information	U.S.: FCC CFR47 Part 15 Class A Europe: CISPR 22 Class A; “CE” Mark of Conformity Japan: VCCI-A Korea: Korean Requirement Class A China: People’s Republic of China commodity inspection law Australia/New Zealand: ACA C-Tick UL 60950-1 1st Edition Underwriters Laboratory, Safety Information CAN/CSA 22.2 No. 60950-1 1st Edition EN60950-1:2001 European Norm IEC60950-1 1st Edition, International Electrotechnical Commission, Safety Information Nordic deviations to IEC 60950-1 1st Edition
Redundant power supply	No	No
Redundant disk array	No	No
Operating system (OS)	Proprietary	Proprietary
Mean time between failure (MTBF)	56,064 hours (6.4 years)	50,010 hours (5.7 years)
Network Features
Network Address Translation (NAT)	Yes	Yes
Masquerading/port address translation	Yes	Yes
Reverse NAT	Yes	Yes
Traffic-based access control	IP, port, protocol	IP, port, protocol
Dynamic Host Configuration Protocol (DHCP)	Client and server	Client and server
Point-to-Point Protocol over Ethernet (PPPoE)	Yes	Yes
Layer 2 mode	Yes	Yes
Open Shortest Path First (OSPF)	Yes	Yes
Traffic Shaping	Traffic Prioritization, Bandwidth Enforcement, Bandwidth Guarantees	Traffic Prioritization, Bandwidth Enforcement, Bandwidth Guarantees
RIP	Version 1, Version 2	Version 1, Version 2
VPN Features**
Internet Protocol Security (IPSec) with Internet Key Exchange (IKE)	Yes	Yes
Layer Two Tunneling Protocol support (L2TP)	Yes	Yes
Encryption algorithms***	DES, 3DES, AES	DES, 3DES, AES
Authentication algorithms	MD5, SHA-1	MD5, SHA-1
Authentication algorithms	Groups 1,2,5	Groups 1,2,5
Authentication algorithms	Yes	Yes
Public Key Infrastructure (PKI) support	Yes	Yes
Interoperability with major VPN vendors (IPSec)	Yes	Yes
Microsoft® Windows® XP client wizard	Included	Included
SSL VPN Features
Modes of Access	Web, Web & TCP, Full Install	Web, Web & TCP, Full Install
Authentication Mechanisms	Active Directory, LDAP, RADIUS, X509	Active Directory, LDAP, RADIUS, X509
Client Security Checks	Yes	Yes
User / Group Access Control	Yes	Yes
VPN Tunnels Protected	IPS, Antivirus, SPAM, URL Filtering	IPS, Antivirus, SPAM, URL Filtering
Maximum Concurrent Users	50	75
Web Filtering
URL blocking	More than 9 Billion URLs categorized	More than 9 Billion URLs categorized
Rate of URL database updates	More than 120,000 updated URLs daily	More than 120,000 updated URLs daily
Number of URL categories	62	62
Image analysis	Yes	Yes
Text analysis	Yes	Yes
User-configurable include/exclude lists	Yes	Yes
Spyware analysis	Yes	Yes
Anti-spam
Spam-detection rate	More than 95 percent	More than 95 percent
False-positive rate	0.01 percent (1 in 10,000)	0.01 percent (1 in 10,000)
Subject-line tagging	Yes	Yes
Automatic spam deletion	Yes	Yes
Spam sample database	More than 200,000	More than 200,000
Supports mail protocols Simple Mail Transfer Protocol (SMTP) and Post Office Protocol 3 (POP3)	Yes	Yes
Signature and Behavioral Antivirus
Protocols protected	HTTP, FTP, SMTP, POP3	HTTP, FTP, SMTP, POP3
Inbound/outbound inspection	Yes	Yes
E-mail attachment inspection (including compressed files)	Yes	Yes
ZIP	Yes	Yes
MIME/UU	Yes	Yes
LHA/LZH	Yes	Yes
TAR	Yes	Yes
GZIP	Yes	Yes
ARJ	Yes	Yes
CAB	Yes	Yes
PKLite	Yes	Yes
LZEXE	Yes	Yes
Stops zero-day variants such as Zotob, Blackworm and others	Yes	Yes
Spyware analysis	Yes	Yes
Intrusion Prevention System (IPS) / Intrusion Detection System (IDS)
Number of protocols inspected	More than 190	More than 190
Number of attack detection algorithms	More than 2,500	More than 2,500
Blocking	Yes	Yes
Number of blocked vulnerabilities out-of-box	More than 7,400	More than 7,400
Drop offending packet	Yes	Yes
Drop offending packet	Yes	Yes
Block connection	Yes	Yes
Block worm	Yes	Yes
Block Trojan	Yes	Yes
Block intruder	Yes	Yes
Neuter attack	Yes	Yes
Block future traffic	Yes	Yes
Performance
Maximum recommended users****	500	1000
Stateful throughput speed (firewall only)	200 Mbps	600 Mbps
Full inspection speed—firewall, IPS and Web filtering	200 Mbps	450 Mbps
Full inspection speed—IPS, Web filtering and antivirus (mail only)	200 Mbps	360 Mbps
Full inspection speed—IPS, Web filtering and antivirus (mail, FTP, Web)	94 Mbps	120 Mbps
Maximum connections per second	4,100	6,800
Maximum concurrent sessions	120,000	120,000
VPN performance
VPN capacity or maximum recommended tunnels (site-to-site/remote)	250 Mbps	250 Mbps
Maximum VPN 3DES encryption speed	65 Mbps	68 Mbps
Maximum VPN AES encryption speed***	143 Mbps	170 Mbps
Maximum VPN 3DES encryption speed with hardware acceleration***	N/A	N/A
Maximum VPN AES encryption speed with hardware acceleration***	N/A	N/A
E-mail (with both antivirus and anti-spam)
Maximum number of 1KB messages throughput per hour	4,480	7,230
Maximum number of 1KB messages with 500KB attachments throughput per hour	766	840
Logging / Notification
Event logging	Yes	Yes
E-mail	Yes	Yes
Simple Network Management Protocol (SNMP)	Yes	Yes
High Availability
Active / Passive	Yes	Yes
VPN User Authentication
Internal database	Yes	Yes
RADIUS (external) database	Yes	Yes
LDAP support	Through RADIUS	Through RADIUS
RSA SecureID (external) database	Through RADIUS	Through RADIUS
Xauth over RADIUS for IPSec VPN	Yes	Yes
IP/MAC address binding	Yes	Yes
Management
Centralized management	Yes (with SiteProtector system)	Yes (with SiteProtector system)
Local management	Web-based	Web-based
Multiple administrators and user levels	Yes (with SiteProtector system)	Yes (with SiteProtector system)
External administrator database	Yes (with SiteProtector system)	Yes (with SiteProtector system)
Multilanguage support	No	No
Secure shell (SSH) access	SSH	SSH
Customer Support
Hours available—Standard	24x7x365	24x7x365
Hours available—Premium	24x7x365	24x7x365
Number of support incidents	Unlimited	Unlimited
Number of designated callers	From two to five	From two to five
Additional designated callers	Optional	Optional
Additional languages	Optional	Optional
Customer portal	Yes	Yes
Customer knowledgebase	Yes	Yes
Warranty	One year + contract	One year + contract
Advanced hardware replacement	Yes	Yes
Third Party Certifications	SCP (support center practices) NSS ICSA	SCP (support center practices) NSS ICSA

** Free VPN client available using Microsoft Windows XP L2T VPN client or by purchasing a separate VPN client.
*** The Proventia Network MFS-W Series only contains only the DES Encryption Algorithm to meet Russian Federation encryption requirements. Proventia Network MFS MX-L Series of models are limited to a maximum VPN performance of 44 Mbps.
**** Capacity ratings based on nodes represent general guidelines about the size of the network that should be placed behind a particular Proventia Network Multi-function appliance model.

Proventia Network Multi-Function Security Comparison Matrix:

Uncompromising Protection for Every Layer of Your Network

Provides a comprehensive, all-in-one network security solution for even the most complex networks. Also helps organizations maintain government regulations and industry compliance requirements (helps address 10 out of 12 PCI requirements). Unified on an extensible platform, the Proventia MFS comes complete with robust firewall, IPsec or SSL VPN, antivirus, anit-spam web filtering and intrusion prevention security modules.

Proventia Network Multi-Function Security
Model:	Mid-Market / Remote Office				Large Gateway
	MX0804	MX1004	MX3006	MX4006	MX5008	MX5110
Maximum Recommended Nodes/Users	50*	100*	500*	1,000*	2,000*	3,000*
Security Content Updates	Powered by X-Force; Antivirus by Sophos	Powered by X-Force; Antivirus by Sophos	Powered by X-Force; Antivirus by Sophos	Powered by X-Force; Antivirus by Sophos	Powered by X-Force; Antivirus by Sophos	Powered by X-Force; Antivirus by Sophos
Form Factor	Desktop Appliance	Desktop Appliance	1U Appliance	1U Appliance	2U Appliance	2U Appliance
Capabilities Summary
Intrusion Prevention	Yes	Yes	Yes	Yes	Yes	Yes
Intrusion Detection	Yes	Yes	Yes	Yes	Yes	Yes
Antivirus (behavior-based)	Yes (from Sophos)	Yes (from Sophos)	Yes (from Sophos)	Yes (from Sophos)	Yes (from Sophos)	Yes (from Sophos)
Antivirus (signature-based)	Yes (from Sophos)	Yes (from Sophos)	Yes (from Sophos)	Yes (from Sophos)	Yes (from Sophos)	Yes (from Sophos)
Content Filtering	Yes	Yes	Yes	Yes	Yes	Yes
Protected segments	Yes	Yes	Yes	Yes	Yes	Yes
Web Application/ Database Protection	Yes	Yes	Yes	Yes	Yes	Yes
VoIP Security	Yes	Yes	Yes	Yes	Yes	Yes
Spyware Prevention	Yes	Yes	Yes	Yes	Yes	Yes
VPN	IPsec and SSL	IPsec and SSL	IPsec and SSL	IPsec and SSL	IPsec and SSL	IPsec and SSL
Hardware-Related Specifications
Monitoring or scanning interfaces	4 x 10/100/1000 Copper	4 x 10/100/1000 Copper	6 x 10/100/1000 Copper	6 x 10/100/1000 Copper	8 x 10/100/1000 Copper	10 x 10/100/1000 Copper
Inline protected segments	4	4	6	6	8	10
Throughput available	100 Mbps**	100 Mbps**	200 Mbps**	600 Mbps**	1600 Mbps**	1800 Mbps**
Concurrent sessions (rated maximum)	101,000	101,000	120,000	120,000	150,000	150,000
Maximum connection per second	2,000	3,000	4,100	6,800	9,580	12,500
High Availability/ Failover	Active/Passive	Active/Passive	Active/Passive	Active/Passive	Active/Passive	Active/Passive
Host Protection Featrues
Log Auditing	N/A	N/A	N/A	N/A	N/A	N/A
Application Control	N/A	N/A	N/A	N/A	N/A	N/A
Buffer Overflow Exploit Protection	Yes for Services exposed to the Network	Yes for Services exposed to the Network	Yes for Services exposed to the Network	Yes for Services exposed to the Network	Yes for Services exposed to the Network	Yes for Services exposed to the Network
Supported Operating Systems/Platforms	N/A	N/A	N/A	N/A	N/A	N/A
Vulnerability Management Features
Scanning Discovery	N/A	N/A	N/A	N/A	N/A	N/A
Asset Classification	N/A	N/A	N/A	N/A	N/A	N/A
Vulnerability Assessment	N/A	N/A	N/A	N/A	N/A	N/A
Scanning Windows	N/A	N/A	N/A	N/A	N/A	N/A
Workflow Solution	N/A	N/A	N/A	N/A	N/A	N/A
Results Reporting	N/A	N/A	N/A	N/A	N/A	N/A
Mail Security Features
Spam detection rate	>98%	>98%	>98%	>98%	>98%	>98%
False positive rate	<.01% (1 in 10,000)	<.01% (1 in 10,000)	<.01% (1 in 10,000)	<.01% (1 in 10,000)	<.01% (1 in 10,000)	<.01% (1 in 10,000)
Spam and compliance analysis modules	Yes (20+ Customizable)	Yes (20+ Customizable)	Yes (20+ Customizable)	Yes (20+ Customizable)	Yes (20+ Customizable)	Yes (20+ Customizable)
Anti-phishing/Image-based Spam	Yes	Yes	Yes	Yes	Yes	Yes
Granular policy control	Yes	Yes	Yes	Yes	Yes	Yes
Global/group/user settings	Yes	Yes	Yes	Yes	Yes	Yes
End user access	Yes	Yes	Yes	Yes	Yes	Yes

* See sizing guide for detailed information regarding # of concurrent users and active device modules
** Requires optional external bypass unit for fiber interfaces

Documentation:

Download the IBM Proventia Network Multi-Function Security (MFS) - MX3006 and MX4006 Datasheet (PDF).

Download the IBM Proventia Network Multi-Function Security Brochure (PDF).