Barracuda Vs Ironport

Unanswered Question
Jul 16th, 2007

Just been put to task abou this this two products -esp on the functionality of the two products Now this is an uphill task for me -esp Barracuda's pricing is affordable compared to Ironport.
Please could anybody come up with strong pionts to push my Ironport sale. Check out this link http://www.barracudanetworks.com/ns/company/[/img]

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
verylongbloke_i... Mon, 07/16/2007 - 13:21

Hi,

we come across many customers who compare us to Barrcuda...who to be fair have a great product for their price. It's not really an apples vs organes comparison however as IronPOrt provide far more than an anti-spam solution....hence the pricing gap.

Customers who have chosen IronPort over Barracuda have cited:

- performance / number of boxes required
- number of False postives (as Bbarracuda use Spam assasin with some extra rules)
- Lower spam detection rate
- Barracuda boxes can either do inbound or outbound scanning, not both. Customers need one for each direction.
- lack of other features such as reputation filtering, domain key signing, bounce verification
- customer support experience much better with Ironport

Hope these help you....good luck

:shock:

Bart_ironport Mon, 07/16/2007 - 14:26

I haven't use barracuda in over a year and a half. But looking at the screenshots on their website, it seems they haven't changed much.

The entire concept is different. An ironport just works with very little maintenance. Barracudas have to be trained by the admin and end user to learn what is spam and what is not. I speak from experience when I say that in most companies this just does not happen. The IT staff is too busy and 99% of the end users just don't understand it.
The end result is usually that a lot of spam still gets through and the false positive rate is rather high. So the users end up having to check both their inbox and the spam quarantine for new messages.
They actually recommended to send NDRs for messages that were blocked as spam. Thats how much they trust their own solution ;)

The second part of their spam filtering is simple blacklisting. By default they use the spamhaus blacklists (have a look at the spamhaus website, they even mention barracuda, and not in the nicest way). Senderbase is far better than RBLs.

And some additional notes:

  • They can't handle both inbound and outbound mail on the same box. You actually need two devices. And you want them redundant so that makes 4 ;)
  • Hardware: they use pretty cheap hardware components. You need a 400 just to have RAID disks and even a 600 for ECC RAM. Also take this into account when you compare performance. I think it takes one of their larger boxes just to handle the same load as a C100.
  • The mail policies are very simple. On an ironport you can create far more detailed policies.
  • Ironport has better reporting
  • Ironports can use multiple ip addresses & virtual gateways
  • No DomainKeys,..
  • In my experience, Ironport software releases are far more reliable.
  • The ironport boxes are just so much prettier to look at ;)

IIRC they could do one thing that the ironport can't yet: per-domain LDAP verification. But a little bird told me that this feature will be in one of the next releases.

You get what you pay for. The barracudas were nice for their price, but you can hardly compare them to ironports.

Pat_ironport Sat, 07/21/2007 - 12:19

As far as I understand the article, the missed court-day occured because the IT guy has 'mis-'configured the mailfilter and forgot to put the court-domain to the whitelist.

I don't think, that this is a pro/contra for one of both products. :o

jbivens_ironport Mon, 07/23/2007 - 03:00

Pat,

Depends on your view point, within IronPort our perspective on having to make this configuration change as problem with the solution. And while to some degree you can't get around it (especially with poorly written automated mailers (typically in house developed apps, like e-mail alerts, etc)) these things need to be configured you wouldn't expect that organizations like US Courts would be something that needs to be configured on the whitelist. I haven't seen any docket spam in quite some time, o.k. that was a bad spam joke.

Anyway, I'm not on the marketing side but personally this article highlights the problem with high touch solutions in the sense that it's unrealistic to identify every valid sender that the business conducts communications with over the course of five years an whitelist every one just in case.

It would probably be more interesting on this thread to hear from IronPort customers and how much time they spend administer the appliance and the ~ seat count (to correlate the amount of time per user or per 1000 users).

Sincerely,

Jay Bivens
IronPort Systems

darkstar3D_ironport Mon, 07/23/2007 - 17:42

We have 2 C60s and our time spent managing them has been less than 1 hour this year. 100% of that time was spent creating special filters to stop particular spear phishing attempts.

Stacy

IIAGDTRnSC Mon, 07/23/2007 - 20:58

They actually can compliment each other, with the IronPort in front of the Barracuda you'll catch 99.9% of the various mischiefs and you'll have redundancy should one break. And that will happen sooner or later.

verylongbloke_i... Tue, 07/24/2007 - 13:25

This should be no spurise akin to double filtering your water - IronPort's spam engine is approx 96% effective at detecting spam - so Barracuda has a chance to pick up some/all of the 4% missed.

Key thing to consider is Barracuda does need manual work to make rules effective.....but some customers are happy to take this hit if it picks these up.

blopez_ironport Wed, 07/25/2007 - 18:15

Maybe this article helps:

IronPort + The FDA

Not your typical spam fighters

http://www.gcn.com/print/25_3/38293-1.html?topic=promising_practices

Summary:

* Blocking unwanted e-mail at FDA is very complicated
* Words like “Viagra” and “Cialis” often need to get through, so the most commonly used techniques for filtering spam won’t work well at FDA
* FDA chose systems from IronPort
* IronPort makes security appliances that use a sender-reputation filter as a first line of defense, eliminating the need to rely on keyword filtering
* FDA: “We haven’t identified any false positives” in more than a year of operation


False positives with Barracuda are really high, and this can cause trouble to IT staff. So this article plus the lawyer's one I think make a good statement in favor of IronPort solution.

Donald Nash Wed, 07/25/2007 - 20:34

It would probably be more interesting on this thread to hear from IronPort customers and how much time they spend administer the appliance and the ~ seat count (to correlate the amount of time per user or per 1000 users).


We have somewhere in the neighborhood of 50,000 seats, nine MGAs (a mix of C60s and C600s), and one FTE sysadmin (me). I spend a few hours a month at most, and that much only because of one particular service we offer. We have an unauthenticated SMTP relay service for "dumb" devices like those fancy printers with scan-to-email capability, which lack the ability to do SMTP authentication. I typically get a few requests a week to add another one of those to the access list for that service. Every now and then I add someone to the manual blacklist, but that's very rare. Beyond those two, the biggest absorber of time is software upgrades, which are predictably time consuming when you've got nine units to deal with. But the bottom line is still the same: I've got nothing to complain about here.

By far the biggest time suck I have related to our MGAs is not about system administration at all. Rather, it's fielding the unending stream of "the spam filter ate my e-mail" complaints, none of which ever pan out once I look at the logs. But when you run a big, mysterious black box whose purpose is silently throwing away e-mail, it becomes the target for everyone's missing e-mail complaints.
hwidodo_ironport Sat, 07/28/2007 - 03:12

Yes Barracuda is cheap and more affordable, but you might regret later.

I have a few customers using barracuda and suddenly it just stop receiving emails and not even we could enter the console.

So many false positive in Barracuda.

bvanzant_ironport Mon, 07/30/2007 - 12:37

This should be no spurise akin to double filtering your water - IronPort's spam engine is approx 96% effective at detecting spam - so Barracuda has a chance to pick up some/all of the 4% missed.


Getting a little off topic, oh well.

This would be true if catching spam were random. It turns out that catching spam isn't random. Some spam is "easier" to catch than others. I would expect that in a dual scanning situation like this the catch rate would go up by a maximum of 1% (most likely it will be statistically unchanged).

However, you need to watch the combined false positive rate. In this case, especially since Barracuda is known to have a higher FP rate, the FP rate will go up measurably and for a less than 1% increase in catch rate. Doesn't sound like a good trade off.

Actions

This Discussion