I'm definately with Joat on this one.joatBlog: Appliances are better?
The article over at nwfusion.com presents the argument that spam management appliances are better than a software on general purpose OS. Sure there are advantages in that you don't have another server to manage all the software on, but from a security point of view I'm dubious as to whether they are superior.
One reason is that you're dependant on the vendor for patches for any operating system level attacks that come out, as these appliances are usually based on commodity operating systems customised for the task.
Also it becomes difficult to know whether you have any machines with a specific vulnerability as you will probably not know what software the vendor has loaded on the appliance...


Security Geek, Kubernetes, Docker, Ruby, Hillwalking