Product Group Tests

Email content management (2008)

by Peter Stephenson June 02, 2008
products

GROUP SUMMARY:

The ThreatWall 450 is the type of solid offering you would expect from eSoft at a very good price. We make it our Best Buy.

Our Recommended award goes to the Tumbleweed MailGate for its highly comprehensive feature set with a very robust policy engine.

The sheer number of products in this review pays tribute to their importance in defending today's email-dependent enterprises against ever-evolving threats. Peter Stephenson is impressed.

This category covers protection of the enterprise from things that can ride an email message into your enterprise. Arguably, there are only two ways into a secure enterprise from the outside: email and web services. We control web services through secure programming and good architectures. We control email by forcing it through gateways that look for things that could harm us.

That was an easy task in the days when the threats were limited. Today there are, essentially, no limitations on the malware that could enter the enterprise in an email message. So the issue becomes how many classes of email-borne threats can a gateway device or program catch. And, equally important, what will the impact on the network's performance be?

We saw one overriding characteristic as we looked at the large number of products in the lab: more sometimes really is more.

These tools, in general, expected everything but the kitchen sink to be thrown at them, and they usually have the means necessary to protect against just about any type of email-carried threat. That made it a bit difficult to evaluate them.

The second characteristic we found may be an extension of the maturity of these products: an abundance of marketing hype. In fact, devices with approximately the same features might be called email gateways, email content managers or email firewalls.

Message to vendor marketing types: changing the name is not a differentiator. Having a solid product with a lot of necessary features that actually work is.

What to look for
We looked for a comprehensive approach to protecting the enterprise from email-borne threats. The more threats that are managed appropriately, the better. Typically we saw anti-virus, anti-malware, anti-spam and anti-phishing. These are today's predominate email threats.

Most of the products are appliances. I tend to favour appliances because the installation and configuration are much simplified and speed, especially for today's overloaded administrators, counts for a lot.

So the first thing to look for is a powerful feature set, the second an easy-to-deploy and support system, preferably in the form of an appliance. As you look at appliances, you also should look carefully at throughput and scalability.

The device you buy will be with you for a while, because its scalability is based on the appliance, not just the application. So if you undersize you'll have to buy a new appliance much sooner than you might if you had scaled it properly.

Another prevailing feature we saw a lot of is compliance monitoring and reporting. If you are subject to any compliance requirements, look for this functionality. It will simplify your reporting tasks considerably. For example, you may find a product with predefined filters that meet requirements for regulations such as PCI useful if your organisation is affected by the PCI DSS standard.

How we tested
This involved a multi-level set of tasks. We looked at those functions that, as mentioned above, we see as critical to the product type.

Our test bed was a pair of domains to simulate the internet, a sending domain and a receiving domain, both of which used MS Exchange. We established communications with the email device appropriately installed on one of the domains and began to exchange email.

Once we were satisfied that the two mail systems were talking to each other, we configured the appliance under test with a set of policies that we then attempted to violate. Overall, we were interested in ease of setup; ease of configuration and policy management; and how well the device enforced its policies.

This was an interesting group for a couple of reasons. First, we had a very large number of products - more than any group we've had in the lab in a long time.

Second, most were very good products. In fact, selecting our Best Buy and Recommended choices this month was a challenge.

At last, most products are keeping up with the proliferation of email-borne threats.

- For details on how we test and score products, visit http://www.scmagazineus.com/How-We-Test/section/114/

SC Webcasts UK

Sign up to our newsletters

FOLLOW US