Securing corporate messages without impacting on users: 11 products reviewed by Nathan Ouellette
As the reliance on messaging grows and the value of information increases exponentially, organisations seek to protect messaging services from vulnerabilities and threats. Email services represent a tremendous risk to an enterprise, whether from malicious attackers or human error. Gone are the days when email security products simply scanned attachments for known viruses. Spam attacks, phishing, botnets, regulatory compliance mandates and other risk areas must be managed to secure information - without impacting on users.
Email content management vendors have recognised the need for more granular control. Most products are available as hardware appliances or software-based solutions that can perform as email gateways, messaging transfer agents or as full service email servers. Features converge, as vendors respond both to the need to secure malicious inbound emails and to data leakage concerns with outbound ones.
In this issue
This month, we examined several email content management products, defined as the ability for a solution to provide most of the following functions: filter inbound and outbound messages, filtering based on content, filtering based on source address or sender, quarantine/notification, overall fit into an enterprise environment.
Overall, we found that most of these products met our criteria for email content management. Some vendors focused on stopping unsolicited and malicious inbound mail through sender or domain validation, reputation scoring and other mechanisms, while others focused on building more robust data leakage protection for outbound messages. Data leakage is secured by the use of keyword filtering and 'smart identifiers' - prebuilt data strings that you can apply to policies that search messages for suspicious formats, including credit card or social security numbers.
All of the products performed adequately, with only one instance where we questioned whether the amount of memory was enough to handle an enterprise load.
The biggest performance impact is the application of keyword and smart identifier policies to large groups of users.
Buying decisions should be based on how well a device protects against the email-based threats your organisation faces (are you mostly concerned with malicious content coming into your network or personally identifiable information leaving it?). This, coupled with enterprise management features (such as backups, logging and reporting), represent most of the perceived value for decision-makers.
How we tested
All the products in this group test were hardware-based appliances except one, GFI's software-based MailSecurity. The hardware-based solutions were installed in our test network and tested against Microsoft Exchange 2003 with regards to inbound and outbound mail gateway configurations. Email clients that we used for host machine testing comprised Microsoft Outlook and web-based clients, including Internet Explorer and Mozilla Firefox. The GFI MailSecurity solution was installed on a Windows 2003 server machine with IIS 6 and integrated with Microsoft Exchange 2003.
Our tests focused on initial setup and configuration, functional areas, ease of use and overall administration. Our testing included how easy or difficult it was to configure the options and apply them to a relative domain, organisation or list of users. Most products were easy to configure, with interface and usability being the driving factors for how logical the applicability was. One example is the exercise of applying content-filtering rules. Some vendors supplied hundreds of keywords pre-populated. Others had no preconfigured filters or smart identifiers, leaving administrators with the work to construct the phrases, words and regular expressions.
Other key areas were the product's ability to intelligently quarantine the items and whether or not reporting and dashboard functions provided value to users. Most products had professional interfaces, with the ability to drill down in the quarantine and schedule reports. Such solutions removed a large chunk of the administrative burden from users and come highly recommended. With economic uncertainty and budgets shrinking, administrators are wise to invest in products that cover the largest risk area with the most administrative functionality to make their hectic lives easier.
Trevor Hough contributed to these reviews.