Product Group Tests
Email Content Filtering (2007)
For its power and relatively low cost of ownership, we rate Secure Computing IronMail as our Best Buy.
IBM Proventia Network Mail Security System is a very strong product for any size organisation. For its policy engine and ease of use, we give it our Recommended award.
Full Group Summary
This kind of solution can be challenging to roll out, so make sure you pick one that offers sufficient flexibility when it comes to deployment and policy-setting. By Peter Stephenson.
Don't be misled by the name, email content filtering products do a lot more than just one job. From spam filtering, anti-virus and anti-phishing to centralised management, these tools take care of just about anything you can think of relating to email security.
As we looked through the entries in this group, we were struck by one very important differentiator: the policy engine. Regardless of the added features an email filtering product may offer, it can only give a superior performance if the policy engine is extremely strong.
Some of the solutions we reviewed had a large number of pre-built policies and most had the ability, at some level, to create new policies or modify existing ones. The strength of your email filtering protection is directly proportional to the quality of your policies.
Most of the products we tested were appliances. There were some software-based offerings, but we found these to be somewhat challenging in implementation and configuration. We concluded that, in most cases, appliances have somewhat more functionality than software products, although there was one exception to that rule. We attribute the added functionality in appliances to the ability to make them closer to plug and play than the software packages. This allows a more robust feature set, most of which comes already pre-programmed and pre-configured.
Implementing email filtering can be a challenge. We saw several different deployment architectures in this group and cannot recommend any of them over the others. This is because enterprises have different architectures and requirements. The bottom line here is that you need to match the deployment that the product supports to your unique situation. A few of the products featured had multiple ways to deploy them. That, often, is your best bet given the fluidity of today's organisations.
The second issue you should keep in mind is what exactly you want your email filter to do. Today's multipurpose appliances often contain spam filters, anti-virus and other tools that typically may be found in email filtering products. If you are implementing some of these in multipurpose appliances or universal threat managers at the gateway to your enterprise, do you really need all the capability of a full-featured email content filter product?
There is an accompanying issue here as well. In very large enterprises, it may be best to deploy a proper email filtering product. For example, I am aware of an organisation that receives millions of mail messages per day at its gateway. After deploying a robust email filtering product it discovered that only three per cent of that email was legitimate. The rest was spam. This represents a significant load on just about any filtering or multipurpose appliance.
In this case, the deployment of a dedicated email filter was the solution to the problem. Other potential solutions, such as the implementation of a multipurpose appliance that provides intrusion detection and prevention systems, firewall, web filtering and other services might have posed a bottleneck at the gateway to the network even with load balancing.
Finally, make sure that you have the appropriate support staff. We found that in just about all cases, while these products are often easy to install and deploy, getting the filtering correct is a fine-tuning process. We had examples of devices that tried to block everything, for example. This can be a question of policy, configuration or deployment, or a combination of these.
Unless you have someone who understands your email system well, it is a good idea to seek out a competent consultant to assist with your deployment in order to avoid interruptions in mail delivery.
How we tested
Testing was very straightforward. We simply set up the product (directly if it was an appliance or installed in one of our test servers if not), connected it to our mail server and began testing. We were challenged on some products to come up with a deployment in our lab that matched what the device was expecting, and that relates directly to my point on having someone who knows mail systems involved. However, during the setup, configuration and review process, we were able to evaluate all the features of the product under test and get a very good feel for what it would be like to deploy the product in an enterprise appropriate to that for which the product was intended and how the product would behave in that production environment.