Product Group Tests
Email security (2010)
We rate Sophos Email Security and Data Protection 3.4 as our Best Buy this month for its great value for money and excellent focus on data leakage and compliance.
WatchGuard's XCS 700 wins our Recommended award for its solid set of features for firms looking to converge security and content management.
Full Group Summary
Convergence of email security and content management is here, says Nathan Ouellette.
Traditionally, our email security reviews were separated into two categories: email security and email content management. Email security products often included gateway and message-based encryption and/or digital signatures to ensure confidentiality/message integrity.
Content management usually focused on protecting email content, from both an outbound and inbound perspective, through a series of anti-virus, anti-spam and content-filtering engines. These products focused more on threat management and ensuring that malware, phishing and data leakage issues were kept in check.
For this review, we have noted convergence in many products, not just email security, so this is our first attempt at combining both domains of message protection into one group review.
Readers who are looking to investigate possible email security solutions will have to make decisions regarding their existing infrastructure and future state architecture and decide which features are most important to the organisation. Even though most of the product submissions in this review cover both security and content management domains, there are differences associated with almost all of them.
In this review we have one pure-play email security solution that deals only with encryption and digital signatures: PGP's Universal Gateway Email. Others provide mostly content-management features, but also some gateway-level encryption via SMTP over Transport Layer Security (TLS). Those products also integrate into additional modules, products or add-ons that help to expand the protection mechanisms.
In this issue
For this combined review, we attempted to focus mostly on features that were included out of the box, or with the licensing options enabled at the time. This can be confusing at times and we encourage readers to perform additional research. Space does not allow us to list every strong point of every solution.
There are fantastic solutions in this group that can meet almost every email security requirement in one overall package. Many products are very strong buys and exceeded our review standards.
Almost every product provided strong anti-spam, anti-virus, content analysis, administration capabilities, encryption and policy management features. Web-based centralised administration, high availability, auditing and quality reporting are also very common.
Most products performed well at securing information at the protocol layer (SMTP, sender, IP, domain and reputation protection), as well as the content layer (message filtering, anti-malware etc). Many vendors offer cloud-based subscription services. These include real-time URL scanning, sender domain checking, RBL, domain/sender trust frameworks, backscatter detection, white/black/grey listing and others.
Buyers should scrutinise the encryption implementations, as some rely on asymmetric or symmetric methods, while others use secure web portals to exchange data with recipients.
How we tested
Almost every product was contained within a hardware appliance device, making life easy for most administrators, and many vendors also offered a virtual appliance option. All act as a gateway or proxy to your existing email infrastructure and help support downstream SMTP architectures. Buyers should double-check product versions to ensure the processing power and hard drive space provide adequate capacity planning, depending on the role of the device. One product came as a software solution and was installed in our virtual environment using Windows 2003 and Microsoft SQL Server.
The majority of the products submitted have an excellent number of features, strong administrative capabilities and can undoubtedly perform well in many environments. The decision-making process will come down to cost, reputation of the vendor organisation and which features are included without extra cost and which need to be integrated into additional modules, licences etc. Additionally, some of the capabilities of the products required licensed technology or engines from other vendors.
The decision to choose the best product or even recommended product was difficult, considering that they are all very strong submissions. While this was a difficult task for the reviewer, it is a good problem to have for the security industry as a whole.