This category covers protection of the enterprise from things that can ride an email message into your enterprise. Arguably, there are only two ways into a secure enterprise from the outside: email and web services. We control web services through secure programming and good architectures. We control email by forcing it through gateways that look for things that could harm us.
That was an easy task in the days when the threats were limited. Today, however, there are essentially no limitations on the threats that could enter the enterprise in an email message. So the issue becomes how many email-borne threat classes – and, ultimately, threats themselves – can a gateway device or program catch. And, equally important, what will be the overall impact on the network’s performance?
We saw one overriding characteristic this month as we looked at a large number of products: more, sometimes, really is more. These products, in general, expected everything but the kitchen sink to be thrown at them, and they usually have the means necessary to protect against just about any type of email-carried threat. That made it a bit hard to evaluate a really good, overall bunch of products.
The second characteristic we found may be an extension of the maturity of these products: marketing hype, hype and more hype. In fact, two devices with approximately the same features might be called email gateways, email content managers or email firewalls. Message to vendor marketing types: changing the name is not a differentiator. Having a solid product with a lot of necessary features that actually work is.
What to look for
We looked for a comprehensive approach to protecting the enterprise from email-borne threats. The more threats that are managed appropriately, the better. Typically, we saw anti-virus, anti-malware (in general), anti-spam and anti-phishing. These are today’s predominant email threats. Most of the products we reviewed are appliances. I tend to favor appliances because the installation and configuration are simplified greatly. As I have said before, this has nothing to do with the old saw about “real administrators use command line” (and use it and use it until it finally works). This is because speed, especially for today’s overloaded administrators, counts, and it counts a lot.
So the first thing to look for is a powerful feature set, and the second priority is an easy-to-deploy and support system, preferably in the form of an appliance. As you look at appliances, you also should look carefully at throughput and scalability. The appliance you buy will be with you for a while because its scalability is based on the appliance, not just the application. So if you undersize, you will get to buy a whole new appliance much sooner than you might have if you had scaled it properly.
Another prevailing feature that we saw a lot of is compliance monitoring and reporting. If you are subject to any compliance requirements, look for this functionality. It will simplify your reporting tasks considerably.
How we tested
Testing these products is a multilevel set of tasks. We looked at those functions that we see as critical to the product type. Our test bed was a pair of domains to simulate the internet – a sending domain and a receiving domain. Both domains used MS Exchange. We established communications with the email device appropriately installed on one of the domains and began to exchange email.
Once we were satisfied that the two mail systems were talking to each other, we configured the appliance being tested with a set of policies that we then attempted to violate. Overall, we were interested in ease of setup, ease of configuration, policy management, and how well the device enforced its policies.
This was an interesting group for a couple of reasons. First, we had a very large number of products – more than any group we’ve had in the lab in a long time. Second, most were very good products. Selecting Best Buy and Recommended products was a challenge. Finally, most products are keeping up with the proliferation of email-borne threats.