Product Group Tests
Group test: Email content management
With economic uncertainty and security budgets shrinking, administrators are wise to invest in products that cover the largest risk area with the most administrative functionality to make their already hectic lives easier.
Full Group Summary
As the reliance on messaging continues to grow and the value of information increases exponentially, organizations are looking to protect messaging services from vulnerabilities and evolving threats. Inbound and outbound email services represent a tremendous risk to any enterprise, whether the threats are malicious outside attackers or simply human error from a corporate perspective. Gone are the days when email security products simply scanned attachments for known viruses, filtered the message body for profanity, or quarantined spam based on a few simple signatures or heuristics. Organizations are dealing with sophisticated spam attacks, phishing, botnets, regulatory compliance mandates and several other risk areas that must be managed in order to effectively secure information without impacting users.
Email content management vendors have recognized the need for more granular control over email security within the environment. Features and options continue to converge as appliance vendors are responding to the need to secure malicious inbound emails and data leakage concerns for outbound messages.
In this issue
This month we examined several email content management products. We defined email content management as the ability for a solution to provide most of the following functions: filter inbound and outbound messages, filtering based on content, filtering based on source address or sender, quarantine/notification, overall fit into an enterprise environment.
Overall, we found that most of the products that we reviewed met our criteria for email content management. An interesting observation for this group of products is that some vendors focused on stopping unsolicited and malicious inbound mail through sender or domain validation, reputation scoring and other mechanisms, while others focused their efforts on building more robust data leakage protection for outbound messages. Data leakage is generally secured by the use of keyword filtering and "smart identifiers." The smart identifiers are pre-built data strings that users can apply to policies which search messages for suspicious formats, including possible credit card numbers and Social Security numbers.
How we tested
All of the products in our group review were hardware-based appliances, except one, GFi Mail-Security, which is a software-based solution. All of the hardware-based solutions were installed in our test network and tested against Microsoft Exchange 2003 with regards to inbound and outbound mail gateway configurations. All email clients that we used for host machine testing included Microsoft Outlook and web-based clients, including Internet Explorer and Mozilla Firefox. The GFi MailSecurity solution was installed on a Windows 2003 server machine with IIS 6 and integrated with Microsoft Exchange 2003.
In our tests, we focused on several areas, including initial setup and configuration, functional areas of the solution, ease of use and overall administration. Our testing included how easy or difficult it was to configure the options and apply them to a relative domain, organization or list of users. Most products were very easy to configure, with the overall interface and usability being the driving factor for how logical the applicability was. One example can be found within the exercise of applying content filtering rules. Some vendors supplied hundreds of keywords that were pre-populated as part of the base offering. Other products did not have any preconfigured filters or smart identifiers, leaving the administrators with the bulk of upfront work to construct the phrases, words and regular expressions.
Another key area of our testing was the ability to intelligently quarantine the items, and whether or not reporting and dashboard functions provided value to the user. Most products had very professional and polished looking interfaces with the ability to drill down in the quarantine and schedule reports to be sent to their inbox. These solutions removed a chunk of the administrative burden from its users and come highly recommended. With economic uncertainty and security budgets shrinking, administrators are wise to invest in products that cover the largest risk area with the most administrative functionality to make their already hectic lives easier.
Trevor Hough contributed to these reviews.