Incident Response, Malware, Network Security, TDR

Protecting email both ways

Protecting your organization from attacks brought into the system by email is an ongoing challenge. Equally challenging can be ensuring that email leaving your system is protected from tampering or interception. This month's batch of products, generally speaking, do both. While the number of products in this particular space is relatively small, we find some powerful vendors in the game and believe you will find what you need here if an email gateway is what you are looking for.

Email exposes organizations to two kinds of threat. First, there is the threat of email falling into the wrong hands, and second there is the threat of inbound email carrying phishing, malware or other potential problems. Outbound email management in these products often goes well beyond traditional email encryption. We saw content management similar to data leakage protection and Dropbox-like functionality for safely moving attachments.

The bottom line for these products is that over the past year or two they have reached a remarkable level of maturity. Does that mean that we are “there” yet? Probably not. We believe that we have the skeleton of what an email gateway should look like, but as the bad guys get badder we always need to beef up our defenses. It's the old leapfrog game and it's been status quo since the beginning of information security.

Linguistic analysis of potential phishing emails is in its infancy, for example. However, even so, we see examples of that in this month's products. New technologies will evolve in this space and in the data leakage space over the next couple of years. Those technologies – such as linguistic analysis – will address new types of malware threats, privacy and non-repudiation of email messages.

Like just about every other product classification in information security, this one has undergone a lot of change and there have been – and likely will continue to be – convergence among vendors. We are starting to see some new players – some with very good products – and we are seeing the expected acquisitions as well. A few of these new players, especially those that develop interesting new technologies, will eventually be absorbed into one of the giants.

Email security is one of those that the big infosec players deem to be a “must have” in their product lines. In some cases, we note that the email gateway functions have been subsumed into broader gateways, becoming part of a combination email, web and other content management systems. None of those are discussed this month, although in a couple of cases the products can be part of a comprehensive threat management architecture offered by a single vendor and managed from a more or less centralized console.

Turning to this month's reviews, we welcomed Mike Lipinski back into the lab to wrangle the email security products. You will, we are sure, enjoy his insights into this small group. Mike joins us from time to time and we always appreciate his work. Starting next month we will be making another exciting change in the labs and we are sure that you will want to hear about it. I will take that up in the October column as we look at NAC and DLP. It is no accident that these two groups – email security and NAC/DLP – are juxtaposed. They have a lot in common functionally, even if they are somewhat disparate as product groups. As you will see this month – and as mentioned above – some data leakage protection functionality already is beginning to creep into email management. Stay tuned – this is likely to be an interesting ride!

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.