Guide to Messaging Security
Top tips for buying messaging security productsBy Joel Snyder, Network World Lab Alliance
Since every enterprise already has some form of messaging security (thinks, anti-spam and/or anti-virus) in place, the decision to consider a new gateway is generally prompted by problems with an existing system. Obviously, the key tip for buying is to make sure your new gateway is at least as good as your old one. This means identifying what you like-and don't like-about your existing gateway and using that information to guide your evaluation criteria for the new gateway.
Moving on from what you have to where you are going, you'll also want to look in five specific evaluation areas: anti-spam features, anti-virus features, end-user features, system architecture features, and additional security features. We take them one by one here.
Obviously, the biggest differentiator between products is the quality of the anti-spam engine when its applied to your own mail flow. To determine that, you'll need to test any potential gateway in your own environment. Once you've found an engine that meets your goals for catch and false positive rates, you'll want to consider at least the following as ways of differentiating products and identifying ones that meet your needs best:
- Does the anti-spam engine offer multiple verdict levels (such as "definitely spam" and "probably spam") that you can use to help reduce undetected false positives?
- Does the messaging security gateway have reputation-based filtering that allows you to refuse a message at SMTP time to reduce total system load?
- Can the messaging security gateway integrate easily with your existing email directory infrastructure?
Most products have a single anti-virus engine, selected by the product vendor. Unfortunately, this engine choice is usually subject to a set of forces that lie outside of your control, such as current partnerships and acquisition strategies. Since it is a best practice to have a different anti-virus engine in the messaging security gateway from the one you use on the desktop, this can adversely affect your deployment. You may want to consider:
- Can the product use multiple anti-virus engines, either in parallel or separately?
- Does the product's anti-virus engine properly complement installed infrastructure in your enterprise to offer best coverage?
- What long-term commitment do you have from the vendor on the choice of anti-virus engine?
Some messaging security gateways operate entirely without any end-user interaction, and this may be your preferred deployment scenario. However, you should examine products that at least have the option of end-user features:
- Does the product have the option for an end-user anti-spam/anti-malware quarantine? Can the quarantine be enabled for users individually or must it be done for everyone?
- Does the product have per-user settings for sensitivity, block-list, and whitelist? Can these features be managed at the group level as well as the individual user level?
- Can the product link to your existing authentication infrastructure, or does it have some method to reasonably authenticate end users? (Note that a very rigorous authentication is likely not necessary, since most of what's in the quarantine will be spam.)
In a simple single-system deployment, system architecture is not that critical. But in the enterprise, with scalability and high availability requirements, you should consider:
- Can the product be centrally managed, with settings for gateways and groups of gateways handled without resorting to element management?
- Can the product scale easily, simply by adding gateways into a management group or cluster?
- Does the vendor offer built-in or off-the-shelf log management tools that can aggregate information from multiple gateways for help desk support and reporting purposes?
- In the event of a total system failure, how hard is it to "restore to factory defaults" the gateway and re-apply your configuration?
Most security gateways have focused on anti-spam/anti-malware features. However, messaging security goes far beyond these two buckets. Unfortunately, enterprise requirements for additional security features are all over the map and it's difficult to identify any single product as being "best" in all additional features. Instead, you'll have to figure out what you want and make sure that it's supported in the products you're looking at. Some of the key features you may want to use include:
- Message encryption using TLS, under tight policy control; also other integration with encryption and message protection systems
- Content filtering capabilities, including your own and vendor-supplied dictionaries
- Message archiving capabilities