Companies looking for e-mail security solutions against inbound threats have almost limitless options, from anti-virus applications that run on a messaging server to gateway products on the network edge.
Perimeter-based e-mail security solutions provide the first line of defense for inbound traffic and can also function as the last line of defense for outbound traffic.
While numerous software-based solutions exist, the market trend is toward dominance by application-based solutions that give companies a relatively simple solution that plugs in to the network.
The capabilities of these appliances vary, but the devices generally include anti-virus and anti-spam filters and sometimes include e-mail firewall and e-mail policy enforcement features.
With all of these solutions, all features are offered on a single device, managed from a single Web-based console.
These products typically target inbound, message-based threats such as viruses, spam and phishing attacks. Some also include intrusion detection system features to guard against malformed message and DoS (denial of service) attacks geared toward e-mail servers.
When evaluating e-mail security appliances, IT managers need to look not only at basic capabilities but also at the ease with which the systems can be managed and configured to meet traffic demands.
Inbound Message Security
* Which techniques does the product use to identify and block spam and phishing e-mail?
• Real-time blacklist
• Reputation scores
• Signature filtering
• Content filtering
• Message rate throttling
• Bayesian analysis
• Message fingerprint analysis
• Check-sum analysis
• Message authenticity
• Blacklists and whitelists
• Web site and domain blacklists
• Other (please list)
* Does the product support the following message sender identification standards?
• Sender Policy Framework
• SenderID
• Domain Keys Identified Mail
* Which user-specific spam settings does the product support?
• Whitelists
• Blacklists
• Individual spam score management
• Other (please list)
* Does the product include a feature that addresses zero-day virus outbreaks, and how does the feature work?
Zero-day attacks continue to be a significant issue because anti-virus software vendors typically need several hours to create a signature file for new threats.
Some e-mail security vendors are addressing zero-day attacks by using their threat operation centers to identify virus outbreaks as they happen. This allows vendors to write policy filters and distribute them to appliances at customer sites that either block or temporarily quarantine messages.
* Which third-party virus scanning engines are available on the appliance?
* Which network security features are included in the product?
• Hardened operating system
• Firewall
• Intrusion prevention system
• Other (please list)
* Which kinds of attacks is the appliance capable of addressing?
• Directory harvest
• Buffer overflow
• DoS
• Port scan
• Malformed messages
• Other (please list)
* Does the product include a Web mail proxy?
Compliance
* Does the product support inbound and outbound message content scanning?
* Does the product include tools for managing policy-based workflow for inbound and outbound e-mail? If so, which ones?
• Integration with third-party archiving products
• Quarantine and audit workflow for messages that violate policy
• Preconfigured policies and workflow targeting regulatory requirements
• Domain-to-domain encryption
• Individual message encryption
IT managers should ask if e-mail security appliances under evaluation support the specific regulations their organizations must adhere to. For example, if an organization must comply with HIPAA (Health Insurance Portability and Accountability Act), IT managers should check to see if e-mail security appliances include preconfigured policies that address HIPAA requirements.
* Which message encryption options are available?
• TLS (Transport Layer Security)
• S/MIME (Secure Multipurpose Internet Mail Extension)
• PGP (Pretty Good Privacy)
• Integration with third-party products (please list)
• Other (please list)
Administration and Reporting
* Does the product integrate with LDAP directories or with Microsofts Active Directory? Please describe how.
* Which management interfaces are available?
• Direct access through keyboard and display
• Front panel interface and menu
• Web-based interface
• Telnet
• Secure Shell
• Other (please list)
Organizations that must monitor e-mail to ensure compliance with regulations will need broader administration and reporting tools than organizations looking to just block spam and viruses.
IT managers at organizations that fall in the former category should make sure that products support alerting for policy violations, as well as quarantine and workflow management for remediation of violations.
In addition, reports should focus on meeting requirements for both internal and external audits. Many e-mail security appliances support e-mail and FTP as report delivery methods, and IT managers should determine how the appliances can be configured to create an easy-to-manage audit trail.
* Does the product support user-defined thresholds for determining when an attack generates an alert?
Sizing and Configuration
* Describe the inbound message volume-per-hour the various appliance models can handle.
Most vendors offer multiple models of their e-mail security appliances, so organizations will need to determine the appropriate model for their environment.
* How much disk space is available on each model for inbound anti-spam quarantines and outbound compliance quarantines?
* Describe the integrated fault-tolerance features for your various appliance models.
* Which models support clustering? (Describe available clustering configurations.)
* Do any of the models integrate with third-party load balancing and/or network bandwidth management technologies? Please describe.
* Detail the power and heat dissipation requirements of each model.
Service and Support
* What are the terms and availability of basic support?
* What premium support services are available, and how much do they cost?
* What are the service and support terms available to ensure product uptime?
* What online help and training tools are available?
Cost-Benefit Analysis
* What does the product cost, including base costs and costs for additional features and for various models?
* What is the impact on pricing of adding more users during the subscription term?
* What cost advantages will our organization realize by choosing this solution?
References
Please provide reference customers that have completed a similar deployment with similar numbers of users and applications in the same industry.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.