Email security buying decisions

More on email security Email encryption: Five steps to success Dell, Symantec simplify Secure Exchange for SMBs

Whichever approach you choose, make sure it protects both inbound and outbound email. You don't want to spend scarce dollars on two solutions for each issue. The inbound risks include junk email, or spam, and email with malware attached. Sometimes the two are intertwined. Besides clogging up network bandwidth and hogging space on email servers, some spam comes with malware. Outbound email has the same two risks. An email server compromised by a malicious attacker can be turned into a relay, spewing out spam and malware-laden email from your network.

Software

On the software side, there are a number of offerings. E-mail Filter from SurfControl PLC can be installed on either Windows 2000 or 2003 Server. Its Message Administrator allows a system administrator to analyze email logs and scout for spam, malware and message content. It can be tuned to block or allow any type of email the administrator sees fit.

GFI MailEssentials for Exchange/SMTP is a similar product that can be installed on mail servers or gateways. The product, from Cary, N.C.-based GFI Software, uses signatures and Bayesian keywords to pick out malicious email and spam. It also can add disclaimers and banners to outbound emails, a plus for businesses in some regulated industries.

Other products include PureMessage from Sophos PLC and Brightmail from Symantec Corp., both leading antivirus vendors. Last month, Trend Micro Inc. debuted Client Server Messaging Security, its own email security product just for SMBs. An advantage of these products is they integrate well with their parent company's antiviral offerings. In addition, PureMessage comes in versions for Windows, Unix and Lotus Domino. Some other software geared to SMBs are Mail Attender from Sherpa Software in Bridgeville, Pa., and Dash from AppMail LLC in San Mateo, Calif.

A drawback of software applications is they require installation on your own hardware and then regular maintenance. This can be time-consuming, especially configuring a server, installing and setting up software, and then testing it to make sure it's compatible with both your email system and network. On the surface, the software route may appear cheaper than a hardware approach. But after considering the investment required in hardware, installation and maintenance, it may end up costing the same.

Hardware

For hardware, there is a wider variety of choices. All are self-contained appliances or servers that can be installed on your network in tandem with either your email server or gateway. Some are offered by the same companies that provide software, such as SurfControl, Sophos and Symantec.

RiskFilter from SurfControl has a Web-based interface for both management and reporting of email activity, similar to its software counterpart. The product bills itself as quick and easy to install and set up.

The Symantec Mail Security 8200 Series includes easy-to-use appliances that allow centralized management, as well as content filtering and monitoring for malware in both inbound and outbound messages. The products come packaged with Symantec's own Brightmail technology for filtering spam and its own antivirus software. The products are also designed specifically for smaller companies that need something easy to install that requires little maintenance.

IronPort Systems Inc., an appliance vendor acquired in January by Cisco Systems Inc., uses technology from Sophos for the antiviral piece and its own context adaptive scanning engine to block spam. The C10 Email Security Appliance is a smaller version of its product line designed to meet the needs of SMBs.

Other hardware appliances for securing SMB email include MailFoundry's 1150 Email Filtering Appliance and Tumbleweed MailGate Appliance. Prices are negotiated directly with the vendor but expect to pay at least $2,000 for any of these products.

When considering hardware, the same rules apply as for the purchase of any network equipment. Is it compatible with your network? How easy is it to set up, and how much maintenance is required after that? Will it take down your network if it fails, or can it pass through traffic in the event of an outage?

Outsourcing

The third option, using an MSSP, has the fewest SMB-friendly options. MessageLabs Ltd. is an MSSP for corporate messaging. It offers services for protecting the security of both email and IM, but without the installation of hardware or software. MessageLabs is one of the very few players in the MSSP space specializing in email protection. Even fewer still cater to the SMB market. This may be an attractive option for an SMB, since there's no overhead. MessageLabs also offers traditional email protection products.

The answer to your email security needs -- software, hardware appliance or MSSP -- depends on your organization's size, budget, staffing and security needs. But for quick installation, fewer maintenance headaches and a wide range of choices, hardware appliances should be strongly considered by any SMB shopping for an email security tool.

Joel Dubin, CISSP, is an independent computer security consultant based in Chicago. He is a Microsoft MVP in security, specializing in Web and application security, and is the author of The Little Black Book of Computer Security, available on Amazon.com. He is also the author of the IT Security Guy blog at http://www.theitsecurityguy.com, and he hosts a regular radio show in Chicago on computer security.

Tags: Security for the midmarket,  Email and messaging for the midmarket,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security for the midmarket Locking down security in the move to electronic medical records A CIO's advice for implementing single sign-on solutions Options for outsourcing security grow, offer IT budget savings Network access control: Pointers for getting the knack of NAC Stopping malware viruses from attacking Web 2.0 technology Virtual servers no escape from IT security management concerns Unified communications: Securing access to OCS Unified communications security: How safe is it? Risk assessment frameworks easy to employ Midmarket regulatory compliance management: Don't let your guard down Email and messaging for the midmarket Midmarket data center management guides: Tips and best practices CIO's cost-cutting measures include move to Gmail Midmarket firm harnesses email communication as part of disaster plan Arts center's network infrastructure hits right note with Wi-Fi, FMC When Microsoft shuts you down and other IT horror stories CIOs, unified communications and the lost art of conversation Fixed-mobile convergence saves firms costly mobile phone charges CIOs grapple with tying Wi-Fi, VoIP into unified communications plan Unified communications: Savvy business move or security meltdown? Unified communications security: How safe is it?

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary