E-Mail Content Security: Filtering Out the Hype
by Ed Macnair - CEO, Marshal - Wednesday, 6 December 2006.
E-mail is at risk - vulnerable to external attack from viruses, spam, spyware and phishing technologies. And vulnerable to abuse from within, which could result in: acceptable use policies being compromised; regulatory compliance violations; and/or confidential corporate data being leaked externally. The recent DVLA disciplinary action demonstrated all too clearly what can happen when acceptable use policies are flouted by a large number of employees.

A plethora of e-mail content security technologies have emerged in recent years to address such vulnerabilities. Companies currently have the choice of two major types of email content security solution: software or appliances. Software solutions have been available for about ten years, while appliances appeared on the market around five years ago. Appliances are purpose-specific e-mail content security servers, typically based on industry-standard server hardware and running a security-hardened Unix/Linux OS to provide the platform for the mail-screening software.

Since their inception, appliances have been touted by some as the holy grail of e-mail content security, winning over many customers in the process. Today, however, the tide is turning.

Plug and play?

The major selling point for appliances has always been based on the perception that they provided a ‘plug and play’, purpose built, e-mail security hardware solution. The idea was that a company could order a pre-configured email scanning system that would simply plug into its email environment and instantly start cleaning spam and viruses from e-mail. In practice, appliances can be difficult and time-consuming to install. The biggest selling appliance product on the market can take up to six hours to install, compared to between 1-2 hours for an equivalent software-only installation. In some cases, an appliance vendor-approved technician must perform the installation because it is so complex, with customers having to pay extra for this service. By contrast, most software solutions can be easily installed by any in-house IT person with a reasonable understanding of email configuration, MS Exchange and firewall administration.

Performance, scalability and high availability

Performance, scalability and high availability are clearly important factors to consider when choosing how to secure a business-critical tool such as email. E-mail scanning should be a transparent process, with no perceivable delay in email performance and should also be scalable - able to manage 10,000 users as easily as it can manage 100. Ideally, it should also be capable of clustering and load-balancing in an array environment, to ensure high performance throughput scanning, and also redundancy for high availability.

Performance is often claimed as a strength by many appliance vendors on the basis that the hardware is dedicated to a specific task. However, performance is really dependent on a range of factors such as processor speed, available memory, disc I/O, volumes of email and the type of email your business sends. Appliances are commonly marketed as suitable for “up to 1000 users,” based on a simple calculation of how much email the average person sends per hour and how much e-mail the server can process. Often this calculation assumes that the average email size is less than 10Kb. In our experience most typical businesses average around 40Kb per e-mail. As a result, a single appliance purchase really only supports 25% of that claim.

In order to actually process the true volume of e-mail the business requires, companies often need to upgrade to a higher specification appliance, or purchase a second appliance. Usually, customers have already made a significant investment in the appliance hardware and are compelled to upgrade, again at significant additional cost and installation disruption.


Credential manager system used by Cisco, IBM, F5 has been breached

Pearson VUE is part of Pearson, the world's largest learning company. Over 450 credential owners (including IT organizations such as IBM, Adobe, etc.) across the globe use the company's solutions to develop, manage, deliver and grow their testing programs.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Nov 25th