There are many ways to protect email, and to send and receive it
securely. But for a cash-strapped small and medium-sized business
(SMB) with little or no dedicated information security staff, there
are three approaches:
- Software.
- Hardware or appliance.
-
Outsourcing to a managed security service provider (MSSP).
These approaches can be handled with your existing staff, require
no new specialized skills or training and are easy to implement.
They also don't require someone on staff 24/7, usually a luxury for
thin IT departments at SMBs; they can be set up to page someone on
call instead of a night crew.
Whichever approach you choose, make sure it protects both inbound
and outbound email. You don't want to spend scarce dollars on two
solutions for each issue. The inbound risks include junk email, or
spam, and email with malware attached. Sometimes the two are
intertwined. Besides clogging up network bandwidth and hogging
space on email servers, some spam comes with malware. Outbound
email has the same two risks. An email server compromised by a
malicious attacker can be turned into a relay, spewing out spam and
malware-laden email from your network.
Software
On the software side, there are a number of offerings. E-mail
Filter from SurfControl
PLC can be installed on either Windows 2000 or 2003 Server. Its
Message Administrator allows a system administrator to analyze
email logs and scout for spam, malware and message content. It can
be tuned to block or allow any type of email the administrator sees
fit.
GFI MailEssentials for
Exchange/SMTP is a similar product that can be installed on mail
servers or gateways. The product, from Cary, N.C.-based GFI
Software, uses signatures and
Bayesian keywords to pick out malicious
email and spam. It also can add disclaimers and banners to
outbound emails, a plus for businesses in some regulated
industries.
Other products include
PureMessage from Sophos PLC and
Brightmail from Symantec Corp., both leading antivirus vendors.
Last month,
Trend Micro Inc. debuted Client Server Messaging Security, its
own email security product just for SMBs. An advantage of these
products is they integrate well with their parent company's
antiviral offerings. In addition, PureMessage comes in versions for
Windows, Unix and Lotus Domino. Some other software geared to SMBs
are Mail
Attender from Sherpa Software in Bridgeville, Pa., and
Dash from AppMail LLC in San
Mateo, Calif.
A drawback of software applications is they require installation
on your own hardware and then regular maintenance. This can be
time-consuming, especially configuring a server, installing and
setting up software, and then testing it to make sure it's
compatible with both your email system and network. On the surface,
the software route may appear cheaper than a hardware approach. But
after considering the investment required in hardware, installation
and maintenance, it may end up costing the same.
Hardware
For hardware, there is a wider variety of choices. All are
self-contained appliances or servers that can be installed on your
network in tandem with either your email server or gateway. Some
are offered by the same companies that provide software, such as
SurfControl, Sophos and Symantec.
RiskFilter from SurfControl has a Web-based interface for both
management and reporting of email activity, similar to its software
counterpart. The product bills itself as quick and easy to install
and set up.
The Symantec Mail Security 8200 Series includes easy-to-use
appliances that allow centralized management, as well as content
filtering and monitoring for malware in both inbound and outbound
messages. The products come packaged with Symantec's own Brightmail
technology for filtering spam and its own antivirus software. The
products are also designed specifically for smaller companies that
need something easy to install that requires little
maintenance.
IronPort Systems Inc., an
appliance vendor acquired in January by Cisco Systems Inc., uses
technology from Sophos for the antiviral piece and its own context
adaptive scanning engine to block spam. The C10 Email Security
Appliance is a smaller version of its product line designed to meet
the needs of SMBs.
Other hardware appliances for securing SMB email include
MailFoundry's 1150 Email
Filtering Appliance and Tumbleweed MailGate Appliance. Prices are
negotiated directly with the vendor but expect to pay at least
$2,000 for any of these products.
When considering hardware, the same rules apply as for the
purchase of any network equipment. Is it compatible with your
network? How easy is it to set up, and how much maintenance is
required after that? Will it take down your network if it fails, or
can it pass through traffic in the event of an outage?
Outsourcing
The third option, using an MSSP, has the fewest SMB-friendly
options. MessageLabs Ltd.
is an MSSP for corporate messaging. It offers services for
protecting the security of both email and IM, but without the
installation of hardware or software. MessageLabs is one of the
very few players in the MSSP space specializing in email
protection. Even fewer still cater to the SMB market. This may be
an attractive option for an SMB, since there's no overhead.
MessageLabs also offers traditional email protection products.
The answer to your email security needs -- software, hardware
appliance or MSSP -- depends on your organization's size, budget,
staffing and security needs. But for quick installation, fewer
maintenance headaches and a wide range of choices, hardware
appliances should be strongly considered by any SMB shopping for an
email security tool.
Joel Dubin, CISSP, is an independent computer security
consultant based in Chicago. He is a Microsoft MVP in security,
specializing in Web and application security, and is the author
of The Little Black Book of Computer Security, available on
Amazon.com. He is also the author of the IT Security Guy blog at
http://www.theitsecurityguy.com,
and he hosts a regular radio show in Chicago on computer
security.