Talkback
E-mail
Printer Friendly
Reprints
Data protection options
For organizations seeking additional message protection, there are two kinds of encryption available, which can help secure
e-mail sent between corporate sites or between you and your partners: TLS (Transport Layer Security) and per-message encryption.
TLS is encryption from server to server between domains. It requires setting up an encrypted connection in advance, and then
any e-mail between those two servers will be encrypted. Per-message encryption uses PGP or some other algorithm to encrypt
individual messages. The user at the other end must have the proper key to decrypt the message. This doesn't require advance
setup, but users receiving encrypted messages may not be able to decrypt the message without help from an admin.
Most appliances can provide TLS, and a few can also provide policy-based encryption using a separate encryption engine. One encryption engine, the Voltage IBE (Identity-Based Encryption), which is available with the Proofpoint and Secure Computing IronMail appliances, makes decryption very easy for the recipient; the user need only click a URL in the message and enter their information, and they are then able to decrypt the message. (See our review of the Voltage SecureMail Appliance.)
If you are interested in checking incoming or outgoing messages against specific word lists to spot potential data breaches or ensure compliance with HR requirements, you should be aware that some vendors make this easier than others, by providing a GUI rather than requiring you to refer to a manual to find the exact syntax to type in. Further, not all vendors provide standard lists of words along with their content management engines. But nearly all the vendors (Sendio is a rare exception) will monitor incoming and outgoing messages, and block on specific words or phrases or patterns. And if they don’t provide lists themselves, they will allow you to create or import lists of words in a number of categories, such as sexually explicit language, otherwise offensive language, politically incorrect language, terms that might refer to proprietary intellectual property, and phrases or numbers that could violate confidentiality agreements or legal requirements, such as a customer's Social Security number or credit card information. If a product you otherwise like doesn't include such lists, you can often find them on the Internet.
Appliances come with a wide variety of backup capabilities, ranging from Mirapoint's compatibility with commercial backup software such as NetBackup, and Tumbleweed's automated backup of the mail store, to the minimal ability to save a configuration file or perform a complete backup of the mail store by typing a Linux tar command at the command line. If you will be maintaining a message quarantine on the appliance, you may want a solution that allows you to back up the quarantine separately.
Also worth asking is whether the secure content manager can scan inside zip files, or detect encrypted attachments and block or delete them. All the appliances tested except the Sendio could block messages that contain zip files (or executables, or any other attachments, either by extension or file size). And all except the Sendio, which doesn't do filtering of any kind, could block encrypted attachments. The features table provides an at-a-glance comparison of what each product provides.
Choices in mail security
Feature checklist
Data protection options
Testing mail security appliances
Mail security appliance reviews
Barracuda Spam Firewall 400 (v3.4.10.102)
BorderWare Security Platform SP-800 (v7.1)
Cisco IronPort C100 (v5.5.1)
Mirapoint RazorGate 160 (v3.8.4-GA)
Proofpoint Messaging Security Gateway P840 (v5.0)
Secure Computing IronMail E2000 (v6.5.2)
Sendio I.C.E. Box (v3.0)
Symantec Mail Security 8340 (v7.5)
Tumbleweed MailGate 5650 (v3.1.2-4366-HF1)
