Get a grip on communications slips

Code Green, InBoxer, MessageGate, and Palisade compete to prevent costly data loss

At this solution's hub you'll find CORE (Console, Operations, and Reporting Engine) delivering Web-user interface and managing the remaining components. These pieces include a Message Adapter, for intercepting messages from your mail server; Message Analysis Service, which evaluates evidence provided by the adapter and then processes the necessary policy; and a Mailout component, for placing messages back into the mail stream after they're processed. (SenderConfirm's a standalone application based on the main policy enforcement engine; it flags e-mails that are out of compliance, notifies the sender, and lets the person either send or delete the message).

Click for larger view.

Although there are potentially several applications to install, my experience indicates MessageGate can be running in a day and generating assessment reports. Here you get a high-level view of e-mail activities, such as who sends the most messages and what type of files are attached.

After reviewing this scorecard, I was off to the Web console creating policies. Although policies can get extremely complex, there's noting involved in using the Policy Builder. Starting with basic routing (inbound, outbound, or internal messages), I quickly layered on criteria, like removing attachments of a certain file format that were not password protected.

I particularly liked the completeness of these actions (16 in total), which range from sending a confirmation notification to the originator and adding a disclaimer to placing the suspect e-mail in a review queue. Another nice touch is Enterprise Email Governance's policy test mode; this feature let me run real messages through a policy to make sure it's working right without actually invoking actions.

The software improves detection accuracy through dictionaries, where you enter specific terms or create regular expressions for, say, matching social security or bank routing numbers. Further, you can register content in text files and have MessageGate refresh this information on set schedule. That said, the system doesn't crawl document libraries, databases, or content repositories.

When I switched MessageGate to live mode, the software acted on my policies exactly as I'd designed them. For example, outbound messages marked as company confidential were rejected, and a note was relayed to the sender explaining what was wrong. In other cases, messages were sent to a queue where risk managers could review the e-mails and decide if they should be released.

I also viewed both real-time and historical charts, such as internal messages by disposition (blocked, notified, reviewed, routed, modified, not archived, and archived). The company also provides MessageGate Activity Profiles (MAPs). These provide a detailed comparison of current e-mail traffic, policies, and e-mail archive content -- which provide a very good picture of any outstanding compliance risks or places where policies and processes could be more efficient.

The archive option is especially important. First, MessageGate decides if e-mail should be retained. If so, Archive Categorization tags messages with information you configure, such as department codes or litigation holds. At this point, messages are sent to a designated spot (such as a Microsoft Exchange Journal folder), where the e-mail is archived as part of standard backup procedures. I was initially concerned that adding the meta information changes the message so it might not meet the evidence requirements of the Rules of Civil Procedure. Upon further examination, however, I've changed my view. Although  MessageGate does add metadata to the x-header of the message to indicate how it is archived, I could see nothing that indicated the message itself was altered in any way.

MessageGate Enterprise Email Governance provides very effective e-mail management and control. It lets you educate users with informative messages when policies are broken -- and actively handle some problems on the spot, such as inserting disclaimers into messages. The system also takes a more proactive stance whenever necessary, such as blocking message transmissions that are out of bounds.

Although the system doesn't have the elaborate data registration of other solutions, policies can cover most compliance needs; they worked accurately in my testing. MessageGate also has some of the most sophisticated categorization for message archiving. However, this solution doesn't provide for monitoring of Web mail, instant messaging, or other forms of network traffic.

Palisade PacketSure 5.5

Palisade Systems is a long-timer in the content monitoring and filtering market, and that experience is evident in the latest release of the PacketSure data-loss prevention solution. This single appliance audits, blocks, encrypts, and reports when sensitive enterprise data is compromised.

Click for larger view.

New to version 5.5 is SMTP e-mail analysis, plus options to block or encrypt the e-mail when violations are detected. Also, Palisade Systems added lexicons of common words and phrases used in the health care and financial industries, which improves detection accuracy. And the Web user interface was reorganized, making setup and configuration easier.

The PacketSure appliance, similar to other solutions, quickly connects to a network port or tap. I used the latter method to fully test the system as an e-mail proxy so messages could be blocked or encrypted.

Rather than specific policies, PacketSure ships with a long list of default rule sets and file analysis enabled; these range from monitoring HTTP file transfers and trapping file-sharing application to checks of instant messaging and Web-based mail. I tweaked various rules with a Web form, such as blocking Hotmail when files over a certain size were encountered. If you want to make more global changes, the Rules Wizard saves time. For instance, I selected the main Instant Message category (which covers all the major IM clients and protocols), allowed communications, and in the final step selected the type of content analysis to apply.

Beyond the system's general multi-step identification algorithms, you can match specific data, such as structured information, in databases. The process isn't as extensive as I'd like; for instance, PacketSure does not crawl document repositories. Still, this feature ensured that my test list of client account numbers was available for matching. I liked Version 5.5's recognition of private health care information -- a feature that's turned on with a single checkbox.

The ERE (Extended Regular Expression) function recognized Social Security numbers, and it can be customized to look for other types of structured data. Moreover, the Web Filter function contains approximately 14 million Web sites (organized by category) that you can block, monitor, or ignore.

The overall Web interface, while certainly functional and generally easy to navigate, could still use some improvement. For instance, lists of rules and reports are especially long, which sometimes makes it hard to find specific information.

In running through my test scripts (Outlook IMAP E-mail, Hotmail, MSN Messenger, and FTP), PacketSure did a very good job logging, blocking, or allowing communications based on rules. In addition to recognizing risky message content, the system correctly analyzed different files types for private content, including Microsoft Office documents, AutoCAD drawings, and MP3 audio files.

When a violation occurs, PacketSure notifies the sender and (optionally) an administrator. On the presentation side, 60 predefined reports can be customized as needed and saved. I created a query that displayed matches by several rule names and had PacketSure e-mail me this report each day. However, I would like to see a search function to find particular incidents.

As I delved into online versions of different reports, the software showed specifics of each security problem, including the content of attachments that triggered the incident. Yet performing these steps did involve opening different windows and PacketSure lacks the formal workflow of Code Green Networks. Other reports provide summary and trend charts so you can track how your compliance efforts are going along with the underlying details that may be required for compliance audits.

The PacketSure network appliance holds several advantages, including visibility into everything going over your network and the ability to eliminate unwanted protocols and applications. This system helps protect private data by monitoring for several types of information and blocks where appropriate. Therefore, it's appropriate for complying with many government regulations and keeping intellectual property secure. Still, compared to other products, it doesn't have the same level of resolution functions and forensics.

This roundup showcased the many facets of data loss prevention. For clamping down on badly behaved applications or protocols, Palisade PacketSure's got you covered. InBoxer and MessageGate focus on e-mail governance with a vengeance. Yet it was the all-around protection and performance of Code Green Networks' Content Inspection Appliance that nudged it ahead.

InfoWorld Scorecard
Accuracy (20.0%)
Features (20.0%)
Performance (20.0%)
Ease of use (20.0%)
Scalability (10.0%)
Value (10.0%)
Overall Score (100%)
Code Green Networks Content Inspection Appliance 1500 9.0 9.0 9.0 9.0 8.0 8.0 8.8
InBoxer Anti-Risk Appliance 9.0 8.0 8.0 9.0 8.0 9.0 8.5
MessageGate Enterprise Email Governance 4.2.1 8.0 8.0 9.0 9.0 9.0 9.0 8.6
Palisade PacketSure 5.5 9.0 9.0 8.0 8.0 9.0 8.0 8.5
| 1 2 Page 6