E-mail is the primary conduit of information for many organizations, both internally and with the outside world. Unfortunately, e-mail is also a prime channel for annoyances such as spam, as well as security threats in the form of viruses, spyware, phishing attacks, and more. Some companies choose to defend their e-mail systems in-house by deploying e-mail security products. Others, however, look to outside assistance in the form of hosted e-mail security services.
As a follow-up to my review of nine e-mail security appliances, I looked at six hosted e-mail security solutions from AppRiver, MessageLabs (now owned by Symantec), Microsoft, MX Logic, SECNAP Network Security, and Trend Micro. Postini (now owned by Google), another major player in the hosted e-mail security space, declined to participate.
[ Compare these e-mail security services by features. Compare their spam filtering results. See the Test Center guide to e-mail security appliances including reviews of offerings from Barracuda, BorderWare, Cisco, Mirapoint, Proofpoint, Secure Computing, Sendio, Symantec, and Tumbleweed. ]
Before delving into the review itself, however, it's useful to understand just why an organization might want to hand over e-mail-security duties to a third-party provider. After all, many IT managers may be uncomfortable with having a critical application such as e-mail outside their control. However, hosted e-mail services hold several advantages over their in-house counterparts. There are drawbacks as well.
Appliance versus services
One advantage that a service holds over an in-house solution is that when you're using an outside provider, the volume of mail coming to your internal network is greatly diminished -- by 80 to 90 percent in most cases. Moreover, because you don't receive the unwanted mail at your location, you have no need to worry about archiving it. Such might not be the case if you're doing the filtering in-house.
A second advantage of a hosted service is that most providers have more robust networks than even large organizations, with multiple sites that have at least two separate Internet connections and multiple servers. Thus, going with an outside provider greatly decreases the chances that your e-mail service will be unavailable.
Third, hosted services offer a buffer for your e-mail system. If your internal e-mail server fails or if your Internet connection goes down, your mail will continue to accumulate on the hosted service's server until your in-house problem is resolved.
Yet another point for hosted services: They offer all features you'll find in appliances, such as content management, but they also boast services that don't come with an in-house box, including archiving, disaster recovery, and encryption. Bear in mind, however, that if you're going to implement certain features among internal users -- for example, to enforce policies on e-mail content between users in the same department -- you'll have to ensure that all messages are forwarded through the hosted service. This can be complex to set up and could increase delivery times.
| Test Center Scorecard | ||||||
|---|---|---|---|---|---|---|
 |  |  |  |  |  | |
| 30% | 30% | 20% | 10% | 10% | ||
| AppRiver SecureTide | 8 | 8 | 8 | 7 | 7 |
7.8
Good
|
| 30% | 30% | 20% | 10% | 10% | ||
| MessageLabs Email Anti-Spam and Anti-Virus Services | 9 | 9 | 9 | 9 | 8 |
8.9
Very Good
|
| 30% | 30% | 20% | 10% | 10% | ||
| Microsoft Exchange Hosted Filtering Services | 9 | 8 | 9 | 9 | 8 |
8.6
Very Good
|
| 30% | 30% | 20% | 10% | 10% | ||
| MX Logic Email Defense Service | 8 | 8 | 9 | 8 | 8 |
8.2
Very Good
|
| 30% | 30% | 20% | 10% | 10% | ||
| SECNAP Hosted Email Security Gateway | 7 | 7 | 8 | 7 | 8 |
7.3
Good
|
| 30% | 30% | 20% | 10% | 10% | ||
| Trend Micro InterScan Messaging Hosted Security | 9 | 8 | 8 | 7 | 9 |
8.3
Very Good
|
Get the independent advice and expertise you need to support a virtual workforce.
The increase in Linux popularity has increased the frequency and sophistication of malware attacks. Read this 2 page white paper now to learn how you can protect your Linux environment with real-time protection that is certified by all major Linux vendors.
Download now »
Ensuring acceptable application delivery will become even more difficult over the next few years. As a result, IT organizations need to ensure that the approach that they take to resolving the current application delivery challenges can scale to support the emerging challenges. This handbook elaborates on the key tasks associated with planning, optimization, management and control and provides decision criteria to help IT organizations choose appropriate solutions.
Download now »
A common misconception is that mid-range storage requirements are dramatically different than that of a larger enterprise. Mid-range storage users may require less capacity, but they have similar functionality and management requirements. This ESG paper examines mid-range storage needs and reviews a new solution that adjusts size while retaining value, performance and functionality.
Download now »
Sign up to receive Security Resource Alerts
This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.
Download now! »
Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.
Download now! »
Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.
Download now! »
66 Recommendations
