During the past few years, enterprise e-mail security needs have expanded beyond simply fighting spam. As a result, vendors in this space are left having to continuously enhance their products with related features in order to keep up.
These companies, including CipherTrust, Tumbleweed, MessageLabs, Espion, Symantec and many others, continue a steady march beyond what two years ago was the defining task in this market -- blocking spam. Today, enterprises need to protect themselves from more than just unwanted e-mail, and are looking to their messaging security providers for myriad functions including instant messaging and Web security, outbound e-mail encryption and policy enforcement, and extra measures to fight viruses.
CipherTrust, for example, Monday announced a new product line designed to secure IM communications at enterprises. According to the Radicati Group, 54 percent of employees currently use IM at work, although CipherTrust says most of that communication goes unmonitored and unprotected.
Charlotte Pipe and Foundry, a PVC and cast-iron pipe manufacturer, has used CipherTrust's IronMail e-mail gateway appliance for two years and plans to test the new IronIM appliance, says network administrator Charles Gautreaux. IM at his company has been sanctioned for some employees, but never controlled, so Gautreaux is looking forward to features such as blocking unauthorized IM use and creating message logs, as well as protecting from threats like spam and viruses.
"With what we are seeing out there in the wild, we see a great need for IM security and encryption," Gautreaux says, adding that CipherTrust's IronIM appliance is the only one he knows of that offers encryption on outbound IM messages.
Available now starting at US$5,995, IronIM works with a number of IM services including those from AOL, Yahoo, and MSN. CipherTrust was able to leverage much of the anti-spam and anti-virus technology it developed for its e-mail gateway appliance in this product, says Alex Hernandez, the company's director of advanced product development.
The addition of an IM product to CipherTrust's security offerings is part of the company's plan to provide "messaging security for IT," Hernandez says. "We support all major [communications] protocols." Currently CipherTrust is selling IronIM as a separate appliance from its IronMail product, although Hernandez says the company may release one appliance that can protect both types of traffic in the near future, which would likely be aimed at small and midsized businesses.
Tumbleweed Tuesday announced an upgrade to its MailGate Appliance that goes beyond fighting spam with more complete e-mail security features such as policy management and content filtering for outbound mail, according to Tumbleweed CTO John Thielens.
MailGate Appliance 3.0's outbound features, quickly becoming check-list items that most vendors in the e-mail security market offer today, help companies comply with federal regulations such as HIPAA and Sarbanes-Oxley by blocking outbound messages containing information that, per regulation, can't leave the company's e-mail domain or must be encrypted.
MailGate Appliance 3.0 includes templates for a number of these regulations and scans outbound messages looking for keyword matches, then identifies e-mails that contain them, Thielens says. Companies can also use this outbound filtering capability to ensure intellectual property, trade secrets, and other sensitive information is not sent outside of the company he says.
With this release, Tumbleweed has also included features from its MailGate Edge relay product. These include real-time SMTP connection analysis and management, designed to protect enterprises from what the company calls "dark traffic," such as directory harvest attacks and e-mail denial-of-service attacks. By identifying and throttling such traffic, MailGate Appliance 3.0 can reduce the amount of inbound mail entering an organization by up to 90 percent, the company says.
"A couple years ago we were using MailGate for [fighting] spam, but with Version 3.0 they've integrated what their edge product does, as well as protecting against spam and viruses," says Scott Rose, senior infrastructure architect with Finisar, manufacturer of fiber optic subsystems and network performance test systems. "Integrating that into one product is really helpful."
MailGate Appliance 3.0, available now, ranges in price depending on number of users and modules purchased. For example, a 500-user system with anti-spam services starts at US$5,300.
In another example of an e-mail security vendor moving beyond basic threat protection, MessageLabs late last month announced the extension of its e-mail security managed services to the Web. Also Espion, an e-mail security vendor with an appliance powered by artificial intelligence, in September released a product for outbound e-mail encryption that works as a stand-alone appliance or as a module to its Interceptor e-mail security appliance.
Meanwhile, security giant Symantec is building its e-mail security arsenal through acquisition, beginning in 2004 with its purchase of anti-spam vendor Brightmail and rounded out earlier this month with the closing of its deal to buy anti-phishing vendor WholeSecurity and the announcement of its intent to snap up compliance software maker BindView Development.