Google Answers Logo
View Question
 
Q: eMail and Internet Usage Monitoring ( Answered 5 out of 5 stars,   4 Comments )
Question  
Subject: eMail and Internet Usage Monitoring
Category: Computers > Software
Asked by: ithead-ga
List Price: $50.00
Posted: 19 Aug 2003 07:44 PDT
Expires: 18 Sep 2003 07:44 PDT
Question ID: 246405
Our company operates an eMail and Internet Usage Policy to manage best
use of both facilities. We use Lotus Notes 5 for all eMail and all
Internet access is via central located router/firewalls. We operate a
number of LAN's across the country and the sites operate a Lotus Notes
server locally. However, all external eMail and Internet access is via
a central point. We currently employ Mailsweeper centrally to manage
external eMail (i.e. internet eMails), and Mailsweeper enforces the
necessary policies to minimise the level of personal/dubious eMails
entering/leaving via the Internet. We operate firewalls to protect
internal assets but do not have an Internet Policy enforcer package in
place. We currently analyse eMails to a small extent manually using
downloads to Excel - this is unsatisfactory and only captures external
eMail (i.e. eMail sent/received through our Mailsweeper system). We do
not analyse Internet usage at all due to the sheer volume of data
involved.

We are looking for software products (probably one for eMail analysis
and a separate product for Internet usage analysis ?) which will
simplify the analysis and reporting on use of both eMail and Internet.
In addition, the Internet usage analysis product should also provide
us with a Policy enforcement element (e.g.  enable use to maintain a
list of blocked sites, blocked subjects etc.)

The intention of using the eMail and Internet Usage analysis tools is
to enable us to analyse eMail and Internet usage to minimise personal
and/or inappropriate use and enforce our IT Policies.

In summary, the software products we source should provide at least
the following :

eMail Analysis :
- all internal and external eMails to be analysed
- overall company totals (i.e. no. of eMails internally, externally,
by time, by date/week/month, peak use times, personal vs. business
etc.)
- summary and detail by user (as above)
- summary and detail by site (i.e. by LAN/Notes Server with above
minimum analysis)
- analysis of large eMail users
- analysis of users with largest attachments / bandwidth usage

Internet Usage Analysis :
- provide facilities to enforce policies by Department or User (e.g.
banned sites, banned functions such as downloads of music,.EXE files,
graphics etc.)
- overall company summary (top sites visited, traffic by
date/week/month, time spent at sites, peak us times)
- summary by user (summary and detail of sites visited, time spent on
sites, attempts to visit barred sites as per policy enforcer, peak
times of use, downloaded files/images/programs etc.)
- analysis of large Internet/bandwidth users
- analysis of banned site access attempts
- analysis of downloaded files

We are currently evaluating Mailmeter (from Waterford Technologies in
Ireland) as a potential eMail analysis tool - seems very good. Also we
have attempted to use Surfcontrol to help manage/report on Internet
usage in the past but never got the product to work properly - could
be lack of application on our part !

For the Answer to this Question, can you please :

- highlight the main products/industry leaders we should evaluate for
(i) eMail analysis, and (ii) Internet Policy enforcer and usage
analysis
- give us your views on the relative merits and pricing of each

Thanks for your help,

Regards,

Pat Rowan

Request for Question Clarification by aht-ga on 19 Aug 2003 18:14 PDT
Pat,

Unfortunately, I will not have the time available for a few days to
give you the same level of analysis that I was able to provide for
your Storage Resource Management system question, so I'll provide you
with some links to check out on your own. This may save you some time,
but on it's own is not yet worth the $50 you are offering for your
Question.

-=THE=- world leader in Internet policy enforcement is Websense. They
do the work, so that you don't have to. :)

http://www.websense.com/


Others to consider:


Elron Software:

http://www.elronsoftware.com/


Symantec (they purchased UR Labs in 1999):

http://enterprisesecurity.symantec.com/default.cfm


Secure Computing SmartFilter:

http://www.securecomputing.com/index.cfm?skey=85


These are the major ones, but in order to give you the analysis and
recommendations you are seeking, I will need more time than I
currently have available to me. If you would like this analysis and
are willing to wait for it, please let me know via a Question
Clarification... otherwise, the links above should get you going on
your own without any problems.

Regards,

aht-ga

Request for Question Clarification by aht-ga on 19 Aug 2003 18:19 PDT
One more link... Websense actually has a good competitive comparison
chart on their website, fortunately the vendors I named above are all
on it :)

http://www.websense.com/products/about/competitors/index.cfm

Again, please let me know if you are able to wait for an analysis of
these, as well as e-mail filtering/policy enforcement software.

Thanks,

aht-ga

Clarification of Question by ithead-ga on 20 Aug 2003 00:48 PDT
aht-ga,

Yes, happy to wait until you have time to analyse - I'm on hols. for a
week, so if you could answer by 1/9, this is fine.

I'm aware of Websense but we have no experience/done any investigation
on it. You don't mention surfcontrol - heavily advertised in Ireland.
Doesn't mean it's good. Our experience was that policies worked ok,
but reports we poor and hard to see the 'wood from the trees'. Anyway,
it was not implemented properly so this could have been the problem.

In any event, we open to any product which will give us what we need
so your advice and comparison is very welcome.

In hindsight we may have been able to get a product which would do the
eMail and Internet Policy enforcement in addition to reporting of both
(Suftcontrol claims to do both), but Mailsweeper is the industry
leader in eMail policies and does a good job with the exception of
Spam control !

Regards, Pat

Request for Question Clarification by aht-ga on 20 Aug 2003 06:09 PDT
Pat,

Alright then, I will endeavour to reply to your question with an
Answer prior to Sept. 1st, that covers:

- the main product leaders for i)e-mail analysis/policy enforcement;
ii)Internet usage analysis/enforcement; and iii)both i and ii in a
single product, if applicable
- an overview of the pros and cons of the identified products
- an expressed opinion on which packages would be the best choice for
an organization with multiple facilities/networks, but centralized
data connections to the outside world

I will include both Surfcontrol, Mailmeter, and Mailsweeper in the
analysis (I did not mention Surfcontrol as you had already looked at
it), and will focus on Lotus Notes/Domino compatible e-mail utilities.

Please let me know if there is anything I have missed in this summary,
so that I can incorporate it before posting the analysis as the Answer
(once I'm done).

Thanks,

aht-ga

Clarification of Question by ithead-ga on 20 Aug 2003 09:40 PDT
aht-ga,

Thanks - your approach/summary of response required is fine. 

Regards,

Pat
Answer  
Subject: Re: eMail and Internet Usage Monitoring
Answered By: aht-ga on 23 Aug 2003 10:21 PDT
Rated:5 out of 5 stars
 
ithead-ga:

Thank you for your Question regarding e-mail and Internet usage
monitoring/filtering software for your corporate environment. In line
with your instructions and clarifications, the following is an
analysis of the leading products for:

  i) e-mail monitoring and filtering in a Lotus Notes environment
 ii) Internet usage monitor and policy enforcement for a single
external gateway environment
iii) products that provide both i) and ii)


Summary:
--------

The most secure e-mail monitoring and filtering solution available is
the hardware-based IronMail solution from CipherTrust. By using a
dedicated, hardened appliance to enforce anti-spam and e-mail usage
policy, no additional workload is placed on your existing
infrastructure.

For software-based solutions to external e-mail monitoring and
filtering, the leading products to consider are 'SurfControl E-mail
Filter', Elron Software's 'Message Inspector' and 'GFI
MailEssentials/MailSecurity'. Given your Lotus Notes/Domino
environment, though, your best option is still the CSL Mailsweeper
package that you are already using. The latest version, used in
conjunction with the new Mailsweeper - Antispam Edition, would give
you the monitoring and policy enforcement you seek, along with
protection against spam.

The field of Internet usage monitoring and policy enforcement is led
by WebSense Enterprise. Other products that perform well in this role
include 'SurfControl Web Filter', Wavecrest Computing's 'Cyfin
Reporter/Cyblock Web Filter', and Elron's 'IM Web Inspector'. All of
these work by using an 'approved list' of websites, along with active
monitoring of traffic to detect and block maliscious or nonpermitted
content. As both WebSense and SurfControl offer evaluation versions,
and since you have already tried SurfControl, I suggest obtaining an
evaluation copy of WebSense Enterprise 5.0.1 to see if its approach
suits your needs better.

For a single-source, all-encompassing product line, SurfControl has
the best overall portfolio to offer, followed by Elron Software.


Details and Links:
------------------

-> E-mail Monitoring & Filtering

CipherTrust IronMail:

  The IronMail approach to e-mail policy enforcement and filtering
uses a dedicated, hardened appliance that stands between your e-mail
server and the outside world. By using a dedicated-design device,
there is lower likelihood that the system can be bypassed or
compromised due to a security bug. For Lotus Notes/Domino
environments, the IronMail appliance fully supports secure external
access using the Lotus Notes client or the web browser interface (if
enabled on the Domino server). The IronMail appliance is placed in the
DMZ of the corporate network, allowing the Domino servers to stay
safely behind your firewalls, dealing with a single, known gateway.

The IronMail system provides strong filtering capabilities for e-mail
content, attachments, and encryption standards. The spam filtering
function uses both an automatically updated blacklist, DNS reverse
lookup, user quarantine review and whitelists, and content scanning.

For your needs, and depending on the volume of mail your company sends
and receives, a dedicated e-mail security appliance may be overkill.
However, it may be worth having CipherTrust evaluate your needs to see
how much this option would cost you.

http://www.ciphertrust.com/technology_and_services/


---------------------------------------------------

SurfControl E-mail Filter:

  SurfControl E-mail Filter provides the best available software-based
monitoring and filtering package for SMTP mail traffic. The challenge
is in the configuration and administration of this powerful package.
Once set up, though, SurfControl's adaptive learning capability helps
keep maintenance to a minimum. When used in conjuction with the other
SurfControl Filter applications (Web, IM), you will have a total
filtering and monitor solution through a single vendor.

Note that SurfControl E-mail Filter acts either as an SMTP gateway, or
integrates with an Exchange Server. For a Lotus Notes environment,
SurfControl cannot analyze traffic internal to the Notes/Domino
server.

It is worth the time and effort to train the application properly so
that its capabilities are truly exploited for SMTP mail. Try the
latest version (4.7) that was just released on August 11th, they claim
improved and superior spam control. Downloading and installing the
latest rules dictionaries will help with this.


http://surfcontrol.com/products/email/
http://surfcontrol.com/support/bulletins/rules.aspx


---------------------------------------------------

GFI MailEssentials/MailSecurity:

  GFI MailEssentials provides highly-regarded e-mail policy
enforcement and anti-spam capabilities. When integrated with GFI
MailSecurity, the unified package provides complete enforcement and
security capabilities for any SMTP mail environment. Notable features
include HTML exploit protection. GFI also offers 'DownloadSecurity for
ISA Server' to provide protection for files downloaded using HTTP or
FTP through the Internet.

GFI MailEssentials does offer the ability to use external blacklists
(such as SpamCop and ORDB), something that SurfControl does not
readily support. Often, the use of external blacklists helps keep the
administrative work down, but does increase the possibility of a false
positive. Personally, for my personal e-mail solution, I do use both
the SpamCop and ORDB blacklists, and have not encountered a false
positive situation yet.

Like SurfControl, GFI MailEssentials can only act as either an SMTP
gateway, or as an integrated module on an Exchange Server. So, the
same limitations with regards to analyzing and managing your internal
mail applies.

http://www.gfi.com/mes/


---------------------------------------------------

CSL Mailsweeper for Domino:

  CSL Mailsweeper integrates with your Domino server to provide policy
enforcement and security for both external mail as well as internal
mail. With the recent release of 'CSL Mailsweeper - Antispam Edition',
the portfolio now also includes protection against spam, but currently
is only available for users of 'CSL Mailsweeper for SMTP'.

If anti-spam filtering is not as important (or if you are willing to
use a second product, such as 'CSL Mailsweeper - Antispam Edition'
running separately to manage spam), then CSL Mailsweeper for Domino is
still the best option for you as far as an all-traffic mail management
system goes. Adding 'CSL Remotemanager' to your toolkit will make
managing Mailsweeper even easier.

http://www.mailsweeper.com/products/msw/domino/default.asp
http://www.mailsweeper.com/products/antispam/Msw/default.asp


---------------------------------------------------

Waterford Technologies' Mailmeter for Domino:

  Like CSL Mailsweeper, Waterford's Mailmeter supports direct
integration with Domino servers. However, there is no actual anti-spam
capabilities, short of reporting on suspected spam. So, while
Mailmeter is a great tool for managing the mail system, it does not
have good capabilities for helping to manage the actual mail. If this
is not important to you, then still consider that CSL Mailsweeper is
already working for you, and will more than likely incorporate
antispam support into their Domino version in the near future.

http://www.waterfordtechnologies.com/content.cfm?t=Domino%20Business%20Benefits


---------------------------------------------------

Elron Message Inspector:

  Primarily an anti-spam solution, the centrally-managed aspect of
Elron's 'Message Inspector' application makes it a viable policy
enforcement and monitoring tool as well. However, in comparison to
your existing Mailsweeper installation, Message inspector does not
offer anything that makes it truly worth converting over.

http://www.elronsoftware.com/productfamily/msginspector.shtml


===================================================

-> Internet Usage Monitoring & Filtering


WebSense Enterprise:

  WebSense's approach to Internet usage monitoring & filtering is to
use a constantly updated, online database of websites, categorized by
content and function. You choose which categories, and what
enforcement level, you want to control, and the application manages
the rest. WebSense Enterprise also supports local settings to override
the information in the external database. The package is regularly
updated, but is a complex system to set up. Maintenance is relatively
simple through an easy control panel interface. There are also
optional, special purpose online databases ('Premium Groups') that you
can subscribe to to lower your configuration work requirements.

http://www.websense.com/


--------------------------------------------------

Wavecrest Cyfin Reporter/Cyblock Web Filter

  Cyfin Reporter and Cyblock Web Filter are compatible with ISA
Servers and MS Web Proxy servers. The weakness of the web filtering
capability is the need to set up and maintain the local database of
blocked sites. Otherwise, the reporting capabilities are similar to
that of the other packages in this field.

http://www.wavecrestcomputing.com/products/index.html


--------------------------------------------------

SurfControl Web Filter:

  Advertised as the first web filter product to be certified by ICSA
Labs, SurfControl has received its fair share of accolades from
industry. While the online database for SurfControl is not as large as
WebSense's 10 million+ claim, it is still more than adequate for most
corporate environments, when used with dynamic filtering.

SurfControl's reporting capabilities are also top-notch, as long as
traffic on your network is correctly routed through the SurfControl
application. Server compatibility is extensive, and integration with
SurfControl's E-mail and IM Filters does make for a good, all-in-one
package with common user interfaces.

http://www.surfcontrol.com/products/web/


--------------------------------------------------

Elron Software's Web Inspector:

  Web Inspector is an Internet usage monitoring application that also
provides basic enforcement and website blocking capabilities. This
package requires little work to begin monitoring how your Internet
bandwidth is being used, but does require some work to set up proper
site blocking if you choose to do so.

http://www.elronsoftware.com/productfamily/webinspector.shtml


==================================================

-> Other

Symantec Enterprise Security Manager 5.5:

  While not quite an Internet usage monitoring & filtering
application, Symantec's ESM is worth mentioning for its ability to
ensure that your gateway devices and your key network components are
properly configured to prevent your security policies from being
bypassed.

http://enterprisesecurity.symantec.com/products/products.cfm?productid=45&EID=0


--------------------------------------------------

TruSecurity ICSA Labs

  As in most maturing industries, the Internet filtering industry has
started to create certification programs to attempt to set a standard
for performance. The ICSA Labs have created a set of criteria for
Internet filtering software, which might be useful to you in
evaluating your own needs. This work is still ongoing, so check
periodically for updates:

http://www.icsalabs.com/html/communities/sift/certification/criteria/criteria.shtml


==================================================


I hope that this information helps you in selecting the best solutions
for your firm. Please take full advantage of the various vendors'
sales channels to set up a comparison of the products' relative
perfomance in your environment.

If you require clarification for any part of this Answer, please do
not hesitate to let me know. Please note that I will not be online
between August 26th and Sept. 4th, but will endeavour to response to
any clarification requests as soon as possible.

Regards,

aht-ga

Request for Answer Clarification by ithead-ga on 02 Sep 2003 07:30 PDT
Thanks for the detailed answer. Just one clarification request for you
: we find the user management reporting (see eMail analysis part of
Question) from Mailsweeper is poor. We are looking at Mailmeter as a
3rd party add-on which analyses Notes eMail traffic (internal and
external). For info, Mailmeter is purely a reporting tool and only
analyses eMail; does not implement policies or control eMail in any
way. Are there any other Notes eMail reporting/analysis products you
are aware of which help with the analysis/reporting on eMail usage ?

Thanks.

Clarification of Answer by aht-ga on 03 Sep 2003 20:55 PDT
ithead-ga:

Thank you for your clarification request. Besides Mailmeter, there are
a couple of intriguing products to consider:

------------------------

eIQNetworks MailAnalyzer:

While this package provides basically the same capabilities as
MailMeter with perhaps a little less customizability compared to
MailMeter, the intriguing aspect of this package is the announcement a
couple of months ago by IntelliReach ( http://www.intellireach.com ) -
considered by some to be the leaders in e-mail management for the
Novell GroupWise platform - that they intend to use the eIQNetworks
Lotus Notes platform technology as part of a new Notes MessageInsight
suite.

http://www.eiqnetworks.com/products/mailserveranalytics.shtml 

http://www.intellireach.com/company/newsroom/0617_eiq.html


-------------------------

SoftLinx Atomic Dispatch

As an added level of e-mail management, consider trialing Atomic
Dispatch to help control the amount of server space required to
support internal mail with attachments. Atomic Dispatch intercepts
e-mails sent to multiple Notes recipients with large attachments, and
substitutes links instead to reduce bandwidth and storage demands.

http://www.softlinx.com/products/atomicdispatch_domino.html


-------------------------

MailMeter has an impressive list of converts (Black & Decker, law
firms, etc) over the past few years, and is a great reporting package
if you find that the Mailsweeper capabilities do not meet your needs.
MailAnalyzer is a little less-known in the Domino/Notes world, but is
worth considering before you finalize your decision.

Regards,

aht-ga
ithead-ga rated this answer:5 out of 5 stars
Good clear, well researched answer.

Comments  
Subject: Re: eMail and Internet Usage Monitoring
From: pwizard-ga on 20 Aug 2003 06:16 PDT
 
ithead-ga,

We were using Websense in our environment of about 500 users for a
couple of  years, but last year we decided to dump Websense due to
lack of functionality and poor tech support (specifically with our
Terminal Server environment). We evaluated several products and
ultimately went with a combination of Microsoft ISA Server and
SurfControl Web Filter. It's worked very well for us and we are able
to do pretty much everything you mentioned on your checklist. Earlier
this year we purchased and implemented the SurfControl E-Mail Filter
and are also pleased with that product. However, we didn't really
evaluate other email filtering products as the SurfControl handled all
we needed and was also somewhat geared towards our industry (not to
mention we already had their Web Filter and wanted to stay consistent
across vendors if possible).

I just wanted to say that we're happy with the SurfControl products,
especially the last couple of revisions which has added additional
features we were looking for. SurfControl also has an Instant
Messenger filtering product getting ready to be released which would
add even more filtering coverage for your environment. It covers
messaging products like AOL, MSN, ICQ, Yahoo and also P2P sharing
networks such as Gnutella and Fasttrack (Kazaa). I think you should
definitely include them in your evaluations, especially if you haven't
worked with the latest versions of their software.

PWizard
Google Answers Researcher
Subject: Re: eMail and Internet Usage Monitoring
From: aht-ga on 20 Aug 2003 06:55 PDT
 
pwizard-ga,

Given your recent direct experience with e-mail and Internet usage
monitoring software, if you are able to provide ithead-ga with the
analysis he is looking for (ie. across several products), please let
me know and I will gladly defer to you. Your recent experience will be
more relevant to ithead's needs than the analysis I can provide.
Subject: Re: eMail and Internet Usage Monitoring
From: finer9-ga on 24 Aug 2003 17:00 PDT
 
We have a TON of information about this topic at

http://www.Software4Parents.com
Subject: Re: eMail and Internet Usage Monitoring
From: aht-ga on 24 Aug 2003 17:50 PDT
 
finer9-ga:

Thank you for the information, but please note that ithead-ga's
question deals with server-based enterprise-grade solutions for a
corporate LAN/WAN environment, whereas the advertising/marketing site
you provided a link to deals only with consumer-grade, client software
solutions.

Regards,

aht-ga

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  


Google Home - Answers FAQ - Terms of Service - Privacy Policy