ithead-ga:
Thank you for your Question regarding e-mail and Internet usage
monitoring/filtering software for your corporate environment. In line
with your instructions and clarifications, the following is an
analysis of the leading products for:
i) e-mail monitoring and filtering in a Lotus Notes environment
ii) Internet usage monitor and policy enforcement for a single
external gateway environment
iii) products that provide both i) and ii)
Summary:
--------
The most secure e-mail monitoring and filtering solution available is
the hardware-based IronMail solution from CipherTrust. By using a
dedicated, hardened appliance to enforce anti-spam and e-mail usage
policy, no additional workload is placed on your existing
infrastructure.
For software-based solutions to external e-mail monitoring and
filtering, the leading products to consider are 'SurfControl E-mail
Filter', Elron Software's 'Message Inspector' and 'GFI
MailEssentials/MailSecurity'. Given your Lotus Notes/Domino
environment, though, your best option is still the CSL Mailsweeper
package that you are already using. The latest version, used in
conjunction with the new Mailsweeper - Antispam Edition, would give
you the monitoring and policy enforcement you seek, along with
protection against spam.
The field of Internet usage monitoring and policy enforcement is led
by WebSense Enterprise. Other products that perform well in this role
include 'SurfControl Web Filter', Wavecrest Computing's 'Cyfin
Reporter/Cyblock Web Filter', and Elron's 'IM Web Inspector'. All of
these work by using an 'approved list' of websites, along with active
monitoring of traffic to detect and block maliscious or nonpermitted
content. As both WebSense and SurfControl offer evaluation versions,
and since you have already tried SurfControl, I suggest obtaining an
evaluation copy of WebSense Enterprise 5.0.1 to see if its approach
suits your needs better.
For a single-source, all-encompassing product line, SurfControl has
the best overall portfolio to offer, followed by Elron Software.
Details and Links:
------------------
-> E-mail Monitoring & Filtering
CipherTrust IronMail:
The IronMail approach to e-mail policy enforcement and filtering
uses a dedicated, hardened appliance that stands between your e-mail
server and the outside world. By using a dedicated-design device,
there is lower likelihood that the system can be bypassed or
compromised due to a security bug. For Lotus Notes/Domino
environments, the IronMail appliance fully supports secure external
access using the Lotus Notes client or the web browser interface (if
enabled on the Domino server). The IronMail appliance is placed in the
DMZ of the corporate network, allowing the Domino servers to stay
safely behind your firewalls, dealing with a single, known gateway.
The IronMail system provides strong filtering capabilities for e-mail
content, attachments, and encryption standards. The spam filtering
function uses both an automatically updated blacklist, DNS reverse
lookup, user quarantine review and whitelists, and content scanning.
For your needs, and depending on the volume of mail your company sends
and receives, a dedicated e-mail security appliance may be overkill.
However, it may be worth having CipherTrust evaluate your needs to see
how much this option would cost you.
http://www.ciphertrust.com/technology_and_services/
---------------------------------------------------
SurfControl E-mail Filter:
SurfControl E-mail Filter provides the best available software-based
monitoring and filtering package for SMTP mail traffic. The challenge
is in the configuration and administration of this powerful package.
Once set up, though, SurfControl's adaptive learning capability helps
keep maintenance to a minimum. When used in conjuction with the other
SurfControl Filter applications (Web, IM), you will have a total
filtering and monitor solution through a single vendor.
Note that SurfControl E-mail Filter acts either as an SMTP gateway, or
integrates with an Exchange Server. For a Lotus Notes environment,
SurfControl cannot analyze traffic internal to the Notes/Domino
server.
It is worth the time and effort to train the application properly so
that its capabilities are truly exploited for SMTP mail. Try the
latest version (4.7) that was just released on August 11th, they claim
improved and superior spam control. Downloading and installing the
latest rules dictionaries will help with this.
http://surfcontrol.com/products/email/
http://surfcontrol.com/support/bulletins/rules.aspx
---------------------------------------------------
GFI MailEssentials/MailSecurity:
GFI MailEssentials provides highly-regarded e-mail policy
enforcement and anti-spam capabilities. When integrated with GFI
MailSecurity, the unified package provides complete enforcement and
security capabilities for any SMTP mail environment. Notable features
include HTML exploit protection. GFI also offers 'DownloadSecurity for
ISA Server' to provide protection for files downloaded using HTTP or
FTP through the Internet.
GFI MailEssentials does offer the ability to use external blacklists
(such as SpamCop and ORDB), something that SurfControl does not
readily support. Often, the use of external blacklists helps keep the
administrative work down, but does increase the possibility of a false
positive. Personally, for my personal e-mail solution, I do use both
the SpamCop and ORDB blacklists, and have not encountered a false
positive situation yet.
Like SurfControl, GFI MailEssentials can only act as either an SMTP
gateway, or as an integrated module on an Exchange Server. So, the
same limitations with regards to analyzing and managing your internal
mail applies.
http://www.gfi.com/mes/
---------------------------------------------------
CSL Mailsweeper for Domino:
CSL Mailsweeper integrates with your Domino server to provide policy
enforcement and security for both external mail as well as internal
mail. With the recent release of 'CSL Mailsweeper - Antispam Edition',
the portfolio now also includes protection against spam, but currently
is only available for users of 'CSL Mailsweeper for SMTP'.
If anti-spam filtering is not as important (or if you are willing to
use a second product, such as 'CSL Mailsweeper - Antispam Edition'
running separately to manage spam), then CSL Mailsweeper for Domino is
still the best option for you as far as an all-traffic mail management
system goes. Adding 'CSL Remotemanager' to your toolkit will make
managing Mailsweeper even easier.
http://www.mailsweeper.com/products/msw/domino/default.asp
http://www.mailsweeper.com/products/antispam/Msw/default.asp
---------------------------------------------------
Waterford Technologies' Mailmeter for Domino:
Like CSL Mailsweeper, Waterford's Mailmeter supports direct
integration with Domino servers. However, there is no actual anti-spam
capabilities, short of reporting on suspected spam. So, while
Mailmeter is a great tool for managing the mail system, it does not
have good capabilities for helping to manage the actual mail. If this
is not important to you, then still consider that CSL Mailsweeper is
already working for you, and will more than likely incorporate
antispam support into their Domino version in the near future.
http://www.waterfordtechnologies.com/content.cfm?t=Domino%20Business%20Benefits
---------------------------------------------------
Elron Message Inspector:
Primarily an anti-spam solution, the centrally-managed aspect of
Elron's 'Message Inspector' application makes it a viable policy
enforcement and monitoring tool as well. However, in comparison to
your existing Mailsweeper installation, Message inspector does not
offer anything that makes it truly worth converting over.
http://www.elronsoftware.com/productfamily/msginspector.shtml
===================================================
-> Internet Usage Monitoring & Filtering
WebSense Enterprise:
WebSense's approach to Internet usage monitoring & filtering is to
use a constantly updated, online database of websites, categorized by
content and function. You choose which categories, and what
enforcement level, you want to control, and the application manages
the rest. WebSense Enterprise also supports local settings to override
the information in the external database. The package is regularly
updated, but is a complex system to set up. Maintenance is relatively
simple through an easy control panel interface. There are also
optional, special purpose online databases ('Premium Groups') that you
can subscribe to to lower your configuration work requirements.
http://www.websense.com/
--------------------------------------------------
Wavecrest Cyfin Reporter/Cyblock Web Filter
Cyfin Reporter and Cyblock Web Filter are compatible with ISA
Servers and MS Web Proxy servers. The weakness of the web filtering
capability is the need to set up and maintain the local database of
blocked sites. Otherwise, the reporting capabilities are similar to
that of the other packages in this field.
http://www.wavecrestcomputing.com/products/index.html
--------------------------------------------------
SurfControl Web Filter:
Advertised as the first web filter product to be certified by ICSA
Labs, SurfControl has received its fair share of accolades from
industry. While the online database for SurfControl is not as large as
WebSense's 10 million+ claim, it is still more than adequate for most
corporate environments, when used with dynamic filtering.
SurfControl's reporting capabilities are also top-notch, as long as
traffic on your network is correctly routed through the SurfControl
application. Server compatibility is extensive, and integration with
SurfControl's E-mail and IM Filters does make for a good, all-in-one
package with common user interfaces.
http://www.surfcontrol.com/products/web/
--------------------------------------------------
Elron Software's Web Inspector:
Web Inspector is an Internet usage monitoring application that also
provides basic enforcement and website blocking capabilities. This
package requires little work to begin monitoring how your Internet
bandwidth is being used, but does require some work to set up proper
site blocking if you choose to do so.
http://www.elronsoftware.com/productfamily/webinspector.shtml
==================================================
-> Other
Symantec Enterprise Security Manager 5.5:
While not quite an Internet usage monitoring & filtering
application, Symantec's ESM is worth mentioning for its ability to
ensure that your gateway devices and your key network components are
properly configured to prevent your security policies from being
bypassed.
http://enterprisesecurity.symantec.com/products/products.cfm?productid=45&EID=0
--------------------------------------------------
TruSecurity ICSA Labs
As in most maturing industries, the Internet filtering industry has
started to create certification programs to attempt to set a standard
for performance. The ICSA Labs have created a set of criteria for
Internet filtering software, which might be useful to you in
evaluating your own needs. This work is still ongoing, so check
periodically for updates:
http://www.icsalabs.com/html/communities/sift/certification/criteria/criteria.shtml
==================================================
I hope that this information helps you in selecting the best solutions
for your firm. Please take full advantage of the various vendors'
sales channels to set up a comparison of the products' relative
perfomance in your environment.
If you require clarification for any part of this Answer, please do
not hesitate to let me know. Please note that I will not be online
between August 26th and Sept. 4th, but will endeavour to response to
any clarification requests as soon as possible.
Regards,
aht-ga |