Email security essentials

InComparison

Essential email security
…business requirements and competitive landscape

An InComparison Paper by Bloor Research
Author : Fran Howarth
Publish date : April 2012

Email security is essential.
Email communications provide
for efficient and effective
collaboration and are extremely
important as business records,
yet they have long been the
target of criminals looking to
spread malware and steal the
information that they contain.
Fran Howarth


Executive summary
Email is an essential communications and col- Fast facts
laboration tool for all organisations and email
messages contain a great deal of sensitive and • Email security should be part of a wider,
often confidential information that is among unified email management system, en-
the most important business records pro- compassing not just malware controls, but
duced by an organisation. It is therefore vital mailbox management, content filtering,
that high levels of security be used for email, encryption and data leakage prevention,
both at rest and in transit. This is important not continuity, archiving and discovery, and com-
just for protecting the organisation from the pliance reporting.
harm caused by email-borne threats facing the
organisation, but also to ensure that it is safe • Traditional on-premise software and appli-
when stored so that the information cannot be ance delivery models are being eclipsed by
accidentally leaked out of the organisation. cloud-based and hybrid delivery models that
provide many advantages in terms of cost,
Traditionally, email security technologies have convenience, superior service and greater
focused on malware and spam controls at their flexibility, in particular enabling security
core, but this part of the market has become controls to be extended to the ever-expand-
somewhat commoditised over time with fea- ing number of mobile devices being used.
ture parity across most vendors as innovation
has plateaued. Where most development has The bottom line
been seen is in the focus on more advanced
threat detection techniques in the arms race Given the importance of email as a business
against ever more sophisticated email threats. record, high standards of security need to be
With vendors offering pretty much the same applied so that employees of an organisation
assurances over malware and spam protec- can communicate and collaborate with each
tion, organisations looking to make purchas- other and with customers and business part-
ing decisions should look for more advanced ners effectively and efficiently without falling
features that add value as part of a wider, uni- prey to the threats posed by email-borne mal-
fied email management system, such as conti- ware and data leakage or exfiltration. How-
nuity services and archiving. Many government ever, whilst email communications are vital
regulations and industry standards mandate to all organisations, managing email systems
that email records be retained in a secure, and security in-house is a complex challenge
tamperproof repository, which will also help to that provides little in the way of competitive
keep workers productive as they will be able advantage. Newer, cloud-based and hybrid
to more easily retrieve old emails for repur- delivery models remove many of those com-
posing the information that they contain or for plexities and provide a superior level of pro-
evidence in litigation. The quality and configur- tection against the sophisticated exploits being
ability of the management interface into which targeted at email systems today.
all components are integrated are important
considerations here, making it easier to prove
compliance and to answer litigation that de-
mands that emails can be produced quickly
when required as evidence. Other important
differentiators that organisations should look
for include the quality of the self-service capa-
bilities, such as the level of user control over
quarantined email, as well as pricing and the
quality of support provided.

This document discusses the business case
for implementing strong email security con-
trols and outlines what organisations should
look for when selecting a product or service.
It is intended to be read by organisations of
all sizes across all vertical industries and de-
scribes the capabilities of some of the major
vendors in the market.

A Bloor InComparison Paper 1 © 2012 Bloor Research


Email as a strategic business tool
The development of email was a revolution in Yet email is more than just a communications
communications. It allowed people to com- tool. It is also the most commonly used col-
municate and exchange information efficiently laboration platform within organisations, used
and cost effectively, without the need for both for working on documents, presentations and
parties to be on the same time schedule. spreadsheets among project teams. Email is
A
ccording to research published by Osterman also used for interaction by many enterprise
Research in December 2010, email remains applications such as customer relationship
the single most used application for the typical management, supply chain and transaction
corporate user and is the primary method for processing applications, used to send users
sending information in and out of an organi- notifications and to keep track of interactions
sation1. Osterman found that, on average, the on these applications.
typical user spends 134 minutes per working
day on email, compared to 61 minutes on the
telephone, 28 minutes using real-time com-
munications tools and 11 minutes using social
media sites.

Not only is email the most important com-
munications mechanism for organisations,
but its use is increasing as users continue to
embrace internet-enabled mobile devices.
According to research published by digital
marketing intelligence provider comScore in
January 2011, the number of users access-
ing email via mobile grew by 36% in 2010 and
many more users are checking corporate
emails from their mobile devices—even those
that they own personally2. In 2011, the Radicati
Group published research that indicated that
85% of business users use mobile phones to
check their business emails3.

© 2012 Bloor Research 2 A Bloor InComparison Paper


Why email security is essential
Because of its importance as a communi- Another major reason behind the need for
cations and collaboration tool, emails are high levels of email security is the need to
considered to be important business records. comply with government regulations and
According to the Enterprise Strategy Group, industry mandates, many of which require
up to 75% of corporate intellectual property that high standards of security be applied to
is contained in emails and their attachments, sensitive data, much of which is contained
as well as other sensitive information such in email correspondence. Examples include
as personnel data, customer information, data protection legislation in many countries
product and marketing plans, and corporate worldwide, much of which is being tightened
financial data4. to expand the sanctions imposed on or-
ganisations for data breaches, and industry
Given the importance of such records, it is vital standards such as the Payment Card Industry
that they are transmitted and stored securely. Data Security tandards (PCI DSS), which
S
One primary concern for organisations is that demands that payment cardholder informa-
of malware being introduced to the organisation be adequately protected. Others demand
tion via email, which can be used to exfiltrate that business records, including emails, be
data out of the organisation, such as personal maintained for specified periods of time in a
information contained on an endpoint device or secure, tamperproof manner, in some cases
to send out spam messages. Another concern for up to ten years. Examples of these in the
is that users often need to locate information US include SEC Rule 17a-4, Sarbanes-Oxley,
in emails and their attachments—especially the Federal Rules of Civil Procedure, NARA
those sent to them, where a certain email may Electronic Records Management regulations
be the only record of a particular transaction and FINRA Rule 3110. The US also has the Pa-
that is available to them. Time spent clearing triot Act, which allows for the interception and
up infections and looking for email records can inspection of enterprise email. In the EU, each
be a major drain on productivity. member state tends to have its own national
laws governing records retention, with the
majority requiring records to be maintained
for an average of five years. E-discovery in
Asia-Pacific is still considered to be a fairly
new initiative, although Australia in particular
has been reforming rules to encourage elec-
tronic submissions. In Africa, various coun-
tries, including South Africa, are in the process
of developing laws.



Security as part of a unified email management system
Because of these factors, effective email secu- the administration and management tasks
rity is essential and needs to be a core compo- required, requiring agents with a much lower
nent of any email management system. Whilst footprint be installed on each device to be pro-
once email security was primarily associated tected so that updates can be pushed out from a
with malware controls, a much more holistic central location and policies enforced centrally.
approach is now required that encompasses Appliances have the advantages over software-
all aspects of managing email systems. It re- only deployments of providing greater visibility
quires a combination of mailbox management, into user activity and network traffic, as well as
malware controls, content filtering, encryption whether or not devices conform to the security
and data leak prevention, continuity, archiving standards required. However, appliances are
and discovery, and compliance reporting. All not always easy to scale as new devices are
organisations need to guard against threats added, often requiring more hardware to be
associated with email by ensuring that pro- purchased, configurations to be actively man-
tection is constant and covers all emails sent aged and needing administrators to take action
or received by all users, that the service is when issues are encountered.
continuously available, and that all relevant
emails are securely archived. More recently, cloud-based, software as a ser-
vice (SaaS) subscription-based services have
DIY or leverage the cloud? come onto the market. The use of such servic-
es provides advantages that include lower cost
Traditionally, email security technologies have and administrative overhead since the services
been deployed within the boundaries of an are based on a shared infrastructure and made
organisation, with controls placed directly on available to many customers simultaneously.
the devices used to send and receive emails, In terms of email security services offered in
such as anti-virus and other malware controls. a cloud-based SaaS model, most providers
At the network level, firewalls and intrusion focus not just on threat and malware protec-
detection and prevention systems are generally tion, but also offer a range of complementary
used to control what traffic can flow in and out services that are necessary for maintaining a
of the organisation, often deployed inline with comprehensive email security posture. These
specific devices. Implemented in-house, such include inbound and outbound security and
systems take a great deal of administration privacy protection, archiving, continuity, and
and management, which, especially in large regulatory compliance and litigation support.
organisations, means that IT resources have to The level of protection offered through such
be dedicated just to managing these systems. services is often better than can be achieved
in-house—in part because many responsibili-
To solve some of these issues, technology ties for security are pushed off onto the service
vendors developed appliance-based systems, provider, rather than having to be provided in-
deployed on-premise, that perform many of house (see Figure 1).

Source: European Network and Information Security Agency (ENISA)

Figure 1: Division of security responsibilities in the SaaS delivery model



Security as part of a unified email management system
Among the reasons why the level of threat Further, cloud-based services are very well
protection offered by such services can be suited for the needs of organisations that wish
superior to those deployed in-house is that to provide their workers with the flexibility of
threats can be stopped in the cloud so that the always-on access from anywhere via mobile
malware exploits never even reach the organi- devices, since only a browser interface is
sation’s network or email systems. Many such needed to connect to such services. Protection
services also gather samples of the latest can even be easily and acceptably extended to
threats as they emerge through worldwide those devices owned by employees themselves
intelligence networks that gather information when connected to corporate resources—an
from computer users worldwide, combined increasingly common situation encountered in
with a variety of other information and threat today’s business environment—as only a small
sources. Using a variety of detection tech- agent needs to be installed on each device so
niques above and beyond those of signatures that the user does not suffer the frustration of
that provide countermeasures for threats that degraded performance, which is unacceptable
are known, including advanced heuristics, to most when using their own devices.
reputation analysis and content filtering, such
services even afford protection against previ- For those organisations that do not wish to
ously unknown, so-called zero-day threats. cede all control over their email management
Many also offer protection against outbound needs to a service provider, hybrid deployment
threats and data leakage through the provision models are now more commonly being offered
of data leakage prevention (DLP) capabilities that combine on-premise management of
and can enforce the use of extra security con- email systems with additional email manage-
trols, such as encryption for all data in transit ment services based in the cloud. For example,
and at rest in the email archiving repository. organisations may wish to benefit from the use
of cloud-based threat protection services for
Cloud-based tools provide many other ad- inbound email and perhaps for email storage
vantages for organisations in terms of man- and archiving, whilst using in-house physical
agement of, and visibility over, the service or virtual appliances for mailbox management
as all tasks, such as policy development and and DLP capabilities. For some organisations,
enforcement, are accomplished through one this provides a way of testing whether or not
web-based management console that provides the use of SaaS is suitable for them and, should
a unified view of all services offered, as well as they find its use beneficial, can then migrate
comprehensive management reports of their further services to the cloud over time.
effectiveness. Guarantees over the effective-
ness of those services are provided by service
level agreements (SLAs). These supply assur-
ances over the amount of uptime guaranteed,
the level of protection against both known and
zero-day threats, and levels of spam protec-
tion—with financial penalties imposed on the
provider for any failure to meet the guaranteed
levels of service.



The components of a unified email management system
As stated above, email security needs to be many service providers offer is help with those
part of a wider email management posture. migrations to ensure security levels are main-
Security is essential for providing protection tained and policies continue to be enforced
against malicious threats and data loss but, during the migration process.
given the importance of email as a com-
munications and collaboration tool, email Malware controls
correspondence also needs to be securely
stored, managed and archived. This is vital for Protection against malicious threats that in-
reducing business risks, and especially those clude malware and spam is a core capability
associated with regulatory non-compliance or of any email security system. However, with
litigation requests that demand that business threats multiplying and growing in sophistica-
records be produced, including all relevant tion, any technology chosen should feature
emails. By looking at email management in a advanced detection and threat mitigation ca-
wider context, organisations will be in a better pabilities that provide protection against new,
position to enforce corporate policy, prevent zero day threats. It is no longer sufficient to
data loss, eliminate downtime, achieve com- rely on reactive signature-based mechanisms
pliance, eliminate risks associated with spam since such countermeasures take time to
and malware, and facilitate rapid search and develop and deploy to all devices via updates
e-discovery for improved productivity and liti- and patches to software installed on them. Not
gation response. This will help organisations only is this time-consuming and frustrating for
in achieving the three key security objectives of users, but it also leaves the organisation ex-
organisations with regard to the business in- posed to gaps in protection before all devices
formation transmitted by and stored in email— can be patched.
integrity, confidentiality and availability.
A more effective strategy is to subscribe to
The components of a unified email security cloud-based email security services, where
system should include the functionality listed protection is applied remotely in the cloud
in the following sections. before malicious traffic can reach the organi-
sation’s network. Providers of such services
Mailbox management generally deploy anti-malware controls from
major vendors, often in combination, but sup-
Efficient mailbox management is vital for main- plement these with multiple other detection
taining user productivity. The email manage- techniques that include reputation services,
ment system should ensure that all messages advanced heuristics, URL and content filter-
and their attachments are captured, even those ing, black and white listing, and traffic moni-
deleted by users, and sent to the archive ac- toring for protection against such exploits as
cording to set rules and policies. This will get denial of service attacks. The use of multiple,
around problems caused by users storing proactive detection techniques provide protec-
emails in their own personal email folders, tion against even zero day attacks. Further,
which are not accessible to others in the organi- many email security service providers main-
sation. The user should then be able to search tain global threat intelligence networks that
for and retrieve items from the archive directly gather information pertaining to the latest
from the familiar email client interface, as well threats from multiple sources worldwide, in-
as deal with suspicious items that have been cluding threats seen by customers, honeypots
quarantined, rather than requiring a separate and other threat information services such as
pop-up interface for doing so. This will help to those provided by CERTs, ISPs and govern-
keep users productive, reduce training needs ment agencies.
and lower the burden on the help desk of re-
trieving deleted or hard to find items. The superior protection available through the
use of cloud-based email security services
The system should support all the major email is spurring the take-up of hybrid services,
clients in use and versions thereof, so that no whereby organisations maintain and manage
emails are missed. With many organisations email clients in-house, but supplement them
looking to migrate to the latest 2010 version with the use of cloud-based services for cer-
of Microsoft Exchange, a useful service that tain capabilities, such as malware protection.



Encryption and data leak prevention Data centre coverage

Security breaches are everyday news and can In order for a service provider to offer such
hurt organisations that suffer them, ranging capabilities, it must maintain a network of data
from damaged reputations and lost business centres for failover in the case of a disaster.
to the possibility of fines or other sanctions for Organisations should ask their service provid-
failing to adequately secure sensitive informa- er for details of their data centre coverage and
tion. An effective email security system should security measures. In today’s highly regulated
therefore provide protection against unwanted environment, the location of data centres is of
data leaks, whether accidental or done ma- importance as some laws, such as data protec-
liciously, and should enforce compliance tion in European countries, demand that data
with the organisation’s security policies and is not transferred to locations such as the US,
regulatory compliance requirements. Not only where controls are less strict. Another consid-
should the system store all email messages eration with regard to data centre location is to
and their attachments in encrypted form, but guard the organisation against demands from
encryption should be enforced for protecting law enforcement agencies and governments
all sensitive information in transit according to for access to business records, including
policies set by the organisation. emails, such as those of the Patriot Act of the
US. As well as this, international litigation is
More advanced capabilities include the use of on the increase. According to the 8th annual
image analysis to prevent the transmission of litigation trends report published by Fulbright
images deemed to be inappropriate or to pre- & Jaworski LLP, 30% of 405 respondents from
vent the leak of information such as product the US and the UK were party to at least one
designs. Some will also enforce the conversion international arbitration dispute in 2011, rising
of documents to more secure formats, such as to 50% of organisations with revenues of
read-only PDF documents, to prevent the in- US$1 billion or more5. Among UK respondents,
formation that they contain from being altered 42% stated that they had encountered issues
by the recipient. They can also enforce the use concerning the jurisdiction in which document
of email signatures and legal notices regard- processing takes place. Organisations should
ing the obligations of the message recipient therefore seek assurances over the jurisdic-
in terms of how the information can be used. tion in which their emails will be processed
A further capability to consider is the use of and stored.
closed-circuit messaging, whereby an email
is sent containing just a link to a document Archiving and ediscovery
that is held securely on the service provider’s
network, allowing highly sensitive information Email archiving is one of the cornerstones
to be shared without the original being actually of any email management programme as it
distributed outside of the organisation. provides a secure manner to store emails for
future use. This is a huge aid in productivity
Continuity as users can easily search such archives to
find information, such as details of a contract
Given the importance of email, any disruption negotiation, which may be held in many email
to email services that makes the system una- threads. There are also numerous govern-
vailable is a frustrating productivity drain on ment regulations and standards that demand
users and can impact the business, perhaps that business records be retained securely for
through lost revenue-generating opportuni- set periods, which can be as long as ten years.
ties. Most cloud-based email security services
offer continuity capabilities that ensure that In particular, cloud-based email archiving
emails can be sent and received, even during is considered by many organisations to be
a planned or unplanned outage, and that among the most suitable applications for using
provide access to recently archived emails to cloud-based services as archiving needs are
keep users productive. However, capabilities relatively uncomplicated and uniform. In De-
vary and some vendors provide only limited cember 2010, the US government unveiled its
coverage in this area. The system should also Cloud First policy, under which federal agen-
ensure that all emails are archived, even cies must consider the option of using cloud-
during an outage. based services when planning new IT projects.



In April 2011, the White House CIO stated that When considering alternatives, organisations
15 agencies had announced that they intended should look for a service that is tightly inte-
to move their email management and archiv- grated with the email client that they use, with
ing applications into the cloud. Two agen- the archive directly searchable from the inbox
cies—the General Services dministration
A for greater usability, and should ensure that
and the epartment of Agriculture—claim to
D all emails sent and received are captured by
have saved some US$40 million by abandon- the system so that there are no gaps in the re-
ing in-house email. Building on this, the US cords. The service should provide support for
government announced in November 2011 regulatory compliance needs, such as allow-
that all federal agencies have until May 2012 ing retention periods to be set and enforced
to report on how they intend to improve the according to the requirements of regulations
way that they store and manage electronic that the organisation faces. It should also
records, including emails, blog posts and ensure that archived records are securely
social media activity, and the White House, in deleted once they are no longer needed so that
conjunction with the National Archives and the organisation is not exposed to the litigation
Records Administration, is currently drafting risk and expense of searching through years of
a new records management directive. Using unnecessary data.
cloud-based services is considered by many to
be the best option. Given the growth in litigation requiring elec-
tronic business records, including emails, to
Other governments are following this lead. be produced as evidence, any service chosen
The UK government has stated that cloud should provide ediscovery support, such as the
computing should account for half of its IT ability to enforce legal holds. It is also abso-
spend by 2015 and it is hoped that this will lutely essential that the archived records be
reduce its annual IT expenditure of £16 billion held in a secure, tamperproof repository, with
by £3.2 billion. all emails held in encrypted form and access
to the data by the vendor’s staff strictly con-
Another reason why email archiving should go trolled. Further, the archiving service should
hand in hand with email security is to support extend support to emails sent and received
the growing number of ediscovery requests. by mobile phones used in the organisation.
According to Osterman Research, 57% of IT or- According to Fulbright and Jaworski’s 2011
ganisations that it surveyed referred to email survey, 32% of respondents had to preserve or
archives or backup tapes to support their or- collect data from an employee’s mobile device
ganisation’s innocence in a legal case in 2010 for litigation or investigation purposes in the
and 66% were ordered by a court or regula- previous year.
tory body to produce employee email records6.
Also, according to Fulbright and Jaworski’s
2011 litigation trends survey, organisations
are concerned about stricter legislation being
introduced that will lead to more litigation and
28% expect disputes to increase in 20125.

Source: Computing7

Figure 2: Reasons for archiving emails



Centralised management

To be effective, all of the components required Centralised management capabilities will also
of an effective email security management ensure that all actions taken across all compo-
deployment should be tightly integrated, built nents of the email security service are logged
on a common architecture and managed in a consistent manner so that reports can be
through a central interface. It is via this inter- generated for management purposes and an
face that policies such as encrypting outbound audit trail is available to help the organisation
emails containing sensitive data and applying prove that it is complying with the demands of
retention periods to inbound emails can be ef- government regulations and industry stand-
fectively enforced. It should also be tightly in- ards with which it must conform.
tegrated with the email client in use to ensure
that all emails are captured, even those sent
and received by mobile devices.



Overview of the major players
Cisco Google

Cisco’s email security products and services Google’s email security capabilities come from
stem from its acquisition of IronPort in January its acquisition of Postini in 2007, a vendor of
2007. It offers appliances for in-house deploy- web and email security, and archiving ser-
ment, cloud-based email security services, a vices, in order to boost the business appeal of
hybrid mix of the two and managed services its Google Apps products. Rebranded Google
for remote monitoring and management. It Postini Services, Google has been merging its
is best known for its on-premise appliances, email security features into its Google Apps
deployed primarily by mid-sized and large products, although it states that it will con-
organisations, whilst its cloud services have tinue to sell them as standalone services for
been developed more recently. Its products those that wish that. However, in September
and services benefit from integration with 2011, Google announced that it was discon-
other Cisco security products, such as its web tinuing new sales of web security products as
security offerings, and it operates a global the functionality has been merged into Google
threat intelligence network that it claims Apps and it remains unclear whether or not
monitors 30% of global internet traffic. the same fate will befall email security. Google
has also announced in February 2012 that it
Whilst Cisco has many of the basics, it lacks is discontinuing email continuity services for
a full vertical stack—for example, it does not customers using Microsoft Exchange. These
offer archiving—and some of its capabilities factors raise concern over the long-term vi-
are available as add-on options. It has been ability of its standalone products, as well as
in the email security space for some time, but support for products other than Google Apps
these products and services account for just a and its own email client.
small proportion of its overall portfolio.
Its email security capabilities are basic com-
pared to its competitors and little has been
seen in terms of product development since
Google acquired Postini. Some components
are provided by partners and some are also
offered as add-on products, of which there are
minimum purchase requirements for some,
such as encryption. Google is also widely slated
for the lack of support offered. Customers are
directed to online support information, which
provides a limited amount of rather general
information, and direct support is available
only for larger accounts via an online portal.
No support phone number is published.



McAfee Microsoft

McAfee was acquired by technology pow- Microsoft’s email security capabilities came
erhouse Intel Corporation in 2011 and is through the acquisition of FrontBridge Inc in
maintained as a separate brand. Its email 2005. Now rebranded Microsoft Forefront, it
security capabilities are part of its content se- offers on-premise products for its Exchange
curity capabilities, also including web security 2010 server and a SaaS offering for Exchange,
and DLP. It offers its products as appliances, which is the default choice for Exchange
SaaS or a hybrid combination of the two. Many Online and Office 365, its suite of business pro-
of its capabilities are offered as bundled suites ductivity offerings. Its email security products
offering varying levels of capabilities and are are included in many product bundles that it
tightly integrated with its ePolicy Orchestrator offers. However, its email security capabilities
management platform. Its appliance products are considered to be fairly basic in their native
came through McAfee’s acquisition of Secure features and many customers of Office 365 and
Computing in 2007 and its SaaS capabilities Exchange 2010 are choosing to supplement
through the acquisition of MX Logic in 2009. It the services with those of specialised vendors,
recently integrated two in-house offerings into especially in the cloud-based email archiving
one email security gateway appliance. and continuity space.

McAfee’s products and services are fairly One particular caveat for its SaaS offering is
comprehensive and it has options for organi- that it only maintains data centres in the US
sations from small firms right up to large en- and Europe and only guarantees in-geography
terprises and ISPs, although it is considered to processing in the US, specifically stating that
be fairly highly priced, especially when add-on data for customers in EMEA will be hosted in
services are purchased. It has a global threat both Europe and North America. It does not
intelligence network, which is considered to offer continuity services.
be strong.



Mimecast Proofpoint

Mimecast is a specialised vendor of unified Proofpoint is a specialised provider of email
email management services based on a SaaS security offerings, including on-premise and
model. Its services encompass email security, SaaS solutions for email security, data leak-
archiving, continuity, policy management and age prevention, privacy protection, email en-
data leakage prevention and were all built as cryption, archiving and ediscovery. Many of its
SaaS services from the ground up by Mimecast products have been acquired or are provided
as one unified, tightly integrated service. The via partnerships, which can be risky if those
capabilities offered by Mimecast’s email man- partners are acquired. For example, its part-
agement service are considered to be strong ner Clearwell Systems, providing ediscovery
and it has a good track record of constant in- capabilities, was acquired by Symantec in
novation. Its widespread data centre coverage 2011. The functionality of many of its products
is another key differentiator and in-geography and services is considered to be good, although
processing and storage is guaranteed for all its archiving solution is not as highly regarded
customers. Its SLA is strong compared to as its other capabilities.
competitors and guarantees 100% uptime,
even for access to the email archive, and un- Proofpoint primarily targets mid-sized and
interrupted email during an outage. Mimecast large organisations and its SaaS services are
is also widely recognised for the quality and used by even very large organisations. It also
timeliness of its customer support, offered has a primary focus on North America and is
across multiple channels. not especially well known in EMEA, where it is
only now setting up its data centre infrastruc-
Although coverage is provided for multiple ture in association with a partner. Its products
email clients, the primary focus is on icrosoft
M and services are considered to be fairly high
Exchange and it offers a service for those or- priced, especially as many capabilities are
ganisations looking to migrate to Exchange provided as add-ons, which can jack up the
2010 or Office 365. It has recently expanded price considerably.
its mobile coverage and continues to add new,
innovative features to its service in areas that
differentiate it from its competitors, including
advanced encryption options, enhanced self-
service, secure attachment management, and
stationery and email marketing tools.



Symantec Websense

Symantec is one of the largest security vendors Websense is considered to be a leader in
and has a broad range of offerings for email web security, which remains its core focus,
security—so broad that navigating through the although it has a fairly broad portfolio of email
maze can be a daunting challenge. It offers security capabilities. It is considered to be par-
hardware and virtual appliances, software and ticularly strong in terms of its DLP capabilities,
SaaS options, some designed for specific email which are integrated across all delivery chan-
clients that include Exchange and Domino. It is nels, as well as its Threatseeker global intelli-
considered to have some strong capabilities gence network. It offers SaaS and on-premise
and maintains a well regarded global threat options, as well as a hybrid combination of the
intelligence network. However, all products two. The majority of its products and services
were acquired and integration challenges were acquired and have been integrated with
remain. Its latest acquisition was of iveOffice,
L its TRITON management interface and report-
a vendor of SaaS email archiving, in 2012, ing engine since 2010, providing a common
which it had previously been offering under an management console for email, web and data
OEM arrangement. security. For some capabilities, it has relied
on partnerships, which can be a risky strategy
Symantec’s products and services are fairly as was seen with the acquisition of its partner
high priced, especially as some of the capabili- LiveOffice by Symantec, leaving it with no ar-
ties offered are optional extras. It has world- chiving or continuity capabilities.
wide coverage and good support capabilities,
as well as particularly strong SLAs. Websense is a public company, but only
achieved profitability from 2010 onwards. It is
considered to be mid- to high priced and some
of its capabilities, such as advanced encryption
and image analysis, are provided as optional
add-ons.



Data reference section
Champion

McAfee

Symantec

Mimecast

Cisco

Websense

Google
Cha

Microsoft
Proofpoint

r
ato
llen

ov
ge

Inn
r

Figure 3: The vendor landscape

The information used in making these evaluations has been drawn from
a variety of sources, including published and unpublished sources.
Technology and services providers have been evaluated for their capa-
bilities in offering email security in the wider context of a unified email
management system. The evaluations take into account their financial
stability, brand and market share, their current offerings in this market
sector and future direction, market presence, and perceived strengths
and weaknesses. The information provided does not constitute a direct
endorsement of any of the organisations. Where the diagram is con-
cerned, the closer to the centre the vendor is positioned, the more fit for
purpose their offerings are considered to be.



Summary
Email security is essential. Email communications provide for efficient
and effective collaboration and are extremely important as business re-
cords, yet they have long been the target of criminals looking to spread
malware and steal the information that they contain. There are many
things to consider when selecting an email security system as security
should be seen in the wider context of email management as a whole
as well as the differing options in terms of how the controls are imple-
mented that are available. The vendors profiled in this paper represent
some of the most viable options on the market, yet each have their own
strengths in terms of features and coverage.

References

1. http://www.ostermanresearch.com/whitepapers/or_or1210c.pdf

2. http://www.comscore.com/Press_Events/Press_Releases/2011/1/
Web-based_Email_Shows_Signs_of_Decline_in_the_U.S._While_
Mobile_Email_Usage_on_the_Rise

3. http://www.radicati.com/wp/wp-content/uploads/2011/09/Survey-
Corporate-Email-2011-2012-Executive-Summary.pdf

4. http://www.enterprisestrategygroup.com/2004/08/intellireach-
looks-to-shake-up-a-crowded-enterprise-message-archiving-ema-
market/

5. http://www.fulbright.com/images/publications/Report3.pdf

6. http://www.ostermanresearch.com/whitepapers/or_or1010.pdf

7. http://www.ithound.com/abstract/
benefits-moving-email-archiving-cloud-7439

Further Information

Further information about this subject is available from
http://www.BloorResearch.com/update/2128


Bloor Research overview About the author
Bloor Research is one of Europe’s leading IT Fran Howarth
research, analysis and consultancy organisa- Senior Analyst - Security
tions. We explain how to bring greater Agility
to corporate IT systems through the effective Fran Howarth specialises in the field of security, pri-
governance, management and leverage of marily information security, but with a keen interest
Information. We have built a reputation for in physical security and how the two are converging.
‘telling the right story’ with independent, intel- Fran’s other main areas of interest are new deliv-
ligent, well-articulated communications con- ery models, such as cloud computing, information
tent and publications on all aspects of the ICT governance, web, network and application security,
industry. We believe the objective of telling the identity and access management, and encryption.
right story is to:
Fran focuses on the business needs for security technologies, looking at
• Describe the technology in context to its the benefits they gain from their use and how organisations can defend
business value and the other systems and themselves against the threats that they face in an ever-changing land-
processes it interacts with. scape.

• Understand how new and innovative tech- For more than 20 years, Fran has worked in an advisory capacity as an
nologies fit in with existing ICT invest- analyst, consultant and writer. She writes regularly for a number of pub-
ments. lications, including Silicon, Computer Weekly, Computer Reseller News,
IT-Analysis and Computing Magazine. Fran is also a regular contributor to
• Look at the whole market and explain all Security Management Practices of the Faulkner Information Services divi-
the solutions available and how they can be sion of InfoToday.
more effectively evaluated.

• Filter “noise” and make it easier to find the
additional information or news that sup-
ports both investment and implementation.

• Ensure all our content is available through
the most appropriate channel.

Founded in 1989, we have spent over two dec-
ades distributing research and analysis to IT
user and vendor organisations throughout the
world via online subscriptions, tailored re-
search services, events and consultancy pro-
jects. We are committed to turning our knowl-
edge into business value for you.

Copyright & disclaimer
This document is copyright © 2012 Bloor Research. No part of this pub-
lication may be reproduced by any method whatsoever without the prior
consent of Bloor Research.

Due to the nature of this material, numerous hardware and software
products have been mentioned by name. In the majority, if not all, of the
cases, these product names are claimed as trademarks by the compa-
nies that manufacture the products. It is not Bloor Research’s intent to
claim these names or trademarks as our own. Likewise, company logos,
graphics or screen shots have been reproduced with the consent of the
owner and are subject to that owner’s copyright.

Whilst every care has been taken in the preparation of this document
to ensure that the information is correct, the publishers cannot accept
responsibility for any errors or omissions.

2nd Floor,
145–157 St John Street
LONDON,
EC1V 4PY, United Kingdom

Tel: +44 (0)207 043 9750
Fax: +44 (0)207 043 9748
Web: www.BloorResearch.com
email: info@BloorResearch.com

Email security essentials

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a Email security essentials

Similar a Email security essentials (20)

Más de Unified Communications Online

Más de Unified Communications Online (20)

Último

Último (20)

Email security essentials