Essential email security …business requirements and competitive landscape

Essential email security…business requirements and competitive landscape

An InComparison Paper by Bloor ResearchAuthor : Fran HowarthPublish date : April 2012

InComparison

Email security is essential. Email communications provide for efficient and effective collaboration and are extremely important as business records, yet they have long been the target of criminals looking to spread malware and steal the information that they contain. Fran Howarth

1 © 2012 Bloor ResearchA Bloor InComparison Paper


Executive summary

Email is an essential communications and col-laboration tool for all organisations and email messages contain a great deal of sensitive and often confidential information that is among the most important business records pro-duced by an organisation. It is therefore vital that high levels of security be used for email, both at rest and in transit. This is important not just for protecting the organisation from the harm caused by email-borne threats facing the organisation, but also to ensure that it is safe when stored so that the information cannot be accidentally leaked out of the organisation.

Traditionally, email security technologies have focused on malware and spam controls at their core, but this part of the market has become somewhat commoditised over time with fea-ture parity across most vendors as innovation has plateaued. Where most development has been seen is in the focus on more advanced threat detection techniques in the arms race against ever more sophisticated email threats. With vendors offering pretty much the same assurances over malware and spam protec-tion, organisations looking to make purchas-ing decisions should look for more advanced features that add value as part of a wider, uni-fied email management system, such as conti-nuity services and archiving. Many government regulations and industry standards mandate that email records be retained in a secure, tamperproof repository, which will also help to keep workers productive as they will be able to more easily retrieve old emails for repur-posing the information that they contain or for evidence in litigation. The quality and configur-ability of the management interface into which all components are integrated are important considerations here, making it easier to prove compliance and to answer litigation that de-mands that emails can be produced quickly when required as evidence. Other important differentiators that organisations should look for include the quality of the self-service capa-bilities, such as the level of user control over quarantined email, as well as pricing and the quality of support provided.

This document discusses the business case for implementing strong email security con-trols and outlines what organisations should look for when selecting a product or service. It is intended to be read by organisations of all sizes across all vertical industries and de-scribes the capabilities of some of the major vendors in the market.

Fast facts

• Email security should be part of a wider, unified email management system, en-compassing not just malware controls, but mailbox management, content filtering, encryption and data leakage prevention, continuity, archiving and discovery, and com-pliance reporting.

• Traditional on-premise software and appli-ance delivery models are being eclipsed by cloud-based and hybrid delivery models that provide many advantages in terms of cost, convenience, superior service and greater flexibility, in particular enabling security controls to be extended to the ever-expand-ing number of mobile devices being used.

The bottom line

Given the importance of email as a business record, high standards of security need to be applied so that employees of an organisation can communicate and collaborate with each other and with customers and business part-ners effectively and efficiently without falling prey to the threats posed by email-borne mal-ware and data leakage or exfiltration. How-ever, whilst email communications are vital to all organisations, managing email systems and security in-house is a complex challenge that provides little in the way of competitive advantage. Newer, cloud-based and hybrid delivery models remove many of those com-plexities and provide a superior level of pro-tection against the sophisticated exploits being targeted at email systems today.

2© 2012 Bloor Research A Bloor InComparison Paper


Email as a strategic business tool

The development of email was a revolution in communications. It allowed people to com-municate and exchange information efficiently and cost effectively, without the need for both parties to be on the same time schedule. According to research published by Osterman Research in December 2010, email remains the single most used application for the typical corporate user and is the primary method for sending information in and out of an organi-sation1. Osterman found that, on average, the typical user spends 134 minutes per working day on email, compared to 61 minutes on the telephone, 28 minutes using real-time com-munications tools and 11 minutes using social media sites.

Not only is email the most important com-munications mechanism for organisations, but its use is increasing as users continue to embrace internet-enabled mobile devices. According to research published by digital marketing intelligence provider comScore in January 2011, the number of users access-ing email via mobile grew by 36% in 2010 and many more users are checking corporate emails from their mobile devices—even those that they own personally2. In 2011, the Radicati Group published research that indicated that 85% of business users use mobile phones to check their business emails3.

Yet email is more than just a communications tool. It is also the most commonly used col-laboration platform within organisations, used for working on documents, presentations and spreadsheets among project teams. Email is also used for interaction by many enterprise applications such as customer relationship management, supply chain and transaction processing applications, used to send users notifications and to keep track of interactions on these applications.



Why email security is essential

Because of its importance as a communi-cations and collaboration tool, emails are considered to be important business records. According to the Enterprise Strategy Group, up to 75% of corporate intellectual property is contained in emails and their attachments, as well as other sensitive information such as personnel data, customer information, product and marketing plans, and corporate financial data4.

Given the importance of such records, it is vital that they are transmitted and stored securely. One primary concern for organisations is that of malware being introduced to the organisa-tion via email, which can be used to exfiltrate data out of the organisation, such as personal information contained on an endpoint device or to send out spam messages. Another concern is that users often need to locate information in emails and their attachments—especially those sent to them, where a certain email may be the only record of a particular transaction that is available to them. Time spent clearing up infections and looking for email records can be a major drain on productivity.

Another major reason behind the need for high levels of email security is the need to comply with government regulations and industry mandates, many of which require that high standards of security be applied to sensitive data, much of which is contained in email correspondence. Examples include data protection legislation in many countries worldwide, much of which is being tightened to expand the sanctions imposed on or-ganisations for data breaches, and industry standards such as the Payment Card Industry Data Security Standards (PCI DSS), which demands that payment cardholder informa-tion be adequately protected. Others demand that business records, including emails, be maintained for specified periods of time in a secure, tamperproof manner, in some cases for up to ten years. Examples of these in the US include SEC Rule 17a-4, Sarbanes-Oxley, the Federal Rules of Civil Procedure, NARA Electronic Records Management regulations and FINRA Rule 3110. The US also has the Pa-triot Act, which allows for the interception and inspection of enterprise email. In the EU, each member state tends to have its own national laws governing records retention, with the majority requiring records to be maintained for an average of five years. E-discovery in Asia-Pacific is still considered to be a fairly new initiative, although Australia in particular has been reforming rules to encourage elec-tronic submissions. In Africa, various coun-tries, including South Africa, are in the process of developing laws.



Because of these factors, effective email secu-rity is essential and needs to be a core compo-nent of any email management system. Whilst once email security was primarily associated with malware controls, a much more holistic approach is now required that encompasses all aspects of managing email systems. It re-quires a combination of mailbox management, malware controls, content filtering, encryption and data leak prevention, continuity, archiving and discovery, and compliance reporting. All organisations need to guard against threats associated with email by ensuring that pro-tection is constant and covers all emails sent or received by all users, that the service is continuously available, and that all relevant emails are securely archived.

DIY or leverage the cloud?

Traditionally, email security technologies have been deployed within the boundaries of an organisation, with controls placed directly on the devices used to send and receive emails, such as anti-virus and other malware controls. At the network level, firewalls and intrusion detection and prevention systems are generally used to control what traffic can flow in and out of the organisation, often deployed inline with specific devices. Implemented in-house, such systems take a great deal of administration and management, which, especially in large organisations, means that IT resources have to be dedicated just to managing these systems.

To solve some of these issues, technology vendors developed appliance-based systems, deployed on-premise, that perform many of

Security as part of a unified email management system

the administration and management tasks required, requiring agents with a much lower footprint be installed on each device to be pro-tected so that updates can be pushed out from a central location and policies enforced centrally. Appliances have the advantages over software-only deployments of providing greater visibility into user activity and network traffic, as well as whether or not devices conform to the security standards required. However, appliances are not always easy to scale as new devices are added, often requiring more hardware to be purchased, configurations to be actively man-aged and needing administrators to take action when issues are encountered.

More recently, cloud-based, software as a ser-vice (SaaS) subscription-based services have come onto the market. The use of such servic-es provides advantages that include lower cost and administrative overhead since the services are based on a shared infrastructure and made available to many customers simultaneously. In terms of email security services offered in a cloud-based SaaS model, most providers focus not just on threat and malware protec-tion, but also offer a range of complementary services that are necessary for maintaining a comprehensive email security posture. These include inbound and outbound security and privacy protection, archiving, continuity, and regulatory compliance and litigation support. The level of protection offered through such services is often better than can be achieved in-house—in part because many responsibili-ties for security are pushed off onto the service provider, rather than having to be provided in-house (see Figure 1).

Figure 1: Division of security responsibilities in the SaaS delivery model

Source: European Network and Information Security Agency (ENISA)



Security as part of a unified email management system

Among the reasons why the level of threat protection offered by such services can be superior to those deployed in-house is that threats can be stopped in the cloud so that the malware exploits never even reach the organi-sation’s network or email systems. Many such services also gather samples of the latest threats as they emerge through worldwide intelligence networks that gather information from computer users worldwide, combined with a variety of other information and threat sources. Using a variety of detection tech-niques above and beyond those of signatures that provide countermeasures for threats that are known, including advanced heuristics, reputation analysis and content filtering, such services even afford protection against previ-ously unknown, so-called zero-day threats. Many also offer protection against outbound threats and data leakage through the provision of data leakage prevention (DLP) capabilities and can enforce the use of extra security con-trols, such as encryption for all data in transit and at rest in the email archiving repository.

Cloud-based tools provide many other ad-vantages for organisations in terms of man-agement of, and visibility over, the service as all tasks, such as policy development and enforcement, are accomplished through one web-based management console that provides a unified view of all services offered, as well as comprehensive management reports of their effectiveness. Guarantees over the effective-ness of those services are provided by service level agreements (SLAs). These supply assur-ances over the amount of uptime guaranteed, the level of protection against both known and zero-day threats, and levels of spam protec-tion—with financial penalties imposed on the provider for any failure to meet the guaranteed levels of service.

Further, cloud-based services are very well suited for the needs of organisations that wish to provide their workers with the flexibility of always-on access from anywhere via mobile devices, since only a browser interface is needed to connect to such services. Protection can even be easily and acceptably extended to those devices owned by employees themselves when connected to corporate resources—an increasingly common situation encountered in today’s business environment—as only a small agent needs to be installed on each device so that the user does not suffer the frustration of degraded performance, which is unacceptable to most when using their own devices.

For those organisations that do not wish to cede all control over their email management needs to a service provider, hybrid deployment models are now more commonly being offered that combine on-premise management of email systems with additional email manage-ment services based in the cloud. For example, organisations may wish to benefit from the use of cloud-based threat protection services for inbound email and perhaps for email storage and archiving, whilst using in-house physical or virtual appliances for mailbox management and DLP capabilities. For some organisations, this provides a way of testing whether or not the use of SaaS is suitable for them and, should they find its use beneficial, can then migrate further services to the cloud over time.



The components of a unified email management system

As stated above, email security needs to be part of a wider email management posture. Security is essential for providing protection against malicious threats and data loss but, given the importance of email as a com-munications and collaboration tool, email correspondence also needs to be securely stored, managed and archived. This is vital for reducing business risks, and especially those associated with regulatory non-compliance or litigation requests that demand that business records be produced, including all relevant emails. By looking at email management in a wider context, organisations will be in a better position to enforce corporate policy, prevent data loss, eliminate downtime, achieve com-pliance, eliminate risks associated with spam and malware, and facilitate rapid search and e-discovery for improved productivity and liti-gation response. This will help organisations in achieving the three key security objectives of organisations with regard to the business in-formation transmitted by and stored in email—integrity, confidentiality and availability.

The components of a unified email security system should include the functionality listed in the following sections.

Mailbox management

Efficient mailbox management is vital for main-taining user productivity. The email manage-ment system should ensure that all messages and their attachments are captured, even those deleted by users, and sent to the archive ac-cording to set rules and policies. This will get around problems caused by users storing emails in their own personal email folders, which are not accessible to others in the organi-sation. The user should then be able to search for and retrieve items from the archive directly from the familiar email client interface, as well as deal with suspicious items that have been quarantined, rather than requiring a separate pop-up interface for doing so. This will help to keep users productive, reduce training needs and lower the burden on the help desk of re-trieving deleted or hard to find items.

The system should support all the major email clients in use and versions thereof, so that no emails are missed. With many organisations looking to migrate to the latest 2010 version of Microsoft Exchange, a useful service that

many service providers offer is help with those migrations to ensure security levels are main-tained and policies continue to be enforced during the migration process.

Malware controls

Protection against malicious threats that in-clude malware and spam is a core capability of any email security system. However, with threats multiplying and growing in sophistica-tion, any technology chosen should feature advanced detection and threat mitigation ca-pabilities that provide protection against new, zero day threats. It is no longer sufficient to rely on reactive signature-based mechanisms since such countermeasures take time to develop and deploy to all devices via updates and patches to software installed on them. Not only is this time-consuming and frustrating for users, but it also leaves the organisation ex-posed to gaps in protection before all devices can be patched.

A more effective strategy is to subscribe to cloud-based email security services, where protection is applied remotely in the cloud before malicious traffic can reach the organi-sation’s network. Providers of such services generally deploy anti-malware controls from major vendors, often in combination, but sup-plement these with multiple other detection techniques that include reputation services, advanced heuristics, URL and content filter-ing, black and white listing, and traffic moni-toring for protection against such exploits as denial of service attacks. The use of multiple, proactive detection techniques provide protec-tion against even zero day attacks. Further, many email security service providers main-tain global threat intelligence networks that gather information pertaining to the latest threats from multiple sources worldwide, in-cluding threats seen by customers, honeypots and other threat information services such as those provided by CERTs, ISPs and govern-ment agencies.

The superior protection available through the use of cloud-based email security services is spurring the take-up of hybrid services, whereby organisations maintain and manage email clients in-house, but supplement them with the use of cloud-based services for cer-tain capabilities, such as malware protection.




Encryption and data leak prevention

Security breaches are everyday news and can hurt organisations that suffer them, ranging from damaged reputations and lost business to the possibility of fines or other sanctions for failing to adequately secure sensitive informa-tion. An effective email security system should therefore provide protection against unwanted data leaks, whether accidental or done ma-liciously, and should enforce compliance with the organisation’s security policies and regulatory compliance requirements. Not only should the system store all email messages and their attachments in encrypted form, but encryption should be enforced for protecting all sensitive information in transit according to policies set by the organisation.

More advanced capabilities include the use of image analysis to prevent the transmission of images deemed to be inappropriate or to pre-vent the leak of information such as product designs. Some will also enforce the conversion of documents to more secure formats, such as read-only PDF documents, to prevent the in-formation that they contain from being altered by the recipient. They can also enforce the use of email signatures and legal notices regard-ing the obligations of the message recipient in terms of how the information can be used. A further capability to consider is the use of closed-circuit messaging, whereby an email is sent containing just a link to a document that is held securely on the service provider’s network, allowing highly sensitive information to be shared without the original being actually distributed outside of the organisation.

Continuity

Given the importance of email, any disruption to email services that makes the system una-vailable is a frustrating productivity drain on users and can impact the business, perhaps through lost revenue-generating opportuni-ties. Most cloud-based email security services offer continuity capabilities that ensure that emails can be sent and received, even during a planned or unplanned outage, and that provide access to recently archived emails to keep users productive. However, capabilities vary and some vendors provide only limited coverage in this area. The system should also ensure that all emails are archived, even during an outage.

Data centre coverage

In order for a service provider to offer such capabilities, it must maintain a network of data centres for failover in the case of a disaster. Organisations should ask their service provid-er for details of their data centre coverage and security measures. In today’s highly regulated environment, the location of data centres is of importance as some laws, such as data protec-tion in European countries, demand that data is not transferred to locations such as the US, where controls are less strict. Another consid-eration with regard to data centre location is to guard the organisation against demands from law enforcement agencies and governments for access to business records, including emails, such as those of the Patriot Act of the US. As well as this, international litigation is on the increase. According to the 8th annual litigation trends report published by Fulbright & Jaworski LLP, 30% of 405 respondents from the US and the UK were party to at least one international arbitration dispute in 2011, rising to 50% of organisations with revenues of US$1 billion or more5. Among UK respondents, 42% stated that they had encountered issues concerning the jurisdiction in which document processing takes place. Organisations should therefore seek assurances over the jurisdic-tion in which their emails will be processed and stored.

Archiving and ediscovery

Email archiving is one of the cornerstones of any email management programme as it provides a secure manner to store emails for future use. This is a huge aid in productivity as users can easily search such archives to find information, such as details of a contract negotiation, which may be held in many email threads. There are also numerous govern-ment regulations and standards that demand that business records be retained securely for set periods, which can be as long as ten years.

In particular, cloud-based email archiving is considered by many organisations to be among the most suitable applications for using cloud-based services as archiving needs are relatively uncomplicated and uniform. In De-cember 2010, the US government unveiled its Cloud First policy, under which federal agen-cies must consider the option of using cloud-based services when planning new IT projects.




In April 2011, the White House CIO stated that 15 agencies had announced that they intended to move their email management and archiv-ing applications into the cloud. Two agen-cies—the General Services Administration and the Department of Agriculture—claim to have saved some US$40 million by abandon-ing in-house email. Building on this, the US government announced in November 2011 that all federal agencies have until May 2012 to report on how they intend to improve the way that they store and manage electronic records, including emails, blog posts and social media activity, and the White House, in conjunction with the National Archives and Records Administration, is currently drafting a new records management directive. Using cloud-based services is considered by many to be the best option.

Other governments are following this lead. The UK government has stated that cloud computing should account for half of its IT spend by 2015 and it is hoped that this will reduce its annual IT expenditure of £16 billion by £3.2 billion.

Another reason why email archiving should go hand in hand with email security is to support the growing number of ediscovery requests. According to Osterman Research, 57% of IT or-ganisations that it surveyed referred to email archives or backup tapes to support their or-ganisation’s innocence in a legal case in 2010 and 66% were ordered by a court or regula-tory body to produce employee email records6. Also, according to Fulbright and Jaworski’s 2011 litigation trends survey, organisations are concerned about stricter legislation being introduced that will lead to more litigation and 28% expect disputes to increase in 20125.

Figure 2: Reasons for archiving emails

When considering alternatives, organisations should look for a service that is tightly inte-grated with the email client that they use, with the archive directly searchable from the inbox for greater usability, and should ensure that all emails sent and received are captured by the system so that there are no gaps in the re-cords. The service should provide support for regulatory compliance needs, such as allow-ing retention periods to be set and enforced according to the requirements of regulations that the organisation faces. It should also ensure that archived records are securely deleted once they are no longer needed so that the organisation is not exposed to the litigation risk and expense of searching through years of unnecessary data.

Given the growth in litigation requiring elec-tronic business records, including emails, to be produced as evidence, any service chosen should provide ediscovery support, such as the ability to enforce legal holds. It is also abso-lutely essential that the archived records be held in a secure, tamperproof repository, with all emails held in encrypted form and access to the data by the vendor’s staff strictly con-trolled. Further, the archiving service should extend support to emails sent and received by mobile phones used in the organisation. According to Fulbright and Jaworski’s 2011 survey, 32% of respondents had to preserve or collect data from an employee’s mobile device for litigation or investigation purposes in the previous year.

Source: Computing7




Centralised management

To be effective, all of the components required of an effective email security management deployment should be tightly integrated, built on a common architecture and managed through a central interface. It is via this inter-face that policies such as encrypting outbound emails containing sensitive data and applying retention periods to inbound emails can be ef-fectively enforced. It should also be tightly in-tegrated with the email client in use to ensure that all emails are captured, even those sent and received by mobile devices.

Centralised management capabilities will also ensure that all actions taken across all compo-nents of the email security service are logged in a consistent manner so that reports can be generated for management purposes and an audit trail is available to help the organisation prove that it is complying with the demands of government regulations and industry stand-ards with which it must conform.



Overview of the major players

Cisco

Cisco’s email security products and services stem from its acquisition of IronPort in January 2007. It offers appliances for in-house deploy-ment, cloud-based email security services, a hybrid mix of the two and managed services for remote monitoring and management. It is best known for its on-premise appliances, deployed primarily by mid-sized and large organisations, whilst its cloud services have been developed more recently. Its products and services benefit from integration with other Cisco security products, such as its web security offerings, and it operates a global threat intelligence network that it claims monitors 30% of global internet traffic.

Whilst Cisco has many of the basics, it lacks a full vertical stack—for example, it does not offer archiving—and some of its capabilities are available as add-on options. It has been in the email security space for some time, but these products and services account for just a small proportion of its overall portfolio.

Google

Google’s email security capabilities come from its acquisition of Postini in 2007, a vendor of web and email security, and archiving ser-vices, in order to boost the business appeal of its Google Apps products. Rebranded Google Postini Services, Google has been merging its email security features into its Google Apps products, although it states that it will con-tinue to sell them as standalone services for those that wish that. However, in September 2011, Google announced that it was discon-tinuing new sales of web security products as the functionality has been merged into Google Apps and it remains unclear whether or not the same fate will befall email security. Google has also announced in February 2012 that it is discontinuing email continuity services for customers using Microsoft Exchange. These factors raise concern over the long-term vi-ability of its standalone products, as well as support for products other than Google Apps and its own email client.

Its email security capabilities are basic com-pared to its competitors and little has been seen in terms of product development since Google acquired Postini. Some components are provided by partners and some are also offered as add-on products, of which there are minimum purchase requirements for some, such as encryption. Google is also widely slated for the lack of support offered. Customers are directed to online support information, which provides a limited amount of rather general information, and direct support is available only for larger accounts via an online portal. No support phone number is published.




McAfee

McAfee was acquired by technology pow-erhouse Intel Corporation in 2011 and is maintained as a separate brand. Its email security capabilities are part of its content se-curity capabilities, also including web security and DLP. It offers its products as appliances, SaaS or a hybrid combination of the two. Many of its capabilities are offered as bundled suites offering varying levels of capabilities and are tightly integrated with its ePolicy Orchestrator management platform. Its appliance products came through McAfee’s acquisition of Secure Computing in 2007 and its SaaS capabilities through the acquisition of MX Logic in 2009. It recently integrated two in-house offerings into one email security gateway appliance.

McAfee’s products and services are fairly comprehensive and it has options for organi-sations from small firms right up to large en-terprises and ISPs, although it is considered to be fairly highly priced, especially when add-on services are purchased. It has a global threat intelligence network, which is considered to be strong.

Microsoft

Microsoft’s email security capabilities came through the acquisition of FrontBridge Inc in 2005. Now rebranded Microsoft Forefront, it offers on-premise products for its Exchange 2010 server and a SaaS offering for Exchange, which is the default choice for Exchange Online and Office 365, its suite of business pro-ductivity offerings. Its email security products are included in many product bundles that it offers. However, its email security capabilities are considered to be fairly basic in their native features and many customers of Office 365 and Exchange 2010 are choosing to supplement the services with those of specialised vendors, especially in the cloud-based email archiving and continuity space.

One particular caveat for its SaaS offering is that it only maintains data centres in the US and Europe and only guarantees in-geography processing in the US, specifically stating that data for customers in EMEA will be hosted in both Europe and North America. It does not offer continuity services.




Mimecast

Mimecast is a specialised vendor of unified email management services based on a SaaS model. Its services encompass email security, archiving, continuity, policy management and data leakage prevention and were all built as SaaS services from the ground up by Mimecast as one unified, tightly integrated service. The capabilities offered by Mimecast’s email man-agement service are considered to be strong and it has a good track record of constant in-novation. Its widespread data centre coverage is another key differentiator and in-geography processing and storage is guaranteed for all customers. Its SLA is strong compared to competitors and guarantees 100% uptime, even for access to the email archive, and un-interrupted email during an outage. Mimecast is also widely recognised for the quality and timeliness of its customer support, offered across multiple channels.

Although coverage is provided for multiple email clients, the primary focus is on Microsoft Exchange and it offers a service for those or-ganisations looking to migrate to Exchange 2010 or Office 365. It has recently expanded its mobile coverage and continues to add new, innovative features to its service in areas that differentiate it from its competitors, including advanced encryption options, enhanced self-service, secure attachment management, and stationery and email marketing tools.

Proofpoint

Proofpoint is a specialised provider of email security offerings, including on-premise and SaaS solutions for email security, data leak-age prevention, privacy protection, email en-cryption, archiving and ediscovery. Many of its products have been acquired or are provided via partnerships, which can be risky if those partners are acquired. For example, its part-ner Clearwell Systems, providing ediscovery capabilities, was acquired by Symantec in 2011. The functionality of many of its products and services is considered to be good, although its archiving solution is not as highly regarded as its other capabilities.

Proofpoint primarily targets mid-sized and large organisations and its SaaS services are used by even very large organisations. It also has a primary focus on North America and is not especially well known in EMEA, where it is only now setting up its data centre infrastruc-ture in association with a partner. Its products and services are considered to be fairly high priced, especially as many capabilities are provided as add-ons, which can jack up the price considerably.




Symantec

Symantec is one of the largest security vendors and has a broad range of offerings for email security—so broad that navigating through the maze can be a daunting challenge. It offers hardware and virtual appliances, software and SaaS options, some designed for specific email clients that include Exchange and Domino. It is considered to have some strong capabilities and maintains a well regarded global threat intelligence network. However, all products were acquired and integration challenges remain. Its latest acquisition was of LiveOffice, a vendor of SaaS email archiving, in 2012, which it had previously been offering under an OEM arrangement.

Symantec’s products and services are fairly high priced, especially as some of the capabili-ties offered are optional extras. It has world-wide coverage and good support capabilities, as well as particularly strong SLAs.

Websense

Websense is considered to be a leader in web security, which remains its core focus, although it has a fairly broad portfolio of email security capabilities. It is considered to be par-ticularly strong in terms of its DLP capabilities, which are integrated across all delivery chan-nels, as well as its Threatseeker global intelli-gence network. It offers SaaS and on-premise options, as well as a hybrid combination of the two. The majority of its products and services were acquired and have been integrated with its TRITON management interface and report-ing engine since 2010, providing a common management console for email, web and data security. For some capabilities, it has relied on partnerships, which can be a risky strategy as was seen with the acquisition of its partner LiveOffice by Symantec, leaving it with no ar-chiving or continuity capabilities.

Websense is a public company, but only achieved profitability from 2010 onwards. It is considered to be mid- to high priced and some of its capabilities, such as advanced encryption and image analysis, are provided as optional add-ons.



Data reference section

Champion

Inno

vato

r

Challenger

Cisco

McAfee

Symantec

Mimecast

Proofpoint

Websense

MicrosoftGoogle

The information used in making these evaluations has been drawn from a variety of sources, including published and unpublished sources. Technology and services providers have been evaluated for their capa-bilities in offering email security in the wider context of a unified email management system. The evaluations take into account their financial stability, brand and market share, their current offerings in this market sector and future direction, market presence, and perceived strengths and weaknesses. The information provided does not constitute a direct endorsement of any of the organisations. Where the diagram is con-cerned, the closer to the centre the vendor is positioned, the more fit for purpose their offerings are considered to be.

Figure 3: The vendor landscape



Summary

Email security is essential. Email communications provide for efficient and effective collaboration and are extremely important as business re-cords, yet they have long been the target of criminals looking to spread malware and steal the information that they contain. There are many things to consider when selecting an email security system as security should be seen in the wider context of email management as a whole as well as the differing options in terms of how the controls are imple-mented that are available. The vendors profiled in this paper represent some of the most viable options on the market, yet each have their own strengths in terms of features and coverage.

References

1. http://www.ostermanresearch.com/whitepapers/or_or1210c.pdf

2. http://www.comscore.com/Press_Events/Press_Releases/2011/1/Web-based_Email_Shows_Signs_of_Decline_in_the_U.S._While_Mobile_Email_Usage_on_the_Rise

3. http://www.radicati.com/wp/wp-content/uploads/2011/09/Survey-Corporate-Email-2011-2012-Executive-Summary.pdf

4. http://www.enterprisestrategygroup.com/2004/08/intellireach-looks-to-shake-up-a-crowded-enterprise-message-archiving-ema-market/

5. http://www.fulbright.com/images/publications/Report3.pdf

6. http://www.ostermanresearch.com/whitepapers/or_or1010.pdf

7. http://www.ithound.com/abstract/benefits-moving-email-archiving-cloud-7439

Further Information

Further information about this subject is available from http://www.BloorResearch.com/update/2128

http://www.ostermanresearch.com/whitepapers/or_or1210c.pdf

http://www.comscore.com/Press_Events/Press_Releases/2011/1/Web-based_Email_Shows_Signs_of_Decline_in_the_U.S._While_Mobile_Email_Usage_on_the_Rise



http://www.radicati.com/wp/wp-content/uploads/2011/09/Survey-Corporate-Email-2011-2012-Executive-Summary.pdf

http://www.radicati.com/wp/wp-content/uploads/2011/09/Survey-Corporate-Email-2011-2012-Executive-Summary.pdf

http://www.enterprisestrategygroup.com/2004/08/intellireach-looks-to-shake-up-a-crowded-enterprise-message-archiving-ema-market/



http://www.fulbright.com/images/publications/Report3.pdf

http://www.ostermanresearch.com/whitepapers/or_or1010.pdf

http://www.ithound.com/abstract/benefits-moving-email-archiving-cloud-7439

http://www.ithound.com/abstract/benefits-moving-email-archiving-cloud-7439

http://www.BloorResearch.com/update/2128

Bloor Research overview

Bloor Research is one of Europe’s leading IT research, analysis and consultancy organisa-tions. We explain how to bring greater Agility to corporate IT systems through the effective governance, management and leverage of Information. We have built a reputation for ‘telling the right story’ with independent, intel-ligent, well-articulated communications con-tent and publications on all aspects of the ICT industry. We believe the objective of telling the right story is to:

• Describe the technology in context to its business value and the other systems and processes it interacts with.

• Understand how new and innovative tech-nologies fit in with existing ICT invest-ments.

• Look at the whole market and explain all the solutions available and how they can be more effectively evaluated.

• Filter “noise” and make it easier to find the additional information or news that sup-ports both investment and implementation.

• Ensure all our content is available through the most appropriate channel.

Founded in 1989, we have spent over two dec-ades distributing research and analysis to IT user and vendor organisations throughout the world via online subscriptions, tailored re-search services, events and consultancy pro-jects. We are committed to turning our knowl-edge into business value for you.

About the authorFran HowarthSenior Analyst - Security

Fran Howarth specialises in the field of security, pri-marily information security, but with a keen interest in physical security and how the two are converging. Fran’s other main areas of interest are new deliv-ery models, such as cloud computing, information governance, web, network and application security, identity and access management, and encryption.

Fran focuses on the business needs for security technologies, looking at the benefits they gain from their use and how organisations can defend themselves against the threats that they face in an ever-changing land-scape.

For more than 20 years, Fran has worked in an advisory capacity as an analyst, consultant and writer. She writes regularly for a number of pub-lications, including Silicon, Computer Weekly, Computer Reseller News, IT-Analysis and Computing Magazine. Fran is also a regular contributor to Security Management Practices of the Faulkner Information Services divi-sion of InfoToday.

Copyright & disclaimer

This document is copyright © 2012 Bloor Research. No part of this pub-lication may be reproduced by any method whatsoever without the prior consent of Bloor Research.

Due to the nature of this material, numerous hardware and software products have been mentioned by name. In the majority, if not all, of the cases, these product names are claimed as trademarks by the compa-nies that manufacture the products. It is not Bloor Research’s intent to claim these names or trademarks as our own. Likewise, company logos, graphics or screen shots have been reproduced with the consent of the owner and are subject to that owner’s copyright.

Whilst every care has been taken in the preparation of this document to ensure that the information is correct, the publishers cannot accept responsibility for any errors or omissions.

2nd Floor, 145–157 St John Street

LONDON, EC1V 4PY, United Kingdom

Tel: +44 (0)207 043 9750 Fax: +44 (0)207 043 9748

Web: www.BloorResearch.com email: [email protected]

www.bloor-research.com

malto:[email protected]