Enterprise Requirements for Anti-Spam Solutions



Similar documents
The Case for Managed Anti-Spam Services

The OEM Market for Anti-Spam Solutions

Copyright 2011 Sophos Ltd. Copyright strictly reserved. These materials are not to be reproduced, either in whole or in part, without permissions.

Mailwall Remote Features Tour Datasheet

YSU Spam Solution Guide to Using Proofpoint

Archiving Technology Trends May Report #639 Ferris Research Analyzer Information Service

5053A: Designing a Messaging Infrastructure Using Microsoft Exchange Server 2007

PRECIS ANTI-SPAM GATEWAY AUTHENTICATION CASE STUDIES

Snapshot: Zantaz Enterprise Archive Solution, Digital Safe, and Introspect

Mod 08: Exchange Online FOPE

WHITE PAPER. Understanding the Costs of Security

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview

Customized Cloud Solution

USER S MANUAL Cloud Firewall Cloud & Web Security

Installing GFI MailEssentials

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide

Cubic Live Services. Cubic Live s Strengths. Messaging Solutions & Services. Collaboration Solution & Services

Spam Filter Message Center. User Guide

Symantec AntiVirus Enterprise Edition

How To Protect From The Internet With Mailmarshal Smt And Mailmper For Exchange

FortiMail Filtering Course 221-v2.0. Course Overview. Course Objectives

Installing GFI MailEssentials

How To Use Ibm Tivoli Monitoring Software

Microsoft Exchange 2010 Archiving and the Value of Third-Party Solutions

archiving at its best

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

Apps4Rent Hosted Exchange Spam Management Interface Guide.

Voltage's Encrypted

Introduction. How does filtering work? What is the Quarantine? What is an End User Digest?

BUILT FOR YOU. Contents. Cloudmore Exchange

The Advantages of Security as a Service versus On-Premise Security

FortiMail Filtering. Course 221 (for FortiMail v5.0) Course Overview

How To Manage Your Quarantine On A Blackberry.Com

Barracuda Spam Firewall

Managed Services. Business Intelligence Solutions

What makes Panda Cloud Protection different? Is it secure? How messages are classified... 5

Version 5.x. Barracuda Spam & Virus Firewall User s Guide. Barracuda Networks Inc S. Winchester Blvd Campbell, CA

Secure Services Training. Jeff Thon

PROOFPOINT - SPAM FILTER

This course is intended for IT professionals who are responsible for the Exchange Server messaging environment in an enterprise.

- CIO/Technology Director

Best Practices & Deployment SurfControl Mobile Filter v

eprism Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide

V1.4. Spambrella Continuity SaaS. August 2

System Compatibility. Enhancements. Operating Systems. Hardware Requirements. Security

FortiMail Filtering Course 221-v2.2 Course Overview

WHITE PAPER. Safeguarding your Infrastructure INSIDE MODUS TECHNOLOGY

Barracuda Spam Firewall User s Guide

ExchangeDefender. Understanding the tool that can save and secure your business

itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your business onwards and upwards into the future.

IBM Software Information Management. Scaling strategies for mission-critical discovery and navigation applications

Kaspersky Anti-Spam 3.0

The GlobalCerts TM Secur Gateway TM

Barracuda Spam & Virus Firewall User's Guide 5.x

Microsoft Exchange Server 2007, Upgrade from Exchange 2000/2003 ( /5049/5050) Course KC Days OVERVIEW COURSE OBJECTIVES AUDIENCE

FortiMail Filtering. Course for FortiMail v4.0. Course Overview

eprism Security Appliance 6.0 Release Notes What's New in 6.0

ORACLE COMMUNICATIONS MESSAGING EXCHANGE SERVER

K7 Mail Security FOR MICROSOFT EXCHANGE SERVERS. v.109

Instant Technical Brief: A Comparison of Instant Team Sessions and Instant Queue Manager with IBM Lotus Sametime Advanced

CompleteCare+ Enterprise Voice

IMF Tune Opens Exchange to Any Anti-Spam Filter

Whitelist Management

Comprehensive Anti-Spam Service

Brit HOSTED EXCHANGE BRITE SECURITY FEATURES:

Hosted Managed by Specialists

User guide Business Internet features

OIS. Update on the anti spam system at CERN. Pawel Grzywaczewski, CERN IT/OIS HEPIX fall 2010

Messaging Firewall. W h i t e p a p e r. w w w. c m s c o n n e c t. c o m

PureMessage for Microsoft Exchange Help. Product version: 4.0

1 Accessing accounts on the Axxess Mail Server

Blocking Spam with Sender Validation

Outsourcing Your Corporate

HOW TO: Use the UWITC Barracuda Spam Filter System

Microsoft Exchange Online from BT. Service Description (Shared Platform)

Version 3.x. Barracuda Spam & Virus Firewall User s Guide. Barracuda Networks Inc S. Winchester Blvd Campbell, CA

IBM System i Integrated Collaboration

Saf April Saf Helping your business reach further with hosted at UK based, ISO 27001, Tier 4 data centres.

Barracuda Spam Firewall User s Guide

Migration Manual (For Outlook 2010)

management solutions

The Cost of Migrating From Microsoft Exchange v5.5 to v2000

10135A: Configuring, Managing, and Troubleshooting Microsoft Exchange Server 2010

Exchanging Exchange Server

THIS SERVICE LEVEL AGREEMENT (SLA) DEFINES GUARANTEED SERVICE LEVELS PROVIDED TO YOU BY INFRONT WEBWORKS.

FortiMail Filtering. Course 221 (for FortiMail v4.2) Course Overview

MXSweep Hosted Protection

MSP Service Matrix. Servers

AlwaysMail. Sector 5. Cloud

The Total Cost of Ownership for Voltage Identity-Based Encryption Solutions

STPIC/Admin/002/ / Date: Sub: Quotation for purchase/renewal of Anti Virus Software Reg.

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

Using the Barracuda Spam Firewall to Filter Your s

Migration Manual (For Outlook Express 6)

THE VALUE OF NETWORK MONITORING

Archiving & Records Management

Security Series

A 123Together.com White Paper. Microsoft Exchange Server: To Outsource Or Not To Outsource The affordable way to bring Exchange to your company.

Protect Your Enterprise With the Leader in Secure Boundary Services

A three step plan for migrating to Microsoft Exchange 2010

Transcription:

Enterprise Requirements for Anti-Spam Solutions A Ferris Research White Paper September 2003. Report #390 Sponsored by Ferris Research 408 Columbus Ave., Suite 1 San Francisco, Calif. 94133, USA Phone: +1 (415) 986-1414 Fax: +1 (415) 986-5994 www.ferris.com

Recent Reports From Ferris Research The Case for Managed Anti-Spam Services The Cost of Spam False Positives Wireless Access to Messaging and Collaboration: Tutorial Cross-Organizational Calendaring and Scheduling: Tutorial Regulations and Email Archiving Cross-Organizational Calendaring and Scheduling: Key Trends Encrypted Email Tech-Ed 2003: A Messaging Perspective Integrating Presence Into Business Applications: Key Trends Anti-Spam for Businesses and ISPs: Market Size, 2003-2008 Spam: Ferris User Panel Discussion Instant Messaging and Presence: Market Analysis, 2002-2007 Lotusphere 2003 Corporate Email Issues: Part 2, Spam Instant Messaging and Presence: Market Size, 2002-2007 Corporate Email Issues: Part 1, Systems and Usage Spam Control: Problems and Opportunities The Total Cost of Ownership of Lotus Notes/Domino Corporate Email Issues: About the Survey MEC 2002: Putting Microsoft s Messaging Plans in Context Microsoft Exchange Titanium and Microsoft Outlook 11 Voice Telephony for the Enterprise: Business Implications The Total Cost of Ownership of Microsoft Exchange The Cost Savings of Upgrading to Notes/Domino 6 The Outlook for Human Business Communications Instant Messaging and Presence: Vendor Success Criteria The Cost of Notes, Exchange, and Samsung Contact The Email Archiving Market: 2002-2007 Desktop Conferencing Email Archiving and Records Management Instant Messaging: Vendor and Service Provider Survey The Future of SMS on Mobile Phones Microsoft Exchange s Mobile Connectivity Strategy Email Standards Update Email Archiving Survey Instant Messaging: Current Issues, Key Trends MEC 2001: A Conference in Transition Instant Messaging and Presence Standards Email in Higher Education Message Archiving: Leading Vendors, User Requirements, Pricing 2 authorship and sponsorship and include this notice. For subscriptions, contact us at +1 415 986 1414 or info@ferris.com.

Table of Contents Executive Summary...4 Enterprise Requirements...5 System Architecture...5 Operates at Internet Boundary...5 Vertical and Horizontal Scalability...5 Flexible Filters and Policy Administration...5 LDAP Support for Policy Setting...6 Support OS Platforms of Choice...6 Single-Image Administration...7 Support for Multiple Administrators...7 Integrated With Content Security...7 Operations...8 User-Oriented Filter Management...8 Quick Response, Transparent Updates From Vendor...8 Standard Reports...8 Centralized Reporting...9 Custom Reports...9 Monitoring Tools...9 Interface to Management Systems...9 Vendor Analysis...10 Anti-Spam Expertise...10 Company Viability...10 Proofpoint Protection Server...11 Spam Detection...11 Virus Scanning...11 Content Compliance...11 authorship and sponsorship and include this notice. For subscriptions, contact us at +1 415 986 1414 or info@ferris.com. 3

Executive Summary Today there is a wide range of anti-spam products available, from solutions designed for individual end users to products for large network operators like AOL or EarthLink. There are a number of features organizations should look for when evaluating an anti-spam product, such as high spam capture and low false-positive rates. Antispam solutions should also allow users to define their own whitelists and spam tolerance levels. Many of the considerations, such as the ones just mentioned, apply irrespective of an organization s size. However, large organizations have some special requirements that often differ from the needs of smaller organizations. These special requirements are the subject of this white paper. To meet the anti-spam requirements of large organizations, the antispam product should: Be deployable as a server solution at the Internet perimeter. Integrate with popular enterprise messaging and directory systems. Run on the customer s server platform of choice: UNIX or Windows. Be easy for IT to deploy and manage. Offer flexible configuration and management options for setting rules and handling spam. Provide flexibility to match company policies and preferences. Allow end users to manage their own junk mail folders and set simple preferences. Receive frequent anti-spam updates from a solid, focused vendor. Make additional content-security features available as an integrated part of the platform. 4 authorship and sponsorship and include this notice. For subscriptions, contact us at +1 415 986 1414 or info@ferris.com.

Enterprise Requirements In this white paper, we examine the special anti-spam requirements of large organizations. We use the terms anti-spam product, antispam service, and anti-spam solution interchangeably. System Architecture We first discuss the architectural requirements. Operates at Internet Boundary Most companies deploy an anti-spam solution on their Internet perimeter. This generally results in the lowest costs and the best performance when blocking spam. Internet boundary solutions also require the least overall administration and management. Other alternatives, such as desktop client-based solutions, are very expensive to maintain in large enterprises and are a better fit for small companies. Vertical and Horizontal Scalability Enterprises by definition have large numbers of mailboxes deployed, and almost certainly process large volumes of email. For this reason, scalability is a key requirement. There are two types of scalability: vertical and horizontal. Vertical scalability means an organization grows the system by adding more hardware to a server, such as additional memory, disk space, or processor power. In many cases, this allows an organization to minimize the physical number of servers it manages, reducing costs. With horizontal scalability, an organization grows the system by adding servers or blades. This has some advantages, such as implied failover capability and redundancy. However, it does require managing additional systems. Once multiple servers are deployed, the ability to manage them as a single integrated system becomes important. For this reason, it s usually better to go for vertical scalability before expanding horizontally. Flexible Filters and Policy Administration Filters and policies, and overrides for filters and policies, should be definable at many different levels. At various points in the organization, it should be possible to choose when to delete spam, when to quarantine it in a junk mail folder, and how to manage system settings. authorship and sponsorship and include this notice. For subscriptions, contact us at +1 415 986 1414 or info@ferris.com. 5

For example, an organization could choose to delete spam outright for most users, but save any message identified as spam for a short time for certain groups like executives or sales. Or, within a given organization: The default policy may be that all sexual and financial promotions should be stopped and deleted at the Internet boundary. The sales department may want all promotional spam (especially financial promotions, for example) to be routed to a particular quarantine area for later review by marketing staff. The finance director may be reevaluating the terms of a mortgage and may therefore want spams that relate to mortgage offers directed to his or her inbox. Thus anti-spam products need the flexibility to allow organizations to apply some policies universally across the enterprise, and to apply other policies to specific groups or even individual users. Most large organizations should allow end users to manage personal junk folders, and in some cases personal whitelists. These help process bona fide email as well as reduce the IT administrative burden. It also incurs the lowest overall costs, because users are much faster than administrators at reviewing and administering their own junk mail. However, administrators need to be able to override policies so that individual users can t create personal settings that contradict organizational standards. The key here is flexibility. All organizations have their own approaches, and these change over time. Anti-spam tools have to be able to adjust accordingly. LDAP Support for Policy Setting In order to deploy effective group-based policies, the anti-spam solution needs to be able to access external directories. As a practical matter, this means it should support LDAP. This allows the anti-spam product to perform real-time or scheduled queries against an organization s internal corporate directory. For example, if an organization wants to deploy an anti-spam policy for the sales team, the anti-spam solution needs to query the enterprise directory to determine the members of the sales group. This reduces the ongoing administrative efforts to maintain separate lists. Support OS Platforms of Choice UNIX dominates the firewall. It is what people who support the corporate Internet boundary know and love. As a result, an anti-spam solution may well need to run in UNIX environments. UNIX is also used for departmental and divisional servers, due to its better scalability than Windows. However, others prefer to use Windows in order to standardize the technologies they must support. 6 authorship and sponsorship and include this notice. For subscriptions, contact us at +1 415 986 1414 or info@ferris.com.

Thus an important requirement is that an anti-spam solution run under an organization s operating systems of choice. In most cases, that will include some flavor of UNIX. Sun s Solaris is the most popular corporate UNIX platform, and many enterprises are now looking into using Linux. For UNIX-oriented organizations, future Linux support may also be a consideration when evaluating an anti-spam solution. Single-Image Administration It often makes sense to deploy several servers running the anti-spam solution. This provides for load balancing, failover support, and higher throughput. As organizations deploy groups of servers, the initial approach, where a single administrator uses an administration program to connect to and configure a single server, no longer works well. In order to configure multiple servers, administrators should be able to make changes to a single server and then have those changes adopted by other servers. This eliminates the need to make the same change across many servers, and helps to keep servers configured consistently. Support for Multiple Administrators The system should provide support for multiple administrators. Organizations with multiple anti-spam servers are likely to have more than one person who performs updates to the servers. Whenever administration is done by more than a single person, other features become valuable, such as: A change log or history, which shows all changes that were made to a server, along with the time and date of the change and the user name of the person making the change. The ability to roll back changes to correct unintended consequences. The ability to use security to allow individuals to make changes in one area of the program, but not in another. For example, organizations may want the help desk to be able to retrieve a falsepositive message, but not make any changes to active anti-spam rules or SMTP message routing. Integrated With Content Security Spam is an obvious and obnoxious problem, and many organizations have little trouble getting budget approval to install an anti-spam solution. However, spam control is a specific case of implementing content security. Ideally, organizations should purchase an anti-spam solution that is part of a broader, integrated set of content-security tools. authorship and sponsorship and include this notice. For subscriptions, contact us at +1 415 986 1414 or info@ferris.com. 7

Content-security products allow administrators to define and implement email policies. They scan messages to determine if they meet corporate policies and then apply processing as defined by those policies. For example, content-security products can: Control what attachments are allowed to be sent or received. They may disallow everyone but the technical support group from receiving.exe attachments, which might contain a virus. Scan messages in real time for unacceptable language or any information that is confidential to the company. Such email might be deleted, or returned to the sender with a note about the language, or sent to the sender s boss. Add disclaimers to messages from the sales department. Provide virus and spam control. Operations We now consider day-to-day system use. User-Oriented Filter Management Much of the management should be done by end users. They should be able to create and update their own custom rules or whitelists, and monitor their own spam junk mail folders. End users are far better qualified to judge what is spam than an administrator, and they can scan their quarantine area much more quickly than an administrator. Solutions that require an administrator to monitor spam quarantines are impractical in large organizations. Quick Response, Transparent Updates From Vendor For many products, filter updates will be necessary every few days, or weekly. However, because spam is constantly changing, new filter logic will sometimes have to be developed and disseminated to customers very rapidly. The vendor should have the infrastructure in place to do this. Anti-spam vendors should transparently deploy these updates. While administrators set the identification thresholds for their organizations and determine how to handle spam that the system identifies, the vendor should deliver updates to the spam identification rules. In many ways, this is analogous to anti-virus applications. Customers expect their anti-virus vendor to know what viruses are likely to be encountered, and transparently deliver updates. Often, vendors are chosen based on their ability to deliver these updates. The same type of relationship is required for the anti-spam market. Standard Reports Reporting tools are important. They help administrators understand what the system is doing, and plan for future growth. 8 authorship and sponsorship and include this notice. For subscriptions, contact us at +1 415 986 1414 or info@ferris.com.

The anti-spam application should come with many preconfigured reports that are easily accessible for daily reporting and monitoring of the system. For example, these reports might show: The number of spam messages that have been blocked over a given week or month. Administrators can translate this data into savings of resources, using spam cost models such as those published by Ferris Research. The rules that have been most effective at blocking spam. Typically, modern anti-spam solutions use a range of tests to determine if a message is spam, including blacklists, content analysis, and DNS-based real-time black-hole list lookups. This type of report shows which measures are most, and least, effective at spam blocking. It also helps support staff prioritize where to spend their time. Centralized Reporting When multiple anti-spam servers are deployed within an organization, centralized reporting is important. This lets administrators view the servers activity as a unified system. Custom Reports While there should be a number of reports available out of the box, administrators also need to customize reports or create new ones. System data should be stored in an easily accessible format and location, preferably in a SQL database. From the SQL database, users can utilize tools such as Excel or Crystal Reports for custom reporting. Monitoring Tools Monitoring tools are important for administrators. They let administrators ensure that an anti-spam solution is running and performing as expected. For example, in case of system failure, alerts can be set so that there is no interruption to the message flow. Monitoring tools also help support staff plan for future system demands. In short, administrators must monitor anti-spam solutions for the same reasons as they monitor other parts of their messaging infrastructure. Interface to Management Systems Large organizations run central network management tools, such as HP OpenView and IBM Tivoli. These tools monitor many different applications, and allow a small, centralized team to spot and resolve problems. Alternatively, problems may be escalated to specialists. An anti-spam solution should thus be able to interact with network management systems. authorship and sponsorship and include this notice. For subscriptions, contact us at +1 415 986 1414 or info@ferris.com. 9

Likewise, anti-spam solutions that run on Windows servers should support Windows standards such as the performance monitor and the event log. This enables organizations to use their standard Windowscentric management tools. Finally, an anti-spam solution should be able to work with messagingspecific management tools, such as BMC Patrol and NetIQ AppManager. Vendor Analysis While product features are important, there are two other key considerations when evaluating an anti-spam vendor: anti-spam expertise and company viability. Anti-Spam Expertise A good product must have long-term success in blocking spam. This requires frequent updates and changes. Spam authors continually try new tricks in order to bypass spam filters, and vendors need to constantly update their defense tactics. Thus customers shouldn t buy a product based on features alone. Rather, organizations should look at vendors that have a strong team of experts who study the latest spam trends and how to counter them. The better the quality of this team, the better the spam blocking. Companies that have anti-spam as their sole raison d être have a natural advantage in this regard. Company Viability Ideally, organizations should choose an anti-spam supplier that is financially viable and is likely to be around over the long term. Vendor reliability is important because switching to another solution is expensive and time-consuming. Thus a public firm may be preferable to a private one, because reports are available on a public company s fundamental financial health. Since the spam problem is relatively new, many of the companies selling solutions in this area are also new. This in itself can be risky. As a practical matter, though, blue-chip reliability, or anything like it, cannot be required. There is a good chance an organization will want to go with a firm whose future is far less certain than leading vendors in established fields. Nevertheless, the following are good signs: an established record of profitability, or failing that, some recent record of profitability; plenty of cash in the bank; and a strong reputation in the marketplace. Author: Chris Williams Editor: David Ferris 10 authorship and sponsorship and include this notice. For subscriptions, contact us at +1 415 986 1414 or info@ferris.com.

Proofpoint Protection Server The Proofpoint Protection Server (PPS) is an email security server that runs on UNIX platforms such as Sun Solaris and Red Hat Linux. The product is particularly designed to meet the needs of large organizations. Spam Detection PPS uses a variety of detection techniques to build a spam score for a specific message. In addition, Proofpoint uses an automatic customer update service to provide the latest anti-spam filters. Rules can take different actions depending on the spam confidence level. For example, messages with high spam scores can be immediately deleted, while messages with lower scores can be marked as probable spam and sent to a quarantine area for analysis. Optionally, users can have full control over their own quarantine area. They can review archived spam and add or modify their own personal whitelists and blacklists, which reduces the administrative burden. Virus Scanning The Proofpoint product supports many of the leading anti-virus engines. Customers can employ multiple anti-virus engines simultaneously for maximum protection. By integrating virus detection into the Proofpoint server, the company believes it can provide higher overall performance. PPS can open and examine a message once, and simultaneously perform anti-virus, antispam, and content checks. Content Compliance Enterprises can implement their own corporate policies by customizing filters containing words and phrases. Or they can set policies based on message attributes, such as email size or attachment type. Message policies can be customized by user or by group, allowing organizational flexibility for policy implementation. For more information, contact Proofpoint: www.proofpoint.com Telephone: +1 (877) 64POINT Email: sales@proofpoint.com authorship and sponsorship and include this notice. For subscriptions, contact us at +1 415 986 1414 or info@ferris.com. 11

Ferris Research Ferris Research is a market research firm specializing in messaging and collaborative technologies. We provide business, market, and technical intelligence to vendors and corporate IT managers worldwide with analysts located in North America, Europe, and Asia/Pacific. To help clients track the technology and spot important developments, Ferris publishes reports, white papers, bulletins, and a news wire; organizes conferences and surveys; and provides customized consulting. In business since 1991, we enjoy an international reputation as the leading firm in our field, and have by far the largest and most experienced research team covering messaging and collaboration. Ferris Research is located at 408 Columbus Ave., Suite 1, San Francisco, Calif. 94133, USA. For more information, visit www.ferris.com or call +1 (415) 986-1414.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information