Antivirus Scanning
One important consideration in choosing a product is how it performs antivirus scanning. Only about half of the currently available email security products actually scan files; the other half simply block file attachments by extension name or by looking at MIME types. Assuming the product scans for viruses, which scanning engine does it use? If the company doesn't have years of demonstrated experience in antivirus scanning, its products should use a well-known third-party engine. To improve scanning accuracy, some vendors let you install more than one antivirus engine. Does the product look for and analyze embedded email content, such as ActiveX controls, Java applets, and scripts? Does it open embedded email links to scan remotely delivered content? Does it scan archive file types such as .tar and .zip files? Does it block cookies, spyware, and Web bots? A good email antivirus engine performs all these functions.
As a side note, if your email antivirus scanner sends autoreplies back to infected senders to warn them that they're infected, turn off that function. Almost all email viruses and worms forge the sender's address, making autoreplies almost useless.
Spam Blocking
How accurately does the product stop spam while allowing legitimate email? Most vendors claim a 98 percent or higher accuracy rate. However, such claims are questionable, and even a 98 percent accuracy rate lets a lot of spam through. Is the vendor's accuracy rating determined by false positives or false negatives? Which technologies does the product use to block spam? The best spam-blocking products use a combination of automated analytical tools and are supported by a team of people who perform ongoing spam research. The following are common spam-blocking methods:
- keyword scanning
- spoofed sender address checking
- pornography-recognition engines
- message-text hashing to recognize common spam wording
- internal and external blacklists
- real-time blacklist sites
- whitelists
- sender-address or domain blocking
- message-header verification
- reverse DNS lookup
- antirelaying technology
Content Filtering
Content filtering is a two-way street: You need to prevent end users from downloading unauthorized Web site content and from emailing content that could expose the company to unnecessary business risk. How does the product block content—by domain, IP address, keyword, or Web site category? Does the product come with default content filters, and if so, can you modify them and create customized filters? Can the filters normalize data to remove extraneous spaces and characters that spammers commonly use before running the content against a rule set? Can it prevent end users from using anonymous proxy Web sites to circumvent the filters? Does it scan for content on ports and protocols other than those used for email or HTTP?
Global Considerations
When choosing a spam-blocking product, you need to consider the following. Which email servers and services does the product support (e.g., Lotus Domino, Microsoft Exchange Server, Novell GroupWise, SMTP)? Does it support FTP, HTML, IMAP, Network News Transfer Protocol (NNTP), POP, Remote Storage Service (RSS), and UNIX-to-UNIX Copy (UUCP)? Does the product have Lightweight Directory Access Protocol (LDAP) support so that you can use directory namespaces like Active Directory (AD) to authorize and authenticate content? Can it control or monitor content that comes across IM or P2P platforms? Is the solution a hardware appliance, software product, or Web service? If your company needs fault tolerance, does the product support load-balancing or failover capabilities? Which functions does the base product include, and which modules cost extra?
Making Your Decision
As you can see, you have a lot of things to consider when you're thinking about purchasing an email security suite. The best advice is to try a product before you buy it. Take a look at the functionality of each solution on your short list, read the available literature, and install the product in a test lab to determine whether it meets the needs of your environment.
End of Article
Prev. page
1
[2]
next page -->
