email security

This tag is associated with 7 posts

The XCS 10 Forecast: Cloudy with 100% Chance of Content Security

Over the past decade, during the journey of server virtualization from primarily dev/test environments to mission-critical deployment on-premise and in the cloud, the applications that have led the way have been the email and web services that power most businesses. And as those business-critical uses keep growing so to do the need to keep them secure. But protection of virtualized and cloud-based deployments is difficult if you use solely traditional security appliances. That changes now with the arrival of WatchGuard XCS 10, the latest operating system for our enterprise content security platform.

In fact, if you’re a user of the XCS hardware and XCSv virtual appliances with a LiveSecurity subscription, you can upgrade now for free.

With new Microsoft Hyper-V® support, IPv6 support, and outbound anti-spam capabilities, XCS 10 streamlines the implementation and management of content security strategies for small, medium and large enterprises.

According to Gartner, nearly two-thirds of x86 architecture workloads have been virtualized on servers. The growth of virtualization in the SMB and mid-sized enterprise has been accompanied with the growth of Hyper-V market share. As email and Web being two of the most commonly virtualized enterprise applications, having the ability to protect them within the same cloud/virtualized environment in which they are deployed gives IT organizations increased flexibility and business continuity. This streamlines management as well as enables the system to scale.  And now they can take advantage of this power on Hyper-V as well as on VMware vSphere.

Unlike software-only solutions, customers do not need to install, maintain, and patch operating systems and other tools in order to deploy rich email and web security with data loss prevention.

WatchGuard XCS 10.0WatchGuard XCS 10 also brings support for the IPv6 standard. One of the side effects of the rise in virtualization and the digitization of the world’s workforces is that we have effectively run out of blocks of “classic” IP addresses. In fact, in some parts of the world, IPv6 is now mandatory. WatchGuard XCS 10 not only supports IPv6, but also enables mixed legacy environments to ensure global connectedness and security.

For complete release details, you can find the press release here, or visit the product page here.

Introducing the lean, mean content security machine

As goes the Internet, so goes security for the content it carries: throughput is king. As the volume of email and the amount of information it carries continues to increase exponentially, vendors like WatchGuard need to deliver more performance in our enterprise content security solutions.

WatchGuard XCS 880WatchGuard XCS 880 left view

WatchGuard XCS 880 Right view

Sure, we could add more cores and more hard disk space. But bigger isn’t always better; instead of building a fire-breathing monster, we opted for a different approach. Today we are announcing a leaner, meaner security solution for email (and web) content: the WatchGuard XCS 880. Delivering 20 percent more processing power, twice the email throughput per dollar, and all of the redundancy you need for non-stop security, while consuming less than half the energy of previous models – the WatchGuard XCS 880 combines power and efficiency in a slim 1U profile.

Smaller, lighter, less expensive to power and to cool – the XCS 880 is another proof point of our Best of Breed security appliance strategy. You can take advantage of the performance curve our processor partner, Intel, provides generation after generation – and instead of having to maintain your own operating system, install and configure lots of separate security products from different vendors and manage them from separate interfaces, you get one integrated solution managed from a single pane of glass.

To learn more about the XCS 880 and the full suite of XCS solutions, visit the WatchGuard XCS 880 page.

8 Messaging Attributes to Trigger Email Encryption

Email encryption policies can be extremely granular and, once defined, applied automatically at the gateway. This ensures email encryption and email privacy is handled consistently, and eliminates the risk of user error by removing the need for senders to make decisions as to whether or not to secure an email and its content.

When encryption is enabled, you can use policy and content filtering features in your email security solution (in our case the XCS family of email security appliances) to scan for specific patterns in email messages that indicate the message must be encrypted, including:

  • Pattern Filters
  • Objectionable Content Filters
  • Content Scanning
  • Content Rules
  • Document Fingerprinting

For example, you can create a Pattern Filter to search for the word “[Encrypt]” in the subject field of a message. An end user can add this phrase to their message subject header to indicate the message must be encrypted before it is delivered.

Policies can be set to encrypt messages based on header, subject line, sender, recipient, content, attachments, and many other attributes of an email message, including:

  1. Header or Subject Line: Emails can be set to be encrypted based on keywords within the header or subject line.
  2. Sender or Recipient: Email encryption based on destination (e.g. auditors, Board of Directors, a specific business partner or supplier) or sender. For example, a policy can be set that defines that any emails from John Smith, the CFO of an organization, to the company’s auditor, Jane Doe at auditfirm.com are sent encrypted.
  3. User, Group, or Domain: Email encryption based on user, group, or domain, providing secure, enhanced flexibility of data-in-motion privacy without hindering the flow of data. For example, all emails sent out of the organization by the HR department can be set to be encrypted.
  4. Email Body: Searches for text in an outgoing message that identifies it as a message to be encrypted.
  5. Private Data and Objectionable Content: Searches from a pre-defined dictionary of words that is checked against a message to determine if the message should be encrypted. For example, you may require that any outgoing messages that contain certain confidential information, for example, credit card information or medical records, must be encrypted.
  6. Keywords and Regular Expressions: Keywords and regular expressions found in the subject line or content of messages as defined within the appliance content control policies.
  7. Attachment Type: Email encryption based on other message attributes such as attachment type. For example, you can set encryption to be triggered on all .xls or .csv documents.
  8. Attachment Content: Our XCS email security appliance has the ability to scan content of over 150 file types for keywords, phrases, or patterns which, upon detection of policy-based content can then trigger the email for encryption without user intervention.

Based on the growing volumes of confidential and sensitive information traversing networks on a daily basis, regulatory bodies and business executives have turned their concerns to ensuring messaging is protected from unauthorized viewing. Regulations such as Sarbanes-Oxley (SOX), PCI, HIPAA, GLBA and others have been introduced to mandate that email messages containing sensitive or confidential data are handled securely.

Email encryption has emerged as a vital aspect of an overall email security solution to secure confidential data and yet continue to allow the free flow of communications between colleagues, customers, and partners.

WatchGuard Named a Leader in Network and Email Security

WatchGuard Technologies is excited that Info-Tech Research Group recently named us the “Value Award” winner and #1 vendor in the unified threat management space. As their report starts out… “Network security may be old-school, but it is not passé; the right perimeter protection means more threats stay outside & more data stays inside.” 

We believe that not only should your business network and email security be the best at stopping the latest threats and keeping data safe, but it should also be affordable, easy to own, and easy to manage for all businesses.  WatchGuard is proud to be the leader in the Product Evaluation and Vendor Evaluation categories, which are: features, affordability, usability, architecture, viability, strategy, reach, and channel.  Based on the Scoring Criteria, this impressive recognition further exemplifies WatchGuard’s superiority in the Unified Threat Management (UTM) market, and is a testament as to why small to midsize businesses prefer WatchGuard for their network security.

Info-Tech Research Group noted that affordability and capability played an important role in naming WatchGuard a leader among its competitors. “Balance of strong product and vendor capabilities at a market-leading price point [WatchGuard] leads with UTM solution that can deliver benefits to any organization.” The vendors being evaluated by Info-Tech Research included Palo Alto, SonicWALL, Juniper, Cisco, Barracuda, and Fortinet, among others with an average score of 45.7. WatchGuard received a perfect score of a 100, more than doubling the average.   We’re proud that we are setting the standards by which all other UTM vendors are compared to!

While we may have started out with a focus on the SMB space, our products are catching the eye of larger enterprises every day, and this report validates our efforts. Our unified threat management solution helps create a solid network security barrier around your organization and we’re thrilled to be a leader!

Email Security Solutions Becoming a Hot Topic

Fresh on the heels of the massive email security breach at Epsilon, we’re seeing a renewed interest in email security solutions and email encryption. And that’s a good thing! It’s not just Epsilon that experiences email security breaches, just do a Google search on ‘email security breach news’ and see for yourself. One study – Email still the top source of data loss, by Help Net Security –revealed that more than 35 percent of companies surveyed had investigated a leak of confidential or proprietary information via email over a 12-month period. On average, respondents estimated that as many as one in five outbound email messages contain content that poses a legal, financial, or regulatory risk.

According to the Ponemon Institute’s annual U.S Cost of a Data Breach Study, non-compliance costs are 2.65 times higher for organizations than compliance costs. That means that companies with ongoing investments in compliance-related activities save money compared with organizations that fail to comply with government and industry mandates. In short, it pays to be compliant.

Email encryption is an essential component of regulations that are designed to protect the privacy and reliability of business and personal information.

Email Encryption Laws and Regulations

The following list includes just some of the requirements that are driving encryption adoption in the United States and around the world.

  • HIPAA and HITECH Encryptionis now a primary aspect of HIPAA (Health Insurance Portability and Accountability Act) since the passing of HITECH (Health Information Technology for Economic and Clinical Health Act) regulations in 2009. HITECH requires healthcare providers to notify individuals when their protected health information (PHI) is breached.For example, if a hacker hijacks unencrypted PHI in transit from a physician’s office, the physician practice would have to inform the patients and the Department of Health and Human Services of the breach. However, if the electronic PHI is transmitted in encrypted form, notification is not necessary even if there is a security breach. Email encryption grants safe harbor because it can be assumed that the transmitted data is unreadable by unauthorized individuals.
  • PCI DSS (Payment Card Industry Data Security Standards) is very clear. Requirement 4 mandates the encrypted transmission of cardholder data across open, public networks.
  • EU Data Protection Directive (also known as Directive 95/46/EC) was designed to protect the privacy of all personal data collected for or about citizens of the EU. According to the Information Law Group’s Code or Clear? Encryption Requirements, encryption is becoming a mandatory checklist item to establish “reasonable” security for sensitive categories of data for the EU, and “… it would be difficult to defend an organization’s security measures for sensitive data as ‘reasonable’ without reference to such [email encryption] standards or industry practices.”
  • SOX (Sarbanes-Oxley Act) governs the integrity of financial operations of publicly traded companies with the primary goal of protecting “investors by improving the accuracy and reliability of corporate disclosures made pursuant to securities laws.” Although email encryption is not explicitly mandated as part of the internal controls, SOX implies the need for encryption to protect the integrity and confidentiality of financial information.
  • GLBA (Gramm-Leach-Bliley Act) requires that all financial institutions maintain safeguards to protect customer information. Although GLBA does not expressly require email encryption, it does require that financial institutions implement the necessary technological controls to protect the privacy and security of customer financial information. The Federal Financial Institutions Examination Council (FFIEC) recommends that institutions employ encryption to mitigate the risk of disclosure or alteration of sensitive information in storage and transit. If a financial institution does not deploy encryption to the degree expected by the FFIEC, then the institution must demonstrate that it considered the use of encryption and justify why it chose not to deploy it. Financial institutions, therefore, must carefully evaluate the need to encrypt emails to protect against unauthorized access to sensitive information.
  • California Security Breach Notification Act (SB 1386) requires a business, regardless of its location, that owns or licenses personal information about a California resident to implement and maintain reasonable security procedures and practices to protect the personal information from unauthorized disclosure. If protected information is acquired by an unauthorized person, then the business must promptly give notice, but only if the data was not properly encrypted.
  • Nevada Statute, passed in 2008, made Nevada the first among a growing number of states to specifically require email encryption for those that contains personal customer information. The statute states that, “A business in this State shall not transfer any personal information of a customer through an electronic transmission other than a facsimile to a person outside of the secure system of the business unless the business uses encryption to ensure the security of electronic transmission.”

The consequences of violating these and other government and industry encryption requirements can include fines (for example, the HITECH Act allows for penalties of up to $1.5 million), incarceration, public embarrassment, loss of business privileges and customer/client/ patient/stakeholder trust. Once again, and in short, it pays to be compliant.

Email Security and Anti-Spam Solutions: 10 Things to Consider During Evaluation – Part Two

In our last blog post we reviewed the first five things you should consider when comparing and considering an email security and anti-spam solution. An email security and anti‐spam solution is a critical ingredient for protecting both your network and your company’s overall employee productivity, and with many solutions on the market you need to evaluate carefully.

Here are the remaining 5 things to consider when comparing email security and anti-spam solutions:

6. The number of appliances you have to acquire to get complete protection

Most solutions are sold by functionality and the SMB models in most product lines have much less capability. You need to make sure that you’re not overlooking important features such as LDAP access, end user controls, and on‐box spam quarantines. If these are not available on your SMB solutions, you may be forced to move up to more expensive systems just to get the basic functionality your business needs.

7. What kind of support is available once you’re up and running?

Buyers should be careful to select products that offer solid, well‐trained, 24/7 tech support for their mission‐critical security products. Some vendor support can be lacking in depth and thus you may be forced to rely on user forums for most of the real support.

8. Does it provide automatic, uptotheminute security?

You need to make sure your email security solution doesn’t need constant fine tuning. If it provides a means for automated and constant self‐updating, so that it is always aware of the latest threats, you’ll ultimately get better security while also reducing your administration costs.

Many anti‐spam solutions on the market rely on a 1st generation (at best) reputation service, which in turn depends on RBLs (real‐time block lists) that provide a simple yes/no result for legitimacy of an email based on sender IP history – much like a credit bureau which makes decisions based on history. But the RBLs are not updated quickly enough to keep up with the increasing volume and purveyors of spam. Depending on how aggressively you set your spam threshold, with a simple RBL, you’ll either get a low catch rate or a high false positive rate. If your spam solution requires you to constantly adjust and manually add new scanning rules to catch spam (because the engine doesn’t), you’ll further increase false positive rates.

9. Understand what features you’re getting

Will your email security and anti‐spam solution allow you to adjust your spam settings for your unique needs? Some vendors list features like ‘attachment stripping’, ‘footer stamping’, and ‘body and header keyword search’ and then market them as highly effective spam detection tools. In reality those spam detection offerings do not allow you to set up even simple logic in filters to fine tune your spam settings or the ability to combine multiple actions on messages, resulting in legitimate messages being blocked.

Here’s a short list of features and functions that we think should be part of your checklist:

Threat Protection

  • Anti‐Spam
  • Anti‐Phishing
  • Anti‐Virus/Anti‐Malware
  • Next‐generation Reputation Services
  • Threat Outbreak Protection
  • Spam Dictionaries
  • Pattern‐based Message Filters
  • Message Quarantine
  • Inbound Attachment Control

Data Loss Prevention

  • Pattern‐based Content Rules
  • Compliance Dictionaries
  • Objectionable‐Content Filtering
  • Outbound Attachment Control
  • Outbound Content & Attachment Scanning
  • Document Fingerprinting and Data Classification
  • TLS Encryption
  • Message Level Encryption

Management & Reporting

  • On‐box Reporting
  • Messaging Logs
  • Customizable Granular Policies
  • Customizable Granular Reports
  • Centralized Management


  • Message Redundancy
  • Geographical Redundancy
  • Queue Replication
  • One-Demand Clustering

10. Is open source the right solution for your security?

When security vendors base their products on open source technology, they can put your network at risk. Spammers are motivated, highly capable people with a monetary incentive to engineer their way around your security barricades. They can reverse‐engineer open source security technology in order to bypass its detection of spam and threats, making it more open to hacking than proprietary solutions.

If you have thoughts or additions to you’d like to add to the list, feel free to add them in the comment box below.

Email Security and Anti-Spam Solutions: 10 Things to Consider During Evaluation – Part One

An email security and anti‐spam solution is probably one of the most important security products you can buy to protect both your network and your company’s overall employee productivity. To add to the pressure of making the correct decision, there are a lot of email security and anti‐spam solutions and products on the market. So how do you select the right product at the right price for your organization?

This blog post will cover the first five of ten things that you need to consider when comparing email security and anti-spam solutions.

1. Understand the difference between ‘affordable’ and ‘cheap’

One way some manufacturers cut costs is by using extremely cheap components in their email security appliances, resulting in a high percentage defects on arrival, as well as a high failure rate in the field. Another way they often make prices look low is by showcasing the low‐end models that offer limited functionality. In this scenario you’ll have to buy several appliances to do the work, meaning double or triple the cost.

2. Can I buy it from my trusted reseller, or do I have to order it over the phone?

Some SMB email security and anti‐spam solution vendors try to sell both direct to the customer and through a reseller network, resulting in a poorly organized reseller network. This means customers are forced to rely on the corporation for pre‐ and post‐purchase support – usually over the phone – rather than in person, even if they are in a completely different geography or time zone.

3. Understand the real TCO

One question to ask regarding price is what the ‘real’ total cost of ownership is. If your email security and anti‐spam solution requires ongoing management and attention, it means ultimately higher costs throughout the life of the appliance. If the vendor does not offer appliances that are designed to be centrally administered, you’ll spend even more time on overall management rather than on other critical IT business initiatives.

In some instances you’ll also need to buy a completely separate appliance for administration of inbound and outbound email traffic, in addition to a separate module for reporting. Numerous purchases can and will skew your TCO.

4. Consider your company’s growth prior to purchase

Many email security and anti‐spam solutions are designed to handle only small volumes of users and traffic. Their mail processing systems can’t handle the high‐volume mail loads of an organization with thousands of users or those with significant throughput environments.

5. The ease of setup

Some email security and anti‐spam vendors claim their products can be up and running in 15 minutes and require no IT expertise. But installation is usually not this simple and many times they have no install wizard available for system setup.

In our next blog post, we’ll review the next 5 things to consider when comparing email security and anti-spam solutions. If you have questions (or horror stories) we’d love to hear from you, so please leave a comment below.