Over the past decade, during the journey of server virtualization from primarily dev/test environments to mission-critical deployment on-premise and in the cloud, the applications that have led the way have been the email and web services that power most businesses. And as those business-critical uses keep growing so to do the need to keep them secure. But protection of virtualized and cloud-based deployments is difficult if you use solely traditional security appliances. That changes now with the arrival of WatchGuard XCS 10, the latest operating system for our enterprise content security platform.
With new Microsoft Hyper-V® support, IPv6 support, and outbound anti-spam capabilities, XCS 10 streamlines the implementation and management of content security strategies for small, medium and large enterprises.
According to Gartner, nearly two-thirds of x86 architecture workloads have been virtualized on servers. The growth of virtualization in the SMB and mid-sized enterprise has been accompanied with the growth of Hyper-V market share. As email and Web being two of the most commonly virtualized enterprise applications, having the ability to protect them within the same cloud/virtualized environment in which they are deployed gives IT organizations increased flexibility and business continuity. This streamlines management as well as enables the system to scale. And now they can take advantage of this power on Hyper-V as well as on VMware vSphere.
Unlike software-only solutions, customers do not need to install, maintain, and patch operating systems and other tools in order to deploy rich email and web security with data loss prevention.
WatchGuard XCS 10 also brings support for the IPv6 standard. One of the side effects of the rise in virtualization and the digitization of the world’s workforces is that we have effectively run out of blocks of “classic” IP addresses. In fact, in some parts of the world, IPv6 is now mandatory. WatchGuard XCS 10 not only supports IPv6, but also enables mixed legacy environments to ensure global connectedness and security.
As goes the Internet, so goes security for the content it carries: throughput is king. As the volume of email and the amount of information it carries continues to increase exponentially, vendors like WatchGuard need to deliver more performance in our enterprise content security solutions.
Sure, we could add more cores and more hard disk space. But bigger isn’t always better; instead of building a fire-breathing monster, we opted for a different approach. Today we are announcing a leaner, meaner security solution for email (and web) content: the WatchGuard XCS 880. Delivering 20 percent more processing power, twice the email throughput per dollar, and all of the redundancy you need for non-stop security, while consuming less than half the energy of previous models – the WatchGuard XCS 880 combines power and efficiency in a slim 1U profile.
Smaller, lighter, less expensive to power and to cool – the XCS 880 is another proof point of our Best of Breed security appliance strategy. You can take advantage of the performance curve our processor partner, Intel, provides generation after generation – and instead of having to maintain your own operating system, install and configure lots of separate security products from different vendors and manage them from separate interfaces, you get one integrated solution managed from a single pane of glass.
To learn more about the XCS 880 and the full suite of XCS solutions, visit the WatchGuard XCS 880 page.
Email encryption policies can be extremely granular and, once defined, applied automatically at the gateway. This ensures email encryption and email privacy is handled consistently, and eliminates the risk of user error by removing the need for senders to make decisions as to whether or not to secure an email and its content.
When encryption is enabled, you can use policy and content filtering features in your email security solution (in our case the XCS family of email security appliances) to scan for specific patterns in email messages that indicate the message must be encrypted, including:
For example, you can create a Pattern Filter to search for the word “[Encrypt]” in the subject field of a message. An end user can add this phrase to their message subject header to indicate the message must be encrypted before it is delivered.
Policies can be set to encrypt messages based on header, subject line, sender, recipient, content, attachments, and many other attributes of an email message, including:
Based on the growing volumes of confidential and sensitive information traversing networks on a daily basis, regulatory bodies and business executives have turned their concerns to ensuring messaging is protected from unauthorized viewing. Regulations such as Sarbanes-Oxley (SOX), PCI, HIPAA, GLBA and others have been introduced to mandate that email messages containing sensitive or confidential data are handled securely.
Email encryption has emerged as a vital aspect of an overall email security solution to secure confidential data and yet continue to allow the free flow of communications between colleagues, customers, and partners.
WatchGuard Technologies is excited that Info-Tech Research Group recently named us the “Value Award” winner and #1 vendor in the unified threat management space. As their report starts out… “Network security may be old-school, but it is not passé; the right perimeter protection means more threats stay outside & more data stays inside.”
We believe that not only should your business network and email security be the best at stopping the latest threats and keeping data safe, but it should also be affordable, easy to own, and easy to manage for all businesses. WatchGuard is proud to be the leader in the Product Evaluation and Vendor Evaluation categories, which are: features, affordability, usability, architecture, viability, strategy, reach, and channel. Based on the Scoring Criteria, this impressive recognition further exemplifies WatchGuard’s superiority in the Unified Threat Management (UTM) market, and is a testament as to why small to midsize businesses prefer WatchGuard for their network security.
Info-Tech Research Group noted that affordability and capability played an important role in naming WatchGuard a leader among its competitors. “Balance of strong product and vendor capabilities at a market-leading price point [WatchGuard] leads with UTM solution that can deliver benefits to any organization.” The vendors being evaluated by Info-Tech Research included Palo Alto, SonicWALL, Juniper, Cisco, Barracuda, and Fortinet, among others with an average score of 45.7. WatchGuard received a perfect score of a 100, more than doubling the average. We’re proud that we are setting the standards by which all other UTM vendors are compared to!
While we may have started out with a focus on the SMB space, our products are catching the eye of larger enterprises every day, and this report validates our efforts. Our unified threat management solution helps create a solid network security barrier around your organization and we’re thrilled to be a leader!
Fresh on the heels of the massive email security breach at Epsilon, we’re seeing a renewed interest in email security solutions and email encryption. And that’s a good thing! It’s not just Epsilon that experiences email security breaches, just do a Google search on ‘email security breach news’ and see for yourself. One study – Email still the top source of data loss, by Help Net Security –revealed that more than 35 percent of companies surveyed had investigated a leak of confidential or proprietary information via email over a 12-month period. On average, respondents estimated that as many as one in five outbound email messages contain content that poses a legal, financial, or regulatory risk.
According to the Ponemon Institute’s annual U.S Cost of a Data Breach Study, non-compliance costs are 2.65 times higher for organizations than compliance costs. That means that companies with ongoing investments in compliance-related activities save money compared with organizations that fail to comply with government and industry mandates. In short, it pays to be compliant.
Email encryption is an essential component of regulations that are designed to protect the privacy and reliability of business and personal information.
Email Encryption Laws and Regulations
The following list includes just some of the requirements that are driving encryption adoption in the United States and around the world.
The consequences of violating these and other government and industry encryption requirements can include fines (for example, the HITECH Act allows for penalties of up to $1.5 million), incarceration, public embarrassment, loss of business privileges and customer/client/ patient/stakeholder trust. Once again, and in short, it pays to be compliant.
In our last blog post we reviewed the first five things you should consider when comparing and considering an email security and anti-spam solution. An email security and anti‐spam solution is a critical ingredient for protecting both your network and your company’s overall employee productivity, and with many solutions on the market you need to evaluate carefully.
Here are the remaining 5 things to consider when comparing email security and anti-spam solutions:
6. The number of appliances you have to acquire to get complete protection
Most solutions are sold by functionality and the SMB models in most product lines have much less capability. You need to make sure that you’re not overlooking important features such as LDAP access, end user controls, and on‐box spam quarantines. If these are not available on your SMB solutions, you may be forced to move up to more expensive systems just to get the basic functionality your business needs.
7. What kind of support is available once you’re up and running?
Buyers should be careful to select products that offer solid, well‐trained, 24/7 tech support for their mission‐critical security products. Some vendor support can be lacking in depth and thus you may be forced to rely on user forums for most of the real support.
8. Does it provide automatic, up‐to‐the‐minute security?
You need to make sure your email security solution doesn’t need constant fine tuning. If it provides a means for automated and constant self‐updating, so that it is always aware of the latest threats, you’ll ultimately get better security while also reducing your administration costs.
Many anti‐spam solutions on the market rely on a 1st generation (at best) reputation service, which in turn depends on RBLs (real‐time block lists) that provide a simple yes/no result for legitimacy of an email based on sender IP history – much like a credit bureau which makes decisions based on history. But the RBLs are not updated quickly enough to keep up with the increasing volume and purveyors of spam. Depending on how aggressively you set your spam threshold, with a simple RBL, you’ll either get a low catch rate or a high false positive rate. If your spam solution requires you to constantly adjust and manually add new scanning rules to catch spam (because the engine doesn’t), you’ll further increase false positive rates.
9. Understand what features you’re getting
Will your email security and anti‐spam solution allow you to adjust your spam settings for your unique needs? Some vendors list features like ‘attachment stripping’, ‘footer stamping’, and ‘body and header keyword search’ and then market them as highly effective spam detection tools. In reality those spam detection offerings do not allow you to set up even simple logic in filters to fine tune your spam settings or the ability to combine multiple actions on messages, resulting in legitimate messages being blocked.
Here’s a short list of features and functions that we think should be part of your checklist:
Data Loss Prevention
Management & Reporting
10. Is open source the right solution for your security?
When security vendors base their products on open source technology, they can put your network at risk. Spammers are motivated, highly capable people with a monetary incentive to engineer their way around your security barricades. They can reverse‐engineer open source security technology in order to bypass its detection of spam and threats, making it more open to hacking than proprietary solutions.
If you have thoughts or additions to you’d like to add to the list, feel free to add them in the comment box below.
An email security and anti‐spam solution is probably one of the most important security products you can buy to protect both your network and your company’s overall employee productivity. To add to the pressure of making the correct decision, there are a lot of email security and anti‐spam solutions and products on the market. So how do you select the right product at the right price for your organization?
This blog post will cover the first five of ten things that you need to consider when comparing email security and anti-spam solutions.
1. Understand the difference between ‘affordable’ and ‘cheap’
One way some manufacturers cut costs is by using extremely cheap components in their email security appliances, resulting in a high percentage defects on arrival, as well as a high failure rate in the field. Another way they often make prices look low is by showcasing the low‐end models that offer limited functionality. In this scenario you’ll have to buy several appliances to do the work, meaning double or triple the cost.
2. Can I buy it from my trusted reseller, or do I have to order it over the phone?
Some SMB email security and anti‐spam solution vendors try to sell both direct to the customer and through a reseller network, resulting in a poorly organized reseller network. This means customers are forced to rely on the corporation for pre‐ and post‐purchase support – usually over the phone – rather than in person, even if they are in a completely different geography or time zone.
3. Understand the real TCO
One question to ask regarding price is what the ‘real’ total cost of ownership is. If your email security and anti‐spam solution requires ongoing management and attention, it means ultimately higher costs throughout the life of the appliance. If the vendor does not offer appliances that are designed to be centrally administered, you’ll spend even more time on overall management rather than on other critical IT business initiatives.
In some instances you’ll also need to buy a completely separate appliance for administration of inbound and outbound email traffic, in addition to a separate module for reporting. Numerous purchases can and will skew your TCO.
4. Consider your company’s growth prior to purchase
Many email security and anti‐spam solutions are designed to handle only small volumes of users and traffic. Their mail processing systems can’t handle the high‐volume mail loads of an organization with thousands of users or those with significant throughput environments.
5. The ease of setup
Some email security and anti‐spam vendors claim their products can be up and running in 15 minutes and require no IT expertise. But installation is usually not this simple and many times they have no install wizard available for system setup.
In our next blog post, we’ll review the next 5 things to consider when comparing email security and anti-spam solutions. If you have questions (or horror stories) we’d love to hear from you, so please leave a comment below.