As we near the end of 2012, it seems like the perfect time to rehash one of the big themes that has pre-occupied enterprises over the past 12 months -- content security. Forrester's Wave Report takes it one step further -- taking an in-depth look at the area of security that enterprises really need to take note of. 

Email Content Security Wave

The report entitled "The Forrester Wave: Email Content Security, Q4 2012", alludes to the fact that email continues to be the favored collaboration tool on the market -- despite advances in social media. Enterprises need to secure that content as it moves from one account to another.

In order to do this, as in all other areas of information management, enterprises are turning to vendors that adhere to a number of criteria outlined by the enterprise, which take into account business needs and IT concerns.

But do they work? Clearly that depends on what vendor the enterprise has decided to go with. As a starting point, Forrester has taken a list of 9 vendors and 18 user companies and evaluated them against 47 criteria. These companies include: Barracuda Networks, Cisco, McAfee, Proofpoint, Sophos, Symantec, Trend Micro, Trustwave and Websense.

There were a number of different ways of making it into the Wave -- which we will take a brief look at later. Out of those nine companies six have been identified as leaders, with the other three providing competitive offerings.

Symantec, Cisco, Proofpoint, Trend Micro, Websense, and McAfee lead the pack with Barracuda Networks, Sophos, and Trustwave in the ‘competitive’ space.

Email Security Trends

Before taking a brief look -- there are number considerations that enterprises must keep in mind before choosing an email content security vendor.

In this respect, Forrester warns that these are not the only vendors in the market and that enterprises really need to look at all the vendors out there before making a selection. This Wave, it says, is only a starting point.

With that in mind, businesses need to approach security by looking at the role email plays in the business environment. No matter what vertical, or enterprise, and no matter how much workers are using social media to collaborate, email is wired into the heart of the enterprise business processes.

However, despite its importance, enterprises invest relatively little in email security -- just 7% of security budget. This is a false economy. Email must be safeguarded because:

  • The threat landscape is constantly changing: In the past spam and signature-based malware were the biggest threats. Now enterprises have to deal with attacks via spear phishing campaigns.
  • Punitive fines: The content contained in emails is often covered by regulations concerning the safety of personal data. The fines for breaching HIPAA provisions can rise to US$ 1.5 million for a breach of regulations. And this is only the start.

Shifting Email Security Landscape

In response to the changing landscape, vendors are developing their offerings to include:

  • Analytics: Many vendors are offering analytics that determine if a message is malicious or not. Many solutions contain delay queues that hold the delivery of potentially malicious emails until they are passed. Suspicious URLs are also inspected before they arrive to the recipient.
  • Enhancing and simplifying encryption: Many companies that are transmitting what Forrester describes as ‘toxic’ data are looking for encryption technologies. Vendors responding to this, have simplified the sender and recipient key exchange
  • Building more-robust data loss prevention (DLP): Loss prevention technologies are still not widespread -- even in the public sector. However, advanced DLP engines, enforcement controls and policy support are readily available.

The delivery model for email security, as in other IT areas, is also shifting as the cloud takes hold. There are a number of factors driving the delivery change including:

  • SaaS email security: Email content security is one of the most developed SaaS technologies for security professionals. In the next year, 55% of surveyed companies will have adopted SaaS solutions. DLP projects are still very much on-premise technologies.
  • Hosted email: Many enterprises are actively looking at hosted email in the Google Apps and Microsoft Office 365 suites. On-premises appliances will continue to be attenuated with many companies also looking for the more robust email security offerings hosted providers can offer.
  • Virtual Infrastructure: Virtual email security offerings are growing in popularity as they look to scale resources according to needs, enabling IT to respond to needs without having to go through procurement processes.

Evaluation Overview

The evaluation criteria that Forrester used to compile this wave include:

  • Current offering: Vendors offerings were evaluated on the basis of capabilities in email filtering, data loss, prevention, encryption, reporting, management, performance and operations.
  • Strategy: Investments in research and development, with an evaluation of the technology road-map. It also focused on the scope and depth of the vendor’s license, resale and consultant/systems integration partnerships.
  • Market presence: Measured against customer base, international presence and market segment diversity.
  • Product revenues greater than $10 million: Evaluated only vendors that generate more than US$ 10 million annually from content security products
  • DLP and encryption: Only solutions with DLP and encryption capabilities were considered.
  • Operation of a threat intelligence center: Only included vendors that operate a threat intelligence center

Forrester Email Content Security Leaders

So here are the Leaders -- listed in order of their appearance on the Forrester Wave: Email Content Security, Q4 2012:

1. Symantec: Unsurprisingly, Symantec has the largest market presence of any of the vendors surveyed. It re-branded the Brightmail solution to Symantec Messaging Gateway in April 2011 and, according to Forrester, is widely used. It is a leader in encryption and has strong reporting abilities. Negatives -- the dashboard needs to be worked on.

2. Cisco Systems: Cisco also re-branded its offering from Ironport to Cisco Email. It has the second largest install base and is popular among enterprises. The Cisco Registered Envelope Service offers pull-based encryption, in which per-message keys are stored in a cloud service. Forrester says it should focus on unifying the administration and reporting of the hybrid email offering.

3. Proofpoint: One of the top vendors in the space, Proofpoint offers physical and virtual appliances as well as SaaS and hybrid solutions. Going public in April of this year, it has the strongest DLP capabilities in this Wave. It is also the only pure-play vendor here.

4. Trend Micro: Trend Micro’s InterScan Messaging Security (IMS) can be deployed as a virtual application, SaaS or hybrid. Centralized reporting and management of email are enabled through the Trend Micro Control Manager. However, it is still missing advanced DLP capabilities.

5. Websense:  Websense scored highest of all companies in email filtering and offers a wide range of deployment options -- including software, physical appliances, SaaS, and hybrid deployments. The Triton architecture enables reporting and managing of both premises -- gateway and SaaS -- from single console. A virtual appliance is on the way for the first half of 2013.

6. McAfee: McAfee released the McAfee Email Gateway 7.0 (MEG) in December 2011. It was released three years after the Secure Computing acquisition and combined the best features of Secure Computing’s IronMail with the McAfee Email and Web Security (EWS) platform. MEG offers strong DLP capabilities built right into the solution.