As every enterprise has some form of messaging security in place, the decision to consider a new gateway is generally prompted by problems with an existing system.
Obviously, the key tip for buying is to make sure your new gateway is at least as good as your old one. This means identifying what you like -- and don't like -- about your existing gateway and using that information to guide your evaluation criteria for the new gateway.
Moving on from what you have to where you are going, you'll also want to evaluate five feature areas: antispam, antivirus, user controls, system architecture and additional security.
Antispam featuresThe biggest differentiator between products is the quality of the antispam engine when it's applied to your mail flow. To determine that, you'll need to test any potential gateway in your own environment. Once you've found an engine that meets your goals for catch and false-positive rates, you'll want to consider at least the following as ways of differentiating products and identifying ones that meet your needs best:
- Does the antispam engine offer multiple verdict levels that you can use to help reduce undetected false positives?
- Does the messaging-security gateway have reputation-based filtering that allows you to refuse a message at SMTP time to reduce total system load?
- Can the messaging-security gateway integrate easily with your existing e-mail directory infrastructure?
Antivirus featuresMost products have a single antivirus engine, selected by the product vendor. Unfortunately, this engine choice is usually subject to a set of forces that lie outside of your control, such as current partnerships and future acquisition strategies. This can adversely affect your deployment, because it is a best practice to have a different antivirus engine in the messaging-security gateway from the one you use on the desktop. You may want to consider:
- Can the product use multiple antivirus engines, either in parallel or separately?
- Does the product's antivirus engine properly complement installed infrastructure in your enterprise to offer best coverage?
- What long-term commitment do you have from the vendor on the choice of antivirus engine?
User featuresSome messaging-security gateways operate without user interaction, and this may be your preferred deployment scenario. However, you should examine products that at least have the option of user features:
- Does the product have the option for a user antispam/antimalware quarantine? Can the quarantine be enabled for users individually, or must it be done for everyone?
- Does the product have per-user settings for sensitivity, block list and whitelist? Can these features be managed at the group level as well as the individual user level?
- Can the product link to your existing authentication infrastructure, or does it have some method to reasonably authenticate users? (Note that a very rigorous authentication is likely not necessary, because most of what's in the quarantine will be spam.)