Best Products: Messaging

Winning company: CipherTrust

Winning product: IronMail appliance

If you don't think messaging is imperative to your business, take away the mail server for a few days and see how many calls you get from employees. Better yet, think of how you accomplished your job before e-mail. (We remember something about telephones, fax machines, paper memos. . . .)

Back to reality. In 2005, we looked closely at the security of messages crossing the network. We tested some e-mail encryption products that bolt onto e-mail systems and others that provide new features for the encryption-savvy.

Messaging finalists  

CipherTrust's IronMail appliance won the e-mail encryption product test as well as the Best of the Tests Messaging category. The appliance provided strong encryption delivery performance and incredibly easy installation, garnering a score of 4.1 out of 5. "We were up and running with a base configuration in minutes," said Network World Lab Alliance member Travis Berkley. Installation is easy because CipherTrust delivers appliances, preconfigured to your specs, that are simply slipped into a rack and turned on, he said.

Also impressive, Berkley noted, is that a customer can take its corporate brand (logo, colors, Web design) and redraw the CipherTrust interface to match that corporate look and feel.

While the test focused on CipherTrust's gateway-to-user e-mail encryption using its staging-server module, the company also offers gateway-to-gateway encryption. This latter method can be best for supporting standards and securing ongoing business relationships, such as with partners and customers, as well as in supporting multiple technologies, such as SSL/Transport Layer Security, Secure Multi-purpose Internet Mail Extensions and OpenPGP.

Since our test, CipherTrust launched TrustedSource Portal, a free resource that offers precise information about an e-mail sender's reputation by domain and IP address. It also launched IronMail Version 6.0 (we tested Version 5.0.1), which provides deeper integration with TrustedSource, has enhancements to outbound messaging-security features (including dictionary correlation and customized reports), offers customizable dashboards and has tighter ties with Active Directory.

In October, the company launched IronIM, a security gateway appliance for instant messaging. IronIM integrates policies to help secure, log, monitor and encrypt corporate IM communications.

The company also shipped its IronNet gateway, a real-time, multiprotocol system that enforces common corporate policies across e-mail, instant messaging, Web mail, peer-to-peer technologies and other FTP- and HTTP-based activity. IronNet is targeted to reduce the liability "related to the exchange of offensive content" and help with compliance regulations.

CipherTrust also opened West Coast headquarters in Sunnyvale, Calif., to provide customers with increased access to research and engineering, as well as sales and customer support resources.

FUTURE TESTS: Tests of anti-spam tools and anti-virus gateways are strong possibilities for 2006. Plus, we want to see if enterprise e-mail archiving systems are ready for prime time. Continued use of IM by employees also intrigues us - we'll likely test IM security vendors to see what's being done to monitor, manage and even prevent bad information from traveling the IM route.

PRODUCT MASTERMIND:, CTO Paul Judge Job duties: Manages research, advanced product development and product management; lead inventor of CipherTrust’s patent-pending security technologies. Favorite feature: Ease of use. “While the mathematics behind the cryptography and key management is interesting, what makes this product exciting is that we figured out a way to hide all of that from administrators and users. In the past, I’ve seen situations where encrypting a message was too burdensome, so people would just send sensitive messages, even credit card numbers or medical records, in plain text. Now sending a message securely is easy enough that users and administrators are actually encrypting e-mail.. . . The other exciting thing is that CipherTrust Encryption can figure out that a message contains sensitive information and encrypt it even if the user forgets.” USER TAKE: corporate security and privacy officer, Baptist Health Care, in Pensacola, Fla. Jim Donaldson, Deployment: Began using CipherTrust more than two years ago to protect communications between the health system and insurance companies, state agencies and the like. Favorite feature: “If a secure link already has been established between our site and a recipient, then it will automatically send the e-mail over that link without first sending it to a secure delivery site. So this is a good feature because it eliminates a step for the receiver.” Business benefits: “This has helped with regulatory compliance — we now have an avenue to communicate electronically and retain the bounds of reasonable standards to protect the information. And it helps with auditing; we know who sent what and who came to get it.”

< Previous story: Google's Google Search Appliance

Next story: PGP's Univeral Series 500 and Symantec's Mail Security 8100 Series appliance >