Encryption, compliance, management on tap from messaging security vendors

A number of messaging security vendors took advantage of last week’s RSA Conference 2006 in San Jose to announce new products and upgrades.

Among them, e-mail security service provider Postini announced plans to expand its encryption offerings. Building off Postini’s announcement last December with Zix Corp. to offer Zix’s policy-based encryption for inbound and outbound messages as part of its hosted service, Postini will add a number of different encryption technologies under the Postini Encryption Manager umbrella to create a federated encryption service over the course of the year, says Andrew Lochart, senior director of marketing.

The company wants to offer a variety of different encryption technologies since there is no market leader in the area and the products don’t interoperate with each other, Lochart says. Postini will hold the decryption key on behalf of customers and decrypt incoming messages that are secured in any of the formats the company plans to support so they can be scanned for spam, viruses, and other malware, he says.

Then Postini will encrypt messages again in any format the customer wants for the final leg from Postini’s service centers to a customer’s site. This way, Postini customers only need to use one form of encryption, regardless of what form the message is sent in, Lochart says. “This makes us the secret decoder ring,” he adds.

Lochart declined to specify which encryption vendors Postini will form partnerships with, but added that the company is in talks with two companies that will be announced in the second or third quarter. Pricing was not announced. The company already allows customers to encrypt messages using transport layer security (TLS), a network-level approach supported by many e-mail security vendors.

MailFrontier, which was acquired earlier this month by SonicWall, announced an upgrade to its e-mail security software and appliance, as well as a new compliance module.

MailFrontier Gateway 5.0 – available as either software or a dedicated appliance – includes new e-mail auditing capabilities, a traffic manager and a log manager, all designed to make everyday e-mail security tasks easier, according to company officials.

The new compliance module, designed to help enforce corporate policies and industry regulations, scans outbound e-mail for messages containing sensitive or protected information using predefined policies as well as those defined by an organization, officials say. Flagged messages can be automatically blocked or sent for review to the company’s compliance officers.

Pricing for the compliance module, which will also be available in March, starts at $3 per user.

Coming on the heels of IronPort’s announcement last week of a new Web security appliance, the company this week unveiled a management platform that will give administrators a view into both their IronPort messaging security appliances and the new Web security appliances.

Called the M Series Security Management appliance and priced starting at $35,000, the new product gives managers a single interface for managing policies, reporting, and auditing of communication for both e-mail and Web traffic, officials say. With this appliance, administrators can set rules and policies for users once and apply them across communication happening on different protocols including SMTP, HTTP, and FTP.

The M Series Security Management appliance will be available in March in two versions; the M600 is designed for medium-to-large organizations, the M1000 is targeted at very large enterprises.