The Forrester Wave : Email Content Security, Q4 2012

The Forrester Wave : Email Content Security, Q4 2012

The Forrester Wave : Email Content Security, Q4 2012

Forrester Research, Inc., 60 Acorn Park Drive, cambridge, MA 02140 USA Tel: +1 617.613.6000 | Fax: +1 617.613.5000 | www.forrester.com The Forrester Wave™: Email Content Security, Q4 2012 by Rick Holland, november 15, 2012 FOR: Security & Risk Professionals Key TaKeaWays email security is a Critical Component of your portfolio Email is a key component of business processes within enterprises and must be secured. Despite the fact that email security is low on the spending priority list, it’s critical that organizations safeguard email. Email is a popular attack vector for targeted attacks, and HIPAA and PCI mandate that emails containing confidential data be secured.

advanced Capabilities differentiate Vendor offerings Vendors are delivering enhanced capabilities in response to the threat and compliance landscape. Big data analytics are leveraged to combat targeted attacks. Encryption capabilities have been improved and simplified. Channel DLP is now robust and feature-rich. The delivery Model is shifting The deployment of appliance-based email security gateways is declining. Enterprises are adopting new models, such as software-as-a-service. Many outsource their entire email infrastructure and rely on hosted email providers for security, while those that are cloud-averse deploy virtual appliances that run in their VMware and Microsoft environments.

© 2012, Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester® , Technographics® , Forrester Wave, RoleView, TechRadar, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. To purchase reprints of this document, please email clientsupport@forrester.com. For additional information, go to www.forrester.com. For Security & Risk Professionals Why Read This Report In Forrester’s 47-criteria evaluation of email content security vendors, we identified the nine most significant vendors in the category and researched, analyzed, and scored them: Barracuda Networks, Cisco, McAfee, Proofpoint, Sophos, Symantec, Trend Micro, Trustwave, and Websense.

This report details our findings about how well each vendor fulfills our criteria and where they stand in relation to each other to help security and risk professionals select the right partner for their email content security solution. Table Of Contents Email Security Is A Critical Component Of Your Portfolio Advanced Capabilities Differentiate Vendor Offerings Vendors Are Shifting Their Delivery Models Email Content Security Evaluation Overview Evaluation Criteria Market Presence And Advanced Capabilities Narrow The Field Evaluation Analysis Vendor Profiles Leaders: Deliver On Large Enterprise Requirements Strong Performers: Close Behind But Lack Enterprise Grade DLP And Encryption Supplemental Material Notes & Resources Forrester conducted lab-based evaluations in May 2012 and interviewed nine vendor and 18 user companies: Barracuda Networks, Cisco, McAfee, Proofpoint, Sophos, Symantec, Trend Micro, Trustwave, and Websense.

Related Research Documents Content Security: 2012 Budget And Planning Guide November 16, 2011 The Content Security Forecast Calls For Clouds October 24, 2011 Market Overview: Content Security, Q3 2011 October 17, 2011 The Forrester Wave™: Email Content Security, Q4 2012 The Nine Providers That Matter Most And How They Stack Up by Rick Holland with Stephanie Balaouras and Jessica McKee 2 4 6 8 11 November 15, 2012

For Security & Risk Professionals The Forrester Wave™: Email Content Security, Q4 2012 2 © 2012, Forrester Research, Inc. Reproduction Prohibited November 15, 2012 Email Security is a critical component of your portfolio Email is a critical business function that is deeply embedded in the DNA of business processes within organizations.

Ensuring that email messages are delivered and received in a safe and secure manner is paramount. Enterprises rely on email content security solutions to ensure this. However, despite the importance of email, companies invest a relatively small percentage of the security budget to protect it. The overall content security budget, including web and email, makes up just 7% of the security budget. Despite this, it has never been more important to safeguard email because: ■ The threat landscape is constantly evolving. In the nostalgic, not-too-distant past, spam and “traditional” signature-based malware were the biggest threats that email content security solutions needed to defend against.

Antispam and antivirus were largely commoditized capabilities in a very mature product space. Today, targeted attacks via spear phishing campaigns have replaced spam and antivirus as the primary email threat to enterprises. Until recently, email security solutions have been slow to evolve to address this threat. As a result, many companies have opted to supplement their existing solutions with offerings specifically designed to address these targeted attacks containing advanced malware. Addressing advanced malware requires new approaches beyond signature-based detection and first-generation reputation services.

■ It will result in serious fines if you fail to do so. The failure to secure email content can result in serious fines. The Health Information Technology for Economic and Clinical Health (HITECH) Act mandates that covered entities that violate provisions of HIPAA concerning the protection of personal health information (PHI) are subject to significant fines. The government can levy a maximum penalty of $1.5 million for all violations of an identical provision.1 PCI compliance also requires safeguarding of emails. The PCI DSS 4.2 requirement states, “Never send unprotected PANs by end-user messaging technologies.” The card brands can fine companies from “$5,000 to $100,000 per month for PCI compliance violations.”2 Organizations must preserve the confidentiality of emails that contain sensitive information.

Advanced Capabilities Differentiate Vendor Offerings Capabilities have moved far beyond spam and commodity antimalware. In response to the threat and compliance landscape, vendors are: ■ Using analytics to improve their antimalware capabilities. Vendors have been releasing new capabilities to address the advanced malware threat. While there is no silver bullet against a patient and well-funded attacker, vendors have made strides to close the malware detection gap. Vendors are now leveraging the power of big data analytics to determine if a message is malicious. Solutions now include delay queues that dynamically hold the delivery of potentially malicious emails until further context can be developed about the message.

Suspicious URLs embedded into emails are rewritten to ensure that hyperlinks are inspected at the time of click instead of the time of delivery.

For Security & Risk Professionals The Forrester Wave™: Email Content Security, Q4 2012 3 © 2012, Forrester Research, Inc. Reproduction Prohibited November 15, 2012 ■ Enhancing and simplifying encryption. Highly regulated verticals and companies that transmit toxic data are the most likely adopters of email encryption technologies.3 According to Forrester survey data, 40% of financial services and 29% of public sector/healthcare organizations have embraced email encryption capabilities.4 Firms have traditionally preferred gateway-to-gateway transport layer security (TLS) as an alternative to the often complex and difficult-to-manage OpenPGP or S/MIME implementations.

Today, organizations have the option to choose robust, yet scalable, hosted or on-premises solutions. Vendors have simplified the sender and recipient key exchange process to improve the user experience, and they have extended encryption capabilities to include mobile devices. Some vendors have developed in- house offerings while others have sought out OEM relationships. Trustwave and Symantec OEM ZixCorp, while Websense OEMs Voltage.

■ Building more-robust data loss prevention (DLP). Like email encryption, DLP technology hasn’t been widely implemented by enterprises. According to survey respondents, only 21% of financial services and 18% of media/entertainment/leisure and public sector/healthcare companies have adopted email channel DLP. Other verticals have been very slow to adopt.5 In Forrester’s “Rethinking DLP” report, we contend that DLP is transitioning from product to feature, and we recommend a new process-based approach to effectively deploy it.6 Organizations that adopt this approach can have success with DLP.

The way vendors license DLP is also in transition. There is a trend to offer full “enterprise DLP” capabilities out of the box. Organizations no longer have to accept “DLP lite” or limited regular expression filtering capabilities. Companies can now opt for advanced DLP engines, enforcement controls, and policy support out of the box.

Vendors Are Shifting Their Delivery Models For most companies, the days of physical email security appliances are numbered. There are several factors shifting the way vendors deliver their email security solutions, including: ■ Many firms increasingly prefer software-as-a-service (SaaS). SaaS email content security is one of the most mature SaaS offerings available for security and risk professionals. Within the next year, 55% of the companies in our survey will have adopted the service (see Figure 1). At a minimum, all enterprises should consider inbound email filtering. According to the nonprofit The Spamhaus Project, 90% to 96% of all inbound mail is illegitimate.7 Why even process and inspect illegitimate messages when a SaaS provider can drop the messages altogether? Inbound SaaS can also act as an additional disaster recovery layer.

If a company’s messaging platform goes down, the email SaaS vendor can queue the messages until the messaging platform recovers from an outage. DLP and encryption capabilities aren’t as mature in the SaaS model as they are in on-premises, but the verticals most likely to utilize these features are less inclined to adopt SaaS services.

For Security & Risk Professionals The Forrester Wave™: Email Content Security, Q4 2012 4 © 2012, Forrester Research, Inc. Reproduction Prohibited November 15, 2012 ■ Some firms will opt for hosted email. Organizations are increasingly considering and migrating to the hosted email offerings available in the Google Apps and Microsoft Office 365 suites. Physical appliances will see further attrition as these organizations adopt the security capabilities of the hosted email providers. There will be a subset of enterprises that don’t want to manage on- premises solutions but want more-robust security capabilities than are available from the hosted email providers.

These companies will likely leverage the SaaS offerings of security vendors. Emails will first be routed to the security vendor’s SaaS environment for inspection and the legitimate traffic will then be forwarded to the hosted email provider for delivery. ■ Firms that deploy on-premises will demand a virtual form factor. Virtual email security solutions are growing in popularity with enterprises. The ability to leverage the benefits of the virtual infrastructure is appealing. For example, enterprises can now easily scale resources to meet the demands of increased utilization, and IT can provision new appliances without waiting for the traditional procurement process.

Today, virtual solutions are available for VMware and Microsoft Hyper-V. Companies that are cloud-averse are the most likely adopters of the virtual form factor.

Figure 1: Firms Increasingly Prefer Software-As-A-Service For Email Security Management Source: Forrester Research, Inc. 61559 Source: Forrsights Security Survey, Q2 2012 “What are your firm’s plans to adopt the following‘as-a-service’security offerings/approaches?” Base: 2,154 North American and European IT security decision-makers Email filtering Planning to implement in the next 12 months Implemented, not expanding Expanding/upgrading implementation 5% 40% 10% Email Content Security Evaluation Overview To assess the state of the email content security market and see how the vendors stack up against each other, Forrester evaluated the strengths and weaknesses of top email content security vendors.

Evaluation Criteria After examining past research, user need assessments, and vendor and expert interviews, we developed a comprehensive set of evaluation criteria. We evaluated vendors against 47 criteria, which we grouped into three high-level buckets:

For Security & Risk Professionals The Forrester Wave™: Email Content Security, Q4 2012 5 © 2012, Forrester Research, Inc. Reproduction Prohibited November 15, 2012 ■ Current offering. Each vendor’s position on the vertical axis of the Forrester Wave graphic indicates the strength of its current product offering. After the vendor’s demonstration of the solution, Forrester requested unfettered access to an online demonstration environment of the solution. The sets of capabilities evaluated in this category are: email filtering, data loss prevention, encryption, reporting, management, performance, and operations.

Forrester also evaluated customer satisfaction with the vendor’s solution through customer interviews. ■ Strategy. A vendor’s position on the horizontal axis indicates the strength of its go-to-market strategy. Forrester looked at investments in research and development as well as threat intelligence. Forrester also evaluated the differentiation of the vendor’s technology road map. Finally Forrester evaluated the vendor’s partner community. Forrester focused on the scope and depth of the vendor’s license, reseller, and consultant/systems integration partnerships. ■ Market presence. The size of the vendor’s bubble on the chart indicates its market presence.

Forrester measured this based on the vendor’s customer base, international presence, and market segment diversity. Forrester also estimated the vendor’s email content security revenue and year-over-year growth.

Market Presence And Advanced Capabilities Narrow The Field Forrester included nine vendors in the assessment: Barracuda Networks, Cisco, McAfee, Proofpoint, Sophos, Symantec, Trend Micro, Trustwave, and Websense. Each of these vendors has (see Figure 2): ■ Product revenues greater than $10 million. Forrester evaluated vendors that generate more than $10 million annually from content security products. We excluded consulting revenue related to custom and specialized solutions. ■ DLP and encryption. Forrester only considered solutions with DLP and encryption capabilities. ■ Operation of a threat intelligence center.

Forrester only included vendors that operate a threat intelligence center that monitors and incorporates threat information into the product to improve antispam and antimalware capabilities.

■ Significant interest from Forrester customers. Forrester considered the level of interest and feedback from our clients based on our various interactions, including inquiries, advisories, and consulting engagements.

For Security & Risk Professionals The Forrester Wave™: Email Content Security, Q4 2012 6 © 2012, Forrester Research, Inc. Reproduction Prohibited November 15, 2012 Figure 2 Evaluated Vendors: Product Information And Selection Criteria Source: Forrester Research, Inc. Vendor Barracuda Networks Cisco McAfee Proofpoint Sophos Symantec Trend Micro Trustwave Websense Product evaluated Barracuda Spam & Virus Firewall Cisco Email Security (formerly known as Cisco IronPort Email Security) McAfee Email Gateway Proofpoint Enterprise Protection/ Proofpoint Enterprise Privacy Sophos Email Appliance Symantec Messaging Gateway Interscan Messaging Security Secure Email Gateway Email Security Gateway Anywhere (ESGA) Product version evaluated v 5.1.004 AsyncOS v7.5.2 v7 v7.0.2 v3.7.0 v9.5 v8.2 v7.0 v7.7 Version release date March 2012 March 2012 Nov.

2011 Feb. 2012 April 2012 April 2011 Oct. 2011 May 2012 Feb. 2012 Vendor selection criteria Product revenues greater than $10 million. Forrester evaluated vendors that generate more than $10 million annually from content security products. We excluded consulting revenue related to custom and specialized solutions.

DLP and encryption. Forrester only considered solutions with DLP and encryption capabilities. Operation of a threat intelligence center. Forrester only included vendors that operate a threat intelligence center that monitors and incorporates threat information into the product to improve antispam and antimalware capabilities. Significant interest from Forrester customers. Forrester considered the level of interest and feedback from our clients based on our various interactions, including inquiries, advisories, and consulting engagements.

Evaluation Analysis The evaluation uncovered a very mature market in which the majority of vendors were Strong Performers or better (see Figure 3): ■ Symantec, Cisco, Proofpoint, Trend Micro, Websense, and McAfee lead the pack.

These six vendors distinguish themselves as the highest scoring Leaders in this evaluation. All of these vendors are capable of addressing the unique needs of the largest of enterprise clients.

For Security & Risk Professionals The Forrester Wave™: Email Content Security, Q4 2012 7 © 2012, Forrester Research, Inc. Reproduction Prohibited November 15, 2012 ■ Barracuda Networks, Sophos, and Trustwave offer competitive options. Barracuda Networks and Sophos don’t offer the advanced DLP, encryption, reporting, and management capabilities that large enterprises require. This evaluation of the email content security market is intended to be a starting point only. We encourage readers to view detailed product evaluations and adapt the criteria weightings to fit their individual needs through the Forrester Wave Excel-based vendor comparison tool.

Figure 3 Forrester Wave™: Email Content Security, Q4 ‘12 Source: Forrester Research, Inc.

Go online to download the Forrester Wave tool for more detailed product evaluations, feature comparisons, and customizable rankings. Risky Bets Contenders Leaders Strong Performers Strategy Weak Strong Current offering Weak Strong Barracuda Cisco McAfee Proofpoint Sophos Symantec Trend Micro Trustwave Websense Market presence Full vendor participation

For Security & Risk Professionals The Forrester Wave™: Email Content Security, Q4 2012 8 © 2012, Forrester Research, Inc. Reproduction Prohibited November 15, 2012 Figure 3 Forrester Wave™: Email Content Security, Q4 '12 (Cont.) Source: Forrester Research, Inc.

Barracuda Cisco McAfee Proofpoint Sophos Symantec Trend Micro Trustwave CURRENT OFFERING Email filtering Data leak prevention Reporting and management Performance and operations Client reference scores and feedback STRATEGY Product strategy Partners MARKET PRESENCE Installed base Revenue 3.15 3.33 2.15 3.10 5.00 2.25 2.76 3.60 1.50 2.48 2.40 2.60 Forrester’s Weighting 50% 35% 15% 15% 15% 20% 50% 60% 40% 0% 60% 40% 3.84 3.87 3.20 3.70 5.00 3.50 4.00 4.00 4.00 3.52 3.60 3.40 3.46 3.39 3.70 3.80 5.00 2.00 3.80 3.00 5.00 2.68 2.60 2.80 3.71 3.43 4.60 3.80 5.00 2.50 3.96 4.60 3.00 2.04 1.40 3.00 2.67 2.36 2.80 1.80 4.00 2.75 3.04 3.40 2.50 2.12 1.80 2.60 3.69 3.87 3.00 3.60 5.00 3.00 4.16 3.60 5.00 3.56 3.80 3.20 3.50 3.48 3.15 4.20 4.50 2.50 4.16 3.60 5.00 2.88 3.20 2.40 2.61 2.66 2.80 2.80 3.25 1.75 2.80 3.00 2.50 2.04 3.00 0.60 Websense 3.86 4.02 4.45 3.80 4.75 2.50 3.52 4.20 2.50 3.00 3.00 3.00 All scores are based on a scale of 0 (weak) to 5 (strong).

vENDOR PROFILES Leaders: Deliver On Large Enterprise Requirements ■ Symantec. Symantec has the largest market presence of any vendor we evaluated and continues to be a Leader in the email content security space. Symantec rebranded the Brightmail solution to Symantec Messaging Gateway in April 2011, and the solution continues to be widely deployed. Symantec offers a wide range of deployment options that cater to any size of organization. In addition to a VMware appliance, Symantec is developing support for an MS HyperV appliance. Symantec is a leader in encryption capabilities. Clients can leverage PGP Universal Gateway Email for robust on-premises encryption or opt for Symantec Content Encryption service, which leverages OEM relationships with Echoworx or ZixCorp.

Symantec has strong reporting capabilities, but there are opportunities to improve the dashboard features of the solution. Furthermore, Symantec has an opportunity to improve hybrid capabilities, including unified reporting and administration capabilities. Like other vendors in this Forrester Wave, Symantec charges more for robust DLP capabilities via Symantec Data Loss Prevention.

For Security & Risk Professionals The Forrester Wave™: Email Content Security, Q4 2012 9 © 2012, Forrester Research, Inc. Reproduction Prohibited November 15, 2012 ■ Cisco Systems. Cisco rebranded Ironport to Cisco Email Security during this Wave. Cisco has the second largest install base in our study and continues to be popular among enterprise clients. The solution has strong antimalware capabilities and also offers a wide range of encryption options. The Cisco Encryption Appliance provides on-premises push, S/MIME, and OpenGPG-based encryption. The Cisco Registered Envelope Service offers pull-based encryption, in which per-message keys are stored in a cloud service.

Cisco is currently testing a virtual form factor for VMware environments. With a few exceptions, Cisco is able to meet the needs of large enterprises. As a standalone channel DLP solution, the product isn’t as robust as the competition. To offer competitive enterprise-scale DLP capabilities, Cisco must leverage an RSA DLP integration. Other vendors offer this capability without any additional licensing costs. Cisco should focus on unified administration and reporting of the hybrid email offering; enterprises should use a single U/I to manage their environments.

■ Proofpoint. Proofpoint is one of the top vendors evaluated in this Forrester Wave. Proofpoint offers physical and virtual appliances as well as SaaS and hybrid solutions, although the hybrid solution doesn’t include centralized reporting or administration. The company went public with its initial public offering in April 2012. This should demonstrate to potential customers that Proofpoint is a viable, serious player in the space. Proofpoint demonstrates that channel DLP need not be limited or constrained in any way. Proofpoint has the strongest DLP capabilities in this Forrester Wave. Proofpoint launched a targeted attack protection service in Q2 of this year (we did not evaluate this feature in the Wave).

This additional pay offering leverages data analytics to combat targeted attacks. Proofpoint is the only pure-play vendor evaluated in this Forrester Wave. This is a challenge for companies seeking an integrated content security offering. Proofpoint relies on technology partnerships to offer customers both email and web content security solutions.

■ Trend Micro. Trend Micro’s InterScan Messaging Security (IMS) can be deployed as a virtual appliance (VMware and Microsoft Hyper-V), software appliance, software, SaaS, and hybrid via the optional precloud filter. The reporting and management capabilities of IMS are impressive. Trend led all other vendors in these areas. Centralized reporting and management of email (including hybrid deployments) and web solutions are possible via the Trend Micro Control Manager. Large enterprises may find Trend’s email channel DLP and encryption capabilities unable to meet their needs. The IMS has DLP-lite capabilities, but customers must purchase the full data loss prevention solution for this advanced functionality.

Trend needs to offer advanced DLP capability without requiring the larger enterprise DLP suite. If an organization is interested in more powerful encryption capabilities than basic TLS, the Email Encryption Gateway must be deployed. This solution supports proprietary push-based encryption capabilities. The solution is not able to support large enterprises with S/MIME or OpenPGP deployments.

For Security & Risk Professionals The Forrester Wave™: Email Content Security, Q4 2012 10 © 2012, Forrester Research, Inc. Reproduction Prohibited November 15, 2012 ■ Websense. Websense scored the highest in email filtering capabilities and overall Current Offering evaluation criteria. Websense offers a wide variety of deployment options: software, physical appliances, SaaS, and hybrid deployments. Websense has a strong story regarding hybrid email security deployments. The Triton architecture enables reporting and management of both on-premises gateways and SaaS from a single console. Customers can also manage web security and DLP solutions from the same interface.

Triton offers a compelling “single pane of glass” option. Websense is still relatively new to the appliance form factor, and the V-Series appliances have not been ported to a virtual form factor at this time. Websense needs to release a virtual appliance to meet the increasing demand. A virtual appliance is being developed and is targeted for release in the first half of 2013. Websense offers robust DLP capabilities, and the email gateway provides the same DLP technology offered in the enterprise Data Security Suite at no additional cost. Websense is a significant provider of web security solutions, but the email security offerings don’t have as large of a market share.

■ McAfee. In December 2011, McAfee released the McAfee EMail Gateway 7.0 (MEG). This was an extremely significant product release for McAfee. MEG was released roughly three years after the Secure Computing acquisition and combined the best features of Secure Computing’s IronMail with the McAfee Email and Web Security (EWS) platform. Competitive displacements of IronMail were high, and satisfaction of former Secure Computing customers was very low. McAfee now has a compelling story to offer email security prospects. McAfee offers email security solutions in appliance, virtual appliance, blade, SaaS, and hybrid (without unified administration and reporting) form factors.

McAfee is the only vendor to offer a blade form factor, which will appeal to carriers and service providers. MEG offers strong DLP capabilities built right into the solution; there are no additional costs for robust “enterprise grade” channel DLP. McAfee needs to focus on continued integration of email and web security solutions as well as a centralized email hybrid story.

Strong Performers: Close Behind But Lack Enterprise Grade DLP And Encryption ■ Barracuda Networks. Barracuda offers a wide range of email security deployment options. Solutions are available in appliance, VMware virtual appliance, SaaS, and hybrid with unified administration and reporting. The Barracuda web security solution can be managed from the same interface. This is very appealing to clients interested in managing all of their on- premises or SaaS-based email and web security solutions from one console. Barracuda isn’t able to meet the DLP and encryption requirements of large enterprises.

DLP pattern matching is done via regular expressions with a limited set of predefined dictionaries. For encryption beyond TLS, the Barracuda Email Security Service provides pull-based AES encryption. There are no push-based encryption options or support for S/MIME or OpenPGP. The no per-user pricing model for this encryption service and cloud security is very attractive to customers. Although navigating the Spam & Virus Firewall is intuitive, the default dashboard has room for improvement and isn’t as robust as some of the other vendors we evaluated.

For Security & Risk Professionals The Forrester Wave™: Email Content Security, Q4 2012 11 © 2012, Forrester Research, Inc. Reproduction Prohibited November 15, 2012 ■ Sophos. Sophos received high marks from customer references. The Sophos Email Appliances are very intuitive and easy-to-use, but many large enterprises will find that feature requirements and configuration options aren’t available. To expand market share into larger enterprises, Sophos is going to have to develop or strengthen capabilities and features that cater to large enterprise needs. Data Loss Prevention is an example of a feature that must be enhanced to meet the needs of large highly regulated organizations.

Sophos has a virtual appliance that is very popular with customers, but beyond this appliance, deployment options are limited. A physical appliance is the only other alternative. There is no hosted email security offering; given the adoption of SaaS, Sophos needs to develop or acquire this capability to be competitive. Threat intelligence is shared across all Sophos products including both the email and web content security solutions. Integrated reporting should be the next item on the integration road map. ■ Trustwave. Trustwave acquired M86 Security during this Forrester Wave evaluation and has rebranded the M86 MailMarshal Secure Email Gateway to the Secure Email Gateway (SEG).

The acquisition increased Trustwave’s security portfolio and bolstered Trustwave’s international presence. The future looks promising for the rebranded SEG, as the acquisition will make it more competitive in a highly saturated market. Look for the SEG to be integrated into the larger set of the Trustwave security portfolio. This will greatly benefit the SEG, as the solution lacks many capabilities needed by large companies. The SEG is only available as Windows software for enterprise clients, although a service provider edition is available. Most large enterprises prefer an appliance over loading software onto a Windows server, but installing the software on a virtual server makes the deployment option more scalable.

The SEG will also appeal to shops that prefer to run MS Windows infrastructure. The SEG shares reporting and DLP capabilities with the Trustwave Secure Web Gateway.

Supplemental MATERIAL Online Resource The online version of Figure 3 is an Excel-based vendor comparison tool that provides detailed product evaluations and customizable rankings. Data Sources Used In This Forrester Wave Forrester used a combination of four data sources to assess the strengths and weaknesses of each solution: ■ Vendor surveys. Forrester surveyed vendors on their capabilities as they relate to the evaluation criteria. Once we analyzed the completed vendor surveys, we conducted vendor calls where necessary to gather details of vendor qualifications.

For Security & Risk Professionals The Forrester Wave™: Email Content Security, Q4 2012 12 © 2012, Forrester Research, Inc.

Reproduction Prohibited November 15, 2012 ■ Product demos. We asked vendors to conduct demonstrations of their product’s functionality. We used findings from these product demos to validate details of each vendor’s product capabilities. ■ Independent, hands-on product testing. Forrester also requested unfettered access to vendors’ demonstration environments, where we could “play” with the product, validating its functionality and fit for Forrester’s use cases, as well as testing the user interface and its ease of use. ■ Customer reference calls. To validate product and vendor qualifications, Forrester also conducted reference calls with two of each vendor’s current customers.

The Forrester Wave Methodology We conduct primary research to develop a list of vendors that meet our criteria to be evaluated in this market. From that initial pool of vendors, we then narrow our final list. We choose these vendors based on: 1) product fit; 2) customer success; and 3) Forrester client demand. We eliminate vendors that have limited customer references and products that don’t fit the scope of our evaluation. After examining past research, user need assessments, and vendor and expert interviews, we develop the initial evaluation criteria. To evaluate the vendors and their products against our set of criteria, we gather details of product qualifications through a combination of lab evaluations, questionnaires, demos, and/or discussions with client references.

We send evaluations to the vendors for their review, and we adjust the evaluations to provide the most accurate view of vendor offerings and strategies. We set default weightings to reflect our analysis of the needs of large user companies — and/or other scenarios as outlined in the Forrester Wave document — and then score the vendors based on a clearly defined scale. These default weightings are intended only as a starting point, and we encourage readers to adapt the weightings to fit their individual needs through the Excel-based tool. The final scores generate the graphical depiction of the market based on current offering, strategy, and market presence.

Forrester intends to update vendor evaluations regularly as product capabilities and vendor strategies evolve.

Endnotes 1 Source: US Department of Health and Human Services (http://www.hhs.gov/ocr/privacy/hipaa/ administrative/enforcementrule/hitechenforcementifr.html). 2 PCI compliance also requires safeguarding of emails. The PCI DSS 4.2 requirement states, “Never send unprotected PANs by end-user messaging technologies.” Companies can be fined from “$5,000 to $100,000 per month for PCI compliance violations.” Source: PCI Security Standards Council (https:// www.pcisecuritystandards.org/documents/pci_dss_v2.pdf) and PCI Compliance Guide (http://www. pcicomplianceguide.org/pcifaqs.php#11).

For Security & Risk Professionals The Forrester Wave™: Email Content Security, Q4 2012 13 © 2012, Forrester Research, Inc.

Reproduction Prohibited November 15, 2012 3 Highly regulated verticals and companies that transmit toxic data are the most likely adopters of email encryption technologies. See the July 12, 2012, “Control And Protect Sensitive Information In The Era Of Big Data” report. 4 Source: Forrsights Security Survey, Q2 2012. 5 Source: Forrsights Security Survey, Q2 2012. 6 In a Forrester report, we contend that DLP is no longer a product, but a feature, and we recommend a new process-based approach to effectively deploy it. See the January 3, 2012, “Rethinking DLP: Introducing The Forrester DLP Maturity Grid” report.

7 According to the nonprofit The Spamhaus Project, 90% to 96% of inbound mail is illegitimate. Source: The Spamhaus Project (http://www.spamhaus.org/whitepapers/effective_filtering/).

Forrester Research, Inc. (Nasdaq: FORR) is an independent research company that provides pragmatic and forward-thinking advice to global leaders in business and technology. Forrester works with professionals in 17 key roles at major companies providing proprietary research, customer insight, consulting, events, and peer-to-peer executive programs. For more than 29 years, Forrester has been making IT, marketing, and technology industry leaders successful every day.

For more information, visit www.forrester.com. 61559 « Forrester Focuses On Security & Risk Professionals To help your firm capitalize on new business opportunities safely, you must ensure proper governance oversight to manage risk while optimizing security processes and technologies for future flexibility. Forrester’s subject-matter expertise and deep understanding of your role will help you create forward-thinking strategies; weigh opportunity against risk; justify decisions; and optimize your individual, team, and corporate performance.

Sean Rhodes, client persona representing Security & Risk Professionals About Forrester A global research and advisory firm, Forrester inspires leaders, informs better decisions, and helps the world’s top companies turn the complexity of change into business advantage. Our research- based insight and objective advice enable IT professionals to lead more successfully within IT and extend their impact beyond the traditional IT organization. Tailored to your individual role, our resources allow you to focus on important business issues — margin, speed, growth — first, technology second. for more information To find out how Forrester Research can help you be successful every day, please contact the office nearest you, or visit us at www.forrester.com.

For a complete list of worldwide locations, visit www.forrester.com/about.

Client support For information on hard-copy or electronic reprints, please contact Client Support at +1 866.367.7378, +1 617.613.5730, or clientsupport@forrester.com. We offer quantity discounts and special pricing for academic and nonprofit institutions.

You can also read