The Forrester Wave: Email Content Security, Q4 2012
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
FOR: Security & The Forrester Wave™: Email Content
Risk Professionals
Security, Q4 2012
by Rick Holland, november 15, 2012
Key TaKeaWays
email security is a Critical Component of your portfolio
Email is a key component of business processes within enterprises and must be
secured. Despite the fact that email security is low on the spending priority list,
it’s critical that organizations safeguard email. Email is a popular attack vector for
targeted attacks, and HIPAA and PCI mandate that emails containing confidential
data be secured.
advanced Capabilities differentiate Vendor offerings
Vendors are delivering enhanced capabilities in response to the threat and
compliance landscape. Big data analytics are leveraged to combat targeted attacks.
Encryption capabilities have been improved and simplified. Channel DLP is now
robust and feature-rich.
The delivery Model is shifting
The deployment of appliance-based email security gateways is declining.
Enterprises are adopting new models, such as software-as-a-service. Many
outsource their entire email infrastructure and rely on hosted email providers for
security, while those that are cloud-averse deploy virtual appliances that run in
their VMware and Microsoft environments.
Forrester Research, Inc., 60 Acorn Park Drive, cambridge, MA 02140 USA
Tel: +1 617.613.6000 | Fax: +1 617.613.5000 | www.forrester.comFor Security & Risk Professionals November 15, 2012
The Forrester Wave™: Email Content Security,
Q4 2012
The Nine Providers That Matter Most And How They Stack Up
by Rick Holland
with Stephanie Balaouras and Jessica McKee
Why Read This Report
In Forrester’s 47-criteria evaluation of email content security vendors, we identified the nine most
significant vendors in the category and researched, analyzed, and scored them: Barracuda Networks, Cisco,
McAfee, Proofpoint, Sophos, Symantec, Trend Micro, Trustwave, and Websense. This report details our
findings about how well each vendor fulfills our criteria and where they stand in relation to each other to
help security and risk professionals select the right partner for their email content security solution.
Table Of Contents Notes & Resources
2 Email Security Is A Critical Component Of Forrester conducted lab-based evaluations
Your Portfolio in May 2012 and interviewed nine vendor
and 18 user companies: Barracuda
Advanced Capabilities Differentiate Vendor
Networks, Cisco, McAfee, Proofpoint,
Offerings
Sophos, Symantec, Trend Micro, Trustwave,
Vendors Are Shifting Their Delivery Models and Websense.
4 Email Content Security Evaluation Overview
Related Research Documents
Evaluation Criteria
Content Security: 2012 Budget And Planning
Market Presence And Advanced Capabilities Guide
Narrow The Field November 16, 2011
6 Evaluation Analysis The Content Security Forecast Calls For
Clouds
8 Vendor Profiles
October 24, 2011
Leaders: Deliver On Large Enterprise Market Overview: Content Security, Q3 2011
Requirements October 17, 2011
Strong Performers: Close Behind But Lack
Enterprise Grade DLP And Encryption
11 Supplemental Material
© 2012, Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available
resources. Opinions reflect judgment at the time and are subject to change. Forrester®, Technographics®, Forrester Wave, RoleView, TechRadar,
and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. To
purchase reprints of this document, please email clientsupport@forrester.com. For additional information, go to www.forrester.com.For Security & Risk Professionals
The Forrester Wave™: Email Content Security, Q4 2012 2
Email Security is a critical component of your portfolio
Email is a critical business function that is deeply embedded in the DNA of business processes
within organizations. Ensuring that email messages are delivered and received in a safe and secure
manner is paramount. Enterprises rely on email content security solutions to ensure this. However,
despite the importance of email, companies invest a relatively small percentage of the security
budget to protect it. The overall content security budget, including web and email, makes up just 7%
of the security budget. Despite this, it has never been more important to safeguard email because:
■ The threat landscape is constantly evolving. In the nostalgic, not-too-distant past, spam and
“traditional” signature-based malware were the biggest threats that email content security
solutions needed to defend against. Antispam and antivirus were largely commoditized
capabilities in a very mature product space. Today, targeted attacks via spear phishing campaigns
have replaced spam and antivirus as the primary email threat to enterprises. Until recently, email
security solutions have been slow to evolve to address this threat. As a result, many companies
have opted to supplement their existing solutions with offerings specifically designed to address
these targeted attacks containing advanced malware. Addressing advanced malware requires new
approaches beyond signature-based detection and first-generation reputation services.
■ It will result in serious fines if you fail to do so. The failure to secure email content can
result in serious fines. The Health Information Technology for Economic and Clinical Health
(HITECH) Act mandates that covered entities that violate provisions of HIPAA concerning the
protection of personal health information (PHI) are subject to significant fines. The government
can levy a maximum penalty of $1.5 million for all violations of an identical provision.1 PCI
compliance also requires safeguarding of emails. The PCI DSS 4.2 requirement states, “Never
send unprotected PANs by end-user messaging technologies.” The card brands can fine
companies from “$5,000 to $100,000 per month for PCI compliance violations.”2 Organizations
must preserve the confidentiality of emails that contain sensitive information.
Advanced Capabilities Differentiate Vendor Offerings
Capabilities have moved far beyond spam and commodity antimalware. In response to the threat
and compliance landscape, vendors are:
■ Using analytics to improve their antimalware capabilities. Vendors have been releasing new
capabilities to address the advanced malware threat. While there is no silver bullet against a
patient and well-funded attacker, vendors have made strides to close the malware detection
gap. Vendors are now leveraging the power of big data analytics to determine if a message is
malicious. Solutions now include delay queues that dynamically hold the delivery of potentially
malicious emails until further context can be developed about the message. Suspicious URLs
embedded into emails are rewritten to ensure that hyperlinks are inspected at the time of click
instead of the time of delivery.
© 2012, Forrester Research, Inc. Reproduction Prohibited November 15, 2012For Security & Risk Professionals
The Forrester Wave™: Email Content Security, Q4 2012 3
■ Enhancing and simplifying encryption. Highly regulated verticals and companies that
transmit toxic data are the most likely adopters of email encryption technologies.3 According
to Forrester survey data, 40% of financial services and 29% of public sector/healthcare
organizations have embraced email encryption capabilities.4 Firms have traditionally preferred
gateway-to-gateway transport layer security (TLS) as an alternative to the often complex and
difficult-to-manage OpenPGP or S/MIME implementations. Today, organizations have the
option to choose robust, yet scalable, hosted or on-premises solutions. Vendors have simplified
the sender and recipient key exchange process to improve the user experience, and they have
extended encryption capabilities to include mobile devices. Some vendors have developed in-
house offerings while others have sought out OEM relationships. Trustwave and Symantec OEM
ZixCorp, while Websense OEMs Voltage.
■ Building more-robust data loss prevention (DLP). Like email encryption, DLP technology
hasn’t been widely implemented by enterprises. According to survey respondents, only 21%
of financial services and 18% of media/entertainment/leisure and public sector/healthcare
companies have adopted email channel DLP. Other verticals have been very slow to adopt.5
In Forrester’s “Rethinking DLP” report, we contend that DLP is transitioning from product
to feature, and we recommend a new process-based approach to effectively deploy it.6
Organizations that adopt this approach can have success with DLP. The way vendors license
DLP is also in transition. There is a trend to offer full “enterprise DLP” capabilities out of the
box. Organizations no longer have to accept “DLP lite” or limited regular expression filtering
capabilities. Companies can now opt for advanced DLP engines, enforcement controls, and
policy support out of the box.
Vendors Are Shifting Their Delivery Models
For most companies, the days of physical email security appliances are numbered. There are several
factors shifting the way vendors deliver their email security solutions, including:
■ Many firms increasingly prefer software-as-a-service (SaaS). SaaS email content security is
one of the most mature SaaS offerings available for security and risk professionals. Within the
next year, 55% of the companies in our survey will have adopted the service (see Figure 1). At a
minimum, all enterprises should consider inbound email filtering. According to the nonprofit
The Spamhaus Project, 90% to 96% of all inbound mail is illegitimate.7 Why even process and
inspect illegitimate messages when a SaaS provider can drop the messages altogether? Inbound
SaaS can also act as an additional disaster recovery layer. If a company’s messaging platform
goes down, the email SaaS vendor can queue the messages until the messaging platform
recovers from an outage. DLP and encryption capabilities aren’t as mature in the SaaS model as
they are in on-premises, but the verticals most likely to utilize these features are less inclined to
adopt SaaS services.
© 2012, Forrester Research, Inc. Reproduction Prohibited November 15, 2012For Security & Risk Professionals
The Forrester Wave™: Email Content Security, Q4 2012 4
■ Some firms will opt for hosted email. Organizations are increasingly considering and migrating
to the hosted email offerings available in the Google Apps and Microsoft Office 365 suites.
Physical appliances will see further attrition as these organizations adopt the security capabilities
of the hosted email providers. There will be a subset of enterprises that don’t want to manage on-
premises solutions but want more-robust security capabilities than are available from the hosted
email providers. These companies will likely leverage the SaaS offerings of security vendors.
Emails will first be routed to the security vendor’s SaaS environment for inspection and the
legitimate traffic will then be forwarded to the hosted email provider for delivery.
■ Firms that deploy on-premises will demand a virtual form factor. Virtual email security
solutions are growing in popularity with enterprises. The ability to leverage the benefits of the
virtual infrastructure is appealing. For example, enterprises can now easily scale resources to
meet the demands of increased utilization, and IT can provision new appliances without waiting
for the traditional procurement process. Today, virtual solutions are available for VMware and
Microsoft Hyper-V. Companies that are cloud-averse are the most likely adopters of the virtual
form factor.
Figure 1: Firms Increasingly Prefer Software-As-A-Service For Email Security Management
“What are your firm’s plans to adopt the following ‘as-a-service’ security offerings/approaches?”
Planning to implement Implemented, Expanding/upgrading
in the next 12 months not expanding implementation
Email filtering 5% 40% 10%
Base: 2,154 North American and European IT security decision-makers
Source: Forrsights Security Survey, Q2 2012
61559 Source: Forrester Research, Inc.
Email Content Security Evaluation Overview
To assess the state of the email content security market and see how the vendors stack up against
each other, Forrester evaluated the strengths and weaknesses of top email content security vendors.
Evaluation Criteria
After examining past research, user need assessments, and vendor and expert interviews, we
developed a comprehensive set of evaluation criteria. We evaluated vendors against 47 criteria,
which we grouped into three high-level buckets:
© 2012, Forrester Research, Inc. Reproduction Prohibited November 15, 2012For Security & Risk Professionals
The Forrester Wave™: Email Content Security, Q4 2012 5
■ Current offering. Each vendor’s position on the vertical axis of the Forrester Wave graphic
indicates the strength of its current product offering. After the vendor’s demonstration of the
solution, Forrester requested unfettered access to an online demonstration environment of
the solution. The sets of capabilities evaluated in this category are: email filtering, data loss
prevention, encryption, reporting, management, performance, and operations. Forrester also
evaluated customer satisfaction with the vendor’s solution through customer interviews.
■ Strategy. A vendor’s position on the horizontal axis indicates the strength of its go-to-market
strategy. Forrester looked at investments in research and development as well as threat
intelligence. Forrester also evaluated the differentiation of the vendor’s technology road map.
Finally Forrester evaluated the vendor’s partner community. Forrester focused on the scope and
depth of the vendor’s license, reseller, and consultant/systems integration partnerships.
■ Market presence. The size of the vendor’s bubble on the chart indicates its market presence.
Forrester measured this based on the vendor’s customer base, international presence, and
market segment diversity. Forrester also estimated the vendor’s email content security revenue
and year-over-year growth.
Market Presence And Advanced Capabilities Narrow The Field
Forrester included nine vendors in the assessment: Barracuda Networks, Cisco, McAfee, Proofpoint,
Sophos, Symantec, Trend Micro, Trustwave, and Websense. Each of these vendors has (see Figure 2):
■ Product revenues greater than $10 million. Forrester evaluated vendors that generate more
than $10 million annually from content security products. We excluded consulting revenue
related to custom and specialized solutions.
■ DLP and encryption. Forrester only considered solutions with DLP and encryption capabilities.
■ Operation of a threat intelligence center. Forrester only included vendors that operate a
threat intelligence center that monitors and incorporates threat information into the product to
improve antispam and antimalware capabilities.
■ Significant interest from Forrester customers. Forrester considered the level of interest and
feedback from our clients based on our various interactions, including inquiries, advisories, and
consulting engagements.
© 2012, Forrester Research, Inc. Reproduction Prohibited November 15, 2012For Security & Risk Professionals
The Forrester Wave™: Email Content Security, Q4 2012 6
Figure 2 Evaluated Vendors: Product Information And Selection Criteria
Product version Version
Vendor Product evaluated evaluated release date
Barracuda Networks Barracuda Spam & Virus Firewall v 5.1.004 March 2012
Cisco Cisco Email Security (formerly known as AsyncOS March 2012
Cisco IronPort Email Security) v7.5.2
McAfee McAfee Email Gateway v7 Nov. 2011
Proofpoint Proofpoint Enterprise Protection/ v7.0.2 Feb. 2012
Proofpoint Enterprise Privacy
Sophos Sophos Email Appliance v3.7.0 April 2012
Symantec Symantec Messaging Gateway v9.5 April 2011
Trend Micro Interscan Messaging Security v8.2 Oct. 2011
Trustwave Secure Email Gateway v7.0 May 2012
Websense Email Security Gateway Anywhere (ESGA) v7.7 Feb. 2012
Vendor selection criteria
Product revenues greater than $10 million. Forrester evaluated vendors that generate more than $10
million annually from content security products. We excluded consulting revenue related to custom and
specialized solutions.
DLP and encryption. Forrester only considered solutions with DLP and encryption capabilities.
Operation of a threat intelligence center. Forrester only included vendors that operate a threat
intelligence center that monitors and incorporates threat information into the product to improve
antispam and antimalware capabilities.
Significant interest from Forrester customers. Forrester considered the level of interest and feedback
from our clients based on our various interactions, including inquiries, advisories, and consulting
engagements.
Source: Forrester Research, Inc.
Evaluation Analysis
The evaluation uncovered a very mature market in which the majority of vendors were Strong
Performers or better (see Figure 3):
■ Symantec, Cisco, Proofpoint, Trend Micro, Websense, and McAfee lead the pack. These six
vendors distinguish themselves as the highest scoring Leaders in this evaluation. All of these
vendors are capable of addressing the unique needs of the largest of enterprise clients.
© 2012, Forrester Research, Inc. Reproduction Prohibited November 15, 2012For Security & Risk Professionals
The Forrester Wave™: Email Content Security, Q4 2012 7
■ Barracuda Networks, Sophos, and Trustwave offer competitive options. Barracuda Networks
and Sophos don’t offer the advanced DLP, encryption, reporting, and management capabilities
that large enterprises require.
This evaluation of the email content security market is intended to be a starting point only. We
encourage readers to view detailed product evaluations and adapt the criteria weightings to fit their
individual needs through the Forrester Wave Excel-based vendor comparison tool.
Figure 3 Forrester Wave™: Email Content Security, Q4 ‘12
Risky Strong
Bets Contenders Performers Leaders
Strong
Go online to download
Cisco the Forrester Wave tool
Websense for more detailed product
Proofpoint Symantec
evaluations, feature
McAfee
comparisons, and
Barracuda Trend Micro
customizable rankings.
Current Trustwave Sophos
offering
Market presence
Full vendor participation
Weak
Weak Strategy Strong
Source: Forrester Research, Inc.
© 2012, Forrester Research, Inc. Reproduction Prohibited November 15, 2012For Security & Risk Professionals
The Forrester Wave™: Email Content Security, Q4 2012 8
Figure 3 Forrester Wave™: Email Content Security, Q4 '12 (Cont.)
Trend Micro
Proofpoint
Weighting
Forrester’s
Trustwave
Websense
Barracuda
Symantec
McAfee
Sophos
Cisco
CURRENT OFFERING 50% 3.15 3.84 3.46 3.71 2.67 3.69 3.50 2.61 3.86
Email filtering 35% 3.33 3.87 3.39 3.43 2.36 3.87 3.48 2.66 4.02
Data leak prevention 15% 2.15 3.20 3.70 4.60 2.80 3.00 3.15 2.80 4.45
Reporting and management 15% 3.10 3.70 3.80 3.80 1.80 3.60 4.20 2.80 3.80
Performance and operations 15% 5.00 5.00 5.00 5.00 4.00 5.00 4.50 3.25 4.75
Client reference scores and 20% 2.25 3.50 2.00 2.50 2.75 3.00 2.50 1.75 2.50
feedback
STRATEGY 50% 2.76 4.00 3.80 3.96 3.04 4.16 4.16 2.80 3.52
Product strategy 60% 3.60 4.00 3.00 4.60 3.40 3.60 3.60 3.00 4.20
Partners 40% 1.50 4.00 5.00 3.00 2.50 5.00 5.00 2.50 2.50
MARKET PRESENCE 0% 2.48 3.52 2.68 2.04 2.12 3.56 2.88 2.04 3.00
Installed base 60% 2.40 3.60 2.60 1.40 1.80 3.80 3.20 3.00 3.00
Revenue 40% 2.60 3.40 2.80 3.00 2.60 3.20 2.40 0.60 3.00
All scores are based on a scale of 0 (weak) to 5 (strong).
Source: Forrester Research, Inc.
vENDOR PROFILES
Leaders: Deliver On Large Enterprise Requirements
■ Symantec. Symantec has the largest market presence of any vendor we evaluated and continues
to be a Leader in the email content security space. Symantec rebranded the Brightmail
solution to Symantec Messaging Gateway in April 2011, and the solution continues to be
widely deployed. Symantec offers a wide range of deployment options that cater to any size of
organization. In addition to a VMware appliance, Symantec is developing support for an MS
HyperV appliance. Symantec is a leader in encryption capabilities. Clients can leverage PGP
Universal Gateway Email for robust on-premises encryption or opt for Symantec Content
Encryption service, which leverages OEM relationships with Echoworx or ZixCorp. Symantec
has strong reporting capabilities, but there are opportunities to improve the dashboard features
of the solution. Furthermore, Symantec has an opportunity to improve hybrid capabilities,
including unified reporting and administration capabilities. Like other vendors in this Forrester
Wave, Symantec charges more for robust DLP capabilities via Symantec Data Loss Prevention.
© 2012, Forrester Research, Inc. Reproduction Prohibited November 15, 2012For Security & Risk Professionals
The Forrester Wave™: Email Content Security, Q4 2012 9
■ Cisco Systems. Cisco rebranded Ironport to Cisco Email Security during this Wave. Cisco
has the second largest install base in our study and continues to be popular among enterprise
clients. The solution has strong antimalware capabilities and also offers a wide range of
encryption options. The Cisco Encryption Appliance provides on-premises push, S/MIME,
and OpenGPG-based encryption. The Cisco Registered Envelope Service offers pull-based
encryption, in which per-message keys are stored in a cloud service. Cisco is currently testing
a virtual form factor for VMware environments. With a few exceptions, Cisco is able to meet
the needs of large enterprises. As a standalone channel DLP solution, the product isn’t as robust
as the competition. To offer competitive enterprise-scale DLP capabilities, Cisco must leverage
an RSA DLP integration. Other vendors offer this capability without any additional licensing
costs. Cisco should focus on unified administration and reporting of the hybrid email offering;
enterprises should use a single U/I to manage their environments.
■ Proofpoint. Proofpoint is one of the top vendors evaluated in this Forrester Wave. Proofpoint
offers physical and virtual appliances as well as SaaS and hybrid solutions, although the hybrid
solution doesn’t include centralized reporting or administration. The company went public with
its initial public offering in April 2012. This should demonstrate to potential customers that
Proofpoint is a viable, serious player in the space. Proofpoint demonstrates that channel DLP
need not be limited or constrained in any way. Proofpoint has the strongest DLP capabilities
in this Forrester Wave. Proofpoint launched a targeted attack protection service in Q2 of this
year (we did not evaluate this feature in the Wave). This additional pay offering leverages data
analytics to combat targeted attacks. Proofpoint is the only pure-play vendor evaluated in this
Forrester Wave. This is a challenge for companies seeking an integrated content security offering.
Proofpoint relies on technology partnerships to offer customers both email and web content
security solutions.
■ Trend Micro. Trend Micro’s InterScan Messaging Security (IMS) can be deployed as a virtual
appliance (VMware and Microsoft Hyper-V), software appliance, software, SaaS, and hybrid via
the optional precloud filter. The reporting and management capabilities of IMS are impressive.
Trend led all other vendors in these areas. Centralized reporting and management of email
(including hybrid deployments) and web solutions are possible via the Trend Micro Control
Manager. Large enterprises may find Trend’s email channel DLP and encryption capabilities
unable to meet their needs. The IMS has DLP-lite capabilities, but customers must purchase the
full data loss prevention solution for this advanced functionality. Trend needs to offer advanced
DLP capability without requiring the larger enterprise DLP suite. If an organization is interested
in more powerful encryption capabilities than basic TLS, the Email Encryption Gateway
must be deployed. This solution supports proprietary push-based encryption capabilities. The
solution is not able to support large enterprises with S/MIME or OpenPGP deployments.
© 2012, Forrester Research, Inc. Reproduction Prohibited November 15, 2012For Security & Risk Professionals
The Forrester Wave™: Email Content Security, Q4 2012 10
■ Websense. Websense scored the highest in email filtering capabilities and overall Current
Offering evaluation criteria. Websense offers a wide variety of deployment options: software,
physical appliances, SaaS, and hybrid deployments. Websense has a strong story regarding
hybrid email security deployments. The Triton architecture enables reporting and management
of both on-premises gateways and SaaS from a single console. Customers can also manage web
security and DLP solutions from the same interface. Triton offers a compelling “single pane
of glass” option. Websense is still relatively new to the appliance form factor, and the V-Series
appliances have not been ported to a virtual form factor at this time. Websense needs to release
a virtual appliance to meet the increasing demand. A virtual appliance is being developed and
is targeted for release in the first half of 2013. Websense offers robust DLP capabilities, and the
email gateway provides the same DLP technology offered in the enterprise Data Security Suite
at no additional cost. Websense is a significant provider of web security solutions, but the email
security offerings don’t have as large of a market share.
■ McAfee. In December 2011, McAfee released the McAfee EMail Gateway 7.0 (MEG). This was
an extremely significant product release for McAfee. MEG was released roughly three years
after the Secure Computing acquisition and combined the best features of Secure Computing’s
IronMail with the McAfee Email and Web Security (EWS) platform. Competitive displacements
of IronMail were high, and satisfaction of former Secure Computing customers was very low.
McAfee now has a compelling story to offer email security prospects. McAfee offers email
security solutions in appliance, virtual appliance, blade, SaaS, and hybrid (without unified
administration and reporting) form factors. McAfee is the only vendor to offer a blade form
factor, which will appeal to carriers and service providers. MEG offers strong DLP capabilities
built right into the solution; there are no additional costs for robust “enterprise grade” channel
DLP. McAfee needs to focus on continued integration of email and web security solutions as
well as a centralized email hybrid story.
Strong Performers: Close Behind But Lack Enterprise Grade DLP And Encryption
■ Barracuda Networks. Barracuda offers a wide range of email security deployment options.
Solutions are available in appliance, VMware virtual appliance, SaaS, and hybrid with unified
administration and reporting. The Barracuda web security solution can be managed from
the same interface. This is very appealing to clients interested in managing all of their on-
premises or SaaS-based email and web security solutions from one console. Barracuda isn’t
able to meet the DLP and encryption requirements of large enterprises. DLP pattern matching
is done via regular expressions with a limited set of predefined dictionaries. For encryption
beyond TLS, the Barracuda Email Security Service provides pull-based AES encryption. There
are no push-based encryption options or support for S/MIME or OpenPGP. The no per-user
pricing model for this encryption service and cloud security is very attractive to customers.
Although navigating the Spam & Virus Firewall is intuitive, the default dashboard has room for
improvement and isn’t as robust as some of the other vendors we evaluated.
© 2012, Forrester Research, Inc. Reproduction Prohibited November 15, 2012For Security & Risk Professionals
The Forrester Wave™: Email Content Security, Q4 2012 11
■ Sophos. Sophos received high marks from customer references. The Sophos Email Appliances
are very intuitive and easy-to-use, but many large enterprises will find that feature requirements
and configuration options aren’t available. To expand market share into larger enterprises,
Sophos is going to have to develop or strengthen capabilities and features that cater to large
enterprise needs. Data Loss Prevention is an example of a feature that must be enhanced to meet
the needs of large highly regulated organizations. Sophos has a virtual appliance that is very
popular with customers, but beyond this appliance, deployment options are limited. A physical
appliance is the only other alternative. There is no hosted email security offering; given the
adoption of SaaS, Sophos needs to develop or acquire this capability to be competitive. Threat
intelligence is shared across all Sophos products including both the email and web content
security solutions. Integrated reporting should be the next item on the integration road map.
■ Trustwave. Trustwave acquired M86 Security during this Forrester Wave evaluation and has
rebranded the M86 MailMarshal Secure Email Gateway to the Secure Email Gateway (SEG).
The acquisition increased Trustwave’s security portfolio and bolstered Trustwave’s international
presence. The future looks promising for the rebranded SEG, as the acquisition will make it
more competitive in a highly saturated market. Look for the SEG to be integrated into the larger
set of the Trustwave security portfolio. This will greatly benefit the SEG, as the solution lacks
many capabilities needed by large companies. The SEG is only available as Windows software
for enterprise clients, although a service provider edition is available. Most large enterprises
prefer an appliance over loading software onto a Windows server, but installing the software on
a virtual server makes the deployment option more scalable. The SEG will also appeal to shops
that prefer to run MS Windows infrastructure. The SEG shares reporting and DLP capabilities
with the Trustwave Secure Web Gateway.
Supplemental MATERIAL
Online Resource
The online version of Figure 3 is an Excel-based vendor comparison tool that provides detailed
product evaluations and customizable rankings.
Data Sources Used In This Forrester Wave
Forrester used a combination of four data sources to assess the strengths and weaknesses of each
solution:
■ Vendor surveys. Forrester surveyed vendors on their capabilities as they relate to the evaluation
criteria. Once we analyzed the completed vendor surveys, we conducted vendor calls where
necessary to gather details of vendor qualifications.
© 2012, Forrester Research, Inc. Reproduction Prohibited November 15, 2012For Security & Risk Professionals
The Forrester Wave™: Email Content Security, Q4 2012 12
■ Product demos. We asked vendors to conduct demonstrations of their product’s functionality. We
used findings from these product demos to validate details of each vendor’s product capabilities.
■ Independent, hands-on product testing. Forrester also requested unfettered access to vendors’
demonstration environments, where we could “play” with the product, validating its functionality
and fit for Forrester’s use cases, as well as testing the user interface and its ease of use.
■ Customer reference calls. To validate product and vendor qualifications, Forrester also
conducted reference calls with two of each vendor’s current customers.
The Forrester Wave Methodology
We conduct primary research to develop a list of vendors that meet our criteria to be evaluated
in this market. From that initial pool of vendors, we then narrow our final list. We choose these
vendors based on: 1) product fit; 2) customer success; and 3) Forrester client demand. We eliminate
vendors that have limited customer references and products that don’t fit the scope of our evaluation.
After examining past research, user need assessments, and vendor and expert interviews, we develop
the initial evaluation criteria. To evaluate the vendors and their products against our set of criteria, we
gather details of product qualifications through a combination of lab evaluations, questionnaires,
demos, and/or discussions with client references. We send evaluations to the vendors for their review,
and we adjust the evaluations to provide the most accurate view of vendor offerings and strategies.
We set default weightings to reflect our analysis of the needs of large user companies — and/or
other scenarios as outlined in the Forrester Wave document — and then score the vendors based
on a clearly defined scale. These default weightings are intended only as a starting point, and we
encourage readers to adapt the weightings to fit their individual needs through the Excel-based
tool. The final scores generate the graphical depiction of the market based on current offering,
strategy, and market presence. Forrester intends to update vendor evaluations regularly as product
capabilities and vendor strategies evolve.
Endnotes
1
Source: US Department of Health and Human Services (http://www.hhs.gov/ocr/privacy/hipaa/
administrative/enforcementrule/hitechenforcementifr.html).
2
PCI compliance also requires safeguarding of emails. The PCI DSS 4.2 requirement states, “Never send
unprotected PANs by end-user messaging technologies.” Companies can be fined from “$5,000 to
$100,000 per month for PCI compliance violations.” Source: PCI Security Standards Council (https://
www.pcisecuritystandards.org/documents/pci_dss_v2.pdf) and PCI Compliance Guide (http://www.
pcicomplianceguide.org/pcifaqs.php#11).
© 2012, Forrester Research, Inc. Reproduction Prohibited November 15, 2012For Security & Risk Professionals
The Forrester Wave™: Email Content Security, Q4 2012 13
3
Highly regulated verticals and companies that transmit toxic data are the most likely adopters of email
encryption technologies. See the July 12, 2012, “Control And Protect Sensitive Information In The Era Of
Big Data” report.
4
Source: Forrsights Security Survey, Q2 2012.
5
Source: Forrsights Security Survey, Q2 2012.
6
In a Forrester report, we contend that DLP is no longer a product, but a feature, and we recommend a new
process-based approach to effectively deploy it. See the January 3, 2012, “Rethinking DLP: Introducing The
Forrester DLP Maturity Grid” report.
7
According to the nonprofit The Spamhaus Project, 90% to 96% of inbound mail is illegitimate. Source: The
Spamhaus Project (http://www.spamhaus.org/whitepapers/effective_filtering/).
© 2012, Forrester Research, Inc. Reproduction Prohibited November 15, 2012About Forrester
A global research and advisory firm, Forrester inspires leaders,
informs better decisions, and helps the world’s top companies turn
the complexity of change into business advantage. Our research-
based insight and objective advice enable IT professionals to
lead more successfully within IT and extend their impact beyond
the traditional IT organization. Tailored to your individual role, our
resources allow you to focus on important business issues —
margin, speed, growth — first, technology second.
for more information
To find out how Forrester Research can help you be successful every day, please
contact the office nearest you, or visit us at www.forrester.com. For a complete list
of worldwide locations, visit www.forrester.com/about.
Client support
For information on hard-copy or electronic reprints, please contact Client Support
at +1 866.367.7378, +1 617.613.5730, or clientsupport@forrester.com. We offer
quantity discounts and special pricing for academic and nonprofit institutions.
Forrester Focuses On
Security & Risk Professionals
To help your firm capitalize on new business opportunities safely,
you must ensure proper governance oversight to manage risk while
optimizing security processes and technologies for future flexibility.
Forrester’s subject-matter expertise and deep understanding of your
role will help you create forward-thinking strategies; weigh opportunity
against risk; justify decisions; and optimize your individual, team, and
corporate performance.
« Sean Rhodes, client persona representing Security & Risk Professionals
Forrester Research, Inc. (Nasdaq: FORR) is an independent research company that provides pragmatic and forward-thinking advice to
global leaders in business and technology. Forrester works with professionals in 17 key roles at major companies providing proprietary
research, customer insight, consulting, events, and peer-to-peer executive programs. For more than 29 years, Forrester has been making
IT, marketing, and technology industry leaders successful every day. For more information, visit www.forrester.com. 61559You can also read
