The Sophos Email Appliance is an email security gateway product. It closely examines email messages to determine if they contain any suspicious content, such as spam, malware and phishing attempts. If any such content is detected, the Sophos Email Appliance blocks it so that it cannot reach its destination and potentially cause a data breach or other compromise. Because such a large percentage of threats today are email-borne, having a robust email security gateway protecting an organization has generally become a necessity.
The Sophos Email Appliance comes in two deployment models: a local hardware appliance and a virtual appliance.
There are three models available for the local hardware appliance, which is called the Sophos Hardware Email Appliance:
- ES100 (up to 95,000 messages per hour)
- ES1100 (up to 200,000 messages per hour)
- ES5000 (up to 550,000 messages per hour)
The virtual appliance is known as the Sophos Virtual Email Appliance. It is supported by VMware ESX/ESXi 3.5 or 4.x, and VMware ESXi 5.x. The Sophos Virtual Email Appliance uses what are called pre-defined profiles. These profiles are as follows:
- Small (300 users; up to 60,000 messages per hour)
- Small-Medium (1000 users; up to 200,000 messages per hour)
- Medium (5000 users; up to 400,000 messages per hour)
- Large (10,000 users; up to 600,000 messages per hour)
The Sophos Hardware Email Appliance and the Sophos Virtual Email Appliance both provide the same security capabilities. In addition to supporting fundamental email security gateway capabilities -- namely, antivirus, antimalware, antiphishing and antispam -- the appliances also offer data loss prevention (DLP) and email encryption capabilities for outbound emails. DLP and email encryption are both intended to prevent the organization's sensitive data from inadvertently or intentionally being exfiltrated to external locations via email messages.
The Sophos Email Appliance products do not provide support for other advanced security capabilities, such as executable sandboxing and threat intelligence feed use, that are offered by some other email security gateway products.
The Sophos Hardware Email Appliance and the Sophos Virtual Email Appliance offer the same security capabilities in different forms for on-premises deployment. Sophos does not offer a public cloud service, but organizations are often uncomfortable with having their emails processed by a third party in the cloud, so many may not consider that lack of platform support a drawback. The hardware and virtual appliance forms of the Sophos Email Appliance provide solutions for organizations of many sizes; only the smallest organizations (fewer than 100 users) might find the lowest-end appliance models to be unnecessarily powerful to meet their needs.
The Sophos Email Appliance products do not support the executable sandboxing and threat intelligence feed use features that are becoming increasingly important for improving detection accuracy. This is a significant drawback, and organizations seeking the most advanced email security gateway product available should consider other products. However, organizations that are not as mature in terms of security and are looking for a basic email security gateway solution should consider the Sophos Email Appliance in their product evaluations.
In part one of this series, learn the basics of email security gateways in the enterprise
In part two of this series, read about the enterprise use cases for email security gateways
In part three of this series, find out about the purchasing criteria for email security gateway products
In part four of this series, compare the best email security gateways in the industry