Content filters now represent a common tool in the arsenal of corporate information security groups. . These all-in one tools provide a centralized approach to filtering an organization's Web traffic, electronic mail and file transfers for malicious code and/or inappropriate content. In the past, administrators hoping to achieve a robust security posture were forced to install and maintain a variety of devices ranging from antivirus software to URL filters.
The latest wave of content filters combines all of these technologies into an integrated solution, making for a reduced administrative burden. On the other hand, they come with a correspondingly heavy price tag. Some of the more popular solutions are Aladdin's eSafe Gateway, Trend Micro's InterScan eManager, NetIQ's Marshall Content Security Solutions and ISS' Proventia.
There are, of course, some fundamental questions that you should ask when evaluating any of these solutions for your enterprise:
- How much protection do I need? What type of filtering is necessary and what can I afford? Does the threat justify additional investment?
- Should I purchase an appliance-based solution or a software package that I will install on my own server? In some cases, you may wish to use a dedicated appliance for ease of administration and centralized security. If you're running several packages on the same server, you may wish to purchase a software license only and install it on your own hardware.
- What are the maintenance costs associated with the product? In addition to the initial license acquisition, you'll need to purchase annual support and update agreements to keep your software current and your filters functioning properly.
- Is there support for third-party security solutions? Many packages are capable of directly interacting with firewalls, intrusion-detection systems and other perimeter protection devices. Additionally, you may be able to integrate your current content-filtering solutions to get a second opinion from an independent algorithm.
- How will this software integrate into my current environment? If you're currently using an SMTP server, you may wish to use the content filter as an SMTP gateway. On the other hand, some packages are capable of integrating directly with other mail servers (such as Microsoft Exchange or Lotus Notes) at a higher level, increasing the efficiency of scans.
Most importantly, keep in mind the fundamental requirement: You must be able to trace the software back to a legitimate business need. If you can justify the expense (and some of these packages run over $25,000), integrated content-filtering packages can make security monitoring a breeze!
About the Author
Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles including the CISSP Prep Guide and Information Security Illuminated.