Web traffic, electronic mail and file transfers can be filtered with one tool. This tip, courtesy of SearchSecurity.com, offers security consultants and systems integrators hints for evaluating popular products for content security.

    Requires Free Membership to View

Content filters now represent a common tool in the arsenal of corporate information security groups. These all-in one tools provide a centralized approach to filtering an organization's Web traffic, electronic mail and file transfers for malicious code and/or inappropriate content. In the past, administrators hoping to achieve a robust security posture were forced to install and maintain a variety of devices ranging from antivirus software to URL filters.

The latest wave of content filters combines all of these technologies into an integrated solution, making for a reduced administrative burden. On the other hand, they come with a correspondingly heavy price tag. Some of the more popular solutions are Aladdin's eSafe Gateway, Trend Micro's InterScan eManager, NetIQ's Marshall Content Security Solutions and ISS' Proventia.

There are, of course, some fundamental questions that you should ask when evaluating any of these solutions for your enterprise:

  • How much protection do I need? What type of filtering is necessary and what can I afford? Does the threat justify additional investment?


  • Should I purchase an appliance-based solution or a software package that I will install on my own server? In some cases, you may wish to use a dedicated appliance for ease of administration and centralized security. If you're running several packages on the same server, you may wish to purchase a software license only and install it on your own hardware.


  • What are the maintenance costs associated with the product? In addition to the initial license acquisition, you'll need to purchase annual support and update agreements to keep your software current and your filters functioning properly.


  • Is there support for third-party security solutions? Many packages are capable of directly interacting with firewalls, intrusion-detection systems and other perimeter protection devices. Additionally, you may be able to integrate your current content-filtering solutions to get a second opinion from an independent algorithm.


  • How will this software integrate into my current environment? If you're currently using an SMTP server, you may wish to use the content filter as an SMTP gateway. On the other hand, some packages are capable of integrating directly with other mail servers (such as Microsoft Exchange or Lotus Notes) at a higher level, increasing the efficiency of scans.

Most importantly, keep in mind the fundamental requirement: You must be able to trace the software back to a legitimate business need. If you can justify the expense (and some of these packages run over $25,000), integrated content-filtering packages can make security monitoring a breeze!

About the Author
Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for
Information Security magazine and the author of several information security titles including the CISSP Prep Guide and Information Security Illuminated.

This tip originally appeared on SearchSecurity.com.


This was first published in March 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.