If you receive errors when attempting to view this white paper, please install the latest version of Adobe Reader.
"MessageLabs, now part of Symantec, provides a range of managed services to protect, control, encrypt and archive electronic communications. Listed as a leader in the Gartner Magic Quadrant and many other analyst reports, and with more than 19,000 clients ranging from small business to the Fortune 500 located in more than 86 countries, MessageLabs services are widely recognized as a market leader in the messaging and web security market." Source : MessageLabs
Choosing a Solution for Web-Filtering: Software, Appliance, Managed Service?
Web Filtering is also known as : Web Filtering, Filtering Web Access, Email Web Security, Web Filters, Internet Filtering Software, Web Filter Reviews, Web Threat Protection, Web Security Services Business Web Filter, Web Threat Protection, Web Site Blocking, Trend Web Threat Protection, Blocking A Web Site, Internet Blocking, Website Blocking Software, Block Selected Websites, Url Filtering Appliance, Web Filter For Enterprise, Messagelabs Web Filtering, Email Security Software-Based , Email Security Appliance-Based , Email Security Managed Services.
Table of Contents
- Executive Summary
- The Rising Tide of Web Threats
- Web Security Options: In Brief
- Software-based Solutions
- Appliance-based Solutions
- Managed Services
- The MessageLabs Approach
- The Best Option for Business
There are three types of web security solutions: software-based, appliance-based and managed services. Each of these categories ' and each individual offering within them ' needs to be evaluated against the following key buying criteria:
Software and appliance-based solutions have significant weaknesses which undermine their suitability as a cost-effective option for business. For instance, TCO is significantly higher than initial purchase price and installation/maintenance will require substantial, ongoing commitment of in-house resources. Managed services, on the other hand, offer valuable benefits: lower TCO, minimal commitment of in-house resources, and constant, uninterrupted protection against inappropriate web use and the increasing threat posed by web-born viruses and spyware.
MessageLabs is a global leader in managed web security services. Providing a solution that is simple to install and use, MessageLabs offers outstanding performance in enabling businesses to set up and enforce acceptable usage policies that are flexible, fit-for-purpose and accommodate evolving needs and priorities. In parallel, its proprietary technology, Skeptic, equips MessageLabs to achieve unrivalled Internet-level detection and blocking of web-born malware and converged threats. Calculated on a per-user, per-month basis, these capabilities are delivered at highly competitive cost. The result is a service that doesn't just help businesses maximize productivity, profitability and protection against legal risks arising from web usage ' it also means the web's many business-building benefits can be harnessed effectively and comprehensively.
The Rising Tide of Web Threats
It's indisputable. In the course of a few short years, the World Wide Web has demonstrated its ability to add real value to the operations of all kinds of organizations.
It's become a key communications tool allowing commercial transactions to take place quickly and effectively, regardless of barriers imposed by time and distance. It's secured a vital niche as a medium that businesses can exploit to promote themselves, their products and their values. It's also established itself as an indispensable source of information and intelligence which can inform and improve business decision-making.
Yet like any other communication medium, the web brings risks as well as benefits. Every bit as serious as email-born threats, these risks have the potential to deliver damaging ' and in some cases crippling ' blows to organizations that don't have adequate protection in place.
Web threats can be divided into two broad categories: inappropriate web use and web-born malware.
Inappropriate web use:
Arguably, this is the number one web-related issue facing businesses today. Efficiency, productivity, bandwidth and corporate reputation can all take a big hit if employees squander office hours on inappropriate surfing activities.
Unfortunately, the web now offers more potential distractions than ever before. The key examples which eat up valuable in-house resources include chat rooms, iPlayer and other streaming media, online games and file downloads (see MessageLabs Intelligence Report, August 2008 www.messagelabs.com/resources/mlireports).
Statistically speaking, visits to adult and illegal websites are less common. Nevertheless they expose businesses to severe legal risks, e.g. from failure to protect staff from indecent images, cyber bullying and sexual harassment. As well as prosecution, fines and other penalties, the results can include loss of client trust and unwelcome media coverage.
A complicating factor, however, is the need for businesses to strike the right balance in their approach to web usage. The key is to ensure that your organization as a whole and your individual employees are properly protected, but also that motivation, creativity and wider business benefits aren't compromised by over-draconian restrictions. Social networking websites, for instance, can play a valuable role in fostering important professional relationships and the recruitment of high-caliber staff.
Increasingly, websites are becoming the preferred delivery mechanism for damaging malware such as viruses, as well as spyware and adware. In some cases, simply visiting an infected website will be enough to download unwanted programs onto a computer. Even if such programs are discovered before they bring your network down or surreptitiously leak sensitive financial or client data to a criminal third party, cleaning and rebuilding a polluted machine will have unwelcome resource implications. Blocking access to malicious websites and infected downloads is therefore absolutely vital to safeguarding your organization's productivity.
The need to counter web-born malware has become all the more urgent in the face of a developing and significant trend on the messaging and web security landscape. Increasingly, the "bad guys" are mixing and merging their attacks across vectors. A classic example of such "converged threats" is the use of spam emails to advertise ' and carry links to ' websites polluted with aggressive viruses or spyware. The uncomfortable truth is that the web is now firmly locked into the armoury of tools and techniques which the increasingly professional, sophisticated criminal gangs behind most cyber-crime now routinely deploy.
In the face of this alarming and continually evolving threat landscape, what should businesses do? An increasing number of vendors are responding to the rising tide of web-based threats by promoting web security solutions alongside their better established email security offerings. But how can you determine which products or services are the most efficient, easy to use and cost-effective? Outlining the key issues to consider when evaluating the options, this guide aims to help you reach the right decision for your business.
Web Security Options: In Brief
Web security solutions fall into three basic categories: software-based solutions, appliance-based solutions and managed services (sometimes also known as hosted services or SaaS ' "software as a service"):
- Software-based solutions require on-site installation of licensed web security software between the customer's web browsers and their network boundary.
- Appliance-based solutions are also installed on the customer's premises. But unlike software solutions, this involves setting up hardware in the form of additional hardware between web browser and network boundary.
- Managed services, by contrast, don't usually involve installing hardware or software on the customer's premises. Instead, the customer's web traffic is routed through ' and processed by ' the service vendor's infrastructure, consisting of data centers sited at major internet hubs. The managed service model normally involves the customer paying a regular subscription fee in return for a web monitoring and control service and/or protection from web-born malware.
Specific issues relating to each category of web security service are discussed below. The following table (on next page) also summerizes the principal performance factors of software-based solutions, appliance-based solutions and managed services.
Compared with email security, web security represents a relatively new market. Many businesses are not yet aware of the severity of the web threat and so are yet to make the decision to invest in a protection solution. With regard to those businesses that have already made such a decision, authoritative data is still lacking on the options they are choosing.
But it seems likely that a majority are committing themselves to software-based solutions, mirroring their email security purchasing decisions. (In 2007, software-based email security solutions generated an estimated $1348 million globally, more than appliance-based solutions and managed services combined; see "Worldwide Messaging Security 2007-2011 Forecast and 2006 Vendor Shares", IDC 2007).
MessageLabs believes this picture will change significantly. Essentially, this is due to the drawbacks associated with software-based solutions. These relate directly to the drain on in-house resources that such solutions customarily involve and also to in-built characteristics that militate against continuous, reliable protection:
- Although the initial price of a software-based solution may seem attractive, total cost of ownership (TCO) can be substantially higher. This is because investment in additional hardware and/or software will almost certainly be essential, and it will be necessary to devote sufficient in- house resources to managing and administering the solution. In addition, a software solution will typically have to be replaced within 3-5 years, generating a further commitment to hardware and software renewal.
- It is essential that a software-based solution and the system it serves have the capacity to keep pace with (i) increases in overall levels of web traffic and (ii) demand "spikes" where the number of webpage requests far exceeds the average figure. Under-capacity can lead to web access being compromised, damaging business continuity and customer relations. Eliminating worries about capacity will inevitably have financial implications.
- Setting up fit-for-purpose acceptable usage policies and enforcing them accurately using a software-based solution can be extremely resource-hungry. For instance, there can be a substantial support training requirement which, in many cases, will have to be met by in-house IT staff, deflecting them from other business- critical activities. Installing software patches will also involve sidetracking IT staff from important tasks.
- To maintain effective protection against web-born malware, software-based solutions must continually be updated with the latest signatures. Failure to do so can open a window of vulnerability which malware may exploit mercilessly, with devastating consequences for your business.
- Even where businesses have large IT departments and extensive IT skills, ensuring that in-house web security know-how keeps fully up- to-speed with an ever-changing threat landscape is at best difficult and, at worst, impractical. This, however, is a prerequisite to ensuring that a software-based solution can provide the watertight protection businesses need.
To sum up, software-based web security solutions require substantial investment and continual reinvestment, in terms of both in-house staff time and capital/maintenance costs.
Similarly, web security solutions that involve on-site installation of hardware appliances have a number of drawbacks:
- As with software-based solutions, the headline price of a web security appliance may seem tempting, but the TCO will be much less attractive. Above all, extensive input from in- house IT staff will be needed to adjust appliance settings, install patches when issued and respond to requests for technical support from end-users. It will also be vital to maintain accurate projections of changing capacity needs and ensure these are catered for in a timely and efficient way.
- Installing, deploying and testing appliances can take several days. So can fine-tuning settings to make sure local factors and conditions are properly accommodated. Inevitably, web availability will be restricted and perhaps even curtailed completely during the installation and set-up process.
- Relying on in-house appliances raises critical questions regarding management and capacity. Above all, as web traffic expands, more appliances will have to be installed and maintained ' all of which will impact web availability, IT budgets, network storage and corporate bandwidth. Failure to cater to increased demand could result in degradation of performance and in extreme cases interruption of service and severance of web contact.
- Should an appliance go offline (e.g. due to a power or system failure), web access will be interrupted and business could be lost. As insurance against this, organizations often invest in extra "redundant" appliances. But these require further financial outlay, use valuable bandwidth, soak up storage capacity and need further administration.
- Relying on web security appliances will involve a heavy burden in terms of the time taken to frame and implement the right acceptable use policy for your organization.
- Eliminating windows of vulnerability that web- born malware can exploit will be paramount. This will necessitate a high state of vigilance and a sophisticated understanding of malware threats among in-house IT staff. Supplementing internal expertise with external consultancy may prove unavoidable ' a practice also characteristic of organizations that invest in software-based solutions.
- Because of the legal dimension associated with web usage, those responsible for managing and administering your appliances will need to maintain an excellent awareness of relevant legislative and regulatory frameworks. The penalties for non- compliance can be extremely severe. This applies to software-based solutions too.
Overall, appliance-based web security solutions tend to be high outlay and high maintenance, and involve an open-ended commitment in terms of budgets and in-house staff resources.
In the field of email threat protection, managed services are gaining an increasing market share. Generally speaking, vendors of such services have earned a reputation for upstream innovation which translates directly into rapid deployment of leading-edge protection capabilities on their clients' behalf. The functionality, flexibility and ease of customization they offer are also playing a key role in their rising popularity. (See, for example: "Predicts 2007: Software as a Service Provides a Viable Delivery Model", Gartner, Inc. 2006).
This growing preference for managed services is now becoming evident in web security too. The main benefits that managed services generally aim to provide include:
- Predictable TCO, delivering significant savings compared to software and appliance-based solutions. This is because (i) managed service providers can achieve substantial economies of scale and (ii) there should be no "hidden extras". Because a managed service uses the vendor's infrastructure, away from subscribers' networks, the need to install, maintain and keep reinvesting in on-site software and hardware is basically eliminated. Valuable corporate bandwidth is also preserved.
- Ease and speed of set-up, with minimal disruption to web access, maximizing business continuity and employee productivity.
- Complete scalability and fallover protection. Temporary and long-term increases in demand for web access can be seamlessly accommodated. Subscribers should also be immune from the effects of server crashes and planned or unplanned power outages.
- Incorporation of policy engines for development and automatic, accurate enforcement of acceptable use policies. An important spin-off from this benefit is the minimal amount of training required, removing a major burden on in-house IT staff.
- Non-stop, constantly updated protection from web-born malware. Managed service providers employ technicians and engineers who work day-in, day-out to understand and neutralise web security threats. To replicate this level of specialist expertise within an average IT department is simply not feasible.
- Releasing in-house IT resources from the relentless, and often impossible, task of monitoring/controlling web usage and providing effective protection against increasingly virulent web-born malware and converged threats.
The MessageLabs Approach
Managed web security services offer businesses important advantages. But how are prospective subscribers to differentiate between the increasing number of vendors coming to market with such services?
MessageLabs fully managed Web Security Services provide capabilities in:
- Monitoring employees' web browsing behavior, which includes highlighting bandwidth used and the potential need to put web usage controls in place.
- Control of websites that can be visited and files that can be downloaded from them.
- Interception of viruses, spyware and adware.
Other vendors offer services which ostensibly perform the same tasks. However, MessageLabs outperforms its competitors in three critical areas:
1. Accurate protection:
Harnessing the world's most advanced and stable network, consisting of 14 data centers spanning four continents, MessageLabs delivers industry-leading zero hour Internet-level protection against web-born threats. Underpinning this capability is the use of multiple signature-based anti-malware scanners and MessageLabs unique, proprietary threat detection technology, Skeptic.
For almost a decade now, Skeptic has led the way in predictive threat detection. As it relentlessly scans for malware, it constantly adds to its enormous reservoir of knowledge, updating itself to deal with every new threat that appears on the landscape ' however novel or sophisticated that threat may be. The other scanners used by MessageLabs are all best-of-breed commercial offerings that stop known malware threats and so act as a perfect complement to Skeptic.
Delivering such comprehensive threat protection has become all the more essential with the increasing trend towards threat convergence (see page 5). Moreover, MessageLabs is the only vendor to retain its email, web and Instant Messaging (IM) security services in-house. This means that when a threat is detected in one vector, the solution can be applied across other vectors with the greatest possible speed and efficiency. Because MessageLabs email, web and IM services form part of a single system and are not devolved to partner organizations, they can be managed as an integrated whole.
2. Ease of installation and use:
Simplicity of set-up, configuration, use and administration are all hallmarks of MessageLabs Web Security Services, which function with equal effectiveness regardless of a customer's web browser configuration. 24/7/365 client support is included in the subscription fee.
The services also offer unrivalled flexibility. Thanks to the policy engine incorporated, they can be customized to meet the precise and changing priorities of any business, wherever in the world they are located. This is absolutely essential in today's business environment where every organization needs to devise an acceptable web usage policy that matches their exact requirements and circumstances as closely as possible.
As well as allowing you to govern web access at group or even individual user level, MessageLabs Web Security Services enable you to set time-based rules, e.g. to permit web surfing during lunch hours ' an approach that can benefit staff motivation. Similarly, the service is designed to accommodate the increasingly blurred lines between employees' home and work lives and private and professional identities. In many ways, the web has played a key role in blurring these lines and creating challenges and opportunities as a result. The industry-leading flexibility inherent in MessageLabs intuitive policy-building engine therefore delivers vital benefits.
Administration of the service is undertaken from a user-friendly, web-based portal. This generates a whole range of management information, configuration tools, service statistics and reports in real-time. So you remain fully informed about the service's performance and about patterns of web usage for individual employees, groups of employees and the organization as a whole. Furthermore, the client doesn't need to be involved in service updates and upgrades, which are undertaken automatically by MessageLabs.
Added to this, close study of customer feedback and exactly what this feedback signifies helps MessageLabs continually refine and improve its services. Vendors with smaller client rosters inevitably receive less feedback on which to base service improvements ' yet another competitive edge for MessageLabs.
3. Total cost of ownership:
As noted earlier, managed services can offer businesses a lower TCO than software and appliance-based solutions. The "hidden extras" associated with the latter two options can be substantial and may include: investment in additional hardware or software, installation of increased storage capacity, bringing more bandwidth online to cope with demand, and making considerable in-house IT support available to provide a training and troubleshooting resource.
But the TCO of a managed service should stay stable and predictable ' a massive benefit when it comes to budgeting and ensuring expenditure forecasts are as accurate as possible.
But how does the cost of MessageLabs Web Security Services compare with other managed web security services? Calculating on a per-user, per-month basis ' the most accurate framework for estimating actual costs ' MessageLabs is extremely competitive with the less effective, less comprehensive, less user-friendly, less flexible solutions provided by other vendors.
The Best Option for Business
As this guide explains, MessageLabs Web Security Services are specifically designed to help businesses take control of the many potential threats that can arise from web usage on a daily basis. This, in turn, equips businesses to protect their productivity and valuable in-house resources.
Crucially, MessageLabs offers benchmark protection not just compared with software and appliance-based solutions but also with the growing number of rival managed web security services now available. Quite simply, MessageLabs helps ensure that, for your business, the web remains a business-boosting asset ' and doesn't become a destructive, risk-laden liability.
"[MessageLabs] provides a convenient and cost-effective solution for managing and reducing risk and providing certainty in the exchange of business information" (IDC 2007).
For more information or for a free trial of MessageLabs Web Security Services please visit www.messagelabs.com/trials/free_web.
TOLL FREE 866-460-0000
512 Seventh Avenue
New York, NY 10018
T +1 646 519 8100
F +1 646 452 6570
7760 France Avenue South
Bloomington, MN 55435
T +1 952 830 1000
F +1 952 831 8118
T +852 2111 3650
F +852 2111 9061
90 Arthur Street
T +61 2 9409 4360
F +61 2 9955 5458
30 Cecil Street
T +65 6232 2855
F +65 6232 230
1270 Lansdowne Court
Gloucester Business Park
Gloucester, GL3 4AB
T +44 (0) 1452 627 627
F +44 (0) 1452 627 628
40 Whitfield St
London WIT 2RH
T +44 (0) 207 291 1960
F +44 (0) 207 291 1937
T +31 (0) 20 491 9600
F +31 (0) 20 491 7354
BELGIUM / LUXEMBOURG
T +32 (0) 2 403 12 61
F +32 (0) 2 403 12 12
T +49 (0) 89 189 43 990
F +49 (0) 89 189 43 999