Re: SPAM/spyware appliances or services

[Huba Leidenfrost <huba () UIDAHO EDU>]

Prior to the Proofpoint appliances we now use for all our central email
accounts (15,000+), we had a mix of homegrown techniques like the email
sanitizer (Perl), procmail filters, etc.  Most of that stuff was very time
consuming in terms of the hours spent supporting it.  The Proofpoint
solution is pretty hands off.

In our search for and selection of an email filtering solutions a year ago
we found and/or evaluated products or solutions from:

SOPHOS, Tangent(Baracuda), Borderware, Ciphertrust, Ironport, Corvigo,
McAfee, Panda, Postini, MessageLabs, Brightmail & RoaringPenguin.

We used an RFP to narrow down products to finally evaluate and select a
winner.  The RFP was based on to name a few criteria:

-Effectiveness (effective catch rate, low false-positive rate, low
false-negative catch rate)
-Speed (we ran specmail and some custom load testing widgets against them)
-Cost
-Support offerings
-Ease of management
-Included AV filtering != to our desktop AV product
-Other features (quarantine digest, user managed white and blacklists, etc.)

If it would help anyone I can dig up and more accurately summarize our
purchase process and RFP criteria.

I recommend the Proofpoint email filtering/spam appliance as a solution (not
without it's own set of idiosyncrasies) our users have been very happy with,
our management has been pleased with and our mail admins have had few
complaints with.

Knowing how many new products were jumping into the market a year ago I
would recommend a full search for new products and their effectiveness would
be the way to go.  I would suggest starting off with Gartner or such
summaries of products in the SPAM/AV/Gateway filtering market as well as the
mailing list survey you are doing.  Another good place to look is
Information Security Magazine's yearly security products review.  What one
product does well today they may suck at tomorrow.  The corollary also holds
true as a company that did not score as well in last years tests may
outshine others this year.

Good luck & have fun,

Huba Leidenfrost
huba () uidaho edu
ITS Security Analyst
University of Idaho
208.885.2126/7539(fax)

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gary Dobbins
Sent: Tuesday, April 19, 2005 6:15 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] SPAM/spyware appliances or services

Am curious to know who's using an appliance or an external service (as
distinct from software running on the MTA) to aggressively filter spam for
their campus.  Additionally, do any of you employ products which filter spam
from email traffic as well as filter spyware from HTTP; who's using what?

--

   ------------------------------------------------------------
   Gary Dobbins, CISSP -- Director, Information Security
   University of Notre Dame, Office of Information Technologies

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.