Quocirca's Straight Talking: A single source for net protection

Consolidation afoot - and more to come

There are plenty of IT vendors out there who spend their time worrying about all the dangerous activities that employees undertake as they interact with the outside world and the nasty content that can end up on PCs and servers as a result of this. And, of course, they make their living by selling remedies to this problem.

Broadly speaking, the vendors fall into two camps - those that worry about us sending and receiving email, and those that worry about us surfing the web. There are two reasons for the polarity. Firstly, the activities tend to take place in different 'places' and, secondly, the type and level of control required varies.

To communicate with the outside world a computer network opens ports on systems to allow traffic to flow in and out. If there is no security, there are 65,256 ports available. Network firewalls are used to shut them all down and then selectively reopen them for specific activities. Two of the most widely used are port 80, the default for internet activity (HTTP traffic), and port 25, the default for corporate email (SMTP traffic). So the various vendors set up the filters to monitor particular ports depending on the activity they are trying to control.

Most people receive far more email than they send, so it is more a passive than an active method of communication. These days most employees should be aware of the dangers associated with email and be suspicious if an unexpected email turns up from an unfamiliar sender. But businesses are not just worried about what might be sent to their employees, they are also worried about what they may send out. Because of this, most organisations filter incoming and outgoing email to check for nasty stuff going either way and make sure their employees behave themselves.

In the last few years there has been no end of vendors with remedies to help with this process. Many vendors started life making products that filter incoming junk email and checks for viruses. Their services are now being extended to cover other email threats such as phishing, or messages that purport to be from your bank but are really from a criminal who wants your bank account details. Vendors such as Aladdin, IronPort, MessageLabs, Mirapoint, Postini, Symantec and many others all have products for solving the email problem - sold either as software, a hosted service or an appliance.

Surfing the web, unlike email, is entirely active - it only happens because an employee sets out to do so. There are all sorts of good reasons why employees surf the web but businesses worry about the things they should not be doing and also about the digital pests they pick up in the process. There are a number of vendors, such as SurfControl and Websense, who specialise in controlling what employees can and can't do on the web.

To do this they maintain lists of every known website and categorise them. Once their service is in place, it makes it easy for businesses to bar their employees from accessing certain types of websites (pornography, gambling and so on). They can also limit access to certain websites to particular times of day (for example, Amazon is only open at lunchtime) and to particular groups of individuals.

Some of these vendors are now extending their services to filter content that arrives whilst surfing the web, like checking for spyware, adware or other software programs that can be inadvertently downloaded. All these services can also be purchased from vendors such as Blue Coat who build specialist appliances for filtering HTTP traffic and include access to a range of web filtering services.

So are the worlds of HTTP and SMTP filtering so far apart that businesses will always have to deal with two sets of vendors to control the activities of their employees communicating with the outside world?

In short: not anymore.

Some vendors, such as ClearSwift, have had both email and web filtering capabilities for some time. Others have started to accumulate the capabilities for controlling both types of traffic. Computer Associates and Microsoft, for instance, have both acquired spyware and email filtering capabilities in the last 12 months. There are other vendors - such as Checkpoint, Fortinet, ServGate, Trend Micro and the recently merged Secure Computing/Cyber Guard - which have appliances that provide 'unified threat management' for all types of traffic.

But vendors on both sides have been getting more and more excited about another activity that employees love and, the vendors claim, is wrought with danger - instant messaging (IM).

IM includes some of the worst aspects of both email and web surfing. As with email, employees can receive IMs unexpectedly, although they are likely to know the sender. Employees can respond instantaneously and they may be even less guarded than they are with email. Unlike emails, IM communications are not necessarily logged, which can lead to possible non-compliance for certain organisations. As with surfing the web, IM has a huge potential for time wasting.

Postini, a vendor of email filtering services, has announced it will extend its service to cover IM later this year and Websense, traditionally a web filtering vendor, now offers IM filtering as part of its service. There are also vendors such as IM Logic which specialise in controlling IM traffic. Most IM filtering vendors also offer a logging capability, solving any compliance issues.

The content filtering industry has seen considerably consolidation over the last 12 months, especially on the email side. As the interests of those that watch SMTP and HTTP traffic start to overlap and the growth in the market for their original products slows down, there will be further consolidation across the divide. Good news for businesses who will be able to single-source their content-filtering requirements.