by Joe Gleinser
13. April 2010 16:54
More and more we are being asked about email archival and encryption solutions. For most businesses compliance with SAS 70, HIPAA or other standards drives this need. Recently GCS has seen several of our clients contractually obligated to implement these systems to do business with the Fortune 1000. Whatever the cause email archival and encryption are technologies that are rapidly becoming commonplace.
As with many technologies today there are two basic strategies to address these needs. The first strategy is an on-premise system. A business will procure archival software, encryption software (or appliance) and storage adjacent to their email systems. Archival systems start at about $10k including the software, storage and deployment. Symantec Backup Exec 2010 offers archival solutions integrated to your standard data backup. Low cost NAS devices make ideal archival targets that minimize cost per GB of storage. GCS has grown fond of the Synology product line that includes integrated site-to-site replication technology.
Email encryption is nothing new. This blogger, and many readers, may remember installing PGP Email Encryption after blowing through Stephenson's Cryptonomicon at a tender age. That cumbersome implementation has been replaced with appliances that encrypt email based on policy including recipient domains, keyword matching, email tagging and more. Cisco's Ironport, ZixCorp, and Voltage offer appliance/gateway solutions. These devices can be quite a bit more expensive than archival systems with many businesses looking at investments of $50k or more.
If cash flow and ease of management is a concern, hosted/cloud options exist for both archival and encryption. Microsoft and Google both offer hosted email filtering (virus and spam), archival and encryption. With Microsoft's Hosted Exchange Filtering you can get email filtering and archival for about $75 per user per year. Many of the appliance vendors offer hosted solutions as well. Hometown-boys-now-Dell-division MessageOne delivers an archival and continuity solution that is widely acclaimed.
by Marquis Calmes
27. August 2009 04:45
SonicWALL has recently refreshed it's successful TZ line of network security devices, aka firewalls, for the small office marked segment. For those unfamiliar with SonicWALL's network security devices, the term firewall is a misnomer. Beyond simple packet inspection and port forwarding these devices are capable of performing realtime anti-virus, anti-spyware and intrusion protection which SonicWALL refers to as Unified Threat Management or UTM.
The new generation is made up of three devices: the TZ100, TZ200 and TZ210. Despite the numerical decrease the entry level TZ100 is a step up from the TZ180 and TZ190, capable of over two times more UTM processing throughput. Beyond performance improvements the new generation is now capable of:
- SSL VPN remote access (more on SSL VPNs in a future post)
- WAN (or Internet Access) and VPN failover standard. (Note: The 5.5 firmware release will support up to 4 WAN connections)
- Hardware failover (TZ200 and TZ210 only)
- Support for 3G mobile broadband USB modems as either the primary or a backup internet connection. (TZ200 and TZ210 only)
- Also, TZ210 offers an application firewall capable of blocking or throttling specific types of network traffic over allowed protocols. For instance, limiting the bandwidth that can be used to view YouTube.
In addition to the functional improvements, SonicWALL has made significant changes to how these devices are sold.
- First, SonicWALL no longer uses licensing to restrict the number of nodes that can pass through the device. All devices will allow an unlimited number of nodes. However, that doesn't mean these devices can actually support an unlimited number of users, they still need to be appropriately sized for the environment. But, this is a great change as the previous version would start to block internet access if the number of nodes exceed the license, such as when guest laptops were using the network.
- Second, The Enhanced SonicOS firmware is now standard in all devices. The "standard" SonicOS, which had limited funcationality, has been eliminated.
Both of these changes greatly simplify the purchasing process and reduce the need for a customer to add licenses to fully utilize the device. Still, some features such as Gateway Anti-Virus and Anti-Spyware still require subscriptions that must be renewed.
Like the TZ180 all the new models are available with or without built-in wireless. However, the wireless versions of these devices support the new wireless N standard capable of up to 300MB/s of wireless traffic, nearly 6 times the throughput of the wireless G standard. Or instead of purchasing the integrated wireless, the new TZ series also support centrally managing between 1 (TZ100) and 16 (TZ210) SonicPoint wireless access points. When combined with power over ethernet, SonicPoint wireless access points can be easily placed in the optimal location based on the layout of your office, rather than being forced to place it in the server closet because it's integrated into your firewall.
Finally, another new feature in the TZ series is called Comprehensive Anti-Spam Service (CAS). CAS is designed to be a hybrid between device and cloud based spam filtering, and is positioned to be an alternative to Postini, MXlogic and Microsoft's cloud email filtering services. Basically, when CAS is enabled and the TZ device receives an email through SMTP it sends the message up to SonicWALLs spam engine "cloud" which performs the spam analysis with the latest possible signatures and then forwards the good messages back down to the TZ. The TZ then sends the message to the email server for final delivery. This process offloads the spam analysis processing from the device and doesn't require storing and updating signatures on the TZ. While I find this to be an interesting new service it doesn't provide all the features provided by the other cloud filtering services. For instance, because the other cloud filtering vendors are the initial point of contact for all external emails they can queue up messages if your email server is down. CAS is also inbound only for the TZ devices which means your IP address could still be blacklisted. Still this is a promising new feature and it will be interesting to see where SonicWALL takes it as it develops further.