Competitive Comparison
ePrism vs Postini
800-782-3762 www.edgewave.com
Competitive Comparison
ePrism vs Postini
Technical Comparison between ePrism Email Security and Postini Defenses Against Targeted Attacks (Phishing)
Postini
ePrism
Policies for granular and configurable defense against phishing messages
X
Separate quarantine for phishing messages
X
Notification and alert of phishing messages in real time
X
Automated delivery of reports for phishing messages
X
Traditional Threat Defenses Individual policies for spam, virus, bulk, and adult
Postini
ePrism
Partial
X
Individual quarantine for spam, virus, bulk, and adult content messages
X
99% spam blocking and 1:350,000 false positive SLA
X
Anti-Virus at 100% SLA
X
X
Reputation-based spam detection
X
X
Email connection throttling and termination
X
X
Machine learning technology and human review for accurate content analysis Zero-Minute Anti-Virus detection for zero-minute protection
X X
X
Postini
ePrism
Detection of outbound spam
Partial
X
Policy-based encryption
Partial
X
Defenses Against Other Threats
Comprehensive content filtering: Office 2007, Office 2010, and PDF attachments Compliance policies for SSNs and all CCs pre-configured
X Partial
Compliance policies for HIPAA, GLBA, PCI preconfigured
X X
Content rules based on regular expressions
X
X
Flexible encrypted message delivery (including mobile devices)
X
X
Encryption triggered by end-user for sensitive data
X
X
Encryption keys per message
X
X
Postini
ePrism
Management and Reporting Google Proofpoint Zero-hour message tracking and ability to locate phishing messages
X
Zero-day reporting that includes a summary of phishing messages
X
Automated email report publishing, scheduling, and delivery
X
Consolidated view of compliance activity on the DLP Dashboard
X
Deployment Options Cloud-Based Fully Hosted On-premises Managed Appliance
Postini
ePrism
X
X X
Competitive Comparison
ePrism vs Postini
Executive Summary Email has become the primary form of communication for businesses and organizations in every market sector. Unfortunately having such an easy channel for communication also creates numerous challenges. From security attacks to data leakage, the challenges of email are front and center. So the choice of an email security solution is vitally important for the protection of your business. This document compares how Google-Postini and EdgeWave ePrism Email Security protect organizations from current and future threats. There have been numerous examples highlighted in the press of high profile security breaches, with many resulting from spear-phishing email. Spear-phishing is an e-mail fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Examples include: •
February 2011: Canadian Finance Ministries internal systems
•
March 2011: French Ministry of Finance infiltrated
•
March 2011: RSA breach that resulted in hacking of defense contractors L-3 Communications and Northrup Grumman.
•
April 2011: Email lists for brands such as Best Buy, Citibank, Chase and Target were exposed as the result of a breach at Epsilon, an email information management firm.
•
June 2011: International Monetary Fund breached
If these high profile firms, including a well-known security firm like RSA, can be breached then all organizations are at risk. It is no longer sufficient to consider your firm an unlikely target – there is value in all data for spammers, especially lists of valid email addresses. Since spear-phishing only works if the message looks and feels authentic, having a list of valid email addresses only makes this easier. An email security solution must be able to adapt quickly to targeted campaigns in order to provide adequate protection. And this adaptation must be immediate and require no interaction from the IT group.
EdgeWave Focus on Security Google purchased Postini in 2007. At the time Postini was highly rated and considered a market leader. Since the acquisition Google has done little to enhance the Postini (now called Google Message Security) solution leaving the solution vulnerable to phishing and spear-phishing. When Google CEO Parry Page outlined the three priorities for Google during an earnings call with investors he said the following: “I think about our products in three separate categories. First, there is Search in our Ads products, the core driver of revenue for the company. Next, we have products that are employing high consumer success: YouTube, Android and Chrome. Then we have our new products, Google+ in commerce and local. We are investing in them to drive innovation and adoption.” It is telling that enterprise security, including Google Message Security, wasn’t listed. It is also interesting to note that Postini’s 2011 revenue of $130 million is only 0.3% of Google’s total 2011 revenue of $37.9 billion. Finally, the recent announcement that Google will end-of-life Postini as a brand and place Google Message Security in the Google Apps group does call in to question how much development effort will be directed at email security innovation. EdgeWave, by comparison, does nothing but security. All of our development and innovation efforts are targeted squarely at solving web and email security threats. The EdgeWave ePrism Email Security Suite has been blocking phishing and spear-phishing campaigns for over 10 years, combining machine learning and human review techniques. ePrism engineers are constantly reviewing spam campaigns, evaluating their attack vectors, and immediately updating our ePrism email security solution to provide true Zero Hour protection. EdgeWave ePrism also has the ability to limit the end user’s visibility in to the phishing quarantine providing an additional layer of protection. Finally, EdgeWave ePrism
Competitive Comparison
ePrism vs Postini
allows administrators to be notified, via email or text, when phishing attacks are happening so they can proactively monitor the activity and notify their end users. It is this level of innovation that is required to protect organizations from email borne threats in today’s world of highly targeted spam campaigns.
Comparison Defending against Phishing Attacks and other blended threats Google uses only four categories for email filtering and places all the messages from these categories in to a single Bulk Email end user quarantine: •
Sexually explicit
•
Get Rich Quick
•
Special Offers
•
Racially Insensitive
In 2007, when Google purchased Postini, this may have been sufficient but in today’s email security world greater granularity is required. In the Google model all messages in those four categories, including phishing email, will be placed in the Bulk Email quarantine folder for end user review. This places the responsibility for the end user to determine good from bad, which is difficult given the goal of phishing messages to look-and-feel authentic. The chance an end user may release a phishing message from such an aggregated Quarantine folder is fairly high. And if the Google antispam defense is simply looking to place inbound messages in to one of the four categories, their ability to define and limit phishing messages is compromised as phishing messages are not so easily categorized. EdgeWave’s ePrism has a specific category for phishing and administrators can apply policy directly to this message category. Messages in the phishing category can be limited to review by administrators, only while allowing other categories to be reviewed by end users. EdgeWave’s ePrism is able to categorize messages as phishing due to the many layers of ePrism that are targeted, specifically at phishing and continually updated. EdgeWave does not leave the “is this a phishing message” question to be answered by end users.
Attack Response Protection from phishing attacks should be complemented by a response action plan – simply stopping the attacks is not enough. Administrators should be notified when attacks are beginning so they can notify users to be on the lookout. You should also be confident that your security vendor’s support team is readily available to provide assistance when you need it. Reports should be available, both real time and scheduled, which can aid in your investigation and mitigation of attacks. Review Google’s offering in each of these areas and you will find their service lacking the breadth found in EdgeWave’s ePrism:
• Technical Support
Google has long been very clear that Postini support is mostly email, public forums and FAQs – hardly the support mechanism required by today’s enterprise. It’s worth repeating that email security amounts to 0.3% of Google’s total revenue. EdgeWave’s technical support has consistently received a 94% satisfaction rating with an average answer time of less than 60 seconds. We have support engineers with years of experience in both web and email security and our engineers are constantly trained and updated on our products but also the nature of new and emerging threats. At EdgeWave we are not sidetracked by other, more profitable product lines – we support our email and web security products only and all customers are provided the same high level of support.
Competitive Comparison
ePrism vs Postini
• Real-Time Notifications
Knowing about a phishing attack after the fact is likely too late. The damage is done even though it may not be apparent for some time to come. And if you weren’t aware of an attack how would you know to perform any research? Real time notifications of suspicious activity is the best solution for today’s busy administrator. Google’s notification system, like their spam classification, is extremely limited and does not consider phishing a separate class of spam. Their Administrator Alerts are limited to the following categories: •
Email Bomb (denial of service)
•
Directory Harvest Attack
•
Virus Outbreak
•
Spam Attack (ratio of spam to valid email)
EdgeWave’s ePrism has a highly configurable Notification system that allows for administrators to be alerted on granular options such as the number of detected phishing messages. These notifications can then be sent via email or text to guarantee the administrator is notified wherever he or she may be. Overall there are hundreds of categories and event types that can be combined within ePrism notifications covering the most common (and helpful) use cases.
• Real-Time Reporting
Real-time reporting means just that – no delays, with always up-to-date logs which are immediately available for searching. Google’s Message Log Search tracking tool does not provide real-time searching, instead incorporating a 3-hour delay between when log data is updated and made available for searching. This is far too long, with the damage likely already done and your focus now on clean up and damage mitigation rather than prevention. In addition, due to their limited classifications there is no ability to search specifically for phishing messages. EdgeWave’s ePrism provides real-time logging and reporting as well as allowing for “phishing” as a search criteria. Since we classify phishing messages ePrism is capable of performing searches, and creating reports, on phishing activity. EdgeWave’s ePrism also enables creating scheduled reports that show all phishing messages over a period of time.
Outbound Protection Just as important as inbound email security, outbound email security must be part of your overall email security solution. And outbound email security should not be limited or less full-featured than inbound. Not originally part of the Postini offering, outbound email processing was only added to the Google solution in 2011 and is extremely limited. According to Google the following are the only outbound filters provided: •
Virus Blocking
•
Attachment Manager
•
Content Manager
•
Legal Compliance Footer
Notice that there are no classifications for spam or phishing, two very common outbound attack types. With these extremely limited classifications not only is Google unable to adequately protect your organization from sending spam but also they are unable to protect you from becoming blacklisted through the act of sending spam. They do claim to
Competitive Comparison
ePrism vs Postini
scan for outbound messages based on Junk Content but also readily admit that this filter is limited, unconfigurable, and has the potential to block valid messages. EdgeWave’s ePrism provides all the same filters as classifications for outbound email as we do for inbound. All the technology and learning that is applied to protecting you from inbound spam attacks is also used to protect you from sending outbound spam messages. We also provide the ability to define outbound rate limits, at both the Outbound IP and mailbox level, to further protect you from becoming blacklisted. EdgeWave recognizes that outbound email is just as important as inbound and organizations need the same level of protection.
DLP – Protecting Confidential Data Industry regulations such as HIPAA and PCI-DSS require organizations to detect confidential data sent via email. Google’s DLP solution, introduced in 2007, does not appear to have been updated since and has many glaring limitations. Google provides two pre-built compliance rules for Social Security Numbers and Credit Card Numbers. In July 2011 the Social Security Administration changed its SSN issuance rules but Google has not updated their SSN rule accordingly to support the new SSN formats. For credit card numbers Google’s rule cannot detect 15-digit numbers used by American Express or Diner’s Club. In addition, the Google credit card rule does not use the industry standard Luhn algorithm, leaving it prone to high false positive rates. Most glaring is the limited number of attachments scanned by Google’s rules. As of their most recent documentation the following is the list of scanned attachment types: •
Text files
•
HTML files
•
Office 2003 or earlier files
•
Forwarded email messages
•
Various types of other files with text-based content
This is not a comprehensive list, missing important and popular files types such as the most recent versions of Microsoft Office and Adobe PDF files. EdgeWave’s ePrism DLP solution also provides simple to use compliance rules, purpose built for rigorous Healthcare and Finance compliance rather than the more generalized SSN and credit card rules provided by Google. The ePrism rules are up-to-date with the latest SSN formats, support all common credit card number patterns and use the Luhn algorithm to minimize false positives. Finally, ePrism DLP performs content analysis on nearly 500 file types including Office 2007, Office 2010, compressed files and Adobe PDF files. With better detection and a more comprehensive list of scanned file types, EdgeWave’s ePrism provides a comprehensive, easy to use DLP solution to help organizations achieve their industry regulation compliance. And when email encryption is required ePrism has an equally easy to use solution with two forms of encryption.
Summary • Defend Google’s limited spam classification system does not allow for identifying phishing attacks, instead relying on end users to determine “good from bad”. EdgeWave’s ePrism provides not only machine learning, but also human review, filtering to both classify and block messages into multiple classifications including phishing. ePrism also allows administrators to restrict end user access to quarantined phishing messages, further preventing the chance of accidental release. And our ePrism team is viewing spam traffic 24x7 to guarantee we are always up-to-date to defend against the latest threats and attacks.
Competitive Comparison
ePrism vs Postini
• Review When your support mechanism is primarily email, public forums and FAQs (as with Google), is your organization comfortable that support will be available when you need it? If your report data is always up to three hours out-of-date can you perform your own forensics? If you find out hours later about a phishing attack, how confidant are you that at least one message was not delivered to an unsuspecting end user? EdgeWave ePrism provides support that receives a 94% satisfaction rating, has onboard notifications that can text you when phishing attacks start and has always up-to-date reporting with granularity down to the email classification, including phishing.
• Protect Outbound email protection is a fairly new offering for Google and is also very limited in its spam protection capabilities. The Google DLP features are limited, not inclusive of newer SSN formats or capable of detecting all credit card formats, and scan an extremely limited number of file types. EdgeWave’s ePrism provides all the same protection for outbound email that it does for inbound as well as providing rate limits to prevent you from becoming blacklisted. The ePrism DLP is easy to use but purpose built to help you achieve finance and healthcare regulation compliance, while also scanning almost 500 file types.
Conclusion In 2007 Postini was a well-known email security solution. Since being acquired by Google there has been little innovation, technologies like DLP have been left to stagnate, and Postini customers have been left vulnerable to new, targeted campaigns and data leakage. With the announcement that Postini will be integrated in to Google Apps, and Google’s proclamation that IT security is not one of their top three business concerns, many customers are seeking alternatives. For ten years EdgeWave has been providing email security to organizations of all sizes across all verticals. From small accounting firms to large Internet Service Providers, the ePrism solution provides the ease of use and full-featured protection needed by todays busy IT departments. Backed by our relentless dedication to blocking spam campaigns, including the new highly targeted phishing and spear-phishing campaigns, the ePrism Email Security Suite provides the peace of mind that allows you the freedom to not worry about email security.
EdgeWave 15333 Avenue of Science, San Diego, CA 92128. www.edgewave.com
Toll Free: 800-782-3762 Email:
[email protected]
Phone: 858-676-2277 Fax: 858-676-2299
©2012 EdgeWave, Inc. All rights reserved. The EdgeWave logo is a trademarks of EdgeWave, Inc. All other trademarks and registered trademarks are hereby acknowledged.
