Content Filtering Options Proliferate

Guard against info leaks, sabotage, law-breaking email, and other facts of modern life

Mary Jander, Contributor

October 18, 2006

6 Min Read
Dark Reading logo in a gray background | Dark Reading

Imagine the following scenarios:

  • A disgruntled manufacturing employee prints out a secret formula for her company's product and faxes it to the competition.

  • An administrator in a hospital's admissions department emails his list of patient data to another department, breaching HIPAA security rules.

  • A salesman at a retail cellphone store pilfers a customer's Social Security number while upgrading her service on the store's computer.

  • An engineer IMs his wife, also an engineer, with details about a project he's working on late at the office.

  • An account representative at a pharmaceutical firm downloads a list of client data to his laptop before walking off the job.

All of these can and do happen with enough regularity that a new market segment's arisen to deal with them. Products are emerging in what's generally called the content monitoring and filtering arena to help IT pros ensure that in-house messaging won't have unpleasant or even catastrophic consequences.

Much of this is new territory for many companies. One systems administrator at a Pennsylvania hospital had a typical reaction after an internal audit showed several emails contained information that could have gotten the facility in trouble with regulators. "That audit was a real eye-opener for us," said Jeri Sample of Meadville Medical Center in a prepared statement earlier this year. "The possibility of the HIPAA violations quickly justified the cost of buying a solution to handle the problem."

The solution the Meadville team chose was from an outfit called Proofpoint, which specializes in anti-spam and virus control and recently added a module called Proofpoint Regulatory Compliance to its wares. The software, working on a dedicated appliance, controls messages going out of the organization as well as those coming in.

Other IT pros, making their own disconcerting discoveries, are taking similar action. Roger McIlmoyle, director of technical services at TLC Vision, a multi-site laser eye-surgery provider based in Mississauga, Ontario, says he started looking for a product after he realized that "some staff may actually be emailing information that in my opinion should not be sent in the clear over the Internet."

McIlmoyle realized the employees weren't aware of any problems with their actions. "We have a number of companies that work very closely together and staff may mistakenly believe [that] just because we trust the destination you can send anything, without realizing that that information is still traversing the Internet and a slight addressing error could result in a loss of information," he states.

McIlmoyle chose a package called PortAuthority, which also includes a turnkey appliance for use on corporate networks. Software agents on email systems and servers peer into messages and documents to locate items such as protected health information (PHI), social security numbers, credit card numbers, and source code.

PortAuthority execs predict the market for products like theirs will top $2 billion by 2009, as organizations of all kinds look to keep the lid on internal communications. That may sound outrageous, until one looks at the scope of emerging solutions.

Indeed, the number of products designed to automatically monitor and deal with outgoing electronic messaging is growing, and it's likely that larger players will get involved in short order. As well, expect a slew of related products, including ones in the storage and security arenas, to grow integral content control functions.

This trend has already started in the email arena, where products are being touted for solving outgoing messaging risk. (See Email Looms as IT Threat and Stop That Email!) Products are also emerging in line with the growing interest in enterprise data classification and search. (See Demystifying Data Forensics.)

So the choices are already confusing. Still, there is a small and growing niche of products dedicated to content filtering. While most offer similar features, there are enormous differences, and an array of confusing partnerships that promise to make settling on one a fairly rigorous process.

Commonalities in content filtering products include the ability to locate information that may be circulated in presentations, IM, email messages, intranet exchanges, and other organizational communication conduits. Using predefined policies, the programs earmark messages containing certain content and then either quarantine, destroy, forward, or flag messages as required.

Table 1: Content Monitoring & Filtering Sampler

Vendor

Product

Description

Mathon Systems Inc.

Mathon Integral Product Suite

Appliance in storage network

OpenService

Security Management Center 4

Server-based software; runs under Windows, Unix, AS/400, other

PortAuthority Technologies

PortAuthority

Turnkey appliances for internal communications control and information management; also agent software for email and print servers

Proofpoint Inc.

Proofpoint Protection Server

Turnkey appliance with antispam and antivirus modules as well as control for outbound email and messaging

Reconnex

iGuard

Turnkey appliance

Tablus Inc.

Content Sentinel 2

Windows software downloads temporary agents to other Windows servers

Vericept Corp.

Vericept's Content 360º RiskManagement Platform

Software sold standalone or preinstalled on Dell computer

Vontu

Vontu 6.0

Software or software with optional appliance

Points of differentiation are many. Some products require special hardware, others don't. While most can access data stored on Windows-based email and document servers, not all can work with data on storage devices like NAS filers. Some don't deal with data except "at rest" on servers. Others deal with data in transit as well.

Among the more obvious differentiators are features and functions like:

  • Ability to work with metadata as well as full text of documents or messages.

  • Presence of algorithms to reduce false positives when finding messages corresponding to specific criteria.

  • Availability of industry-specific lexicons.

  • Control of inbound messages and spam.

  • Encryption.

  • Partnerships with other kinds of software vendors.

Pricing for content monitoring and filtering tools vary, but most are surprisingly low in cost: software-only solutions can run as low as $10,000, while appliance-based wares typically start at twice that. And of course, most implementations will include more than one appliance or software package. What's more, nearly every product on the market includes multiple modules that must be added in to achieve the desired result.

Bottom line? Where content monitoring and filtering are concerned, this is only the tip of an emerging iceberg.

— Mary Jander, Site Editor, Byte and Switch

About the Author

Mary Jander

Contributor

Mary Jander is managing editor of UBM's Future Cities. Previously, she was executive editor of Internet Evolution, site editor of Byte and Switch, and a longtime senior editor of Light Reading. She has spent over 27 years reporting and writing on information technology and networking, including nine years on the senior editorial team of Data Communications magazine.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights