Upcoming interview w/ Barbra Symonds

An interview with the Barbra Symonds, Associate Partner with IBM, and former IRS Director of Privacy & Information Protection, and before that project manager for the Veteran's Administration's Privacy policy will appear on the cippguide.org site within the next 7 - 10 days, pending approval. It was a great interview, with some timely comments on the state of information security and information privacy.

Secure Messaging Gateway: An Ironport Review

Over the weekend, I did a lot of reading on a company in the mail gateway business called Ironport. I mean a lot of reading. This was another consolidation (see Why behemoths buy startups & March 08's Information Security Magazine's Schneier/Ranum Face Off), with Cisco snatching up the market leader.

I read about capabilities, product offerings, market penetrations, strategic positioning, competitors and magic quadrants. All of this was at the urging of a friend of mine at Cisco, and how this product would drive profits for the company for the next several quarters.

I did a similar exercise for my boss with respect to Postini, and their SOA mail security capabilities purchased by Google in 2006 (More on Postini in a future post). I expect his interest is due to the encrypted email gateway.

So what did I learn. First, both of these guys lay claim to reputation based filtering. One holds the patent (Postini, more on this in a later post) and one has it widely implemented, maybe even longer than the patent was applied for (if so, of course that would invalidate the patents).

Gartner thinks Postini would only use those patents defensively. I wonder what would happen if a new Executive management team came in at the search giant... Cisco has deep pockets, but Google's "do no evil" mantra should keep this out of litigation. Why? Because Ironport gateways are installed worldwide, and their reputation filters handle 5 Billion email messages. Per day! They calculate that's over 40% of the mail traffic worldwide. From that traffic analysis, they push threat updates in near real time (every 5 mins).

I'd say that is doing no evil. John Chambers likes monopolies. Ish (for the Justice Department and the Sherman Anti-trust Act). Cisco has 80% of the router and switch market. A lot of companies say 'Does it have a Cisco tag on it? Yes? Then it can come into my network...'

In addition to the reputation filters, Ironport has several other unique features. They built their gateways on a modified FreeBSD OS they call AsycOS. AsycOS' security includes a limited port attack surface, reputation based filtering at the connection level, an LDAP/Active Directory integration that drops mail for invalid addresses without the Exchange & Notes wasting their CPU cycles and disk space. Performance enhancements include a non-blocking I/O write cache (disk access IO is their major bottleneck), and intelligent mail transfers (check to see if a domain is up before sending), and per receiving domain message queuing. Lastly are the management features, including an intuitive, web based GUI (it really is pretty simple), a three tiered rule set deployment, and a peer-to-peer control structure. For disconnected users, there's also an email gateway. And of course, they have tons of case studies from recognizable names like Dell, Virgin, Ryder, Johns Hopkins, etc...

I expect Cisco will increase Ironport's distribution throughout the messaging space. Now we just need Microsoft to buy Tumbleweed (the other upper right magic quadrant product) and the big mergers and acquisitions will be complete.