This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos email appliance with Sandbox. Does it do a good job? Say, compared to Mimecast.

Hi.

 

 I know this is a bit of a daft question, as i'm asking on Sophos so of course you'll say Sophos. but then again......

 

So i'm looking at a Sophos email appliance either virtual or physical (with the full sandbox facilities) as opposed to having it all done in the cloud via Mimecast.  Our ISP is trying to sell us Mimecast, and i've said well I think Sohpos should be pretty much the same job except for archiving emails, which we have something else for, and at half the cost... Am i talking rubbish or does it do the job.

 

Those of you that are using the Sophos solution do you think it's a sensible idea or not :)



This thread was automatically locked due to age.
Parents
  • Suppose you want to whitelist email from your good friends at example.com, but they are hosted on hostingservice.com.   From my scan of the product, you can whitelist the example.com email domain (and accidentally whitelist fraudulently addressed traffic as well), or you can whitelist the servers (and accidentally whitelist all of the other organizations on the service, if you can even determine a way to specify all of the servers.)   But you cannot do a two-factor authentication based on a trusted email domain running on a trusted server farm.   Am I mistaken?   I am currently shopping for a different spam filter, and I ruled out three Sophos products and one cloud-based product on this issue alone.

    There is a significant problem in the industry with websites deciding that if I log into their system, then they have the right to send email to me that is from my email address.   This is domain spoofing, and anyone who tries to defend against email fraud using SPF/DKIM/DMARC should understand that this is a really bad thing.   But some very big companies are doing it and some big spam filtering vendors are allowing them to do it on their platform.   This means that I have to whitelist the source, so the issue of how I whitelist a domain+server combination is very important.

    I have not yet found any vendor that has a good approach to sender authentication.   SPF/DKIM/DMARC leave authentication as a sender option, and senders care about getting their email accepted, not about preventing fraud.   The same big company that is spoofing my domain, and uses a major cloud-based spam vendor to do so, has the following sender authentication in place:

    • SPF: entry ends in SoftFail
    • DKIM:  some mail is correctly signed, but there is no signing policy to make it mandatory
    • DMARC:   their DMARC policy asks for feedback but does not ask for any enforcement.
    • TLS:   Corporate mail from them is encrypted, but marketing mail that is sent using their domain name is sent unencrypted.

    Consequently, if SPF/DKIM/DMARC are how I detect whether a message is really from them or not, I am doomed.   If the 100,000-employee companies are not willing to protect against spoofing, why should we think that SPF/DKIM/DMARC will ever be a sufficient defense.   WannaCry reminded us that one bad email can take down critical infrastructures.  Where is the vendor hustle and buyer demand to fix this problem?

    It is time for somebody to deliver a product that puts the recipient system manager in charge of deciding whether a sender is sufficiently authenticated or not.   I have a 15-page document describing what should be possible with existing technologies (document available on request), but so far I have not found a vendor who is even thinking about the problem from this perspective.   The biggest players seem to think that their content filtering is so good that source filtering is unimportant.   I am unconvinced.

    Given a lack of vision, DMARC is the best mechanism available for sender-authentication, so my next spam filter must support DMARC.  DMARC actually has three functional components:   

    1. enforcing the domain owner's policy on my incoming mail,
    2. collecting data and sending feedback reports to the domain owner about problematic mail (so they can close infected accounts and fix SPF/DKIM configuration errors), and
    3. processing feedback from others about mail from my domain.   (This is a database function, not a spam filtering function, so it is solved differently.)

    I would expect an up-to-date spam filter to both of the first two functions.  I understand that S.E.A. is the only Sophos product that can do DMARC enforcement, but can it send feedback?

  • The SEA needs to be completely overhauled.  I consider not much more than a mom and pop email gateway.

    The Sophos is great.

    Time to Click is great safety feature.

    Does it catch spam yes.

    Problem areas:

    Poor reporting

    Dont even think about using the encrypted email function as it is the same technology that the hackers use and many companies block and drop SPX.

    What is SPX.  SEA takes your original email and turns it into a password protected PDF(SPX) with attachments, then creates a new email and attachs the SPX file.  The recipient must (MUST) have Adobe reader installed (no other PDF readers are supported) to view the SPX.  But this only applies if there was an attachment in the original email.  Do you allow password protected file to pass thru your current email gateway un-scanned for viruses?  Most dont.

    The user spam portal doesn't have a search function.  End users really hate this.

    Time to Click doesn't always apply to all URLs and specially when they are longer than 256 characters long.

    Sophos has to types for support.  Free with your purchase or advanced which cost extra.  Free has much longer wait times.

    If need to to have a BAA signed by Sophos, the odds are they wont sign it and specially if company needs to comply with HIPAA.

     

    There are far better email gateway to choose from.

Reply
  • The SEA needs to be completely overhauled.  I consider not much more than a mom and pop email gateway.

    The Sophos is great.

    Time to Click is great safety feature.

    Does it catch spam yes.

    Problem areas:

    Poor reporting

    Dont even think about using the encrypted email function as it is the same technology that the hackers use and many companies block and drop SPX.

    What is SPX.  SEA takes your original email and turns it into a password protected PDF(SPX) with attachments, then creates a new email and attachs the SPX file.  The recipient must (MUST) have Adobe reader installed (no other PDF readers are supported) to view the SPX.  But this only applies if there was an attachment in the original email.  Do you allow password protected file to pass thru your current email gateway un-scanned for viruses?  Most dont.

    The user spam portal doesn't have a search function.  End users really hate this.

    Time to Click doesn't always apply to all URLs and specially when they are longer than 256 characters long.

    Sophos has to types for support.  Free with your purchase or advanced which cost extra.  Free has much longer wait times.

    If need to to have a BAA signed by Sophos, the odds are they wont sign it and specially if company needs to comply with HIPAA.

     

    There are far better email gateway to choose from.

Children
No Data