Two business days and counting, so today and tomorrow we’ll be wrapping up our Securosis Guide to the RSA Conference 2010. This morning let’s hit what the industry calls “content security,” which is really email and web filtering. Rich just loves the term content security, so let’s see how many times we can say it.

Email/Web (Content) Security

In case you missed it, every email security vendor on the planet offers web content filtering within their portfolio of products and – for better or worse – the combination is now known as content security. No other security market has embraced the concept of ‘the cloud’ and SaaS offerings as enthusiastically as content security providers. In an effort to deal with increasing volumes of spam and malware without completely overhauling all your hardware, vendors offer outsourced content filtering as a cost effective way to add both capacity and capability. Almost all vendors offer traditional on-premise software or appliances, fortified with cloud services (most refer to this as a hybrid model) for additional screening of content.

What We Expect to See

There are three areas of interest at the show relative to content security:

  • Fully Integrated Platforms: As you wander the show floor at Moscone Center, we expect every vendor to say that their web and email security platforms are completely integrated. What this usually means is that your reports are shared, but cloud and appliance consoles are separate, as is policy management. It’s funny how the vendors have such a flexible definition of ‘integrated.’ If you are looking at migrating to a combined solution, you need to dig in to see what is really integrated and what simply shares the same dashboard, how your user experience will change (for the better), and how effective & clean their results are – end users get grumpy if their favorite web sites are classified as unsafe or they get spam in their inboxes.
  • Hybrid Cloud Services: We expect every vendor to offer a ‘cloud’ service in order to jump on the cloud bandwagon. This may be nothing more that an anti-spam or remote web filtering gateway deployed on shared infrastructure as a hosted service. The quality and diversity of cloud services varies greatly, as does the level of security provided by different cloud hosting companies. Once you get past the hype of certifications and technobabble, ask the vendors what types of audits and third party security certifications they will allow. Ask what sort of financial commitments they will make in the event that they fail to live up to their service level agreements, and what their SLAs with the cloud infrastructure providers look like. Those two questions usually halt the discussion, and will quickly distinguish hype mongers rom folks who have really thought through cloud deployment.
  • DLP Lite: As we’ll see in the Data Security section, DLP is hot again. Thus we expect to see every content security vendor offering ‘DLP’ or ‘Data Loss Prevention’ within their products, but in reality most only offer regular expression checks of network content. Yes, they’ll be able to detect an account number or a social security number, but that is only a sliver of what DLP needs to be. Content discovery and more advanced forms of content inspection (heuristic, lexical, cyclic hash, etc.) will be noticeably absent. Again, we recommend you challenge the content security vendor to dig into their discovery and detection capabilities and prove it’s more than regular expressions. Keep in mind that a trade show demo is probably inadequate for you to sufficiently explore the advanced features, so your objective should be to identify 3-4 vendors for deep dives after the show.

For those so inclined (or impatient), you can download the entire guide (PDF). Or check out the other posts in our RSAC Guide: Network SecurityData SecurityApplication Security, and Endpoint Security.