Taking the Anti-spam and Anti-virus Battle Outside
June 19, 2003
As the volume of spam and viruses in circulation continues to proliferate, small and midsize enterprises are slowly making it the norm to outsource anti-spam and anti-viruses efforts.
"Absolutely, it is something that is growing," says Scott Petry, the vice president of products and engineering for Postini. "A very small percentage of customers will not talk about the outsourcing model."
Enterprises looking to hand off these tasks will find no shortage of vendors to take them up on it. A number of companies currently compete in this industry sector. Most, but not all, handle both anti-virus (AV) and anti-spam (AS) initiatives. While the AS software is proprietary to each player, most use AV products licensed from established vendors such as McAfee, Symantec, or Trend Micro.
The main outsource players, in addition to Postini, are MailShell, MessageLabs, FrontBridge, and MailWatch. At least one other company, MailSecret, is planning to make the jump from the residential market to the outsourced small business and enterprise AS market within the next month or so, president Frank Bellino told ServerWatch.
The AS and AV Marketplace
A Good Market
Outsourcing companies say the market is well set up for them. The vendors with which we spoke noted that pressing problems and complex and quickly changing solutions make outsourcing a logical step. They contend that outsourcing is moving beyond its past image.
"Outsourcing in the past got a bad name because people didn't have the control they wanted," said Dan Nadir, the vice president of product development for FrontBridge. This feeling, he says, is fading. Instead, businesses are seeing outsourcing AV and AS efforts as quickly deployed initiatives that can begin addressing a pressing problem within hours.
Specific worries about allowing an outside entity to handle critical and often confidential e-mail quickly fade when it is explained that the outsourcer never actually sees messages. Indeed, these companies say that potential customers are listening to the argument that outsourcing adds to e-mail reliability. If the enterprise's primary servers go down, the rationale goes, the outsourcer's e-mail server can temporarily do double duty, storing correspondence until the problem is solved.
In the past, concern that e-mail routed to a third-party's server would be lost if the company went out of business also contributed to the reluctance to outsource, said Michael Osterman, the principal of Osterman Research. That is passing: The very depth of the spam and virus problems creates more confidence that these vendors will not go away, he says.
To a great extent, the growth of AS and AV outsoaring follows the logic of outsourcing in general. The ability to offload AV and AS efforts relieves the enterprise of having to devote manpower to tasks that are necessary but outside the company's mission.
"If you have [an in house] spam filtering system in place, it takes about two-tenths of a full-time person for every thousand users to manage," Osterman says. "IT rates vary for a stand-alone IT person, but it costs about $15 per user per year." That ballpark figure doesn't count AV efforts. In addition, outsourcing AV and AS efforts alleviate the need to install equipment, say analysts and managed service providers.
Outside of the numbers, it simply makes sense to bring in specialists, companies in this sector argue. "Blocking spam and viruses is an important function, but not how the IT manager wants to spend his time and effort," says Eytan Urbas, vice president of marketing for MailShell. "Outsourcing allows him to concentrate on his job."
Outsourcers suggest that their full focus on spam and viruses enables them to be more proactive than enterprises. The idea, says Mark Sunner, MessageLabs' CTO, is that desktop AV and AS software is reactive, relying on periodic updates from specialist companies. He notes that even solutions implemented at the e-mail server level are essentially the same as desktop updates. "It's amazing," he says. "The average gateway products are desktop products running in an MTA. They are not getting any extra gusto, just running it in a primary conduit [instead of at the desktop]."
The problem with using this strategy to wrangle spam and viruses is the time lapse between when the spam or virus hits and when the update is made available. An overwhelmed or lax in-house IT department may further delay introducing the fix. In the outsource scenario, the mail is routed through the outsourcer's servers, so AV and AS changes -- such as new virus definitions and reactions to spikes of specific spam -- are made in almost real time.
Conceptually, the outsourcing companies operate in similar fashion to each other: The domain name's MX record is simply changed to that of the outsourcer's server. All the incoming mail goes there, where it is then scanned. Assuming the mail is clean, it is sent via either the Internet or private line to the customer's e-mail server.Saving Resources
Outsourcing companies say that they save enterprise resources. In many cases, in-house AV or AS solutions are not instituted at the firewall level. Thus, depending on whether the software is midway though the enterprise or at the desktop, the dangerous e-mail -- assuming it is even caught in time -- is eating up network capacity and resources. Proponents of this approach point out that this is a rapidly changing area, and keeping malicious e-mail outside of the enterprise is ideal.
In addition to the overall amount of bandwidth wasted by spam, how bandwidth is used is typically inconsistent from day to day. Thus, statistics-based network capacity assumptions will be thrown askew because of the bogus mail entering the system. "One of the problems is that capacity can be 10,000 e-mails today and 19,000 tomorrow," says Bill Fallon, vice president of marketing for MailWatch, AS/AV vendor. "Engineering the e-mail infrastructure as a result is quite a bit more difficult."
Finally, AV and AS outsourcers tend to include value-added features in their offerings. Several vendors offer incoming and outgoing content filtering. While related to spam prevention, content filtering can help stop the transmission of sensitive materials or trafficking in non-spam pornography. Others, like Postini, offer e-mail server load balancing. With load balancing built-in, a company with six satellite offices, for example, would not need to manually aggregate logs or implement some sort of separate software solutions to gauge traffic on the servers. In Postini's case, e-mail funneled through the server enables the side benefit of load balancing, Petry says.