This is one of my favorite questions I've received, because it really illustrates how hard it can be sometimes to cut through the marketing rhetoric and get to the real information needed to make decisions. The truth is every vendor is going to be able to point out things they do better than their competitors and make it sound like they have the best product out there. As an educated consumer, it's our responsibility to always keep that fact in mind when we listen to any vendor tell us about why they are so great. With that said, let me offer some advice and try to turn you onto a few different resources.
First, I would make sure to distinguish between antivirus (gateway or desktop based), e-mail filtering (content or antivirus) and web security (content filtering) as you may very well find yourself looking at three distinct solutions. Second, I would encourage you to define your requirements, and then compare the vendors' products against your requirements. This allows you to define what you want, what you need and what your expectations are, instead of allowing a vendor to convince you that their solution is what you need.
For antivirus, I would encourage you to look into both gateway and desktop based antivirus protection. This will provide a means for controlling viruses coming into your environment with the gateway device as well as providing endpoint protection at the desktop and server. For desktop antivirus, check out the following resources: The Information Management Group (IMG), AV Comparatives, Virus Bulletin and ICSA Labs. ICSA Labs is an independent certification authority that defines a series of common certification requirements that you can judge products by.
Gateway protection should be approached with similar requirements and functionality as your desktop protection. ICSA Labs is one of the best resources for gateway comparisons and information.
For e-mail filtering, I would encourage you to look at solutions that allow for spam, virus and content filtering at a central gateway. This may or may not be included in your gateway antivirus solution above. ICSA Labs also has good e-mail filtering information included as a subsection of their antivirus certification criteria.
Unfortunately, when it comes to independent information for web content filtering, I was unable to find a decent resource I could point you to, so let me recommend the two solutions I have had the most luck with, Websense and SurfControl. In my experience, the decision of one versus the other has largely come down to a question of personal preference, with little in the way of technical differences between the two.
Kevin M. writes:
I have two comments regarding your "Where to find InfoSec product comparisons without all the promotional stuff" response.
First, ICSA Labs is a commercial organization, a division of CyberTrust Corporation, as is plainly stated on either of their home pages (.com or .net). They are not an "independent certification authority." They may be well regarded and attempting to be the Underwriters Laboratory (UL) of the IT world, nevertheless they are commercially as suspicious as the subject of my next comment is governmentally suspicious (for all the conspiracy theorists out there).
So, my second comment: I was most disappointed that you did not mention the (international) Common Criteria organization, which in the US is most closely associated with NIAP and CSRC of NIST. (You can access a list of evaluated products at Common Criteria's website.)
ICSA is independent of the products they certify and have developed independent methodologies, similar to how Veritest certifies products for Windows.
As for common criteria and NIAP, which my company is currently knee deep with, I hadn't seen anything in my dealings with NIAP certification that would have helped the original poster out in regards to finding information that would assist him in identifying a solution that works for him (which is why I didn't go into much detail on them).
This was first published in August 2005