Review: Micro Focus Secure Messaging Gateway

Micro Focus Secure Messaging Gateway (SMG) is a complete email security product that protects your Enterprise email environment from potential threats. This includes functionality for inbound and outbound protection, antivirus, anti-spam and DDoS protection. SMG uses the latest technology to keep your messaging system protected, including protection for SMTP, Message Transfer Agent (MTA), Post Office Agent (POA), WebAccess, and Mobility (GMS).

This article reviews the key features that SMG offers and what is planned for the future.

Key Features and Benefits

SMG is a soft appliance designed for a virtual environment. The supported virtual environments are: OVA, Hyper-V and .ISO running on Hyper-V, VMWare and Virtualbox. The underlying operating system is Linux. It features the following:

Scalable Design: When your system starts to reach capacity, or is under strain, you are able to add new resources (additional servers) to balance the load on your SMG system. In addition, SMG is fault tolerant which allows a continuous delivery of email if one or more servers go down.

Multi-threaded, High Performance Scanning: Enable high performance email scanning by threading scan processes asynchronously across all available resources on the server.

Quarantine Manager (QMS): SMG has a QMS environment where end-users and Administrators can access messages that are quarantined by SMG. Messages can be quarantined if they violate certain rules or are identified as SPAM. End-users can login to the QMS to manage these messages by either deleting, releasing, forwarding, blacklisting or white listing email addresses or domains. If enabled, end-users will receive a digest email of quarantined messages on a scheduled basis.

smg43-Quarantine-3
Figure 1: The SMG Quarantine manager lists blocked messages which can be released if required

Pattern Matching: SMG supports standards-based regular expressions for pattern matching, and it allows you to apply patterns and scanning to the full domain. For example: *companydomain.com will be applied to all email addresses using that domain, to search for patterns in email content.

Policy-Based, Multi-Tenant Configuration: SMG lets you create and configure individual message policies based on the delivery information of each individual message. Use criteria such as the recipient, the source address, and direction to create separate message policies for incoming and outgoing email, for individual users, domains or multiple sets of users. It also supports full multi-tenant mail scanning through single-messaging gateways. Combined with the policy-based control, partners and service providers can use SMG as a hosted solution.

Anti-Virus Scanning: SMG scans for viruses in the subject, body and attachments of an email. If the attachment contains a virus, the email message will be stopped at the gateway. If the body or subject of the email contains a malicious link, or a virus, the email is blocked by SMG.

Inbound and Outbound Protection: Viruses and malware are threats that can penetrate your network from a wide range of entry points. With inbound and outbound scanning, SMG provides unique protection, ensuring that threats and damages are minimised.

DomainKeys Identified Mail (DKIM) Support: Protect sent and received email with DKIM support. SMG ensures that email from a domain was authorised by the owner of that specific domain. This prevents forged sender addresses from entering your email system, eliminating phishing and spam attacks.

Directional Filtering Control: SMG allows you to create filters based on message direction (outbound versus inbound filters). Apply different filters to inbound traffic than you would for outbound traffic, and vice versa.

smg-43-Policy-4
Figure 2: Sophisticated filtering rules can be created in the policy manager

Anti-Spoofing with SPF Scanning: To stop email spoofing, SMG features Sender Policy Framework (SPF) scanning. SPF looks at the domain found in the ‘mail from:’ part of the mime file, then checks that domain’s SPF records to make sure that the domain that the email is reporting matches the mail servers that send that domain. SPF allows SMG to identify messages that are or are not authorised to use the domain name in the SMTP HELO and MAIL FROM commands, based on information published in a sender policy of the domain owner.

Cybercrime Protection: Cybercrime, cyberterrorism, and malicious malware are serious threats to your organisation. SMG provides multiple layers of specialised protection to keep cyber criminals from using email as a method of attacking your infrastructure.

DoS/DDoS Protection: Prevent Denial of Service (DoS) and Distributed DoS (DDoS) attacks on the SMTP server which can take down your mail server. This leads to system outages and downtime, costing your organisation time and money in lost productivity.

Envelope Filtering: SMG allows you to filter messages based on the authentication of users. If a user is authenticated in the Micro Focus system and they send an email message, it can deal with that message in a specified way. For example, it can allow all messages from that user to enter the system and SMG can block messages from a user that is not authenticated.

smg43-Message Tracker-1
Figure 3: SMG provides comprehensive message tracking

Total GroupWise Support

SMG is based on the former GWAVA gateway technology and so it is not surprising that SMG is the only solution available that can protect your GroupWise 18 system internally and externally. SMG can scan your GroupWise MTA, POA, WebAccess and GMS environment thereby protecting your entire GroupWise system from internal and external transfer of viruses.

SMG is available as a standalone product or as part of the Enterprise Messaging bundle.

GroupWise WebAccess: As GroupWise WebAccess talks directly with to post office, bypassing the SMTP and the MTA, communication through WebAccess is unprotected and could directly infect the post office. To manage WebAccess, SMG sits at the GroupWise WebAccess Gateway and filters unwanted content before it reaches the system.

Added Protection for the GroupWise Mobility Service: SMG scans all messages sent from mobile devices connected to the GroupWise Messaging Service, and stops viruses before they enter the GroupWise system. This allows organisations to ensure that mobile messages are secure and that viruses are not spread to internal GroupWise users.

End-User Black and White Lists: Empower end users and reduce administration time and costs. SMG features an interface for end users to flag domains and email addresses. The end users can place individual email addresses or complete domains on their black or white list, allowing for messages to pass through or be blocked based on this list.

Continuous Delivery Process: Because SMG is a critical security product in your environment, updates to SMG are released on the last Thursday of every month (patch Thursday). These releases could contain potential security updates, bug fixes and enhancements.

smg43-MTA-2
Figure 4: SMG can scan GroupWise MTAs and other services

What’s on the radar?

Statistics and Reporting: SMG will soon be getting a brand new Statistics and Reporting dashboard. This enhancement is the number one requested enhancement from our partners and customers.

The ability to monitor the overall health of SMG, allows the administrator to determine if your SMG environment is healthy and will allow the administrator to respond to potential threats quickly and efficiently. Statistics like Module Status, AV Engine Status and Performance Metrics, provide the administrator with vital information to ensure their SMG system is running smoothly.

In addition, the ability to produce daily, weekly and monthly reports, allows the administrator to record trends and produce reports on virus detection, AV engine status and who has been accessing the SMG system so that it can be addressed. Reports can be saved locally for review or sent to other people.

Summary

SMG is an extremely robust email security system that is scalable, multi-tenant and multi-threaded, providing leading edge features such as QMS and Message Tracker. SMG is the only system that has the ability to scan your entire GroupWise environment.

How to get involved

If you want to get involved in the future of SMG, please feel free to post your ideas/enhancements on the idea portal at https://ideas.microfocus.com/MFI/mf-smg and vote for existing ones.

This article was first published in OHM43, 2019.1, p34-36.

Leave a Reply