Tumbleweed Enhances Email Security Tool

Tumbleweed Communications Corp. this week announced a new version of its Secure Guardian email security tool, adding new delivery methods and PKI support along with enhanced content-scanning capabilities.

Tumbleweed’s Secure Guardian has long supported secure email delivery that requires only a Web browser on the recipient’s desktop. Email recipients click on a URL and retrieve mail from a Web site after entering a password or employing some other form of authentication, such as hardware tokens.

Secure Guardian 5.5 adds a new delivery option that can allow recipients to read secure email offline. Dubbed the Secure Envelope, the new capability sends encrypted SMTP mail messages wrapped in an HTML attachment. Users open the attachment from their normal email client, but are asked to present a password, typically the same one they use at the sender’s Web site.

The product also can be configured to accept responses to hint phrases or other challenge/response schemes, says Ken Beer, product line manager for Tumbleweed, based in Redwood City, Calif. When users are once again online, they can send an encrypted response to the message, using a Web-based form at the sender’s Web site.

The new version can also now securely handle email delivered via customer relationship management (CRM) systems, Beer says. Email coming in to the enterprise from customers via CRM tools are converted to SMTP format and passed to Secure Guardian, which applies appropriate security policies and passes mail through a content filter before sending it on to the internal recipient. In that fashion, email with sensitive information such as a social security number is protected.

Likewise, outbound responses are intercepted by the Secure Guardian gateway, which applies appropriate security policies depending on content before sending it off to the customer.

Tumbleweed also has enhanced its content-scanning engine, adding the ability to decompose HTML email to find hidden content that may constitute spam. The engine can look under the surface of the message to find hidden URLs, and determine whether linking to those sites would violate company policy. The engine can likewise now search for illicit or sensitive content in binary code that may be inside Excel, Word or other documents, such as data in comments mode.

For PKI users, version 5.5 now includes an automated digital certificate lookup capability that obviates the need for end users to know where recipient certificates are located. Instead, when the message hits the Secure Guardian policy gateway, the gateway performs a real-time lookup for the recipient’s certificate in a pre-designated enterprise directory. This capability is also a way to enforce the use of the S/MIME encryption standard, a requirement that is becoming increasingly common, especially in government installations.

Secure Guardian 5.5 will be available on Oct. 31. It is priced per-CPU, starting at about $10,000 for a system that handles about 50,000 messages per day. Average installations run around $100,000.

Related reading