Hi all.
We have been using Brightmail gateway v 9 and Vontu DLP for a long time. We have Vontu configured with the Reflect option, and on the Brightmail side we havethe DLP Integration option enabled.
This has been working very well, and I have no problems with it.
Now we have a dedicated Vontu DLP resource who would really like to Not use the Reflect option. He says he did Vontu in many other companies and never used Reflect there. He also thinks that the Reflect option is adding more load to our Brightmail scanners. He says it would be better to simply stick Vontu between our Exchange servers and Brightmail scanners, so that the outbound message flow would be Exchange->Vontu->Brightmail->Internet.
My opinion on the other hand is that Symantec designed the DLP Integration bit specifically to reduce the load on Brightmail and optimize efficiency.
It seems, without using the Reflect/DLP Integration technology, we would have to manually create more compliance rules on Brightmail side to add and track message headers in order to make a decision on what to do with a message. To me, it is not worth it.
What would you all recommend? Stay with Reflect or move Vontu between Exchange and Brightmail and use Store-and-forward on Vontu?
P.S. We also have the Voltage Securemail encryption solution that sits next to Brighmail gateways, and we already have rules in Brightmail that add and track message headers to direct the flow of messages between Brightmail and Voltage machines:
- some outbound messages from Exchange may already be Voltage-encrypted at the desktop, so Brightmail and/or Vontu cannot scan them for compliance and Brightmail needs to hand them over to Voltage to decrypt, then Voltage returns them back to Brightmail to scan, then Brightmail gives them to Voltage again to re-encrypt, then Voltage re-encrypts and returns them back to Brightmail for outbound delivery. With the Reflect/DLP Integration turned on, Brightmail ends up invoking DLP Integration three times per such message. Inefficient, yes, but not a huge deal IMO, especially since there are very few outbound messages that get sent encrypted from user desktops.