Our Exchange aware antivirus product is due to be renewed in a little over a month.
These days it's reduced to doing little more than antispam and attachment blocking.
Part of me is tempted by a cloud or edge solution such as Google Message Security or an Ironport as it appears to offer more, but I keep coming back to wondering whether I'm entirely comfortable not running something at the Exchange level to deal with any internal threats.
Appreciate any thoughts.
If you have AV running internally on the desktop clients then cloud-based may be worth it. Personally our renewal for AV includes the Exchange and end clients, so we have both in place, but it will depend on how locked down your client machines/network is etc... as to how comfortable you are with it.
We rely heavily on the MessageLabs service for our external protection - if we have an internal infection, then we have to deal with that, but at least we know we won't be passing it on to others, and that nothing should be coming in from outside, so we can focus on securing the internals. And ML has been very reliable for both spam and AV (more so than any internally based scanning engine ever could be).
We use Mimecast, which gives us off-site AV and spam filtering, archiving and mail services on their servers whenever our internal servers are offline.
I like it. We progressed from internal filtering to messagelabs to mimecast (because we wanted the webmail and archiving) and it's been well worth it in terms of reducing resources, admin time and bandwidth needed for front end mail filtering.
In some ways, providing you trust the filtering on machines that send and receive internal mail (and therein lies the rub) then with a major, reputable external mail filtering service your email store is probably more secure as these places tend to use more sophisticated malware and spam filtering than the average on site server.
I'm not sure you can totally abandon local mail store filtering though. You might not need something running all the time but you might need to think about how you're gonna get a clean up in aisle 3 if an internal workstation is compromised and sends malware to other internal users.
It depends on how important email is to your business. The cloud does not equal redundancy or availability. For example I've worked with multiple clients that had email issues that were directly traced back to messagelabs being (at least temporarily) unable to process their messages, and increasing the SMTP queue length to very large numbers. As you mention none of that will be screening internal mail.
I think the real question is, do you want to trust the desktops AV to screen the mail. I am currently reccommending forefront ot most of my clients for exactly that reason. The pricing model (based on an enterprise cal) give the benefits of running both without additional cost. If you can find something similar (or close) that's my suggestion.
I have used messagelabs and postini (acquired by google) but I'd have to recommend Appriver securetide. It's unreal how you can call for tech support and get someone on the phone in a minute who can fix your problem. I hope they can keep it that way as they grow. I actually used their chat support and didn't get so fed up that I had to call. Gasp a chat support that was actually helpful. $12/year per mailbox which seems on par with the others.