E-Mail Protection Becomes A Must

January 3, 2005
Print
Text Size:
A A

GRAND RAPIDS — E-mail, the No. 1 online application, poses productivity pitfalls for businesses of all sizes today, with issues like spam, viruses and impersonation scams that have the potential to render any enterprise network vulnerable.

Online fraud is increasing, and now is the time to do something about it, said Brian Trimble, systems consultant with Lansing-based Dewpoint. Companies that don't take measures to secure and manage their e-mail risk damage to the company's reputation that could shake investor confidence, he told members of GlimaWest at a recent presentation at Bistro Bella Vita restaurant downtown.

E-mail is used in a lot of business practices today, Trimble said. The governance and compliance acts — everything from the Cyber Security Enhancement Act, to the Health Insurance Portability & Accountability Act, to the Sarbanes-Oxley Act and the U.S. Patriot Act — all are based primarily on the privacy protection of personal information, he said.

Similarly, there are compliance and governance issues in the e-mail department because e-mail fraud is on the rise.

"We need to protect e-mail because if we don't, it's going to cease to be used. There's going to be enough of a concern where things are just going to shut down. We're going to go back to telephones and other forms of more costly communication and face a whole different set of challenges."

According to Gartner Research, over the past 18 months some 1.4 million people have fallen victim to ID theft that has cost banks and issuers $1.2 billion in direct loses, Trimble pointed out.

"The threat is definitely very real and the implications are significant, especially for companies that are working with tight capital," Trimble said.

What are businesses large and small doing to manage their e-mail and protect corporate assets?

Some have developed an e-mail sender policy framework, such as SMTP or SMTPi, that uses identity and reputation to apply a company's e-mail protocol. Only known senders can bypass the spam filter; unknown senders are "throttled and filtered" and hostile senders are deleted or tagged.

"As IT professionals we want to see people use the technology and we want to make it available so people can do their jobs faster and better," Trimble said. "If we don't come up with some kind of standard or some type of clarification to the existing standard, say like the SMTP protocol, we're going to be in trouble."

He said to develop solutions to the e-mail dilemma, IT companies have to work in close tandem with their client companies on planning, the motto being: "If you fail to plan, you plan to fail."

Richard Dandliker, product manager with IronPort of San Bruno, Calif., said his company is working on a new class of services it calls "preventive security" that add "reactive protection" to the more traditional kinds of e-mail protection. They include pocket PC filters for spam and signature-based virus filtering programs that combine a fast reacting preventive filter with the traditional, slower reacting reactive filter for "in-depth defense."

More traditional e-mail programs are relatively slow to react because they depend on known e-mail threats and virus signatures, Dandliker said.

"Unless they've seen the threat before, they don't know about it, so when a new threat comes out — depending on what it is — it can take hours or even days before your e-mail infrastructure will protect," he explained.

He said the other problem is that traditional reactive filters are very resource-dependent, so all the spam costs companies a lot of money. Reactive filters, however, are highly accurate, he said.

"The advantage of having the preventative filtering layer is that you can get a much greater benefit in terms of having a very high performance type filter that responds very, very quickly."

Dandliker said IronPort tracks more than 3 billion e-mails — more than a quarter of the world's e-mail — for more than 50,000 organizations daily through its e-mail traffic-monitoring network.

He noted that Dell, for example, was getting 26 million messages a day, of which only 1.5 million were legitimate, even though the company's 68 servers were running the Spam Assassin program.

IronPort's solution for Dell was "reputation filters" that blocked more than 19 million messages per day. A reputation filter receives inbound e-mail, performs a threat assessment of the sender and returns a reputation "score." The solution included Symantec Brightmail anti-spam software to scan the remaining 5.5 million legitimate messages and replacement of Dell's 68 servers with eight IronPort C60 servers.

According to Dandliker, the accuracy of Dell's spam filtering increased tenfold and operating costs were reduced nearly 75 percent.

His company also has created anti-virus outbreak filters that trigger automated quarantine for suspicious attachments and respond faster to outbreaks than traditional e-mail scanning software, he said.

Panelist James Placer, security analyst with Holland-based ISG Professional Services, said there's a large range of e-mail protection issues beyond spam, such as government regulations restricting release of certain information to the Internet and making sure e-mail isn't changed or tampered with somewhere along the way.

"The majority of ISPs (Internet Service Providers) are not proactive on this," Placer said. "You will have to make arrangements with your ISP to do this."

How soon might ISPs press for egress e-mail filtering to intercept outbound "bad" e-mail?

Dandliker said IronPort recently implemented active outbound filtering for Turner Communications using reputation filters.

Placer noted that the Can Spam Act that went into effect Jan. 1 regulates interstate commerce by imposing limitations and penalties on the transmission of unsolicited commercial electronic mail via the Internet. Under the new law, if an ISP is notified of a spammer or other e-mail maleficent, it can shut down the offender's outbound e-mail service. But he said thus far the act hasn't reduced the number of unsolicited e-mail.

Russ Ahlers, manager of enterprise business application delivery for BDO Seidman LLP, said with the exception of a few high profile prosecutions, the law enforcement community hasn't had much impact on spammers. One reason, he said, is that it's very, very hard to track the identity behind the PC.

Another reason is that the audience engaging in the Internet is a global force. Some spammers do not live in the United States, so are unaffected by its regulations, he said.

Placer said the primary reason companies are getting spammed is because their corporate e-mail addresses are out there on the Web.

"Don't' use a corporate e-mail for anything but work," he stressed. "User education is No. 1."    

Recent Articles by Anne Bond Emrich

Editor's Picks

Comments powered by Disqus