Wednesday, September 08, 2010      

Read All My Articles

Article received from Stuart Cole,
Chairperson of Thought Leadership Panel

EMAIL SYSTEMS WILL NEED STATE-OF-THE-ART PROTECTION AND EASE-OF-ADMINISTRATION

by Dr James Blake – Mimecast

Email has come a long way since its introduction twenty years ago and is a mature technology that forms an essential communications channel for business users ranging from the smallest SME to the largest multi-national.  As our reliance on it has increased and assumed a far greater importance in our daily working lives than the post or even the telephone as a means of communicating both inside and outside the organisation, the threats associated with its use have also risen exponentially.  Email has not only to contend with the ever-growing spam deluge but other associated threats including phishing, viruses and the loss of confidential data not to mention the need to demonstrate compliance with industry guidelines. The humble email quarantine gateway that used to deal adequately with email filtering of spam and viruses is being passed over today in favour of the next generation of email security solutions tailored to combat a new generation of threats and challenges.

 

Email 2.0

 

The latest state-of-the art email solutions are different from their predecessors in being designed to deal with today’s ever-evolving threats as part of a comprehensive email management solution that also fulfils the challenges of compliance and e-Discovery, data leak prevention and a continuous, always-on archived system which doesn’t place onerous demands on network administrator’s time but leaves them firmly in control of their company’s emails.

 

As hackers skills in evading detection increase, the intelligence of today’s email systems need to be able to use sophisticated multi-layered security algorithms that use different types of scanning engines to look for different types of threats, incorporating local and global reputation servers.   The local reputation server should be able for example to develop an index of integrity for an individual user that builds a complete picture of incoming email traffic in order to identify anomalies.  It combines this with information from a global reputation service which distils intelligence about potential threats from the millions of emails monitored by a service such as Mimecast, to make an informed decision about whether any given communication constitutes a real threat based on aggregated data.  This in turn leads to more accurate decisions that have the benefit of lowering the rate of ‘false positives’ - emails incorrectly deemed to represent a threat or spam and blocked from delivery. 

 

The quarantine black hole

 

False positives are problematic on a number of levels; firstly because they may prevent or delay delivery of a perfectly good email that could represent a sales opportunity or

other time-sensitive commercial information, but secondly because a system which lacks the granularity or multi-layered intelligence described earlier will involve extra time-consuming and repetitive work for the network administrator in screening quarantined emails and additional calls to the help desk from unhappy users.  Which is why the latest generation of email management solutions have dispensed with the idea of quarantines.  They prefer instead to tackle the problem at source and block spam before it enters the customer’s network, sending a notification email to the sender, so that in the event of an incorrectly categorised email the sender is aware that the email has not reached its destination and can take corrective action.  This effectively overcomes a major frustration both for users and administrators.  A recent survey revealed that 60% of users experienced the frustration of a false positive that had a negative impact on their business at least once a month.  This approach also tackles another problem experienced by earlier generations of email security solutions which relied on an ‘on-disk’ approach to email scanning as opposed to an ‘in-protocol, on-the-wire’ analysis that avoids tying up disk capacity or bandwidth with spam or viruses and instead returns the spam to the spammers!

 

Data Leak Prevention

 

Blocking email threats is one important aspect of any email security solution, but another is ensuring that confidential information isn’t borne away by your email system.  The spate of recent government security bungles has served to heighten awareness of the need for extra vigilance and duty of care both for the organisation’s information and for third party data.  New techniques are emerging within the new generation of email solutions that use techniques such as ‘weighted dictionaries’ which can enforce email policies based on weighted values that can take into consideration not only the type of data but also who it is being sent to and can add encryption in the meta data. 

 

Other state-of-the art email systems are able to apply ‘intelligent identifiers’ than can search for a string or format of characters that could spot National Insurance numbers or credit card numbers to help companies with PCI compliance in the financial industry by enabling them to prevent such information being illicitly communicated by email outside of the organisation.

 

What’s becoming increasingly clear is that new approaches are needed to deal with the sophisticated threats from both outside and inside the organisation.   Like other aspects of security, organisations are recognising the increasing need to outsource this complex but vital aspect of their company’s operations to email security experts who have the ability to apply advanced, highly scalable and resilient systems to ensuring that email is working on a 24/7 basis.  Increasingly too analysts are recognising that email management is one of the prime business applications best suited for delivery as a web-based service, offering as it does the combined benefits of cost-effectiveness with granular control and ease-of-use.