Beyond the well-understood productivity drain that spam inflicts on businesses, threats posed by illicit email circulating through a network are causing many security professionals to rethink protective measures. Staff members some-times unwittingly unleash security threats by simply clicking on a greeting card link, opening a mail attachment, or previewing a message that contains a malware script.
Spam is more than a nuisance—it is often a vehicle for hackers and fraudsters to bridge network defenses and release dangerous payloads inside the network. Enterprise-scale organizations often protect themselves against illicit email intrusions with elaborate gateways, using expensive and complex screening techniques. Small and mid-sized businesses (SMBs) however, sometimes leave themselves open to risks—largely because they lack the resources to imple-ment countermeasures. Mail gateways scaled to the needs of smaller busi-nesses offer a means to combat spam, mitigate security risks, and restore productivity to companies grappling with an influx of illicit email.
Anyone who has ever returned from vacation to confront an inbox overflowing with hundreds of email messages, most of them spam, knows firsthand the productivity drain this form of communication can present. IT administrators wrestle with this problem daily and as fast as they implement solutions, new challenges arise. Email is indispensable to modern business operations, but to be useful it has to be both safe and convenient. The nuisance of spam is sub-stantial, but enterprising hackers using email to breach the security of the network are more than a nuisance. Emerging security risks are becoming more common as hackers discover innovative ways to use a simple email message to deliver a virus, worm, a malicious script, a phishing link to a fraudulent site, or an attachment that triggers a form of malware.
Botnets, because of their distributed nature and use of dynamic IP addresses, present a growing challenge to administrators—one which is best met by em-ploying a security solution capable of detecting and deflecting many categories of malicious operations in real time.
Companies pay a steep cost if they choose to ignore targeted email attacks and spam—both from a productivity perspective and a security standpoint. Any way you analyze the problem, the costs clearly indicate the need for selecting and deploying a means to keep illicit email outside the organization’s network.
The many and varied techniques employed by fraud artists, particularly with the rise in merged and hybrid attacks that use email, web sites, and malware to deceive the victim, demonstrate the need for a comprehensive approach to security.
Solutions that rely on software installed at the end point, such as virus protection or spam filters, must be maintained across the entire universe of an organization’s computers and must depend on end users not disabling or circumventing them.
A more efficient approach is the security gateway, which can be equipped to detect and eliminate a wide range of incoming threats—from attachments con-taining worms, key loggers, or malware to messages associated with phishing sites or known botnet operations. The gateway provides a direct and defensible centralized point from which an organization can implement a range of security measures—filtering and removing harmful email and burdensome spam before it ever reaches the target recipient.
Only with gateways sitting on the perime-ter of a corporate network it is possible to reject spam messages during con-nection time, efficiently preventing transfer of unsolicited and potentially harm-ful data to the local network.
Besides the careful choice of the best way to fight spam and malware, methods have to be found that cope with emails which are not rejected at connection times. For example, messages that can’t 100% accurately be detected as spam need to be quarantined. To keep quarantining efficient and allow a swift over-view and swift access to quarantined messages, attention should also be placed on the handling of these quarantined messages.
Even if today’s anti-spam techniques are evolving and getting even better, no solution or product exists that can be 100% accurate on spam detection. This makes spam management an important part of any solution that addresses the challenge of spam on the company network. The choice of management techniques can have a substantial effect on productivity—both at the administrative level and at the end user level. The optimal approach for spam management should have these characteristics:
- Flexibility to adapt to various work environments without onerous restrictions
- A design architecture that minimizes spam traffic on the network and re-duces storage requirements allocated for unwanted messages
- A management approach that requires minimum time from email users and administrators to deal with sorting and deleting suspected spam messages
One common technique that is used for spam management in anti-spam appli-cations is to simply flag an email message that appears to be spam and then pass it along to the user’s inbox. This approach does not help reduce network traffic, since messages are distributed in the same manner as legitimate email, nor does the approach help reduce storage requirements. Similarly, anti-spam solutions that quarantine spam on the user’s local storage still circulate vo-lumes of spam across the network.
A centralized, gateway approach to spam management does a much better job of keeping spam off the network and consolidating it in a single area, generally a quarantine database, where it can be further screened and examined. Some anti-spam solutions require that the administrator bear the burden of inspect-ing the contents of the quarantine area and determining the disposition of the messages. A far better option is to offer the user a portal to the quarantine area so that they can individually inspect messages and release messages that are wrongly filtered (false positives). Keeping users apprised of the current status of suspected spam messages sent to them is another means of simplifying the management tasks. This can be done by generating periodic reports to email users so they remain informed about the status of messages that have been quarantined. Users can then use the portal at their convenience to inspect the messages. Centralization alone is not enough.