by Mike Dodson
It's no wonder that email is such a big thaorn in IT's side. Mail volume doubles every six to nine months; an astonishing 80-90 percent of it unwanted and/or abusive. Four hundred and fifty new viruses attack companies every month. Eighty-five percent of abusive mail is sent by a zombie computer, with 500,000 new zombies launched daily according to Commtouch. Directory Harvest Attacks (DHAs), meanwhile, are increasing by as much as 30 percent annually. Not surprisingly, managing email and email security is getting more complex and more costly. Or is it?
The typical organization uses messaging software that runs on dedicated servers. In companies that use anti-virus and anti-spam software, IT managers often spend hours or days trying to get email server and email security software to work together. Upgrades are incremental and expensive and can cause server-to-server and other incompatibilities that disrupt email service. To continue protecting the growing message volume, companies must add new servers regularly in a virtually endless cycle of budget-and-build.
More importantly perhaps, standalone email security taxes bandwidth and does not provide adequate protection. Typically, email security is architected as a separate layer in front of the messaging firewall. While this method simplifies deployment, it often requires additional connections through the firewall, which can burden the messaging infrastructure with unanticipated load and vulnerabilities. In this architecture, recipient validation and per-recipient policy enforcement requires reaching through the firewall to directly query the corporate directory. Thus a breach in email security would leave organizations vulnerable to theft of user IDs and passwords and even HR and financial data.
Every surge in email traffic from spam or virus attacks places load demands on the corporate firewall and corporate directory. This in turn causes a loss in quality of service of the corporate network and mission-critical applications that depend on the corporate directory. In the worst case, if the directory is not sized to handle email traffic spikes, a spam attack could halt user access to valuable internal applications such as a CRM program.
To maintain quality of service, companies must continually add capacity to the corporate directory, firewall and other network components to accommodate the ever-increasing volume of spam. Or they can find an alternative architecture.
[FIGURE 1 OMITTED]
Integrated Protection at the Edge
According to IDC ("Messaging Solutions with 'Baked In' Security Delivers for IT and Messaging Users"), appliances that integrate messaging and security make better sense. A secure appliance is inexpensive, requires minimal administration, and blocks up to 80 percent of unwanted email at the firewall, reserving network bandwidth for email you do want. All essential messaging and security features are combined in a single box-from antivirus and anti-spam protection to integrated LDAP for recipient verification at the edge, to reputation filtering and user policy controls. Finally, appliance system upgrades can be made locally without removing the appliance, with no risk of incompatibility because security and messaging features reside on one platform.
Reputation filters add another layer of protection. Most reputation filters are a global one-size-fits-all, allowing for little or no customization to bar unwanted traffic from entering the network. But many organizations find these static filters impractical. Flexible reputation filters, on the other hand, not only take into account the sender's reputation, but also the recipient's level of sensitivity to missing a legitimate message that may have come from a sender with a bad reputation.
Flexible-reputation filters based on SMTP etiquette and RFC compliance are uniquely effective at blocking zombies and other sources of spam because they can block new abusers with no reputation history. It also provides a clear path for legitimate senders.
Spammers and hackers will continue finding new, more devious ways to use email to wreak havoc on corporations. A secure messaging appliance with an embedded LDAP server and flexible reputation filters at the network edge is our best defense.
Mike Dodson is the director of security strategy for Mirapoint. To access the IDC whitepaper, "Messaging Solutions with 'Baked In' Security Delivers for IT and Messaging Users," visit Mirapoint's Web site at http://www.mirapoint.com/idc.
No comments:
Post a Comment