To combat the ever-growing and increasingly sophisticated threat of spam and other malicious e-mail attacks, defense solutions are beginning to place more focus on rejecting unwelcome e-mails before they enter an enterprise's network. Spam has been widely recognized as a problem of receiving e-mails that transmit unwanted and potentially hazardous content, whether in terms of their messages, embedded viruses or other forms of "malware."
As a result, traditional spam defense solutions have focused on the content level, suggests John Thielens, chief technology officer, Tumbleweed Communications (Redwood City, Calif.). Thielens says that, like physical "snail" mail, e-mail can be thought of in terms of delivery vehicle, envelope and content. "The content is on its way to the desktop, and the threat is seen in the fact that it got there," he explains.
But another threat is posed by e-mail messages that are not intended for a specific mailbox but rather inflict their harm at a network level. These e-mails may have invalid recipients, but they can include denial of service attacks (DoS) - which attempt to clog traffic going through a company's e-mail infrastructure - and directory harvest attacks (DHA) - precursors to spamming efforts that "harvest" a company's e-mail address book. To stop these threats, new e-mail security solutions seek to stop unwanted e-mail before their content can be examined.
Spammers conduct constant "malicious surveillance," according to Thielens, resulting in a large volume of what he terms "dark traffic." "It exists out there like a kind of constant background radiation," which is quite apart from spam that is targeted to valid e-mail addresses and bearing unwelcome messages or malware, Thielens notes. In addition to potentially creating bottlenecks or outright DoS - as well as paving the way for future targeted spam through DHA - this traffic places a burden on e-mail infrastructure. And that burden is likely to be underappreciated, according to Thielens. "In most cases, the IT administrators aren't even aware that they are under attack," he says. "They assume it's another slow day on the network."
Worse Than It Appears
Those administrators are hardly to blame. While developing its Mailgate Edge product to address the problem, Tumbleweed expected that dark traffic might constitute one-third of e-mail volume. "We were astonished when deploying this into our own network," Thielens relates. "The real number is more like two-thirds."
To handle this traffic, "At a typical enterprise, you might be buying as much as three times more e-mail infrastructure than you need to," adds Thielens. Furthermore, the type of processing required by content filtering is far more complex, and thus expensive, than analysis at and below the e-mail "envelope" level, according to Thielens. Tumbleweed's Mailgate Edge product identifies e-mail that should be blocked by looking at the sender IP address and other attributes to identify behavior patterns consistent with e-mail threats.
Low-level network traffic e-mail attacks also create a storage volume issue for regulated industries - such as insurance - that are required to archive received e-mail, according to Carlin Wiegner, director of product management, e-mail security products, Symantec (Cupertino, Calif.). "The moment e-mail hits some companies, they need to archive it, which is why we're focusing on solutions that ensure that e-mail doesn't even show up on your doorstep," he comments.
There are two major kinds of return on investment for technology that prevents unwanted e-mail from reaching a corporate network, Wiegner argues. "Even if only two-thirds of your e-mail is spam, that means two of every three gateways you're buying are just sitting there deleting or quarantining garbage," Wiegner points out. But companies need to probe further: "Do they have an archiving policy for spam or not?" he asks. "If they do, the ROI is huge."
New York-based AXA Financial (approximately $583 billion in assets) is more than happy to reduce its storage load - which had roughly doubled in response to regulatory archiving requirements, according to Mark Levine, technology specialist, AXA Technology Solutions. "If we can bat away the spam, we don't have to store the stuff for umpteen years," comments Levine.
AXA is in the midst of reengineering its spam filtering capability, including an implementation of Tumbleweed's Mailgate Edge. "We're looking to be 'hands-off,'" Levine explains. "We don't want to have to look at this stuff every day - or only very little - and we're relying on these systems and companies like Tumbleweed to leverage what they see over a much wider sampling of mail."
Levine says AXA's increasing spam burden has resulted more in the purchase of disk space rather than servers, but the insurer has faced an uphill fight against spam, involving ever-increasing costs. "I think that with better solutions in place, we'll be able to more or less hover where we are rather than continuing to spend more money," he speculates.
Free to Be You and Me
AXA also looks forward to minimizing both the raw sourcing burden and the opportunity cost of dedicating staff to examining spam. "Over the last couple of years, this has become a larger part of my job and that of other people here, and we'd much rather be doing more interesting stuff," Levine relates.
Similar concerns motivated The Main Street America Group (Jacksonville, Fla.) to implement Baltimore Technologies (Bellevue, Wash.) Mailsweeper, which works in conjunction with nonprofit Web site spamhaus.org to identify mail that has originated from known spammers, according to a constantly updated list. "Instead of having to make a determination as to whether mail is spam or not, this makes it just disappear," says Joel Gelb, CIO, The Main Street America Group ($1.4 billion in assets). Without the solution, Gelb adds, "We would be faced with a big queue of stuff that would have to be put in the 'probably spam' category, and dealing with that requires human intervention."
Anthony O'Donnell has covered technology in the insurance industry since 2000, when he joined the editorial staff of Insurance & Technology. As an editor and reporter for I&T and the InformationWeek Financial Services of TechWeb he has written on all areas of information ... View Full Bio