Feeds

Shackling the email content beast

Integrated solutions to smut, spam and other nasties

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

Email is such an essential tool that it is no longer sufficient to merely treat it as a means of communication. Instead, it is the lifeblood of an organisation - it is where our orders and complaints come in, and one of the main means by which we communicate our messages and business results to the outside world.

Spammers know how important email has become because it is their communications mechanism of choice - for the moment. Over the past six months, probably longer, we've all become aware of the problem of spam. Some mailboxes are targeted with spam to such an extent that unwanted communications fill up as much as 90 per cent of inboxes on a daily basis, although the average is typically nearer to 65 per cent.

Companies are increasingly turning to technology solutions to manage the entire content problem of emails. This includes security such as firewalls, anti-virus and intrusion prevention to keep unwanted threats out, encryption to guard communications in transit and storage, URL and content filtering to stop offensive or potentially damaging content being transmitted around networks, and management technology to enforce policies set by an organisation regarding required standards of behaviour.

INSL is a company that has developed technology and consulting capabilities to help organisations with the problems of managing email communications and content management. With a background in technology and consulting services largely for the financial services sector, and having grown through technology acquisition, INSL's SpheriQ solution is an email content management platform that is tailored for the needs of specific organisations by the firm's consulting team.

SpheriQ includes anti-virus, anti-spam and filtering capabilities but is in fact a comprehensive email content management solution. Its platform enables companies to enforce their email usage and security policies via what INSL director Ken Watt claims to be a unique numerical scoring system based on the characteristics that define whether an email is spam or not. It has a couple of other unique capabilities, including LDAP directory integration and image analysis functionality.

Integrating with the customer's LDAP directory enables SpheriQ to check that inbound messages are destined for valid users and provides user authentication so that personal message quarantine services can be provided. It also allows organisations to define groups of users by such factors as business unit or country, with particular policies or disclaimers applied to specific groups. Further, it provides a means to deliver emails direct to a user's home mail server - potentially enabling cost savings to be made by making a layer of the customer's internet gateway infrastructure redundant.

Shackling the beast

The image analysis engine uses three basic approaches. The first of these employs advanced database capabilities that are used to match and identify emails that are known to be malicious or unwanted. This component includes a feedback mechanism so that the information in the database is constantly updated, meaning that its effectiveness will grow over time as it is used more. The second tool analyses embedded web URLs that may point the recipient of the mail to a category of web site that contravenes the company's usage policy owing to inappropriate content, such a pornographic or racist material. The third tool uses artificial intelligence to analyse the actual content of attached images - making decisions based on such factors as shape, proportion, texture and colour. This component also works with the advanced database tool so that previously scanned images can be matched without the need to run the AI analysis every time. This helps improve performance and accuracy.

This approach has enormous potential for companies with large networks that are vulnerable to threats posed by pornographic, insulting or copyrighted content being transferred into, or outside of their firms. INSL quotes one of its customers, a leading ISP serving the education sector, which states that INSL's image analysis tool had a 97 per cent accuracy rate in recognising pornographic images.

Managing email content and security is a problem that is growing every day. INSL has just held its annual US user conference, after which the CTO of one its customers told INSL that his firm had been getting 6 million email messages per month; eight months later, that had increased to 22.5 million - 80 per cent of which were spam, and of those spam messages, 20 per cent contained viruses. Using INSL's SpheriQ platform, the firm's escalating email management problem was solved.

The business case for outsourcing email content management is getting clearer by the day as both email traffic and problems multiply. The cost of putting together an internal team to deal with all the problems associated with email - and resultant security threats, potential copyright infringements, data protection issues - is daunting for most companies.

This problem is evolving and so are the offerings of technology vendors and service providers working in this space. Companies are paying more attention to the need to encrypt electronic information in transit as well as in storage. They also realise that it is not enough to employ technology at their perimeter alone since so many threats to an organisation originate from within.

The further problem that is yet to be addressed - and which will increasingly become a threat to companies as legislation starts to bite with real test cases - is that of compliance. Many laws require emails to be stored - securely, that is - for up to seven years. If you don't start managing the email content, security and storage management problem right now, the costs are going to be enormous.

© IT-Analysis.com

Related stories

The battle for email privacy
America - a nation of corporate email snoops
Spamming for Dummies

Designing a Defense for Mobile Applications

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.