Feeds

Shackling the email content beast

Integrated solutions to smut, spam and other nasties

  • alert
  • submit to reddit

Website security in corporate America

Email is such an essential tool that it is no longer sufficient to merely treat it as a means of communication. Instead, it is the lifeblood of an organisation - it is where our orders and complaints come in, and one of the main means by which we communicate our messages and business results to the outside world.

Spammers know how important email has become because it is their communications mechanism of choice - for the moment. Over the past six months, probably longer, we've all become aware of the problem of spam. Some mailboxes are targeted with spam to such an extent that unwanted communications fill up as much as 90 per cent of inboxes on a daily basis, although the average is typically nearer to 65 per cent.

Companies are increasingly turning to technology solutions to manage the entire content problem of emails. This includes security such as firewalls, anti-virus and intrusion prevention to keep unwanted threats out, encryption to guard communications in transit and storage, URL and content filtering to stop offensive or potentially damaging content being transmitted around networks, and management technology to enforce policies set by an organisation regarding required standards of behaviour.

INSL is a company that has developed technology and consulting capabilities to help organisations with the problems of managing email communications and content management. With a background in technology and consulting services largely for the financial services sector, and having grown through technology acquisition, INSL's SpheriQ solution is an email content management platform that is tailored for the needs of specific organisations by the firm's consulting team.

SpheriQ includes anti-virus, anti-spam and filtering capabilities but is in fact a comprehensive email content management solution. Its platform enables companies to enforce their email usage and security policies via what INSL director Ken Watt claims to be a unique numerical scoring system based on the characteristics that define whether an email is spam or not. It has a couple of other unique capabilities, including LDAP directory integration and image analysis functionality.

Integrating with the customer's LDAP directory enables SpheriQ to check that inbound messages are destined for valid users and provides user authentication so that personal message quarantine services can be provided. It also allows organisations to define groups of users by such factors as business unit or country, with particular policies or disclaimers applied to specific groups. Further, it provides a means to deliver emails direct to a user's home mail server - potentially enabling cost savings to be made by making a layer of the customer's internet gateway infrastructure redundant.

Shackling the beast

The image analysis engine uses three basic approaches. The first of these employs advanced database capabilities that are used to match and identify emails that are known to be malicious or unwanted. This component includes a feedback mechanism so that the information in the database is constantly updated, meaning that its effectiveness will grow over time as it is used more. The second tool analyses embedded web URLs that may point the recipient of the mail to a category of web site that contravenes the company's usage policy owing to inappropriate content, such a pornographic or racist material. The third tool uses artificial intelligence to analyse the actual content of attached images - making decisions based on such factors as shape, proportion, texture and colour. This component also works with the advanced database tool so that previously scanned images can be matched without the need to run the AI analysis every time. This helps improve performance and accuracy.

This approach has enormous potential for companies with large networks that are vulnerable to threats posed by pornographic, insulting or copyrighted content being transferred into, or outside of their firms. INSL quotes one of its customers, a leading ISP serving the education sector, which states that INSL's image analysis tool had a 97 per cent accuracy rate in recognising pornographic images.

Managing email content and security is a problem that is growing every day. INSL has just held its annual US user conference, after which the CTO of one its customers told INSL that his firm had been getting 6 million email messages per month; eight months later, that had increased to 22.5 million - 80 per cent of which were spam, and of those spam messages, 20 per cent contained viruses. Using INSL's SpheriQ platform, the firm's escalating email management problem was solved.

The business case for outsourcing email content management is getting clearer by the day as both email traffic and problems multiply. The cost of putting together an internal team to deal with all the problems associated with email - and resultant security threats, potential copyright infringements, data protection issues - is daunting for most companies.

This problem is evolving and so are the offerings of technology vendors and service providers working in this space. Companies are paying more attention to the need to encrypt electronic information in transit as well as in storage. They also realise that it is not enough to employ technology at their perimeter alone since so many threats to an organisation originate from within.

The further problem that is yet to be addressed - and which will increasingly become a threat to companies as legislation starts to bite with real test cases - is that of compliance. Many laws require emails to be stored - securely, that is - for up to seven years. If you don't start managing the email content, security and storage management problem right now, the costs are going to be enormous.

© IT-Analysis.com

Related stories

The battle for email privacy
America - a nation of corporate email snoops
Spamming for Dummies

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Blood-crazed Microsoft axes Trustworthy Computing Group
Security be not a dirty word, me Satya. But crevice, bigod...
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.