Feeds

Shackling the email content beast

Integrated solutions to smut, spam and other nasties

  • alert
  • submit to reddit

High performance access to file storage

Email is such an essential tool that it is no longer sufficient to merely treat it as a means of communication. Instead, it is the lifeblood of an organisation - it is where our orders and complaints come in, and one of the main means by which we communicate our messages and business results to the outside world.

Spammers know how important email has become because it is their communications mechanism of choice - for the moment. Over the past six months, probably longer, we've all become aware of the problem of spam. Some mailboxes are targeted with spam to such an extent that unwanted communications fill up as much as 90 per cent of inboxes on a daily basis, although the average is typically nearer to 65 per cent.

Companies are increasingly turning to technology solutions to manage the entire content problem of emails. This includes security such as firewalls, anti-virus and intrusion prevention to keep unwanted threats out, encryption to guard communications in transit and storage, URL and content filtering to stop offensive or potentially damaging content being transmitted around networks, and management technology to enforce policies set by an organisation regarding required standards of behaviour.

INSL is a company that has developed technology and consulting capabilities to help organisations with the problems of managing email communications and content management. With a background in technology and consulting services largely for the financial services sector, and having grown through technology acquisition, INSL's SpheriQ solution is an email content management platform that is tailored for the needs of specific organisations by the firm's consulting team.

SpheriQ includes anti-virus, anti-spam and filtering capabilities but is in fact a comprehensive email content management solution. Its platform enables companies to enforce their email usage and security policies via what INSL director Ken Watt claims to be a unique numerical scoring system based on the characteristics that define whether an email is spam or not. It has a couple of other unique capabilities, including LDAP directory integration and image analysis functionality.

Integrating with the customer's LDAP directory enables SpheriQ to check that inbound messages are destined for valid users and provides user authentication so that personal message quarantine services can be provided. It also allows organisations to define groups of users by such factors as business unit or country, with particular policies or disclaimers applied to specific groups. Further, it provides a means to deliver emails direct to a user's home mail server - potentially enabling cost savings to be made by making a layer of the customer's internet gateway infrastructure redundant.

Shackling the beast

The image analysis engine uses three basic approaches. The first of these employs advanced database capabilities that are used to match and identify emails that are known to be malicious or unwanted. This component includes a feedback mechanism so that the information in the database is constantly updated, meaning that its effectiveness will grow over time as it is used more. The second tool analyses embedded web URLs that may point the recipient of the mail to a category of web site that contravenes the company's usage policy owing to inappropriate content, such a pornographic or racist material. The third tool uses artificial intelligence to analyse the actual content of attached images - making decisions based on such factors as shape, proportion, texture and colour. This component also works with the advanced database tool so that previously scanned images can be matched without the need to run the AI analysis every time. This helps improve performance and accuracy.

This approach has enormous potential for companies with large networks that are vulnerable to threats posed by pornographic, insulting or copyrighted content being transferred into, or outside of their firms. INSL quotes one of its customers, a leading ISP serving the education sector, which states that INSL's image analysis tool had a 97 per cent accuracy rate in recognising pornographic images.

Managing email content and security is a problem that is growing every day. INSL has just held its annual US user conference, after which the CTO of one its customers told INSL that his firm had been getting 6 million email messages per month; eight months later, that had increased to 22.5 million - 80 per cent of which were spam, and of those spam messages, 20 per cent contained viruses. Using INSL's SpheriQ platform, the firm's escalating email management problem was solved.

The business case for outsourcing email content management is getting clearer by the day as both email traffic and problems multiply. The cost of putting together an internal team to deal with all the problems associated with email - and resultant security threats, potential copyright infringements, data protection issues - is daunting for most companies.

This problem is evolving and so are the offerings of technology vendors and service providers working in this space. Companies are paying more attention to the need to encrypt electronic information in transit as well as in storage. They also realise that it is not enough to employ technology at their perimeter alone since so many threats to an organisation originate from within.

The further problem that is yet to be addressed - and which will increasingly become a threat to companies as legislation starts to bite with real test cases - is that of compliance. Many laws require emails to be stored - securely, that is - for up to seven years. If you don't start managing the email content, security and storage management problem right now, the costs are going to be enormous.

© IT-Analysis.com

Related stories

The battle for email privacy
America - a nation of corporate email snoops
Spamming for Dummies

High performance access to file storage

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.