email scanning and security - fort systems, …...smart strategy designed into email security...
TRANSCRIPT
EMAIL SCANNING AND SECURITY
1www.fortantispam.com
THE NEED FOR SPECIALIST EMAIL SCANNING AND SECURITYBusiness today without email would be unthinkable. Even with the arrival of
alternative channels, such as text and social network messaging, email
continues to enjoy huge popularity: a recent estimate by the Radicati Group
puts the worldwide number of emails sent per day at around 269 billion. Easy
to use and reliable, email offers universal, standardized communication.
Unwanted, unsolicited emails
Attacks via malicious email
content and attachments
Email is also part of productivity solutions for
businesses, both on premise and in the cloud
(Office365 from Microsoft, G Suite from Google, for
example). Vendors of these solutions often include
scanning mechanisms to spot and act on dubious or
dangerous emails. However, their strategic focus may
be elsewhere, and their expertise and support limited
for problems specific to email.
Yet in parallel, email security limitations leave users exposed to two
serious problems:
2www.fortantispam.com
SPAM IS WHEREPROBLEMS START
The problem of spam is likely to continue for the foreseeable
future. Spammers can send vast amounts of spam emails at little
or no cost to themselves, and only need a handful of positive
replies to generate significant financial gain. Each spam run may
contain millions of messages. Such high volumes require
treatment by a system not only with high performance, but also
with a suitable strategy for identifying and treating spam.
Current statistics from statista.com for spam, meaning undesirable
emails that were not requested by the people receiving them, indicate
that spam accounts for around 61% of all emails sent. A quick
calculation then shows that around 164 billion (61% of 269 billion)
spam emails are sent every day. The most common types of spam
currently concern healthcare and dating services. Spam has also
acquired a reputation for fraud and confidence trickery, as well as for
containing malware capable of causing damage and loss to recipients
and their PCs, servers, or mobile computing devices.
3www.fortantispam.com
IN THE WRONG PLACE, AT THE WRONG TIME?The effectiveness of an anti-spam system depends on both what it detects and where in the email delivery process it does its detection. Basic tell-tale signs of a
spam email include anonymity of the address and the identity of the sender, long distribution lists, and the absence for the recipient of any possibility to opt out of
the distribution list. As spam defense solutions have evolved, so has the ingenuity of spammers in disguising their spam and getting around barriers meant to stop
them. More sophisticated anti-spam systems will therefore also identify spam using other means, such as IP reputation, sender reputation, sender
behavior, and Bayes filtering. They may also be able to recognize new forms of spam and spamming tricks or flag emails as potentially being spam.
Spam detection rates may be as low as 80% when using this delayed content-checking approach. Message rejection after email content checking,
instead of directly at the time of message reception, may also result in the receiving site being listed as a source of “reflected spam”.
More system resources are required for
systematic email content checking, leading to
higher expense, poorer performance, or both.
Spam messages are still routed to users’ spam
mailboxes, where they occupy extra storage
space, causing further expense, and require
user time and effort for sorting or deletion.
Additional resources are required
to quarantine rejected messages.
However, many anti-spam solutions then delay the spam checking process, or take ineffective action. Delaying the spam checking until after the message
reception has been acknowledged, a common approach, can have several undesirable effects:
4www.fortantispam.com
FILTERING AT TIME OF RECEPTION FOR BETTER RESULTS
By comparison, Fort Systems Limited (FSL) recommends a separate system with higher
performance filtering of messages as they enter from the network. Filtering properly at this
initial level allows most of the cases (up to 95%) to be dealt with immediately, only sending
the minimum number of emails necessary to computer and network intensive scanning
processes, and allowing much greater volumes of messages to be treated with the same
resources. As a bonus, most rejected emails can then be safely returned to the sender
without these rejections being labeled “reflected spam”.
5www.fortantispam.com
THE CYBER-ATTACKER BEHIND THE SPAM Spam’s darker side is the cyber-attack that often hides within the message text or in an attachment to the message. In some cases, the attack is purely
technical, relying on a computer script or executable that is hidden in or attached to the message. In other cases, attacks are carried out using social
engineering, asking users to supply sensitive information, such as user IDs and passwords, financial account credentials, and social security numbers. The
more common types of attack via emails include:
A virus consuming IT resources, a worm replicating itself endlessly, or a Trojan creating a secret, illicit backdoor into a
system are all examples of malicious payloads that can be attached to emails.
A link presented in such a way (special offer, government tax incentive, or other) as to entice the recipient to click on it
and connect with a malicious website or online form asking for confidential information.
Mass mailing masquerading as a message from a legitimate source, such as a bank or phone company, asking
recipients to supply confidential information. Attackers also often attempt to copy the email logos and message layouts
of the real organizations.
Highly targeted phishing email sent to specific individuals or groups, in which the attacker makes an extra effort to
appear as a legitimate, credible sender.
A variation on spear-phishing in which the email appears to come from inside the same organization, such as a fake
request from the CEO to the CFO to urgently transfer funds.
High volumes of spurious emails are sent to swamp out the receiving email server, and even cause it to break down.
When multiple sources of such emails are used, this becomes a Distributed Denial of Service (DDoS) attack.
Malware infection
Malicious link
Phishing email
Spear-phishing email
Whaling email
Denial of Service(DoS) attack
6www.fortantispam.com
The targets of attackers using email as an attack vector are
not limited to the recipients themselves. A spear-phishing
attack on an individual can have a goal of acquiring system
access information for an attacker to misuse or sabotage
enterprise IT resources, for example. In many cases, email-
initiated attacks are simply activated by recipients opening
the wrong email. A priority in email security is therefore to
stop such malicious emails appearing in users’ inboxes.
EVERYTHING IS A TARGET
7www.fortantispam.com
THE COST OF INADEQUATE EMAIL SCANNING AND SECURITYThe Internet is rife with figures on the number of companies
shutting down after email-initiated attacks. The real cost of poor
email security is likely to differ from one enterprise to another.
Factors to consider include immediate damage and loss, whether
financial or reputational, as well as less visible but equally
debilitating costs over time of increased IT system expenses, and
the daily time and effort of employees in dealing with the spam that
nevertheless finds its way to them. Whether an organization faces
litigation because of a specific email security incident, or employee
frustration and depressed productivity because of a continually
poor email security posture, the bottom line cost of inadequate
email scanning and security could be considerable.
8www.fortantispam.com
CHALLENGES FOR EFFECTIVE EMAIL SECURITYThe challenges in properly
identifying and dealing with such
attacks are significant. Just as
spammers continually find new
ways to cheat anti-spam solutions,
cybercriminals and hackers are
constantly inventing new methods
of fooling or avoiding email security.
Antivirus programs that depend on the recognition of the “signature” of malware may
miss new or mutated versions of malware. Attackers can and often do mutate their
malware code each time they send it out.
Attempts to block file attachments may fail to spot menaces hidden in Microsoft
Office (Excel, Word, PowerPoint) or PDF files, which attackers now favor instead of the
more obvious ZIP and EXE attachments.
Sandboxes, which are isolated areas in systems to run and observe the behavior of
suspect code, have performance and storage costs, are often slow, and may still fail
to see later generation malware that has been written to remain dormant until after
the sandboxing has finished.
URL filters may not see links hidden inside attached documents or may rate a URL as
harmless, after which the attacker then makes the site or script behind the URL
malicious.
Sender reputation filters may miss attacks from IP addresses with no history of
attacks, or from recently created or spoofed email addresses.
9www.fortantispam.com
DEFENSE IN DEPTH
Smart filtering at the first level can dramatically reduce the quantity of
emails to be handled at the next level, reducing loads and costs.
Multiple anti-spam and anti-virus (AV) applications further narrow the
window for attackers. Even if each application depends on updates to its
knowledge base, which only arrive at certain intervals, these updates can
overlap each other between all the applications, increasing the chances
that at least one of them has the latest spam or malware signatures.
A modular email security platform that accepts different anti-spam and
AV products allows users to select best of breed solutions or make
choices according to corporate-wide recommendations, budgetary
considerations, and others.
Bidirectional, in and out, email security not only protects an organization
against external threats, but also prevents it from becoming a threat
delivery mechanism because of spamming, albeit unintentional, from
the inside towards the outside.
Smart strategy designed into email security systems is
also often the result of specialist knowledge and first-
hand experience. Those who have already built systems
to successfully defend their own organizations against
email spam and malware, and who continue to run and
enhance those systems today, are in a stronger position
to offer their technology and services to others facing the
same challenges.
Good email security is as much about smart strategy, as about brute force application of
processing power. While no guarantee exists of 100% security for emails, FSL suggests a
comprehensive, layered approach to reduce the probability of successful attacks.
10www.fortantispam.com
10 EMAIL SECURITY DESIGN GOALSAs the need for a specialist
email security solution
becomes increasingly
obvious, so do several
desirable features of such
an approach. FSL has
identified the following
set of best-practice design
goals:
UNIVERSALThe email security solution should work
with any email system or program. It should
also allow smooth, easy transition from
legacy systems.
EFFECTIVEThe objective is a spam and malware free
mailbox for every user, with defense in depth
to filter out all email spam and malware.
EFFICIENTMinimum hardware and software costs for
maximum results, smart automation and
learning to avoid manual construction or
importing of large whitelists and blacklists
PRODUCTIVEAny additional delivery time of emails to
users after possibly hundreds of security
checks should be no more than a few
seconds, i.e. normally unnoticeable.
FLEXIBLEAllows choice of different multiple anti-
spam and anti-virus applications according
to user and enterprise preferences.
MANAGEABLEUser, domain manager, and enterprise
levels of management with “single pane of
glass” offering fine tuning and granularity to
administrators.
ADAPTIVEAutomatic learning of traffic flows, smart
whitelisting and blacklisting, automatic
discovery of valid and invalid mailboxes.
FUTURE-PROOFEDA modular platform makes sure components
can be replaced easily as technology
progresses in the hands of an innovative,
specialist development team.
SUPPORTEDWhile email looks simple to ordinary users, it
can be highly complex below the surface.
Excellent, knowledgeable, rapid support with
service level agreements is a must.
AFFORDABLEIn terms of licensing fees, resources required,
minimal time and effort to deploy and use,
and low impact on IT department resources.
9
23
4
5
6
78
10
1
11www.fortantispam.com
CONCLUSIONEmail is ingrained in everyday life, whether for business or leisure. Email
messages carry content varying from the conversational to the contractual
and even the highly confidential. The popular features of email, meaning
its simplicity and flexibility, are also its vulnerabilities. They are unlikely to
change and therefore enterprises and organizations must take additional
measures to protect themselves properly against email spam and email-
related attacks.
A specialist email security solution can fill the critical gap left by email
applications and productivity tools, through better focused, smarter
solution strategies. Leveraging the experience, innovation, and knowhow
of a dedicated development team, it can offer better performance and
stronger protection for a modest outlay, especially when compared
with the potential expense of recovering from email security
incidents.
Fort Systems Limited (FSL) is headquartered in
Washington DC, US. The company was founded in 2002 with
the goal of providing the best anti-spam solution at a
reasonable cost. Our application is based on both open source
and commercial software. This approach enables us to
combine the best of existing open-source anti-spam solutions
and programming tools with our proprietary malware
detection tools to provide the market with superior protection
against all types of messaging malware.
12www.fortantispam.com
Sales: +1.202.595.7760 ext 1
Technical Support: +1.202.595.7760 ext 3
Fax: +1 202.506.9671
4101 Cathedral Avenue NW, Suite 305
Washington DC 20016
Fort AntiSpam
Email: info (AT) fsl.com
CONNECT WITH US
13www.fortantispam.com