Comprehensive Messaging Security

By Thomas Schmidt

For most organizations today, email is the single most critical channel for internal and external communication. With increases in network bandwidth, the use of email as a vehicle for rich media has exploded; beyond simple text, email is now used to send rich media, including HTML, graphics, audio and video. Having become critical for corporations in the 1990s, email is now a vital form of business record.

Of course, email is no longer the only form of electronic messaging and collaboration. In recent years, instant messaging (IM) has caught on in many organizations. Users at most organizations now use IM -- even if it isn’t supported by the IT department. It’s even been estimated that IM may overtake email as soon as this year in terms of the number of messages sent between users.

But just as with email, the ease and power of IM have caused a number of risks and challenges to arise. IM is increasingly the target for attackers to propagate IM-borne viruses, worms, spim (spam over IM), malware and phishing attacks. These attacks have grown exponentially over the past three years, increasing the need for real-time threat response for IM and peer-to-peer (P2P) applications. For example, one of the top malicious code families in the first half of 2007 was the Mespam Trojan, which sends instant messages containing a malicious URL.

Over time, the overall impact of these messaging threats has begun to be understood and measured in the following ways:

• End-user productivity decrease due to spam
• Asset damage and downtime due to virus attacks and worm outbreaks
• Regulatory pressure to monitor and control inbound and outbound email content
• Time spent by administrators to deploy and manage a messaging security solution

At the same time, messaging threats are constantly evolving. For example:

• There was no evidence that spam levels subsided after the most recent holiday season, as would be expected.
• Europe is the new King of Spam. The percentage of spam messages originating from Europe surpassed that of North America.
• Playing on people’s hope for a tax refund, spammers have recently been sending an official-looking email bearing the logo of the U.S. Treasury Department, promising recipients an early tax refund.
• Spammers are also capitalizing on rising gas prices. Some Russian spam promotes a device that would allow the user to change manure into bio-fuel.
• One of the most persistent Italian spam attacks has been a work-from-home job offer. The email seeks applications for “Administrative Agents for Online Payments” and “Remote Support Agents.” In fact, this is a money-laundering scheme.

The ongoing issue facing messaging administrators, then, is how to preserve the value of messaging in light of these escalating security threats.

All-in-one protection
For many of today’s organizations, the issue is compounded by the challenge of keeping up with growing messaging and spam volumes while keeping costs down. Increasingly, this means deploying a solution that integrates email security, IM security and outbound content control capabilities in one gateway-based appliance. Specifically, the appliance must enable administrators to:

• Stop spam, denial-of-service attacks and other inbound email threats
• Leverage global and local sender reputation analysis to reduce email infrastructure costs by restricting unwanted connections
• Filter email content to remove unwanted content, demonstrate regulatory compliance and protect against intellectual property and data leakage over email
• Secure and protect public IM communications using the same management console as email
• Obtain visibility into messaging trends and events with minimal administrative burden

Moreover, while messaging threats in general are on the rise, they also fluctuate, leading many organizations to demand the ability to instantly adjust spam and virus filtering capacity without having to add or configure the physical infrastructure. This virtual option would give them the choice of quickly and incrementally scaling their messaging security infrastructure while taking advantage of the resource utilization benefits of virtualization. It would also allow them to avoid provisioning to peak capacity with special-purpose hardware that can’t be used for other applications when spam waves recede.

Conclusion
With messaging systems becoming more and more vital to today’s organizations, protection against inbound and outbound email- and IM-borne threats is more important than ever. By tapping advanced content filtering and structured data protection support, IT can more effectively control sensitive data, reduce the risks associated with data leakage, and meet regulatory compliance mandates and corporate governance demands.