Email security could be the single biggest issue facing enterprise security professionals. Its importance for communication, its attractiveness to criminals and its sheer volume are all contributory factors. Additionally, the sector is one of the most densely populated areas in the IT security market, due to its maturity and business relevance. SC takes a look at the products and managed services aimed at keeping the corporate inbox clean.
The battleground to secure email has seen a huge amount of development. From using signature-based technology to prevent the script-kiddie worms and related malware of ten years ago, through to battling blended threats and targeted phishing attacks using DLP and encryption today, the field of technologies and products is vast.
One of the biggest threats if judged by volume, spam accounts for around 96.5 per cent of all business email (according to research from Sophos), or 200 billion messages a day (Cisco) and can cause a range of severe issues for enterprises, ranging from simply drowning out legitimate communications, to Trojan infection through socially-targeted phishing attacks. Solutions can be either software- or hardware-based, and hosted either on the network or the endpoint, depending on the size of the organisation.
Some products attempt to cover all bases, such as MailMarshal SMTP from Marshal8e6, which claims to filter all incoming and outgoing email at the gateway and blocks spam, malware, spyware, DoS attacks and phishing. MailMarshal SMTP can be deployed as software, an appliance or SaaS, according to Marshal8e6, and is used to provide deep content inspection of incoming and outgoing email traffic and to enforce acceptable email use policies. Marshal8e6 says its product is used by half of UK police forces and more than 40 per cent of global Fortune 500 companies.
Until relatively recently, email was the most popular way to spread malware; and even though web has overtaken email as the top attack vector, scanning incoming mail for unwanted malware attachments is a basic essential.
Anti-virus vendors have been offering signature-based products to battle this for some time, initially fairly successful.
Attackers moved on rapidly from the old .exe attachment, first hiding executable code in standard Office formats, such as Word and Excel, and more recently PDF files, to take advantage of Adobe vulnerabilities. As anti-virus (AV) companies began to scan all attachments more carefully, attackers began to use web links to malware, often in a layered attack, where the first link would install a dropper, that would then open an encrypted channel and download the malware. In reply, as the sophistication of malware writers has increased, AV companies have augmented their products with heuristic and behavioural detection.
Increasingly, enterprises are opting for cloud-based spam filters, removing an intensive strain from internal IT resources. This also provides a green aspect, by reducing the corporate data centre's energy and physical footprint, so cutting power, cooling and operational expenses. Additionally, cloud-based services are far more rapidly scalable, so can deal with sudden fluctuations in volume more seamlessly.
For example, Cisco's IronPort Hosted Email Security provides a dedicated email infrastructure hosted in a network of Cisco data centres. Customers retain control of hosted devices with co-managed device access and can access real-time reports and modify configurations without service ticket response delays, according to the vendor.