Symantec E-mail Security Appliances Focus On Targeted Attacks, SMB Markets

Posted by Neil Roiter on March 2, 2010

Tags: Brightmail,  Symantec,  anti-malware,  anti-phishing,  anti-spam,  email

Channel: Data Protection

Today at RSA, Symantec announced the release of a small business edition with identical feature sets to its Brightmail, but simplified licensing and SMB-scaled pricing. Symantec's latest release for its e-mail security appliances boasts enhanced ability to detect and block increasingly prevalent targeted e-mail attacks, real-time updates and customer-centric protection.

Targeted attacks such as 419 scams and focused phishing, according to Symantec, accounted for 21 percent of all spam messages in January 2010, more than double the percentage in January 2009. These range from attacks that target groups of users -- for example, those likely to contribute to charity such as earthquake relief -- to very specific attacks that zero in on a particular industry, company or user. They typically leverage profile information gathered on Facebook or LinkedIn, claiming to be a friend, relative or perhaps an IT admin.

The latest Brightmail release employs new techniques designed to detect these lower volume attacks, analyzing common characteristics such as word proximity, header information, subject versus body text, source, etc. Symantec has also widened participation its Probe Network to collect input directly from customer appliances and responding rapidly to attacks on specific customer businesses. In the past, the Probe Network collected information primarily from U.S.-based ISPs.

"The difference is that historical process of joining was focused on service providers because that gave us largest volume of e-mail, and spam used to be more generic," said Angelos Kottas, principal product manager for Brightmail. "Now with targeted attacks, different customers are seeing different kinds of spam. So, we need to insert probe accounts into the entire spectrum of our customer base."

Speed is a factor, Kottas said. Symantec analysts say that most attacks are delivered with half-hour of launch. In response, Brightmail now downloads protection updates incrementally as often as every second--compared to every few minutes up to now--and verifies the baseline every 24 hours.