News

03:10 PM
Connect Directly
RSS
E-Mail
50%
50%

Tech Center Report: Using E-Mail Security Service Providers to Round Out Protection

Hosted-e-mail security firms are leading the SaaS market thanks to ease of implementation and other benefits. Still, these services are not without risks. In this Dark Reading report, we discuss how to determine what mix of in-house and hosted mail makes sense for your organization.

Dark ReadingFor those looking to test the outsourcing waters, moving your initial line of defense for e-mail security has a lot of benefits with few drawbacks, as we discuss in our Dark Reading Tech Center report, "Using Service Providers To Boost Protection." You can download the report at here.

As they stand today, the architectures of SMTP and other e-mail protocols are sorely lacking, mainly because of a dearth of baked-in security. Unlike Web sites, where vendors use SSL certificates and domains to authenticate themselves, there exists no universally deployed standard for doing the same thing with e-mail. It's still the Wild West out there.

One way those loose protocols work to our advantage, however, is the ease with which e-mail security services can be deployed. Simply change a DNS MX record, and all your mail will flow through a cloud-based service before being relayed to your server. Damage from outages is mitigated by the underlying protocols, which will automatically queue messages and retry missed connections, and the MX records themselves support multiple layers of redundancy to keep the mail flowing.

Current investments in security software and mail servers need not be tossed out the window, either. Rather, their life spans are extended significantly. A recent Trend Micro customer survey showed that 15% to 20% of its customers had experienced network outages or other problems caused by malicious payloads or the sheer volume of inbound e-mail. Using a hosted service means the vast majority of damaging and wasteful content is filtered before it even hits your network, letting you keep your existing hardware longer--sure to go over well in this economy. Finally, some vendors offer feature parity between their locally deployed security software and their cloud-based services, so there's no reason to lower your expectations on the level of control you have over your e-mail security.

Read our full Dark Reading e-mail security services Tech Center report
Today, e-mail security threats generally fall into one of two categories: Either bad stuff is coming in, or good stuff is leaking out.

On the inbound side, not only has the volume of bad stuff increased dramatically over the past decade, but so has the variety. The Messaging Anti-Abuse Working Group estimated that 72% of e-mail was spam in the fourth quarter of 2005. By 2008, spam was consistently above 90%. We've heard estimates from vendors placing the volume today at above 95%.

As for what's being thrown at us, it's not just run-of-the-mill commercial spam--yes, "buy our pills" still remains a lucrative business for those willing to incur the wrath of the Internet and, increasingly, law enforcement. We're also dealing with malicious attachments; random noise as spammers attempt to devalue and disrupt learning-based protection systems; direct mail connections from botnet-controlled endpoints; and URL-based attacks leveraging browser exploits or promiscuous users to execute malicious code without ever e-mailing a file. There's seemingly no end to the badness.

InformationWeek: January 18, 2010 Issue To read the rest of the article, download a free PDF of InformationWeek magazine
(registration required)

Comment  | 
Print  | 
More Insights
Cartoon
Slideshows
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
Research: 2014 State of the Data Center
Research: 2014 State of the Data Center
Our latest survey shows growing demand, fixed budgets, and good reason why resellers and vendors must fight to remain relevant. One thing's for sure: The data center is poised for a wild ride, and no one wants to be left behind.
Video
Twitter Feed