In an era where the nation is moving towards an e-economy it is pivotal that the telecommunications industry follows suit. With the rapid shift towards mobile use instead of fixed lines and the increasing amount of homes having Internet access, one would assume that leading companies would be pioneering this trend.

This is not the case and a number of the FTSE 100 companies cannot even be reached by e-mail. This can be due to only one thing: the threat of spam. Spam within the enterprise has undoubtedly evolved from an annoyance to a critical business problem. No approach to spam can work in isolation, as unlike viruses, no single technology is able to stem the tide. BIOS believes that by utilising the following top ten techniques, your business can arm itself successfully against the menace of spam.

Diversity: Identification is the first step towards stopping spam. Unlike viruses, there is no one solution that blocks all spam. What is needed is a cocktail approach, whereby companies employ multiple techniques including heuristic analysis and real-time collaborative filtering tools.

Flexibility: A common problem is the varied definition within companies as to what exactly spam is. For one organisation bulk e-mails may be seen as a nuisance while being essential for others. Anti-spam solutions must allow administrators to enforce these different rules and even allow them to apply different rules to different users. Ideally, an organisation's spam solution will include an integrated policy manager, which enforces corporate policy across the entire e-mail system and allows different rule sets for different users and groups.

Expertise: Spammers are constantly improving their methods, particularly as corporations have finally begun to fight back. Vendors must be able to develop and deploy policies, signatures, keywords and values to corporations using their solution. Only by constant improvement can any solution continue to be responsive to spammers even in the face of new threats.

Authentication: Spammers invest a great deal of time and effort into concealing their identity and the origination point of their attacks. Fortunately, this leaves telltale signs behind. A good tool should be capable of authenticating the DNS address of the sending server. If reverse DNS Lookup fails to authenticate the domain of an incoming connection, it could indicate a hijacked server. This can be valuable data in identifying spam.

Collaboration: Companies should take advantage of collaborative Internet community efforts in order to define new signatures and policies. Any effective solution should make use of these efforts to define signatures and policies for effectively blocking spam. To fail to do so makes a solution incomplete. The best vendors work closely with leading researchers and collaborative initiatives to ensure up to date, relevant responses to spam threats.

Learning: Spammers are relentless. With their e-mail blasts costing next to nothing, they have every reason to repeatedly launch the same attack. As frustrating as it is to receive spam, it's even more frustrating to receive the same spam again and again. New rules must be automatically created as new threats emerge to prevent similar spam in the future and/or allow end-users to assist in catching spam.

Review: Organisations should empower employees to review and provide input on messages in their quarantine queue, while staying within overall administrator oversight. A significant challenge for administrators in charge of corporate anti-spam solutions is managing end-user expectations and concerns. Upon introduction of an anti-spam solution, end-users will have concerns about legitimate mail being blocked. A true enterprise solution must include tools that allow administrators to provide access to quarantine queues for some or all users, allowing users to feel confident about messages that have been blocked.

Automation: Achieving and maintaining high spam blocking rates with low false positives is a constant battle. In order to ensure that administrators are not forced to invest too much time in the fight, a strong solution for spam must be capable of maintaining efficiency regardless of administrator intervention. Automatic rule generation, where rules are created without administrator intervention and whitelisting of trusted users will improve detection rates and decrease false positives 'on the fly.'

Security: Protect your entire e-mail system from email-based attacks. Your entire e-mail system is a target, not just for spammers, but also for hackers and intruders. Even spammers will hack, primarily to 'harvest' e-mail addresses sitting on mail servers and gateways. A legitimate enterprise e-mail system needs to account for these vulnerabilities and be capable of protecting at least itself and ideally the entire e-mail system from these attacks.

Profile: The ongoing challenge for corporations battling spam is the trade-off between high detection rates and high false positive rates. Until recently, this relationship was fixed. As your detection rate increased, so did your false positive rate. The only way to break this model, achieving high detection rates while minimising false positives, is to deploy a solution that can make complex, multi-faceted decisions about spam. By using such a profiling system, administrators can aggressively pursue spam blocking without the risk of losing legitimate e-mail.

Administering all ten techniques to control spam effectively can quickly become unmanageable. Today, organisations are attempting to prevent spam with only one or two of these techniques, resulting in poor detection and high false positives. A complete solution should be built upon all of the principles discussed above. By providing this protection at the gateway, in a hardened, attack resistant appliance platform, overall enterprise security will improve.

BIOS, Jun 20, 05 | Print | Send | Comments (0) | Posted In Security