Email is the prime communication stream for almost all businesses today, but it also relies on an infrastructure that is inherently insecure. So, a strong email security solution is major need. This article discusses the major issues which need to be considered seriously before you decide.

Besides adding a new dimension and extreme power to business, email has spawned numerous security threats including spam, viruses, scams, identity theft, and leaks of sensitive information. With each new threat, organizations have scrambled to defend their networks, often deploying a patchwork of separate security solutions. Like many other first-generation technologies, these early email security solutions were expensive to deploy, difficult to manage, and required constant fine-tuning, in order to assure acceptable results.

Many products that were effective when initially deployed no longer adequately take care of the issues. These solutions fail the most important of all email security tests. Sophisticated and complicated blended threats attacks have forced the email administrators to review already deployed email security solution and to find out better and stronger next generation solution to prevent his organization from economic and productive losses.

Defining Next Generation Email Security Solution

Business dependence on email is greater than ever before and the volume of threats using email as vectors for pushing malicious codes has spiked alarmingly. Next-generation email security solutions should provide gateway level security, with higher speed and efficiency in combating blended threats. These threats seek to maximize the severity of damage and speed of contagion by combining methods, for example using characteristics of both viruses and worms. Only a comprehensive security at the gateway can stop such threats even before they can enter the network and escalate into a full-fledged attack.

According to Digvijaysingh, Vice President — Sales, Cyberoam, email security is not just about stopping a virus or quarantining a Spam. So, organizations are adopting a Unified Threat Management approach. In fact, UTMs have evolved as the new third generation technology that provides comprehensive security against email threats which is one of the main vectors carrying malicious codes to the network.

To ensure that each component delivers maximum performance, email security must also take a multi-layered approach. A basic email infrastructure is made up of E-mail Gateway and E-Mail Server and End Point. Supporting the above email infrastructure, we do always believe that next generation e-mail security solution requires comprehensive protection. Pratapaditya Mondal, Asst Manager — Sales, Satcom Infotech Pvt Ltd, believes that an end user would like to see the scalability of the solution, capability of handling the various possible threats like inbound threat, outbound threat, internal threat and finally a single vendor for streamlined deployment, management, maintenance  and support.

Supporting a comprehensive protection arrangement, Leonard Gangi, VP & GM, Enterprise Security Solutions, Comodo Group, Inc, said, “Next generation email security solutions will allow users to encrypt and sign emails to anyone, without requiring exchange of public keys first.  This will make secure email accessible to more people, allowing them to encrypt more communications that they would not have previously entrusted to S/MIME communications. Comodo’s Secure Email offers such functionality right now.”

“The e-mail security suite should provide solutions for a wide range of problems other than just spam and viruses. The e-mail security solution should help alleviate risks of information theft and leakage of company’s intellectual property through e-mail.

As an end user, the e-mail security solution should provide protection from spam, viruses, denial of service, phishing and other borne e-mail attacks.” Believed by Govind Rammurthy, CEO & MD, MicroWorld.

Expressing his views almost in the same line, Altaf Halde, Country Manager, Utimaco Safeware said, “Next generation solution should be an integrated solution that can provide both email encryption and anti-spam and anti-malware capabilities. The solution should be totally transparent to the end-user and they should have no change in their working habits while benefiting from the highest level of security.”

Websense defines next generation email security solutions as one having multiple layers of real-time Web and data security intelligence to provide leading protection from converged email and Web 2.0 threats. Jyoti Prakash, Channel Manger — SAARC & India, Websense believes that the solution would help to manage outbound data leaks and compliance risk, and enable a consolidated security strategy with the trusted leader in Essential Information Protection.

Issues to Consider

Today, security is not just about one aspect of securing email or installing antivirus software. In fact, in present times, businesses are facing challenges to implement cost-effective security solutions that meet the operational needs of end-users while complying with regulatory requirements. Email Regulatory compliance and Data security are two key things in today’s time. Over the last few years, governments around the world have taken an increasingly detailed interest in how organizations manage personal data. This has led to a rash of legislation, much of which requires corporations to take specific action to protect personal, identifiable information. Although each country’s laws differ in specifics, compliance in each case often forces companies to address the protection of personal, identifiable information within the inward- and outward-bound communication channels.

Email regulatory compliance therefore depends on differentiating between legitimate and illegitimate email communications and taking action to restrict any illegitimate emails. The effective method for dealing with the issue is to use email filtering solutions that are trained to differentiate between legitimate and illegitimate email communications.

Some of the key considerations are as below:
Study and Know the Solution: There are a lot of solutions in the market that claim to defend against a variety of threats.  It becomes essential for enterprises to judge “Critical Impact Value” of a particular threat and its corresponding return on Investment.  An organization may end up investing in a security tool which they never needed in the first place.

Life cycle of a Solution: The Security industry is one of the most dynamic & rapidly evolving one.  It is important to ascertain the life cycle of a security product.  A vendor declaring life cycle limitations for a security solution can have unpredictable impact on the organization’s business, creating support issues and back-end vulnerabilities in the network.

Box Item

Solution capable of Customizable and Granular policies: A lot of IT Managers ignore any formal web code-of conduct for their enterprise. They may have a loose set of rules, but there is no centralized system in place that regularly monitors behavior of employees. In such a scenario, employees have no clue as to what’s acceptable and what’s not when they open a browser.  Enterprises may suffer all kinds of losses related to data theft, data leakage, legal liability, etc. In such a scenario, it becomes imperative for organizations to educate and implement a customized (not blanket) access policies for websites & applications that users can access across the network.

Considering Features that Combat Internal Threats: Most Enterprises act on the assumption that threats can be only external, however, the reality is different. If left unchecked, insider threats can cause huge damage to an organization’s business interests due to the sheer lethality of their impact. User identity is at the heart of internal threats and being in full knowledge of employee activities in the network is absolutely critical for staying on top of emerging threats. Enterprises should look for a solution that embeds user identity in their firewall rule matching criteria, eliminating IP addresses as intermediate components to identify and control the user. By doing this, a threat can be detected on time before it matures into a full-scale attack so that the user identity is deciphered.

The basic requirement a buyer should ensure before buying an e-mail security solution is that the suite should provide AntiSpam solution and also proactive protection against threats like worms, Trojans, spyware, etc. and consists of options like Web administration, attachment filtering, compression and decompression of files, blocking image spam, blacklist and whitelist.

It is very essential to have an array of reports that are exhaustive but simple to understand. Reports may be mails that are sent from local domains, details of the mails, mails received from the local users and their daily analysis. A vendor should have an expertise in e-mail security and the ability to analyze the reports and provide solutions to the buyers based on the reports. Regular auditing and reviews build a repository of all known threats, vulnerabilities, logs, behavioral and signature IDS alerts from emails. Enterprises can later collect, integrate, correlate and analyze these email trend reports to take proactive measures for optimizing IT infrastructure by avoiding network abuses, managing bandwidth requirements and ensuring appropriate usage of networks by employees. The purpose of analytical reporting is to instantly display the most critical network threats in a clear and concise format, so that the best remedial measures may be taken. For vendors, Email security expertise is a direct function of their overall experience and analytical depth in being able to stop spam, viruses and prevent phishing attacks.

Different Verticals = Different Issues = Different Solutions?

Most of the industry experts and vendors believe that different verticals have different applications based on the nature of their business requirements. Considering this fact, features of a solution they will be looking for might be different from each other. But few experts believe that an advanced solution should solve most of the major problems organizations today face. There may be little differences but not anything major.

While a Unified Threat management solution serves the needs of verticals cutting across different segments, there are needs pertaining to a specific industry as well. There are significant differences between verticals in terms of business pain points and drivers and concerns for deployment in a particular security. For example, in the education vertical, such as BPOs and call centres, there are multiple users over a single machine. Thus, in wake of the possibility of Insider Threats due to user ignorance or malicious intent, the organization needs to install a highly granular security solution that extends its controls to the point of identifying the actual user, and not just the IP address of a machine.

Similarly, for other verticals like government and defense, the perception of internal security breach is very high and so is the need to prevent it, given the highly sensitive nature of such information. There is a need in such verticals to deploy a solution that gives complete transparency as to ‘who is doing what’ in the network. This not only helps control and deter malicious users but also enables formulating access policies based on user profile through correlation between his needs and online behavior analysis.
Also, an enterprise with geographically distributed networks requires a solution that will scan all VPN traffic for malware intrusions, spam and content. Cyberoam believes that their Threat Free Tunneling (TFT) technology and its capability to set identity-based policies for VPN Internet browsing, offers comprehensive security in such a scenario.

Microworld strongly believes that there are different issues that need to be looked for different verticals before selecting an advanced e-mail security suite. For example, medical practitioners deal with content which may be offensive to some others. When an e-mail is received by a user with such offensive content they are classified as spam by the security suite using the typical e-mail security solution, MicroWorld’s, MailScan uses the Non-Intrusive Learning Pattern (NILP) technology to solve this problem. This technology analyses all mails to filter and block spam, according to the Behavioral Pattern of the user.

Satcom has experienced that in large Enterprises, their team are very much capable to protect the entire email infrastructure, with a range of products engineered specifically for each component like Email Gateway, Email Server etc. But, where we talk about SME sectors then we only think of a dedicated Email Server taking care of fetching and delivering mails without any E-mail relay gateway having minimum IT resources so in this case what best we will suggest is to look for a product like Kerio Mail Server, a single place to manage email, calendar, contacts, notes and tasks with combination of inbuilt AntiSpam module dual Anti Virus Scan Engine and multiple OS support in terms of installation.

But on the other hand, Utimaco feels that a good security solution that can provide encrypted emails, that is free of malware, should be useful to all verticals. But some verticals, such as finance, healthcare, and technology may have a greater need for data protection based on the compliance that they need to adhere to based on a specific region/geography. These firms should be aware of the types of data that is sent and ensure that they are properly secured. Comodo also believes that some verticals (such as law enforcement) require chains of custody to be sure the message has not been tampered with.  Someone besides the sender needs to be able to manage the digital certificates. 

Conclusion

—By: R. Manoj. The author is an Assistant Editor at Fanatic Media, Bangalore.