• Security Engineer
• Business Program Manager - Large...
• Head of Business Intelligence -...
• Calling All C++ & AI Game...
• Senior Flash Developer / ...

Antivirus players sink teeth into spam

Brian Fonseca, Information Age

17/04/2003 16:41:58

Charging into a heavily congested battlefield to help customers shed the escalating burden of spam infestations, AV (antivirus) vendors are fine-tuning their security offerings to supply organisations with new tools or services to restore e-mail gateway boundary protection to a manageable front.

Trend Micro, the latest AV stalwart aggressively pursuing this goal, has introduced its Spam Prevention Service (SPS). The product borrows technology from e-mail security provider Postini's heuristics rule engine to filter spam by different and configurable category types, notes Jeanie Boots, global product manager for content technology and anti-spam at Trend Micro.

Hot on Trend Micro's heels, Symantec is introducing its own enterprise anti-spam product. A spokesman for the Internet security company declined to offer further details of the upcoming announcement.

Trend Micro officials plan to utilise its Active Update Server structure to let customers tweak SPS' heuristic engine with the latest spam attack or patterns updates just as they would for downloading the most current virus signatures. Eventually, value-added services including real-time spam monitoring, sophisticated quarantining and policy management could be added as part of SPS' software subscription service, Boots added.

Trend Micro's SPS offering supports Sun Solaris servers. The security vendor plans to offer SPS for Microsoft Windows NT in May followed by a Linux version by June.

Despite getting the earliest jump on its AV brethren by acquiring anti-spam maker Deersoft at the start of 2003, Network Associates may have the toughest road ahead to enable coordinated spam protection at the network gateway, server and desktop level.

The AV and content security behemoth may be faced with extensive engineering to enable the desktop-oriented Deersoft SpamAssassin to be enterprise-ready and co-exist with McAfee and Network Associates technology, said Maurene Grey, research director at Gartner.

According to the Gartner analyst, customers are flocking toward anti-spam products to re-acquire strong operational efficiency and implement a "security guard" at the e-mail environment boundary to simultaneously oversee spam protection, virus protection and content filtering chores - a trend that AV vendors have likewise targeted.

"The market consolidation is being carried out by the leading players in the space of e-mail boundary protection and that gets us to Trend Micro, Symantec, and NAI," said Grey. "They're already well known and already have a stake. This provides customers with licences bundling and benefits to the enterprise."

Spam concerns traditionally range from loss of user productivity and rising infrastructure costs to legitimate threats of lawsuits and hostile work environments due to oftentimes inappropriate content. The problem is forecasted to only get worse. Gartner predicts that in 2004, 50 per cent of all e-mail will be spam-related.

Exacerbating the problem, competition for customers' affections is fierce. Organisations must decide if they want to entrust their spam protection to a services model offered by Postini and MessageLabs, a licensed software approach from vendors such as honey pot-probe network-based BrightMail as well as SurfControl, or a hardware "box" perspective from CipherTrust.

"Everybody is using a combination of different techniques. This is the added layer of complexity. It's all gotten very confusing to the enterprise customer to figure out first what is the right partnering approach to ensure that two years from now when consolidation is over, we have a vendor that is still in business," Grey remarked.

For some customers, however, the AV vendor-centric spam route proved unfulfilling. Jeffrey Deason, project lead in IT for food vendor Chick-Fil-A, said his organisation switched to CipherTrust's IronMail product after previously running a software AV product featuring spam word and domain delegation options in conjunction with content filtering.

Deason said the AV application did not prove stable or flexible enough to allow his company to base specific rules in accordance with its business model. After entertaining the notion of outsourcing its e-mail and spam needs, Chick-Fil-A opted to go with CipherTrust's hardware-based solution for greater in-house control and ease of administration to correct false positives.

"At the gateway level we want to be able to control what type of content can get into our system. We have found with IronMail it's very flexible for guys to configure rules to allow for things and disallow things," said Deason. "Our previous solution just didn't prove as stable because it was an application running on a generic Windows box. It's the nature of beast."

Chick-Fil-A features 1000 business units in 36 states within the US . Of those stores, CipherTrust guards 1600 mailboxes for spam and e-mail protection.

Fighting the war on spam has reached a fever pitch over the last few months as regulatory efforts to curb and penalise unrelenting spam attacks is a project very much still in the works.

MailFrontier recently unwrapped its Anti-Spam Gateway, which aims to stop spam at the corporate boundary using a combination of spam-blocking techniques. The MailFrontier Anti-Spam Gateway unifies blacklists, content filters, peer-to-peer network technology and dynamic whitelists. Designed to combat the problem of false positives, whitelists are safe lists of trusted partners whose e-mail messages can safely pass through filters, according to Pavni Diwanji, CEO of MailFrontier.

"We think these techniques stacked up together maximise the effectiveness of spam blocking," she said.

Meanwhile, IronPort Systems has announced a new service dubbed SenderBase, which is designed to establish the credit-worthiness of incoming e-mail messages. Rather than blocking IP addresses one at a time, the SenderBase service lets IT managers do background checks on IP addresses affiliated with spam loads, according to IronPort officials. IT managers can then block unwanted addresses or add accepted IP addresses to a whitelist. The service is offered standalone or as part of the company's IronPort Messaging Gateway.

Lastly, Web hosting provider Invotion has rolled out IntelliMail, a filtering system that scans incoming e-mail traffic for both computer viruses and unsolicited e-mail messages. IntelliMail quarantines suspicious e-mail in a Web-based message centre where end users can choose to safely view infected messages. The spam-filtration levels can be adjusted from lenient to aggressive, according to Invotion.