Content filtering is a must for companies that want to ensure that all outbound messages do not contain information within the e-mail body or as an attachment that should not be divulged. Companies should install a software product that provides content filtering on two levels.
a) Attachment checking: Attachment checking rules enable administrators to quarantine attachments based on user and file type. For example, all executable attachments can be quarantined for administrator review before they are distributed to the user. It also allows administrators to allow only one department to send out a particular file type. For example, databases can only be e-mailed out by Finance and Management. Any other person sending out a db file will be flagged by the system and the administrator can take appropriate action.
b) Granular user-based e-mail content policies/filtering: Using content policies rules engine, an administrator can configure rule sets based on user and keywords that allow you to quarantine potentially dangerous content for administrator approval. Similar to the example above only e-mails from finance with keywords such as Sales Forecasts or Accounts will be allowed through. Keyword filtering can also be effective in stopping any e-mails that contain offensive content.
GFI uses multiple virus engines instead of partnering with one vendor. What are the benefits?
Using multiple scanners drastically reduces the average time to obtain virus signatures which combat the latest threats, and therefore greatly reduces the chances of an infection. The reason for this is that a single anti-virus company can never always be the quickest to respond.
For each outbreak, virus companies have varying response times to a virus, depending on where the virus was discovered, etc. By using multiple virus engines, you have a much better chance of having at least one of your virus engines up-to-date and able to protect against the latest virus. In addition, since each engine has its own heuristics and methods, one virus engine is likely to be better at detecting a particular virus and its variants, while another virus engine would be stronger at detecting a different virus.
Overall, more virus engines means better protection. With thousands of viruses released every day, you cannot afford to be caught without the latest virus definitions.
What do you see your customers most worried about?
There are two angles here to consider. From a technical perspective, the growing volume of spam received by companies and virus infections are the two major concerns for customers. However, more and more companies are slowly starting to understand that spam and virus attacks are but the tip of the iceberg when it comes to e-mail-based threats and they are taking an active interest in derived and new forms of threats such as phishing, social engineering by e-mail as well as data leakage via e-mails.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.