Q&A: E-mail Security Threats and Countermeasures
by Mirko Zorz - Monday, 9 June 2008.
b) Granular user-based e-mail content policies/filtering: Using content policies rules engine, an administrator can configure rule sets based on user and keywords that allow you to quarantine potentially dangerous content for administrator approval. Similar to the example above only e-mails from finance with keywords such as Sales Forecasts or Accounts will be allowed through. Keyword filtering can also be effective in stopping any e-mails that contain offensive content.

GFI uses multiple virus engines instead of partnering with one vendor. What are the benefits?

Using multiple scanners drastically reduces the average time to obtain virus signatures which combat the latest threats, and therefore greatly reduces the chances of an infection. The reason for this is that a single anti-virus company can never always be the quickest to respond.

For each outbreak, virus companies have varying response times to a virus, depending on where the virus was discovered, etc. By using multiple virus engines, you have a much better chance of having at least one of your virus engines up-to-date and able to protect against the latest virus. In addition, since each engine has its own heuristics and methods, one virus engine is likely to be better at detecting a particular virus and its variants, while another virus engine would be stronger at detecting a different virus.

Overall, more virus engines means better protection. With thousands of viruses released every day, you cannot afford to be caught without the latest virus definitions.

What do you see your customers most worried about?

There are two angles here to consider. From a technical perspective, the growing volume of spam received by companies and virus infections are the two major concerns for customers. However, more and more companies are slowly starting to understand that spam and virus attacks are but the tip of the iceberg when it comes to e-mail-based threats and they are taking an active interest in derived and new forms of threats such as phishing, social engineering by e-mail as well as data leakage via e-mails.

Along similar lines, customers are also worried that the volume of e-mails they receive is creating storage problems on their e-mail server resulting in lower performance levels and complaints from employees that they need larger mailboxes. Companies are also starting to look at e-mail from a different perspective: it remains an important communication tool but it is now also a major source of company information and records. The ‘threat’ that one e-mail could be the focus of a legal lawsuit is pushing companies to consider e-mail archiving (separate from backing up e-mails) as the next most important tool they need.

From a business perspective, e-mail is a crucial business tool; customers, from the mom-and-pop shop to the biggest multinational they expect that e-mail just works. Customers are thus concerned about the ease-of-use, reliability and the cost of ownership of securing their e-mail so much so that they are now demanding solutions that not only address the technical issues but also meet their needs for performance, ease-of-use and competitive pricing.


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th