The Gloves Are Off Taking The Fight To The Spammers
by Matt Peachey - Regional Director, Northern Europe, IronPort Systems - Friday, 16 September 2005.
2005 has already seen spammers and virus writers become more shrewd, more malicious, more sophisticated and more hungry for commercial gain. The potential damage that this will inflict on brand reputation, customer relationships, and capacity to run a business will continue to move IT security management further up the boardroom agenda - never has it been so important to get it right.

In the last two years, a sophisticated approach to tackling the increasing number of security threats has emerged Ė the integrated security appliance. Appliance vendors have built on the security foundations created by previous approaches to provide a security model that offers the end-user full visibility and control over their network, while removing the complexity.

Traditional approaches to security have been ad hoc and varied. Companies began to view security as a must-have in the early to mid-nineties when the Internet became widely used in business, and email was adopted as the de facto communication medium. At the same time, this opened the company network up to a rife of new security threats.

IT managers responded by purchasing a number of bolt-on security products, such as firewalls and anti-virus software, but for many, managing these proved -and still proves - to be too complex and time-consuming.

A lack of in-house skilled security specialists presented IT managers with a considerable problem and for many, the only way out was to outsource it to a third party. IT managers decided this was a good idea because it removed the burden of retaining resources in-house and handed responsibility over to the experts.

However, the trade-off for allowing a third party to manage a companyís IT infrastructure, is that an outsider has access to its data and can dictate how it is managed. The biggest issue people have with this, especially those at board level, is trust.

We are seeing a shift away from the managed services approach in an attempt to bring the control back in-house, through the deployment of new technologies, such as integrated security appliances. Under the managed services approach, a lack of visibility means that in-house IT departments only ever find out about big issues and successes. They never tend to receive day-to-day information. This means that the company cannot learn from its mistakes and tweak security policies to match new threats.

This year, financial services company JP Morgan Chase cancelled an IBM outsourcing deal worth five billion pounds in an effort to keep services in-house. Cable & Wireless did the same. No doubt 2005 will see the business case of outsourcing questioned further, you only have to look at recent news headlines for evidence of this.

It is widely acknowledged that an IT managerís biggest security management issue is email. According to the 2004 DTI PricewaterhouseCoopers Information Security Breaches survey, email still constitutes the biggest virus risk by far, with 83% of companies admitting that they had received infected emails and files in the past year.

But many companies are still missing a trick when it comes to effectively managing and securing email. Third parties are so paranoid about customers receiving a virus because itís built into their contract, that they end up holding onto messages for eight, twelve, or even sixteen hours to ensure they are clean before they release them. Similarly, over-aggressive spam filters often mean that legitimate emails do not make it through, which has a detrimental effect on business.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th