Junking The Junk: Staying Ahead Of Spam Attacks
by Edwin Hageman - Managing Director BT Global MSSP - Monday, 26 December 2005.
It is important that, when user organisations install these products, they donít just forget about them. They must take full advantage of the service these vendors provide and make sure they benefit from the technical expertise and regular updates that are made available. These days, dealing with the problem of junk mail is less about the actual product selected and more about the levels and quality of support and service that accompanies it. Increasingly, IT departments have to justify the return on investment and total cost of ownership of the in-house security solutions they use, and they are expected to secure more by spending less. This often leads to them working with technology partners or systems integrators that can offer spam control on a managed basis, or even as part of a larger security solution.

When organisations do decide to outsource email security and spam filtering, they often see a number of distinct benefits. One is the ability to deal with threats on a 24x7 basis - spam is an international business and attacks can happen at any time. Resources need to be available so the software can be monitored, maintained and upgraded as soon as a patch is available, to prevent a threat that happens at midnight from infecting the whole company before 9am.

By working with technology partners in this fashion, organisations can focus resources on other essential areas, and feel reassured in the knowledge that they are secure. The other benefit that a managed security provider can offer is direct access to the developers at the vendor company. This means that they can influence a productís development to ensure that it meets the needs of their clients, and often have more immediate access to details of the threats and upgrades, which they can quickly pass on to their customers.

Another reason for the trend towards working with providers who can manage the organisationís security is the need for an increasingly sophisticated end-to-end approach that covers all aspects of security, from spam and viruses to wireless. As the nature of security threats change many companies are finding that point solutions just donít meet their needs.

Finally, the right partner can help organisations meet industry regulations and ensure compliance. A number of countries and industries now require that companies archive their email, but in many cases these regulations are complex. A partner will bring a deeper understanding of both the legal requirements and the technological implications, and will be able to develop a more effective solution to help the company stay compliant, protecting them from increased costs, or even fines and jail sentences.

But even if a company has the best technology partners, the right anti-spam package and a fully integrated security solution, it still has to manage one area of weakness - its users. All too often, end users unwittingly bring about security breaches by opening virus-carrying emails, downloading infected files and failing to update anti-virus software Ė the list goes on and on. But when it comes to the battle to protect their inboxes from spam, users can also be a valuable asset. It is therefore essential that they are given training and that organisations have policies in place to help users manage spam correctly and, ultimately, reduce the amount of spam they receive.

Spam is a problem, but it is actually one that can be managed effectively. Organisations must make sure that their email management tools are part of a wider security solution Ė and many companies decide to outsource this management to another expert organisation. After all, it only takes one mail to get through, or one mistake from a user, for the damage to be done.

Ten tips for users to help reduce spam

1. Be very careful when giving out your email address: think before you subscribe to newsletters or give out your details on registration forms.

2. When you do have to give out your email address, always look for the option asking if you want to sign up for information from third parties - and say no.

3. Think about who you are giving your details to. You wouldnít give out your home address or phone number to strangers so you must be equally careful with your email address.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th