April 2010 IT Business Consulting Newsletter

Got Spam?

Eradicate Spam and Email Viruses BEFORE they get to Your Environment!

By Tom K

Last month’s newsletter "Protect Your Company from Viruses and Malware with Enterprise Anti Virus Systems" discussed centrally protecting your PCs and Servers with Enterprise Class Anti Virus (AV) software. This should actually be your LAST line of defense. In a properly layered defense system, we expect to eradicate most of the nasties well before they get to your desktops.

So, in this month’s newsletter I discuss Enterprise Email Anti Virus and Anti Spam systems. Most infections arrive via email and Spam, so it is imperative that you protect your environment from these with a dedicated defense system located well before your desktops. To help you win this security battle, I’ll discuss a few different methods, and then offer recommendations.

How pervasive is the problem?

You can read statistics everywhere on the web, indicating that 80% to 98% of all mail traffic traversing the Internet is infected or is Spam. I can offer you real numbers based on my experiences managing an AV/ Spam filter that handled email for about 100 companies (1000 mailboxes) in the Vacation Rental industry. The device typically processed around 200,000 emails/day, of which 94% (188,000) was Spam, 3% (6,000) was infected, and 3% (6,000) was delivered as valid email. Averaging this out, we see numbers that you may be able to relate to… an unprotected company with 20 mailboxes would have to sift through 3760 Spam emails to read their 120 valid emails, and they would have to fend off 120 Virus infected emails EVERY DAY.

So, how do we eradicate these threats?

Since email viruses and Spam are sent through the same delivery system, the systems used to thwart these threats are similarly deployed and are now most often included in a single package.

If you outsource your email systems, you should speak with your mail provider to ensure that they have taken responsibility for email AV and Spam. If you host your company’s email internally, there are several methods currently in play, most of which we do not recommend.

Solutions we don’t recommend for most of our clients:

Desktop Solutions: The enterprise desktop AV solutions previously recommended all have email virus components that should be used, but as a last line of defense. You really don’t want your desktop AV to have to handle every piece of malware destined for your enterprise. Most mail clients have some level of Spam filtering included, (i.e. Outlook’s Junk Mail folder) and end users are welcome to use this, but there is no enterprise control… and remember – you should NEVER rely on end users to protect your resources!

Mail Server Solutions: There are email Anti Virus and Anti Spam software packages that load directly on your mail server. While often effective, these packages require care and feeding (skilled staff resources), consume resources on your mail server (affecting performance), and allow all the garbage mentioned above to pass through your Internet circuit, consuming your very valuable (and finite) Internet Bandwidth. Moderate capital cost plus annual operating costs for subscriptions.

Firewall Solutions: Many firewall vendors promote running AV and Anti Spam packages on their devices. This is very similar to the Mail Server solution (skilled staff, performance, and Internet response issues), just on a different box in your environment. To counter the significant consumption of resources on the firewall which could further impact your company’s Internet responsiveness, most vendors offer hardware enhancement upgrades at additional cost. Moderate capital cost plus annual operating costs for subscriptions.

Internal Appliances: There are software packages available that load on a dedicated server, as well as complete systems packaged with software pre-installed on a server, either of which lives on your internal network. As the device is dedicated to one function, it is considered an “appliance”. This solution is also similar to the Mail Server solution, except it does not consume resources from any other key network component. These appliances usually run quite well (especially the complete systems), as they are built and scaled for a specific purpose. This solution still has the downside of requiring skilled staff to manage it, and allowing all the garbage it will eventually kill to consume your Internet Bandwidth. Relatively high capital cost plus annual operating costs for subscriptions.

The Recommended Solution:

Outsourced Managed Services: The best solution we’ve found is to contract with a reputable company that focuses on providing managed email Anti Virus and Anti Spam filtering as a core service offering. These companies utilize devices that live in “the Cloud” on the Internet. They intercept all of your mail and process out the bad before it gets to your Internet circuit, forwarding only the good email to your mail server.

The Outsourced Managed Service solution mitigates all of the concerns mentioned in the non-recommended solutions. No internal hardware resources or staffing resources are consumed, and all the garbage is removed before it gets to your Internet circuit. Costs vary among providers, as do the pricing models, but ballpark costs are typically going to be around $2/mailbox/mo.

Since email is such a critical resource to your business, we recommend you take care in selecting your Anti Virus/Anti Spam provider!

Things to look for in a provider include:

  • Is this a core service of their business?
  • Do they have fully redundant systems?
  • Do they have skilled staff dedicated to managing and monitoring their devices 24x7?
  • How responsive are their support teams?
  • What is their support policy, how good is their support, and is their call center in the USA?

Things to look for in the service offering include:

  • Is there “near zero” latency (delay) in processing your emails?
  • Can special rules be set up specifically for your mail domain?
  • How intuitive is the user’s interface?
  • What is the pricing model and what are your monthly/annual costs?

While we do not make specific product recommendations in our newsletters, a good place to start researching the various vendors is "SpamHelp.org’s Managed Anti-Spam Services list."

You will note that there has been a lot of consolidation in this space. Symantec purchased BrightMail and uses it as their core Managed AV/ Anti-Spam engine. They also purchased Message Labs, and now use that brand to market their managed services. McAfee has purchased MX Logic, which forms the core of their managed service offering. Postini, another of the notable early providers, is now owned by Google.

If you have questions or comments concerning this article, or the available vendors, I’d be happy to discuss them with you at your convenience. Feel free to contact me at TomK@TomKConsulting.com, or via my cell 443.310.5110.

Next month I will continue with the next layer of protection, discussing methods that will allow you to provide enterprise control and management of Microsoft Updates. Security holes in Microsoft products are a huge issue, and you need to be sure they are properly addressed on all of your devices. A free product (and a reasonable amount of maintenance) will provide you with the necessary level of control.
See "Centrally Manage Microsoft Updates Across Your Enterprise… For Free!"