/vnd/media/agency_attachments/bGjnvN2ncYDdhj74yP9p.png)
On any given day, email users across the world receive hundreds of spam and
junk mails that eat into precious bandwidth and make for difficult management.
While many enterprises go for spam filters and blocking of unsolicited emails,
the problem continues as spam definitions keep changing and newer threat
scenarios keep emerging. Says Amuleek Bijral, country manager, RSA, “Security
threats manifest in various forms-viruses, worms, trojans, network hacks, data
loss, improper access control, phishing, social engineering, etc. Some of these
threats are easy to tackle, while some others are getting increasingly difficult
to address.”
The magnanimity of the problem becomes quite evident as a 2006 study by the
Radicati Group estimated that spam constituted 70% of the total worldwide
messaging traffic, and this figure is expected to increase to 79% by 2010. The
total number of messages circulating worldwide is projected to be 442 bn, with
351 bn as spam.
“Spam volumes are growing faster than expected due to the success of
image-based spam in bypassing anti-spam filters and of email sender identity
spoofing in getting higher response rates,” says Mark Levitt, program vice
president for IDC's Collaborative Computing and Enterprise Workplace Research.
IDC estimates that the size of business email volumes sent annually worldwide in
2007 was close to five exabytes, nearly doubling the amount over the past two
years.
/vnd/media/post_attachments/e0cc20eff2d132799144cc0a1bd16616b96703862edacd2ff31b5a4e0e35b564.jpg)
Says Niraj Kaushik, country manager, Trend Micro, India and Saarc, “Spam has
rapidly changed from a mere nuisance to a major security threat and financial
drain for organizations worldwide, as they attempt to stem the flood of
unsolicited bulk email while ensuring that legitimate correspondence is
delivered correctly. Earlier, spam was relatively easy to block through the use
of blacklists or basic content filtering techniques. But now, spamming methods
have advanced to a point that these technologies are no longer sufficient or
cost-effective.”
Security Concerns
The financial costs associated with spam are large and growing by every
passing day. Spam leads to loss of employee productivity due to time spent
managing their inboxes and junk email folders, requiring employees to delete
spam and block senders. What makes things unmanageable for businesses is that a
large volume of spam enters the company's networks, thereby choking mail servers
and occupying expensive space in email quarantines and storage archives.
Deliberating on the threat spam poses, Niraj Kaushik, country manager, Trend
Micro, India and Saarc, says: “The inundation of spam results in reduced
bandwidth, slower email delivery, and higher storage costs. To make matters
worse, spam is often a mechanism used to carry viruses, malware, and numerous
other security threats that can compromise sensitive information, damage the
network, and increase cost in terms of network downtimes and repairs to infected
systems. Finally, there is the challenge of successfully blocking spam while at
the same time avoiding the accidental deletion of valuable business emails.”
/vnd/media/post_attachments/9cb9dbd615a4e6660b83799f7385b85d4928b8b735924700c84ad8830acff92d.jpg)
Organizations are struggling to manage spam, which is considered one of the
major security threats, because of the absence of a comprehensive security
strategy. When we speak of spam, it directly impacts the end-point security. In
the whole security chain, end-points play a critical role in safeguarding
enterprise data. Says Vishal Dhupar, MD, Symantec India: “The need for a
well-managed infrastructure, specifically around endpoint security, is a key
component of a security strategy. Proper security precautions must be put in
place to protect the growing number of endpoints-from servers and PCs to laptops
and mobile phones-regularly accessed and utilized by today's highly mobile
workforce.”
As the threat landscape has evolved beyond viruses and worms, customers now
require a more comprehensive endpoint solution that combines anti-virus, anti-spyware,
firewall, intrusion prevention, and device and application control in a way that
is more easily manageable. Experts say that given these dynamics, it is not
surprising that security strategies have evolved within organizations to become
more strategic, more expensive, and more complex.
|
|
|
| “Security has to be multi-layered with unified threat management with firewall, intrusion preventions, anti-virus, and content filtering”
Rahul Gupta, MD, |
“The need for a well-managed infrastructure, specifically around endpoint security, is a key component of a security strategy” Vishal Dhupar, MD, |
/vnd/media/post_attachments/7b45cf24a3501fa26e65e248d64e20ae2753a6db78c38ef226bd32046563e7e4.jpg)
/vnd/media/post_attachments/e40dc4a687b273139dc8ddf7bb4d807a91b69fe78a8ea2518a9fdbc278ae6c52.jpg)
Security is no longer just an IT function, but touches every aspect of the
business. A September 2007 publication by Goldman Sachs states that the top
three drivers of enterprise security spend were IT policy compliance, data loss
prevention, and endpoint protection. These are significant challenges in
themselves and are highly interrelated, as they touch every aspect of the
business.
Gone are the days of hacking for “fifteen minutes of fame”. Today, hacking is
a professional crime for financial benefits. Reflecting on this, Bhaskar
Bakthavatsalu, country manager, Sales, Check Point Software Technologies India
and Saarc, says: “The increase of worldwide Internet usage and the 'always-on'
connections have actually opened more corridors for security threats. Hackers
constantly uncover and exploit network vulnerabilities and don't wait for
upgrades. There is always a lag between the availability and installation, and
the new protections that the upgrades offer. This is precisely what hackers
exploit.”
What's the Solution?
The fundamental issue that enterprises face today is that of unplanned
expansion and the so-called good enough fragmented security solution. “Siloed”
between departments and absence of a central control is an increasing concern.
This has resulted in many chinks in the security infrastructure and is being
exploited by unscrupulous elements for financial gains.
To overcome security challenges like spam, a comprehensive security policy is
needed which is proactive rather than reactive. Says Bakthavatsalu: “It is vital
to ensure that the security strategy is seen as a business enabler not a
disabler. It is important to understand that even the smallest of business
changes may possibly throw open a wide array of security vulnerabilities for the
organization.”
/vnd/media/post_attachments/fdda51faea781e977640e796c62649fcac016d5122dbaaf87cd18e9b37aa39e8.jpg) |
|
|
| “The increase of worldwide Internet usage and the 'always-on' con-nections has actually opened more corridors for security threats”
|
“The best approach to pre-venting the major-ity of today's spam from entering an organization is to block it at the perimeter, before it even enters the gateway” Niraj Kaushik, country manager, Trend |
“Security threats manifest in various forms. Some of these threats are easy to tackle while some are getting increasingly difficult to address”
Amuleek Bijral, |
/vnd/media/post_attachments/08b87c7bd54e24b5717730e69288ea03e2cf849f67541e7c47dbd1983fd8ec9d.jpg)
/vnd/media/post_attachments/5877e0e035372b49db1d8a300b796243c865eabdfc102bdaeff22322c45db6c9.jpg)
When we talk about a proactive security, what it means is that a security
strategy in its ambit must encompass all the threat scenarios and should
function in a complementary way. Says Rahul Gupta, MD, Xserve India: “Security
has to be multi-layered with unified threat management with firewall, intrusion
preventions, anti-virus, and content filtering.” Clearly, the panacea lies in an
effective strategy, and hence a strategy that is information centric and focuses
on the risks involved would be very effective in addressing various threats that
any organization faces today. For effective implementation of this strategy, it
also needs to be repeatable.
Says Bakthavatsalu: “For any enterprise, it is pertinent to have synergetic
value between its business and security strategies. To avoid discord between
these strategies, the head of information security needs to keep up with
different strategies of the organization and its various departments. Any major
changes to the security strategy need to have a top down approach with support
from all key stakeholders and needs to be communicated across the enterprise.”
The impact of spam is multi-dimensional. It cannot be treated in isolation
and it needs to be enmeshed with the security policy. Based on the threat
perception and the levels of protection, enterprises need to go in for solutions
that best work for them. A lot of user education also goes in creating a spam
free enterprise.
Shrikanth G
shrikanthg@cybermedia.co.in