Vendors Take Aim At SMB E-mail Security

As spammers, hackers and purveyors of spyware and adware go about their nefarious business, it figures that they're likely to go after the weakest link in their targeted networks. It also figures, in a Murphy's Law sort of way, that the weakest link for many SMB companies is the application they most often use.

As these criminals and mischief-makers ramp up their efforts to steal and compromise private information, the most common way they're trying to infiltrate organizations is through e-mail applications. That has created a crisis situation for computer users and the VARs who serve them.

"A lot of companies are telling us that e-mail is by far their most mission-critical application, which it obviously wasn't designed to be," says Tom MacArthur, a principal at Storbase, a Waltham, Mass.-based security VAR. "They're looking for much more hardened carrier-class solutions."

Numerous security watchdogs have released reports in recent months charting the rise in phishing, spam, bot-net, spyware and adware incidents. These practices tend to have a disproportionately negative effect on small and midsize companies that often are less tech-savvy than enterprise users and lack internal IT departments. As a result, they are slower to implement and enforce usage policies.

In many ways, policy is just as important as technology. E-mail security solutions developer St. Bernard Software issued a report this fall saying that SMBs are "leaving themselves vulnerable to security and compliance risks by not having Internet Acceptable Use Policies (AUPs) that address the latest and most dangerous Internet-based threats."

After surveying 500 companies, St. Bernard found four key IT threat areas for which companies frequently lacked written AUPs: spyware, inappropriate surfing, instant messaging and peer-to-peer use. The majority of these organizations also had no perimeter security solutions that could defend against the threats or manage and enforce policies.

Fortunately, help is on the way. During the past few months, a number of vendors have shipped new or updated e-mail security solutions. No one thinks these headaches can be completely eliminated, but through a combination of up-to-date technology and strictly enforced usage policies, the problems can at least be neutralized.

This past fall, for example, Check Point Software introduced Integrity Anti-Spyware, a solution that is integrated into the Check Point Integrity endpoint security solution. The integration simplifies PC-security management by enabling all critical endpoint security functions to be delivered in a single client package and centrally managed from the same server.

Sigaba addresses the issue of outbound content with its SigabaNet Outbound Content Control solution, which offers users more control over information leaving the organization through outbound messaging. The messages get scanned at the gateway using templates of tens of thousands of words, codes and phrases combined with intelligent context analysis.

"There are lots of solutions for security and messaging, but none are secure or complete enough," says Jahan Moreh, Sigaba's chief security architect. "With our solution, security keys are associated with messages instead of with users, and we designed it for use with all messaging applications, not just e-mail."

Also responding to the increased scrutiny of federal regulations is MailFrontier, which also in the fall announced new compliance features for intelligent identification and integrated remediation options to its MailFrontier Gateway solution, specifically for measures such as HIPAA, Sarbanes-Oxley and the Gramm-Leach-Bliley Act, aimed at financial institutions.

Finally, integrated message management vendor Postini recently released the Postini Archive Manager, a secure, managed service that allows the seamless capture, storage, discovery and deletion of e-mail and instant-messaging traffic.