Messaging Security Concerns On the Rise

For better or worse, e-mail security is off to a booming start in 2006, figuring to be a top-of-mind issue for vendors, customers and solution providers all year.

This week, e-mail security vendor Postini released its annual Message Management and Threat Report, which says the increasing use and complexity of e-mail and messaging systems will keep users and systems administrators on their toes as they deal with the "crush" of messaging traffic.

Postini surveyed 615 messaging professionals out found that maintaining security and business continuity are the biggest issues these workers face. The report also found that the percentage of spam as a portion of all traffic remains high--up to 80 percent in numerous cases--yet is actually showing signs of declining in favor of viruses and phishing activity. Still, smaller companies received almost 50 spam e-mails per day per user in 2005, up from 36 in 2004, and four times the number that employees at large companies were sent on average last year.

Postini also reported that more than 2.5 percent of the e-mail messages it processed contained viruses that the company blocked, and that the Sober virus, launched last November, was the largest attack on record, forcing Postini to block more than 1.2 billion viruses in the following 30 days. Phishing also reached record levels in 2005.

Sponsored post

Nearly 90 percent of the survey's respondents expect e-mail volumes to increase in 2006, with 25 percent of them predicting "dramatic" increases.

The attackers are getting particularly brazen. On Wednesday, security vendor F-Secure reported that an unknown hacker had sent out phony e-mails that originated from a non-existent F-Secure employee. The e-mails were not sent from F-Secure's network, but were spoofed to look like they were coming from an F-Secure address. The hacker was posing as an F-Secure researcher ostensibly warning people about a possible problem with their Web browsers, but users who clicked on the link attached to the message would launch a variant of the Breplibot worm. As of press time, F-Secure was working to notify and secure its network.

Fortunately, tools are emerging to combat these problems. Postini reported a nearly ten-fold increase in encrypted messages in 2005; by the end of the year, 22 percent of all inbound messages were being encrypted, and the percentage of outbound encrypted messages had doubled.

At next week's DEMO conference, messaging security vendor LogLogic will introduce enhancements to its Linux-based log-management and intelligence platform for Microsoft Exchange users. And this week, Mirapoint introduced its upgraded RazorGate e-mail security platform, which offers better performance and more storage capacity in a much smaller footprint for prices starting at $4,475. The company also announced that it will soon launch a managed e-mail and e-mail security services partner program targeted at MSPs.

As the use of instant messaging for business tasks increases, so, too, is its threat level. IMLogic's Threat Center recently reported that IM-generated attacks increased by 1,700 percent in 2005.

"We expect that the growth of more sophisticated and damaging threats, the proliferation of new communication channels, and the archiving and compliance demands of new policies and regulations will converge in 2006 to produce a 'tidal wave' of demands that threaten to overwhelm messaging administrators and security managers, said president and CEO Quentin Gallivan in a statement released with the Postini report.

These threats will continue in 2006 as hackers seek to exploit all the new ways they have to infiltrate networks, but Gallivan says the most sought-after solutions will be the ones that allow security professionals to develop archiving strategies while securing new forms of messages and complying with existing regulations.