Use statistical protection to deliver multi-layered e-mail security
Nearly four in every five attacks on enterprise networks target e-mail, according to industry analysts. This astonishing fact is both cause and effect of the major challenges engineers face when trying to design effective e-mail security solutions. A case in point - the latest triple whammy of recent attacks beginning with the Blaster worm has infected 1.4 million computer users worldwide and is still making the rounds. Next came the Nachi worm, which disrupted networks, and thereafter, the SoBig mass-mailing virus which clogs up e-mail boxes with its useless messages.
A major reason for e-mail vulnerability is its popularity. Indeed, in any organization with more than a few employees, e-mail is likely to be the single most common core business application. In larger organizations, especially those with a multi-national presence, e-mail is the most convenient and productive form of communications—one that readily accommodates different time zones and busy schedules for both tethered and mobile workers alike.
Despite the pervasiveness and popularity of this mission-critical application, the e-mail infrastructure continues to have potentially crippling vulnerabilities. Firewalls often do little to protect e-mail and point products for intrusion prevention, anti-virus scanning, spam rejection and other protections have been difficult to deploy, manage and coordinate for e-mail protection specifically. Efforts to integrate the various solutions often fail to achieve a unified barrier of e-mail protection against blended threats and hybrid worms.
Because the piecemeal approach to securing the e-mail infrastructure is incapable of delivering the right combination of price, protection and performance, e-mail continues to remain the number one choice for hackers and other Internet misfits.
E-mail’s chronic vulnerability is now causing some serious business problems. Viruses and other malicious attacks continue to make headlines. Worker productivity is reduced—and employees are potentially offended—by nuisance e-mails and spam. The content of e-mails can now expose a company to privacy violations and civil or criminal liabilities. Trade secrets and other intellectual property can be compromised, either intentionally or inadvertently. And then there are the many new forms of attack making their debut almost daily as hackers try to prove they are smarter than the software engineers building e-mail security solutions. Indeed, many Trojan horses, blended threats and hybrid worms are designed specifically to exploit the weaknesses in particular vendor offerings.
Multi-layered protection with Secure Content Management
The escalating costs of this hole in enterprise network security have created a new industry segment: Secure Content Management. Designers of SCM solutions normally focus their efforts on either the desktop clients or the mail servers. Each approach has its advantages and disadvantages, but neither on its own is able to achieve total protection for a variety of reasons.
Desktop anti-virus solutions are difficult to manage, often fail to detect blended and hybrid threats, and can place an undue burden on users with the constant updates required.
Server-based solutions lower costs dramatically because there are far fewer systems to manage and update. But even with a server-based approach, integrating and coordinating the many layers of protection needed—anti-virus scanning, spam rejection, content filtering and more—can be a costly endeavor. Additionally, designers and administrators prefer not to add more software to e-mail servers for fear of server crashes and the subsequent troubleshooting complexities caused by multiple applications running simultaneously. Therefore, an integrated approach based on predefined processes aids in reducing e-mail infrastructure complexity.
Owing to the limitations inherent to each approach, most organizations today employ a multi-layer combination of client and server-based solutions in a piecemeal collection of task-specific security provisions. Anti-virus scanning serves as a great example of a key advantage of such combinations. But to understand the advantage, a little additional background is warranted.
Hackers know that most enterprise organizations now employ network security. The best and brightest hackers are the ones who attempt to find the weaknesses in specific security products.
In an attempt to stay one step ahead of the hackers, vendors are constantly releasing updates to their products. With a combination of anti-virus products from different vendors, the hacker would need to exploit both layers of security simultaneously—and do it before one or both of the vendors responds to the new threat.
While a multi-layered combination of security provisions invariably affords greater protection, the solution can result in a substantially higher total cost of ownership (TCO).
There are two learning curves to climb. There are two systems to deploy and manage, and two management consoles. And the two consoles are probably unable to coordinate defenses against hybrid or blended threats without a significant integration effort. There are two sets of regular updates and two vendors to contact for support. And if one of the applications is on the client side, the IT organization must deal with all of the additional complications associated with desktop software. Performance can also become a problem because the separate screening technologies must be operated in a serial “AND” fashion—one after another—rather than concurrently in parallel. Yes, two is better than one. But without the right approach, two can cost twice as much—or more.
Now extend these complexities beyond just anti-virus scanning to the many other forms of message security required and it should not be surprising why most enterprise e-mail infrastructures lack the mission-critical protection needed today.
| Use statistical protection to deliver multi-layered e-mail security Page 2 of 2 |
Multi-layered protection with Secure Content Management
The escalating costs of this hole in enterprise network security have created a new industry segment: Secure Content Management. Designers of SCM solutions normally focus their efforts on either the desktop clients or the mail servers. Each approach has its advantages and disadvantages, but neither on its own is able to achieve total protection for a variety of reasons.
Desktop anti-virus solutions are difficult to manage, often fail to detect blended and hybrid threats, and can place an undue burden on users with the constant updates required.
Server-based solutions lower costs dramatically because there are far fewer systems to manage and update. But even with a server-based approach, integrating and coordinating the many layers of protection needed—anti-virus scanning, spam rejection, content filtering and more—can be a costly endeavor. Additionally, designers and administrators prefer not to add more software to e-mail servers for fear of server crashes and the subsequent troubleshooting
complexities caused by multiple applications running simultaneously. Therefore, an integrated approach based on predefined processes aids in reducing e-mail infrastructure complexity.
Owing to the limitations inherent to each approach, most organizations today employ a multi-layer combination of client and server-based solutions in a piecemeal collection of task-specific security provisions. Anti-virus scanning serves as a great example of a key advantage of such combinations. But to understand the advantage, a little additional background is warranted.
Hackers know that most enterprise organizations now employ network security. The best and brightest hackers are the ones who attempt to find the weaknesses in specific security products.
In an attempt to stay one step ahead of the hackers, vendors are constantly releasing updates to their products. With a combination of anti-virus products from different vendors, the hacker would need to exploit both layers of security simultaneously—and do it before one or both of the vendors responds to the new threat.
While a multi-layered combination of security provisions invariably affords greater protection, the solution can result in a substantially higher total cost of ownership (TCO).
There are two learning curves to climb. There are two systems to deploy and manage, and two management consoles. And the two consoles are probably unable to coordinate defenses against hybrid or blended threats without a significant integration effort. There are two sets of regular updates and two vendors to contact for support. And if one of the applications is on the client side, the IT organization must deal with all of the additional complications associated with desktop software. Performance can also become a problem because the separate screening technologies must be operated in a serial “AND” fashion—one after another—rather than concurrently in parallel. Yes, two is better than one. But without the right approach, two can cost twice as much—or more.
Now extend these complexities beyond just anti-virus scanning to the many other forms of message security required and it should not be surprising why most enterprise e-mail infrastructures lack the mission-critical protection needed today.
An Integrated, Multi-Layer Design with Statistical Protection
The challenges that continue to keep e-mail vulnerable have given rise to a new class of SCM appliance designed to integrate multi-layered e-mail security. These systems are purpose-built for protecting the e-mail infrastructure from all forms of attack and misuse. As such, they are easier to implement and operate, and far more cost-effective than the previous alternatives. With this new class of solutions, the enterprise can continue to get best-of-breed protection without the integration, management and support challenges that rendered earlier attempts unsuccessful or unaffordable.
An SCM appliance can be implemented as a Mail Transfer Agent, or MTA. A major advantage of the MTA is its external visibility. With an MTA in place, there is no direct external communications with the internal mail server. Because the MTA is a store-and-forward gateway that sends and receives all e-mail, it shields the mail server(s) from detection and exploit. Many organizations, therefore, currently use simple MTAs as an important layer of e-mail security even when separate security provisions are present. As a “front end” system, the MTA continues to store and forward messages while upgrades and other maintenance operations are performed on the mail server(s). For these reasons and more, the MTA has become a strategic system for the more in-depth, multi-layered security provisions as an SCM appliance.
Five critical design elements are essential to achieving the goal of cost-effective, multi-layered protection on a single platform. The first is an extensible plug-in architecture that integrates multiple forms of e-mail security—anti-virus scanning, spam rejection, content filtering, denial of service defenses, format vetting and more—potentially from best-of-breed partners. The extensible design also allows for integration of additional forms of protection as desired or as more advanced technologies become available, such as those based on sophisticated behavioral or heuristic analyses. To simplify the integration of new capabilities, a set of programming interfaces and a standard methodology are needed. The extensible plug-in architecture is what makes the SCM appliance both a product and a platform for comprehensive e-mail security.
The second design element, known as Statistical Protection, delivers defense-in-depth with concurrent processing of multiple content security provisions. Unlike point products that must be deployed separately, one after another, Statistical Protection makes it possible for an SCM appliance to coordinate the operation of numerous plug-in security engines. The flow of messages can be controlled by special processes, which might route traffic received by a daemon through the shared processes of unencapsulation and decompression, and on to the individual exploit and content filtering processes. The results of the individual scans would then be correlated by the process in an “AND” fashion so that a single positive test for any exploit or misuse causes the message to be blocked from further propagation into, throughout or beyond the enterprise.
The third design requirement of a robust SCM appliance is enterprise-class high performance, ideally in excess of 100,000 messages per hour. Such performance can be readily achieved through combining an efficient design with generous system resources. For example, the operating system can be optimized for peak performance at the Application Layer where most content security provisions operate. The plug-in architecture can efficiently leverage-shared processes to minimize overhead, and each individual module can be finely tuned for maximum performance. The appliance hardware itself completes the performance picture with features like high-speed processors, ample RAM and a fast input/output subsystem.
The fourth design element is intended to prevent the SCM appliance itself from becoming the victim of an attack. The key to this element is a security-hardened operating system that is purpose-built for protection. Unlike other security provisions, an SCM appliance has no need for robust routing features, certain application ports or other networking features. So all of these, each vulnerable to potential exploit, must be stripped away. All other unnecessary features should also be disabled. These very processes and subroutines are what make general-purpose operating systems—designed for servers and not for security—so complex to configure and so vulnerable to attack. What is left is an eminently capable and inherently secure kernel that is able to devote itself 100% to the task at hand: secure content management.
Of course, certain other task-specific features will need to be added, such as a robust front end serving as a hardened point of contact with special buffer overflow and denial of service protections. Such a robust front end is also critical to secure an MTA, and plays a vital role in certain fast rejection and anti-spam defenses.
The fifth design element is a totally secure and fully automatic update capability that minimizes the administrative burden of this routine and often cumbersome task. To keep the many integrated security provisions as current as possible, the vendor(s) would constantly publish software updates on special servers, and make these securely available to the SCM appliances installed at customer sites. Each individual appliance would automatically and regularly (every 15 minutes, for example) check for new updates, and when a new version of software exists, the appliance would download and install it—without any operator intervention. Of course, every update must also be thoroughly tested to ensure dependable operation. Periodically, “roll-ups” to key revision levels might be needed to bring newly installed or recently out-of-service appliances fully and quickly up-to-date. And like everything else about the design of an SCM appliance, the automatic update process needs to be as secure as it is convenient with every update digitally signed to prevent any tampering or man-in-the-middle attacks.
Conclusion
By implementing multi-layered Statistical Protection on a single, purpose-built platform, the SCM appliance is able to overcome the problems that plagued previous e-mail security solutions. To simplify deployment, the appliance can be pre-configured for initial operation. And a straightforward set-up process, optionally guided using step-by-step configuration Wizards, can make the installation both rapid and virtually trouble-free.
But perhaps the most advantageous aspect of an SCM appliance is that its comprehensive, multi-layered set of e-mail security provisions can all be managed from a single console—and potentially supported by a single vendor. Ideally, the console would be implemented as browser-based element management system designed specifically to satisfy the needs of e-mail and security administrators. Consolidation with a minimal number of configuration pages would shorten the learning curve and simplify the administrative tasks involved through a common and unified interface to all secure content management layers.
Statistical Protection on a purpose-built SCM appliance delivers superior security at a lower total cost of ownership. Better protection for less. Perhaps the hacker has finally met its match, and e-mail can at last be made a totally trustworthy application.
Alex Ho is the product marketing manager for Nokia Internet Communications Asia-Pacific.