Options available for securing Enterprise Email


This article provides an overview of the various options available for securing enterprise email communications like anti-spam, anti-virus, zero-hour anti-virus, content policies, outbound email attachment scanning for DLP, email encryption, confidential data leakage protection and protection for web-based confidential data leakage (through http and ftp) for organizations.

Email security for enterprise companies can be achieved in a variety of ways – through a dedicated email security appliance, shared email security appliance, hosted on-demand (managed) email security or software based email security servers. The email security can also be a part of UTM (Unified Threat Management) solutions for smaller companies. The advantage of having a unified email security approach is that the following options for email security can be enforced at the gateway level with a single scan for individual email messages for all the below options.

Anti-Spam: Spam messages (especially the automated ones) are a point of concern for any organization. So, this is one of the primary offerings of email security. Some vendors use reputation based email spam detection where they maintain large databases of spamming email and IP addresses and quarantine incoming mails based on this list and some vendors use pattern analysis algorithms which check for structural and content attributes based on spamming methodologies analysed previously like SMTP rate control, MX record verification, image spam analysis, pornographic spam analysis etc. to identify and stop spam at the gateway level. Most of the bigger vendors use both the above techniques. Some vendors also do out-bound spam analysis and verification to prevent botnets (which are automated programs) sitting in your network and sending spam outside. There is a user level notification of spam messages/ management. The only concern for companies are the false positives – which may identify a normal message as spam.

Anti-Virus and Zero-Hour Anti-Virus: Gateway level antivirus scans all the incoming mails for any known viruses (through available signatures that keep updating regularly). This is different from PC based anti-virus. So, the mails are scanned, and if any virus is found, it is cleaned and sent to the user. If it is not possible to immediately remedy the virus, the message is held for quarantine, user is intimated and it is sent after a signature is received for that virus. Since most of the damage is done by viruses before a signature is produced for the attack, zero hour antivirus scans the message for any possibilities of a virus through pattern analysis and similarities with known viruses and any such positives are held at the gateway level until signatures are made available for them.

Content Policies: This module defines and enforces acceptable user policies for message content and attachments. Some examples include enforcing maximum message limit, allowable attachment types, maximum number of recipients/ attachments etc. for emails. Custom footer messages and disclaimers can be added automatically for all outgoing emails, if desired. An in-built offensive language dictionary can be used to monitor the mails for the usage of abusive or offensive language inside the organization or for outbound mails. Custom dictionaries can be created with additional keywords to be monitored.

Outbound Files/Attachment Scanning (DLP): Data Leakage Prevention is a concern for organization dealing with a lot of intellectual property/ financial information etc. So, this module can analyse and classify the confidential documents (which is generally intimated by the user through a special email address or set by the administrator) and continuously monitor for such classified information (either in full or part) in the outbound message stream and blocks any mails containing such information. Such messages can be held back with an intimation to the user or manager for appropriate review. A lot of file types including zip files etc. can be scanned to prevent intellectual property theft through the corporate email.

Confidential Information Leakage protection: There are certain confidential information like social security numbers, credit card numbers or health care information that can be sent out through a corporate email for nefarious purposes. So, this module identifies and prevents the leakage of such sensitive information like PHI – Personal health information or PFI – Personal financial information either through plain text or in an attachment. This is especially useful if an organization is required to comply for regulations like the HIPAA for health care segment etc. The identification is done based on NPI (Non Public Information) directories as well as common information identifier directories where the patterns for such information (like number of characters and theĀ  starting digit for identifying credit card numbers, for example) are stored. Custom information like customer specific records, billing codes, account numbers, etc. can also be included.

Email Encryption: Encryption and decryption can be centrally managed at the gateway level for important emails that are either specified by users to be encrypted or automatically required to be encrypted (based on structural data matches for health care, financial information, confidential information, previously defined keywords, message origin/ destination etc. When the receiver receives the email, they may need to authenticate via email answer back, LDAP/AD based authentication, PKI smart card authentication, user name/ password etc. to receive the decryption keys.

Web based Confidential data leakage monitoring: The policies for SMTP based email (described above) can also be applied for http based email (like gmail, hotmail etc), http based communications (like message boards, blogs, file storage sites etc) and ftp based communications. This module generally monitors for web based traffic (provided this appliance is set as the default gateway for internet traffic) and works in conjunction with email security appliance for all the security modules described above to be applied for web based applications. In this case, only monitoring and reporting is possible and data leakage cannot be stopped.

excITingIP.com

You could stay up to date on the various computer networking technologies by subscribing to this blog with your email address in the sidebar box mentioned as “Get email updates when new articles are published”