Content Scanning and Policy ControlBy Michael Meason | Posted 2009-05-19 Email Print
Real-time content scanning and on-the-fly policy creation protect City National Bank & Trust of Oklahoma from both malware and offensive content.
We quickly applied policy-based standards across the board. For example, we set up a policy to block e-mail messages with attached batch, executable and .zip files. We also stopped employees from downloading potentially dangerous files and blocked access to offensive Websites.
Since we have such a high level of granular control, we can apply basic security parameters to everyone and feel secure in knowing that even those with the most Internet access are prevented from accidentally downloading malware, which gives us a reasonable degree of comfort. If we stay current with the policies that control what can and can’t be downloaded and viewed, then we greatly reduce our exposure.
The software also helps us comply with Sarbanes-Oxley. We can sample information to make sure customers’ confidential information, such as credit card numbers, is not leaving the company unencrypted. This gives us some predictability and facilitates our policy-making process.
Furthermore, the software allows us to hone our sensitive information policy to enforce the use of encryption, and it gives us the data to make a strong case to management if we need to implement or change a policy involving encryption. Sometimes, we simply need to retrain a few employees on an existing policy, but in other cases, we need to implement a new policy.
In addition to several layers of anti-virus protection, our system provides better protection against zero-day malware. Occasionally, we receive a zero-day threat for which there are no e-mail anti-virus signatures. When e-mail hits our mail gateway, it is scanned and passed to the MailMarshal server, where it is scanned by anti-virus software. It then hits the MailMarshal content engine, which subjects it to policies we’ve written. Messages that don’t clear a policy are automatically quarantined.
There have been numerous times when anti-virus definitions did not catch a threat, but MailMarshal’s policy engine and content scanning did catch it. This system has seen us through huge virus outbreaks on the Internet in which we’ve been inundated by thousands of malware messages in a day.