A Stringent E-mail PolicyBy Michael Meason | Posted 2009-05-19 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Real-time content scanning and on-the-fly policy creation protect City National Bank & Trust of Oklahoma from both malware and offensive content.
A Stringent E-mail Policy
Our e-mail usage policy is stringent. For an employee to have external e-mail access, it must be business-justified. This leaves 60 percent of our employees with internal-only e-mail privileges, which presents a problem for those who need to get information and electronic statements about their retirement funds and 401(k) accounts by e-mail under our benefits plan.
We can now provide this access to individuals without extending full external e-mail rights. To do this, we simply modify the header to direct approved incoming e-mail messages to specific employees. This is a good example of how we can create situation-by-situation policies without compromising our security standards.
In addition, we can also organize messages into a Microsoft SQL Server to archive e-mail according to our retention policy. In the past, we didn’t have a way to archive e-mail, and the typical answer to the problem was to purchase separate solutions for content filtering, encryption and e-mail archiving.
While MailMarshal SMTP sits on the edge of our network and catches everything going in and out, MailMarshal Exchange takes care of e-mail circulating internally. It includes all the content filtering and policy-making capabilities of MailMarshal at the Microsoft Exchange server level. This allows us to employ stringent policies on internal e-mail to avoid disruption, enforce acceptable use policies and archive internal communications in the event of an employee dispute.
Watching the Web
The main reason we chose WebMarshal was because it produced what we believe is the best on-the-fly Website categorization that we could find. For example, if an employee accesses a Website that hasn’t been classified as pornographic, the software scans all the content on the site and looks for characteristics that would indicate it is pornographic. If the site has those characteristics, access is blocked immediately, and the site is blacklisted.
However, we have the ability to verify the content and release the Website if it turns out to be a legitimate site. Most of the other products we considered were controlling access with blacklists only, which is extremely time- and labor-intensive and cannot keep up with the thousands of new sites being added daily. Real-time content scanning has also been effective in identifying and blocking zero-day sites with offensive content.
Since installing the Marshal system, we have doubled our number of users, quadrupled our sites and gone from receiving a few thousand e-mail messages a day to five million messages a month. Because it’s a centralized system, we can easily extend Web and internal and external e-mail protection to our new branches and implement security policies that protect our entire organization from one centralized management console.
The ability to filter content in real time at the e-mail and Web gateway, as well as to set and change granular security policies on the fly, provides us with unprecedented security. When we go home at night, we can sleep knowing that the policies we set up are protecting our network, employees, customers and the company as a whole.