E-Mail Security: Filtering Garbage Out, Keeping Secrets In

There’s traditionally been a bunker mentality among the people who secure e-mail. It’s us against them, an unseen enemy flinging viruses and spam—little digital grenades that could blow a hole in the CEO’s inbox.

Companies still need to have shields to block those Net threats, which continue to evolve in devious ways. Spending in this area, in fact, is expected to zoom: The worldwide market for e-mail security products is estimated to grow from $3.5 billion in 2006 to more than $6 billion in 2010, says research firm The Radicati Group.

And the underlying problems aren’t going away. The number of software vulnerabilities—flaws that could be used to compromise an organization’s security measures—reported to the CERT Coordination Center was on pace to exceed 7,000 in 2006, compared with 5,990 in 2005.

But now, security managers are looking more closely at the flip side of the e-mail equation: how to minimize the risks of losing precious data, such as customer records, out the virtual front door.

Safeguard Outbound Records

These days, Brandon J. Meyers, manager of networking and communications for Cooper Industries, believes his five-member team has a pretty good strategy for holding down the fort against viruses and spam.

The Houston-based $4.7 billion manufacturer of electrical products and tools operates about 60 Microsoft Exchange e-mail servers around the globe to serve its 29,000 employees. Those have been consolidated into three regionalized server clusters reflecting global operations.

Each e-mail server cluster has a double layer of protection. In the network, Cooper Industries has two redundant appliances from IronPort Systems that scan for unwanted e-mail and quarantine likely viruses and spam.

On the e-mail servers themselves, the company runs the Antigen virus- and spam-filtering package from Microsoft’s Sybari Software division. Cooper Industries has configured Antigen to scan for self-propagating e-mails, to eradicate them before they even get to someone’s mailbox.

The two systems, according to Meyers, practically run themselves. “They’ve been hands-off to date,” he says. “It’s a huge weight off our shoulders from a security perspective.”

So, he has turned his attention to a new security problem: making sure somebody isn’t taking Cooper Industries’ sensitive information and e-mailing it to an accomplice outside.

The problem of accidental—or intentional—breaches of what is supposed to be private data has exploded into public view in recent years. The most closely followed disclosures involve personal information: According to the nonprofit Privacy Rights Clearinghouse, businesses and government agencies have improperly exposed more than 98 million records on U.S. residents between February 2005 and December 2006.

The tricky part of this new technology: How does a piece of software know what constitutes “sensitive” data?

Cooper Industries conducted a test with Fidelis Security Systems, a Bethesda, Md.-based provider of “extrusion” (as opposed to intrusion) prevention software that scans outbound communications to identify certain patterns. Meyers and his team built some “intellectual property signatures” that were specific to Cooper Industries. For example, one such signature looked for certain kinds of computer-aided design (CAD) files, which would likely contain proprietary product plans.

“If there is a scenario where there will be legal action—where we see our proprietary information having leaked out—that’s the case for any organization to do this type of scanning,” Meyers explains.

Next page: Give Antivirus a Booster Shot