CISO Viewpoint: Choosing the Right Anti-Spam Security Solution

There are many technologies /solutions available to control Spam. There is no one technology which is complete solution by itself. With most anti-spam solutions, the key challenge is trying to balance false negatives (missed spams) vs false positives (rejecting good email). This is critical for a successful anti-spam deployment. Each approach has its own associated costs in time and effort.

Spam filtering can be done at the gateway or the client level.  There are options of using outsourced or in-house deployments of anti-spam technology.

The Outsourced deployments are either hosted third party solutions or based on open sourced technology. These are typically low cost solutions, less customizable having few features and are ideal for SMB segment.

For large organizations anti-spam deployment are generally in-house. These deployments are based on either hardware appliance or software based solutions.

(Read more:  Can your SMART TV get hacked?)

Most of the anti-spam solutions will be using a combination of the below technologies to control spam.

  • Detecting spam based on keywords or by statistical means.
  • Checking the repository of black listed domain names, proxy servers and open relays.
  • Addition of Ham passwords in email content
  • Check sum based content filtering
  • DNS based Blacklisting
  • Integrity check by analyzing the mail header.
  • Grey listing of incoming mails from unknown senders.
  • Greeting delay- a deliberate pause introduced by an SMTP server before it sends the SMTP greeting banner to the client.
  • Hybrid Filtering- Assigns numerical scores for each spam test and take appropriate action accordingly.
  • Pattern Detection - This technology monitors a large database of messages worldwide to detect spam patterns.
  • Spam trapping- Embed dummy email ids in HTML source code to identify spam mails.
  • Honeypots- It imitates MTA and TCP/IP proxy servers as open mail relays & open proxy servers to find spam and blacklist the sending DNS.

(Read more:  How to choose your Security / Penetration Testing Vendor?)

Pros and Cons of the different types of available technology / Solutions

  • No single anti-spam technology is complete in itself. There are pros and cons of each approach.
  • Outsourced  solutions are less expensive, easy to maintain but are low on features and difficult to customize. More over the emails get routed to third party filtering engines outside the organization domain. This may pose a security risk in certain cases.
  • In-house deployments of anti-spam technologiesare either based on Hardware appliance or software solution with each having its pros and cons.
  • The hardware appliance technology has certain advantages of being robust, easily maintainable and can be configured to best meet the customer needs.The spams can be filtered before they reach the mailing infrastructure.
  • The disadvantage is that it is costly and the spam would still reach the appliance consuming bandwidth.
  • The software based anti-spam solutions are less expensive, require no hardware infrastructure as most of them can be installed directly on the mail server.
  • The disadvantage is that the mail is not checked until it is at your mail server. This also requires a higher level of maintenance.
  • Many organizations also use open sourceanti-spam engines. It has advantages of cost but is less customizable, low on features and difficult to get support.
  • One needs to carefully understand the pros and cons of anti-spam technology and options before selecting and implementing the same.

(Watch more : How MIT website got hacked despite having any vulnerability ?)

Choosing the right technology

CISO has to understand the challenges of his working environment in absolute detail before selecting the anti-spam technology for his enterprise. Each technology has its pros and cons which need to be understood and then only a proper selection of technology should be made.

It is also desirable that CISO should understand the intricaciesof technologies on offer and confirm the results from other deployments.  CISO should select technology which is Proven, Secure, Accurate, Easy to manage, Flexible and Cost effective.

CISO should be clear about his deployment strategy and should have clear answers to the following options

  • Gateway Vs Client side deployments,
  •  Outsource VsIn-housedeployments and
  • Hardware appliance Vs Software anti-spam solutions

CISO must have a vision whether he would deploy anti-spam technology alone or bundle this with other security products like anti-virus and content filtering. This will have a bearing on the selection of right technology.

It is also important that the impact of the selected technology should be understood and discussed with the business stakeholders for getting their buy-in.

- By Vipin Kumar, Group CIO, Escorts Ltd.

More:  Want to be an author? Nominations open for co-authors of CISO Handbook    



Views: 207

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service