|
BATTLING THE BOTS
By aggregating data on billions of messages and tens of millions of senders, reputation services have emerged to gauge sender intent. The antispam companies can assess, with statistical significance, whether a particular IP address is likely to be sending spam or ham (legitimate messages). Additionally, law enforcement has gotten much more aggressive over the past three years in finding, catching and prosecuting high-volume spammers.
Thus it became important for the bad guys to more effectively mask their intent and stay hidden. This is what drove the interest in and growth of bots as an effective way to mask who they were and what they were doing. The nature of the bot communication makes it very difficult to track the identity of the bot master. The bot masters now have millions of compromised machines at their disposal to deliver spam or launch a denial-of-service attack.
But even bots will be detected and eliminated over time, so the bad guys have tried a different tack, directly attacking legitimate mail servers. If the credentials and passwords of a known good email server can be stolen or acquired via brute force, the spammer has free rein to blast messages until the reputation servers respond by giving that server a bad reputation score.
Spammers are also increasingly compromising free hosting companies and co-opting the built-in SMTP server running on the host to blast messages unfettered until the reputation score of the server is affected. Of course, there is significant collateral damage as the legitimate senders are blacklisted.
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
&#...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
91;IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] OUTBOUND FILTERING
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
Turning the gateway inside out
Spam and other inbound attacks are certainly very high-profile. Turn off your spam filter for an hour or two and you'll realize that. But organizations may be losing a lot more valuable information on the outbound side. Whether it's insiders sending corporate secrets to competitors or their own webmail accounts, or a customer service rep inadvertently sending private data to customers, these are significant corporate and regulatory compliance issues.
Many of the same detection techniques, including content analysis, regular expressions, Bayesian filtering and link analysis, can be used to analyze outgoing email for signs of content leakage. Thus, one of the more popular new functions for email security gateways is to "turn it inside out" and start filtering the outbound mail.
Many large enterprises are investing significant sums in dedicated data leak prevention offerings, but in some cases, the capabilities built into an existing email or Web security gateway may be good enough to stop a large percentage of the information exposure.
--MIKE ROTHMAN
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]
|
 |
|
