Antispam technologies have become commoditized with most vendors offering up a mixed cocktail of techniques to filter out unwanted email and identify and block incoming messages containing malicious code.
"It's difficult to tell one vendor from another," said Chenxi Wang, principal analyst at Cambridge, Mass.-based Forrester Research Inc. "Every one of them have a 96% to 98% detection rate and there really isn't a new technology anymore."
Since the Lovebug virus flooded email inboxes 10 years ago this week, email filtering technology has moved for the most part to the cloud. The Lovebug took only a few days to infect 50 million computers and wreak havoc on important program files. Cybercriminals have turned to botnets to send hoards of unwanted messages. Spam consistently accounts for about 90% of all email sent, making email filtering capabilities essential to enterprises. Much of the email containing malicious attachments is caught by email filtering service providers. While spearphishing and other email tactics remain a major problem, attackers, for the most part, have turned to Web-based attacks.
Wang, who evaluated email filtering providers last year for the Forrester Wave, found most vendors offering similar features that include email reputation, content filtering and policy management. The vendors that stand out offer good email archiving, encryption and e-discovery capabilities, she said. Most enterprises can pick and choose a cloud-based service provider without worrying about integration issues, Wang said.
MAAWG documents spam statistics stalemate: Spam volume remains steady at about 90%, according to spam statistics from industry group.
Spam Blockers Losing Ground on Sophisticated Attackers: Spam hasn't been "solved"; in fact, the scourge has grown worse as attackers continually trump countermeasures and refine their focus on high-value targets.
"Email security is something that doesn't have to be part of the standardization effort that is being done across the IT organization," Wang said. "It can be done fairly separately. What you're doing is simply employing an in the cloud email relay and that relay is fairly easy to set up and get operational."
Ultimately, the suite vendors, consisting of Symantec Corp., McAfee Inc., and Microsoft offer discounts to current customers who use both enterprise desktop antivirus, hosted email filtering and other services. Wang's evaluation found Symantec-MessageLabs in the leaders category with McAfee-Secure Computing, Cisco Systems Inc., which sells both IronPort email security appliances and offers a hybrid or hosted model, Microsoft, which offers a hosted service for Exchange, Websense Inc., Google-Postini and M86 Security.
Fred Touchette, a senior security analyst at Gulf Breeze, Fla.-based email and Web security vendor AppRiver LLC said the economy over the last year and a half has forced some companies to outsource email filtering capabilities.
"Cost is the issue that people are looking at nowadays," Touchette said. "We've had a huge uptick after the big financial crisis from people who often can't afford to have a full time IT staff."
Touchette said the company's customers like that a team is constantly working to apply signatures to filter out malware laden email messages. In addition to AppRiver's proprietary antispam engines, the company uses engines from ESET LLC, Norman ASA and others to provide layered coverage. The vendor does encryption and archiving in addition to supporting Microsoft's Hosted Exchange, and is planning to offer Web filtering, he said.
"A major benefit of software-as-a-service is that we're right in line and can write a signature to block a large campaign and have it in place almost immediately," Touchette said. When you're client-based, you have to wait for definitions to be pushed down."
Email filtering has entered a level of maturity in that it hasn't changed that much in the last several years, said Paul Fletcher, chief software architect of Symantec Hosted Services.
Vendors use heuristics rules that score messages against a rule set to calculate an email message's likelihood of being spam. Bayseian analysis is also still being used to look for statistical patterns to create a probability that a message is spam based on tokens or other characteristics within the message. The use of smart signatures and dynamic header analysis are also used to trip up spammers, Fletcher said. Fletcher, who was involved in designing the MessageLabs services in 1999, said vendors with a wider scope are wrapping in threat intelligence to improve detection capabilities.
"It's not just a single filter because a spammer will figure out really quickly how to get around a single filter," Fletcher said. "The trick is to use the really fast techniques that can eliminate vast proportions of the mail with minimal processing and use the harder techniques lower down the funnel when there's less material to step on to maximize the resource utilization."