(WEB HOST INDUSTRY REVIEW) — According to recent reports, the monthly volume of malware spread via email has increased more than fourfold since the beginning of the year. Worse yet, Trojans accounted for nearly 70 percent of all malware sent by email in April and May.
These findings were presented in the email security report released in June by German email security firm eleven (www.eleven.de). As spam grows more difficult to detect and dangerous when undetected, companies like eleven are fighting a war against an onslaught of sophisticated threats.
Also in June, eleven warned all email users about a new trick seen in some spam campaigns that uses JavaScript to circumvent spam filters. Traditional spam filters search for links to known spam or phishing sites in the email content. This new tactic relies on users a HTML attachment which, when opened, activates a script that redirects the user’s browser to the spammers’ target site via JavaScript instead of being easily found within the email.
A key part in eleven’s efforts to contain such threats is the company’s eXpurgate technology, which detects spam and categorizes emails based on key characteristic of all spam – including its distribution scale. eXpurgate’s “bulk check” technology involves proprietary checksum algorithms that reduce each email to a code made up of just a few bytes that gives no indication of the original content of the email. This code is checked against the codes of other emails, and when similar codes are found often enough, there is a high probability that the email is spam. Other inspection procedures help distinguish spam from more welcome mass mailing, such as a popular Web hosting newsletter.
In an email interview with the WHIR, Sascha Krieger, eleven’s head of corporate communications, explains the importance of managed email security, eleven’s technological approach to security, and its pioneering role in the field of cloud computing.
The WHIR: Not only does it appear that the amount of spam sent to German email accounts is on the rise, but it also seems that the spam is cleverer, and consequently more dangerous. Is email security more important now than ever?
Sascha Krieger: Spam remains at record levels, not just in Germany but worldwide. And we are seeing a spam landscape that seems to be changing at the moment. After a period when spammers went “back to the roots” and relied mainly on short, simple messages, often containing URLs, the trend now is to come up with new tricks again such as using JavaScript redirects embedded in seemingly harmless HTML attachments or advertising different products in one email, such as pharmaceuticals and replica watches. This is just another stage in the permanent arms race between spammers and anti-spam experts in which both sides constantly try to outwit the other. At the same time, the email is still the most important means of business communication and needs to be protected at all times. New spam methods therefore require an extra focus on email security. No company can afford endangering their business-relevant email communication. Ensuring this communication channel is open at all times is therefore the most important task of email security today and a key element of any company’s IT security strategy.
WHIR: In terms of both cost and effectiveness, what advantages are there for businesses choosing an outsourced email security model?
SK: The advantages of managed email security lie in its nature: checking, filtering and rejecting unwanted as well as dangerous email before it even reaches the company’s infrastructures. This increases security because malware that never reaches the company infrastructure cannot do any damage there. In addition, the load on the email infrastructure is drastically reduced; spam waves and denial of service attacks cannot overload the email infrastructure and thus cause the email communication to collapse. On the other hand, outsourcing the email security means that there are no further investments in hardware to cope with rising spam levels, there is no administration effort required so that costs can permanently be curbed and often lowered. As a rule, managed email security combines increased protection with optimized cost-efficiency.
WHIR: According to a recent survey of more than 500 IT managers at German companies carried out by eleven, companies rated the spam detection rate and the false positive rate as being the two critical factors in choosing an email security solution. How does eleven strive to deliver on these two accounts?
SK: Eleven’s unique and proprietary technology was conceived to deliver maximum results especially in these two areas. By focusing on the key characteristic of all spam – its distribution via mass mailings – as the central checking and filtering criterion, eleven’s eXpurgate technology can detect spam with a very high level of reliability – independent of its content, its language or whether it is a known or new campaign. At the same time, focusing on the mass email criterion means that individual messages and thus all important business-relevant email communication are no longer at risk of being wrongly categorized as spam. Thus eleven’s technological approach is specifically geared to provide optimum results on these two counts.
WHIR: Can you explain the significance of eleven winning the Association of the German Internet Industry’s eco-award for its eXpurgate Managed Service award in the “Cloud computing” category?
SK: Cloud computing is a relatively new term but the underlying idea is much older. As far back as 2003, eleven started delivering integrated email security as a managed service to offer ISPs, web hosters, carriers and companies of all sizes a cost-efficient means to protect their email infrastructure against the increasing threats rising from the growing popularity and importance of email as a key tool in private as well as business communication. The award is as much an appreciation of eleven’s pioneering role in the field of cloud computing as it is a signal of the potential outsourcing solutions offer particularly in the field of email security.
