E-mail gains new armor against spam, virus attacks

20.11.2004
Von Cathleen Moore

Enterprises seeking relief from the rising volume of spam and viruses got more help this week as several vendors rolled out tools and services designed to thwart e-mail-based attacks.

To that end, MailFrontier Inc. this week introduced Version 3.5 of its MailFrontier Gateway product line, featuring new Time Zero technology that aims to block viruses when they first hit the network. The MailFrontier Gateway lineup also fights spam and phishing.

A big challenge facing enterprises is the gap of 4 to 24 hours between when a virus breaks out, typically called time zero, to when anti-virus vendors have a signature available to block the virus, said Gleb Budman, senior director of product management and business development at MailFrontier .

"Once in place the signatures work well, but the problem is that (enterprises) are open and unprotected during that whole stretch," he said.

The Time Zero technology uses a combination of predictive techniques, tapping statistics, and heuristics to identify suspicious attachments; responsive efforts to block suspicious e-mail messages; and a set of virus signatures form partner vendors McAfee Inc. and Kaspersky Labs Ltd. Another new partner, Avinti Inc., offers additional anti-virus protection with a virtual machine technology.

Also new in Version 3.5 of MailFrontier is enhanced core anti-spam functionality with Sender ID support and MailFrontier Reputation, which evaluate messages for spam content. In addition, the MailFrontier Bayesian Fraud Filter is bolstered to improve accuracy against phishing e-mails.

Meanwhile, IronPort Systems Inc. this week updated its Reputation Filters anti-spam technology to allow ISPs to stop spam from originating in their networks. The second generation of IronPort"s Reputation Filters combines the company"s rate limiting capability with real-time analysis of global e-mail traffic patterns, IronPort officials said. The offering lets ISPs identify computer "zombies" that are used to send spam and limit or block the PCs that are sending spam. The offering is powered by IronPort"s SenderBase e-mail traffic-monitoring network.

Also this week, Symantec Corp. and MX Logic Inc. teamed up to create a managed e-mail security service designed to secure messages at the network perimeter and detect spam. The service will integrate Symantec Brightmail AntiSpam 6.0 with the MX Logic Email Defense Service. Brightmail AntiSpam 6.0 fights spam with statistical filtering, reputation analysis, heuristics, URL filters, and a network of spam traps. MX Logic"s Stacked Classification Framework is a multilayered spam detection system that can block spam and lower false positives with an end-user quarantine system, according to company officials.

The combined offering, dubbed the MX Logic Email Defense Service with Symantec Brightmail AntiSpam 6.0, is available in two packages: MX Critical Defense and MX Ultimate Defense. Both packages include e-mail attack protection, fraud protection, content and attachment filtering, virus scanning, inbound message filtering, and threat quarantine, officials said. The MX Ultimate service also includes outbound message filtering and the MX Logic FailSafe Disaster Recovery Service.