Secure Edge Messaging Appliances with Embedded LDAP Maximize Protection Against Mail Volume and Threats

It’s no wonder that email is such a big thorn in IT's side. Mail volume doubles every six to nine months; an astonishing 80-90 percent of it unwanted and/or abusive. Four hundred and fifty new viruses attack companies every month. Eighty-five percent of abusive mail is sent by a zombie computer, with 500,000 new zombies launched daily according to Commtouch. Directory Harvest Attacks (DHAs), meanwhile, are increasing by as much as 30 percent annually. Not surprisingly, managing email and email security is getting more complex and more costly. Or is it?

The typical organization uses messaging software that runs on dedicated servers. In companies that use anti-virus and anti-spam software, IT managers often spend hours or days trying to get email server and email security software to work together. Upgrades are incremental and expensive and can cause server-to-server and other incompatibilities that disrupt email service. To continue protecting the growing message volume, companies must add new servers regularly in a virtually endless cycle of budget-and-build.

More importantly perhaps, standalone email security taxes bandwidth and does not provide adequate protection. Typically, email security is architected as a separate layer in front of the messaging firewall. While this method simplifies deployment, it often requires additional connections through the firewall, which can burden the messaging infrastructure with unanticipated load and vulnerabilities. In this architecture, recipient validation and per-recipient policy enforcement requires reaching through the firewall to directly query the corporate directory. Thus a breach in email security would leave organizations vulnerable to theft of user IDs and passwords and even HR and financial data.

Every surge in email traffic from spam or virus attacks places load demands on the corporate firewall and corporate directory. This in turn causes a loss in quality of service of the corporate network and mission-critical applications that depend on the corporate directory. In the worst case, if the directory is not sized to handle email traffic spikes, a spam attack could halt user access to valuable internal applications such as a CRM program.

To maintain quality of service, companies must continually add capacity to the corporate directory, firewall and other network components to accommodate the ever-increasing volume of spam. Or they can find an alternative architecture.

Figure 1: Traditional platform; recipient checking behind the firewall compromises network security and bandwidth

Integrated Protection at the Edge

Appliances that integrate messaging and security make better sense, according to IDC. (Read the IDC whitepaper “Messaging Solutions with ‘Baked In’ Security Delivers for IT and Messaging Users.”) A secure appliance is inexpensive, requires minimal administration, and blocks up to 80 percent of unwanted email at the firewall, reserving network bandwidth for email you do want. All essential messaging and security features are combined in a single box—from antivirus and anti-spam protection to integrated LDAP for recipient verification at the edge, to reputation filtering and user policy controls. Finally, appliance system upgrades can be made locally without removing the appliance, with no risk of incompatibility because security and messaging features reside on one platform.

Reputation filters add another layer of protection. Most reputation filters are a global one-size-fits-all, allowing for little or no customization to bar unwanted traffic from entering the network. But many organizations find these static filters impractical. Flexible reputation filters, on the other hand, not only take into account the sender’s reputation, but also the recipient’s level of sensitivity to missing a legitimate message that may have come from a sender with a bad reputation.

Flexible reputation filters based on SMTP etiquette and RFC compliance are uniquely effective at blocking zombies and other sources of spam because they can block new abusers with no reputation history. It also provides a clear path for legitimate senders.

Spammers and hackers will continue finding new, more devious ways to use email to wreak havoc on corporations. A secure messaging appliance with an embedded LDAP server and flexible reputation filters at the network edge is our best defense.

Figure 2: Integrated, secure messaging with edge-based LDAP; recipient checking done before the firewall improves security and reduces cost

This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. Mirapoint Inc., 909 Hermosa Ct. Sunnyvale, CA. 94085