Trojans, viruses, malware – the stuff of nightmares for any IT-driven corporation. Anti-virus software on every desktop computer in the enterprise is considered to be standard practice, but the idea of actually stopping the attacks on the corporate IT infrastructure before they get behind the firewall seems to be an idea that hasn’t established itself. Why is this?
The history of computer viruses, trojans and malware makes a pretty boring read, so let’s skip that and jump to the conclusion that the threats are still there and are causing problems, financial loss and quite a few torn hairs every day in every part of the world, and there isn’t a single corporation out there that hasn’t suffered the consequences of poorly working antivirus software or a single email with an innocent Christmas card that turns out to be a trojan or malware attack in disguise.
The thing is this: Most of the attacks today are email based. And still, it’s quite common to let the company email server receive all emails and then deal with them by marking any suspected spam, malware, trojan or virus-infected as “spam” and placing them in a separate mailbox in the users email client. Or, if there has been some thought applied to the process, viruses, malware and trojans in attached files are deleted – if they are detected.
Why not deal with this before the email even enters the internal IT-infrastructure? You don’t put a sick animal with the rest of the herd and deal with it later, so why put unnecessary strain on the email server?
Let the email server deal with, you know, email
These digital threats are real, and they bring businesses (and sometimes their suppliers, customers or partners) to their knees every day, simply because something went wrong – maybe a piece of software failed, maybe a license expired and the person who should have been alerted via emails has left the company years ago. Who knows? By putting an anti-virus software on the email server itself, the server has to cope not only with the additional load of infected emails, but there is also third-party software working in the same databases as the email server itself. Make no mistake about it – these software solutions are known to fail and, when they do, they take down the entire email server.
There is a better way: Deal with the email filtering before the email reaches the email server. Botnet attacks from entire networks should be blocked instead of dealt with; any email that’s infected with spam, malware, viruses and trojans should be deleted with before getting even close to your email server. There is an important point to be made with this: By dealing with any email-based threats or other attacks from the Internet, the email server is left doing what’s it’s designed to do – handle email.
An email gateway protects the email server not only from any attacks, it also limits the email servers exposure to the outside world. As any IT administrator will appreciate, there is always a certain risk element connected with opening up a number of ports in the firewall to enable all kinds of protocols to connect with your email server. Take Microsoft Exchange Server as an example – being left to fight the battle against cybercrime on its own, you need to open up the key port (tcp/ip port 25) to the Internet and, with that, any SMTP client or server can connect to your Microsoft Exchange Server.
This means that anyone can target your email server for days on end with email-based attacks until something gets through. Mildly put, this has a negative effect on your Exchange Server, as it will have to deal with all incoming email traffic (legitimate and attacks) because it really can’t tell the difference until the email has been received by the server, analyzed and then dealt with. Can your email server handle an extra 100 000 incoming emails every 24 hours?
Keep corporate information safe
With the revolution in mobile devices such as the iPhone and iPad, these devices are hardwired into your corporate email infrastructure. Anything that’s in that particular employee’s inbox is more than likely also to be in his or hers iPhone or iPad. Maybe the average employee won’t have any sensitive documents or information in the email, but what about the CEO or a manager? Anyone and everyone can (and probably will) lose their mobile phone at least once, or it can be stolen.
Make no mistake about it – This is a real threat. You can use the same solution to manage outgoing emails and not only check them for viruses, malware, trojans and spam (and thus being a great citizen and also keeping customers and partners safer), you can also check for specific file names, file types or content in the attached files. If there is a match, the email is blocked from being sent.
Tired of having employees clogging up your email server and Internet connection by emailing movies or songs from their favorite artist? Block it! As a bonus, you keep the corporation less liable of being sued for copyright infringement. Tired of your email server being blacklisted on the Internet? Make sure it doesn’t happen again, and help the Internet as a whole to work a little bit better for everyone.
Peter Falck is president of Halon Security AB in Sweden. Contact him at email@example.com.