It goes without saying that e-mail plays a critical role in any organization.
This relatively new communication technology has, by many accounts, replaced the
telephone as the most useful business tool available. Unfortunately, e-mail has
also been a victim of its own success and presents a unique threat to the enterprise
network as a whole.
Protecting networks from viruses and hackers has traditionally been the responsibility
of the Firewalls, Virus Scanners, and Intrusion Detection Systems (IDS) set up by
enterprises as a defense against the myriad attacks they come under each day. Virus
scanners scan each PC in the network, gateway servers are guarded against attempts
to gain access by locking down extraneous ports and firewalls prevent unauthorized
programs from accessing the network. All these measures prevent direct attacks against
the network on every port except port 25 and port 110 - the ports used by SMTP (Simple
Mail Transfer Protocol) and POP (Post Office Protocol) to transmit e-mail from one
server to another.
Ports are the openings in the operating system through which applications connect
to each other. When a firewall receives an e-mail connection on port 25, it generally
assumes that the transmission is e-mail and allows it to flow through to the e-mail
server. The transmission may be a valid e-mail, it could be a virus or a spam, or
it could be a job offer for an employee or something much worse. Regardless of the
true intent of the "e-mail", at this point it is incumbent upon various systems
within the network to guard against these threats. Unfortunately, experience has
taught us that partial success in these areas is the norm, not the exception.
Stop E-mail Threats at The Gateway
The best place to stop a threat is before it gets inside the network. Virus scanners
are only as good as their latest update, and are virtually useless against new viruses
that have yet to be identified. If a user does not update his virus definition list,
then his machine will be infected. A pornographic spam will offend an employee when
it slips through the spam filter, and the job offer from the competitor won't go
away once the recipient has printed it out on her printer. The best way to prevent
these malicious attacks is to stop them before they become a problem - at the gateway.
Stopping spam and other malicious e-mail traffic at the gateway requires a coordinated
effort to solve a whole host of issues. These include, but are certainly not limited
to, spam, viruses, corporate policy infringements, directory harvest attacks, denial
of service attacks, phishing, spoofing, and snooping. Furthermore, accuracy in identifying
spam e-mails is crucial. It is much better to receive the occasional spam than accidentally
filter out an important e-mail from a customer.
Historically, enterprises have turned to multiple vendors to solve their e-mail
security issues. They have relied on anti virus vendors to protect them from viruses.
They use a separate anti spam vendor to help cut back on the spam. Then there are
the issues of content filtering, policy enforcement, encryption, and network security.
Over time it has become clear that having so many vendors approaching these issues
from so many directions is prohibitively expensive and time consuming for administrators
to manage.
Increasingly companies are turning to hardened e-mail appliances like CipherTrust's
IronMail. According to Gartner, the globally respected IT research firm, "Instead
of having several email security-related point products at the boundary, many enterprises
will want only one".
IronMail is designed specifically to guard against port 25 attacks on enterprise
e-mail systems. It can be tuned to work effectively with any type of organization
and has been employed for use in a wide range of industries such as healthcare,
government, finance, education, manufacturing, retail, and many more. It allows
organizations to stop spam and viruses, protect employees from fraud and inappropriate
content, enforce corporate policies, provide secure delivery, encrypt e-mail, and
provide remote access.
Find the Right Solution
Learn more about how IronMail can secure enterprise e-mail systems by visiting
www.ciphertrust.com or by downloading CipherTrust's FREE whitepaper, b>"Securing
Email Systems: An Overview of IronMail, the Secure Email Gateway". This FREE resource
will provide you with the information you need to make an informed decision about
securing your e-mail systems and ensuring system availability to end users.
