Stopping spam brings additional security benefits for cable company

By Ron Condon, UK Bureau Chief 01 Dec 2008 | SearchSecurity.co.uk

Security UK News Digg This!     StumbleUpon     Del.icio.us

This meant that staff not only had to answer calls from users complaining about spam, but they had to trawl through the spam folder looking for any important messages that had been wrongly blocked.

"We were using a dictionary-based system from a major supplier -- I prefer not to name them as it wouldn't be fair," said IT manager Tony Lambert. "On a Monday morning there could be upwards of 6,000 quarantined messages in the email filter waiting to be checked. We were getting phone calls from people saying they were expecting an important email that hadn't arrived."

On average, Lambert's team would discover 20 to 30 valid messages that had to be released from quarantine from the 6,000, and then they would need to monitor a further 2,000 quarantined messages a day. "We had to check every single message, and sometimes it was difficult to identify why a valid message had been blocked. At the same time, the system was still letting some spam through," says Lambert.

With the contract on the software up for renewal and the supplier offering an upgrade, Lambert took the opportunity to see what else was on the market, and asked for advice from his security supplier, London-based Nebulas Solutions Group Ltd.

"We had a Nebulas engineer putting in a new Check Point firewall at our central services office in Crawley, and I just asked him how they coped with spam. He mentioned the IronPort appliance and offered to give me a demonstration."

Lambert was impressed by the technology from IronPort Systems Inc., now part of Cisco. The appliance works in conjunction with the IronPort SenderBase network, which tracks global threats and captures data from more than 100,000 organisations worldwide to build up a picture of Internet traffic patterns.

Lambert installed a resilient cluster of two IronPort C150 email security appliances, which interrogates all messages before they reach the Exchange mail server, thus reducing a great deal of the work that needed to done beforehand.

The effect on spam was dramatic. "The date is imprinted on my memory, because July 15th 2008 was the day we stopped spam in its tracks," says Lambert. "The appliances just came straight out of the box. We switched on the filter, and that was the end of the problem."

He says his team initially did spot-checks in the spam filter to see if any false positives had gone through. "We have been running this product for a few months now, and I have yet to find a false positive in the spam filter," says Lambert. "It was just like switching a light-switch -- it was the end of spam. And we've not had a virus through either."

Lambert's company continues to run Norton antivirus on the company's 250 PCs and also on the mail server. But the IronPort device also checks incoming and outgoing emails for viruses, providing a second layer of defence.

With the success of the mail device, Lambert says he adopted the IronPort Web security appliance to ensure staff do not go to known infected sites.

The new antispam service has been well received by the company's 250 users, according to Lambert. "We emailed everyone to let them know the new system was going live, and told them to contact us if they received any spam. Two users got in touch, but it turned out that in both cases, the spam got through before IronPort was switched on," he says. "Two or three users have even phoned IT to thank us for stopping the spam."

Bringing the spam menace under control has delivered several other benefits, as he says, "It's had a huge impact on this business. There's been a massive drop in network traffic, so we've made big savings in bandwidth and can prolong the life of our Exchange servers. It's also resulted in a much more reliable network."

Tags: Email and Instant Messaging Security,  Threat and Vulnerability Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Email and Instant Messaging Security Websense integrated security system aims to simplify security management Preventing phishing attacks: Enterprise best practices Chinese hacker attacks target Google Gmail accounts, top tech firms PDF attack code complicates security analysis, skirts detection Understand role-based access control in Microsoft Exchange 2010 Yahoo login credentials at risk to hijacking attack Top spammer gets four years in jail for stock fraud scheme M86 buys Web security gateway vendor Finjan Web-based attacks skyrocket, pirating sites surge, security firms say Pushdo botnet uses Facebook to spread malicious email attachment Threat and Vulnerability Management Considering two-factor authentication? Do cost, risk analysis Clientless SSL VPN vulnerability and Web browser protection Microsoft's Charney details new botnet protection, IdM technology at RSA Look into SIEM services to cut costs, comply with PCI DSS, HIPAA Cloud security issues, targeted attacks to be hot-button topics at RSA Zeus Trojan continues reign infecting 74,000 PCs in global botnet How to use Google Webmaster tools to help protect your site New Community Security Policy aims to reduce computer misuse The value of booting from a VHD in Windows 7 What to do with network penetration test results

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Centre for the Protection of National Infrastructure  (SearchSecurityUK.com) Serious Organized Crime Agency  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary