 |
||
 |
||
   |
||
 |
December 15, 2006 FEATURE EDITORIAL2006: The Year for Spam!In 2005 we smugly thought we were dealing with spam effectively. Controls at the gateway were keeping spam at its lowest level ever. As 2006 is coming to a close we have been humbled. MessageLabs released its 2006 Annual MessageLabs Intelligence Report, which examines trends seen over the last twelve months and looks forward to 2007. The report highlights the relentless escalation of spam activity throughout the year, with annual average spam levels reaching 86.2 percent, driven by an increase in sophistication of botnets and new targeted techniques. The adoption of new levels of ingenuity has changed the focus of the threat landscape significantly, with spam overtaking viruses as the dominant menace over the last twelve months, a trend which is predicted to continue through 2007. “2006 was the year that spammers took the security industry by storm and showcased their new tactics and techniques for mass disruption. Now accounting for almost nine out of ten emails, spam has categorically shed its title of being a nuisance and is a perilous threat which all companies need to be protected against,” says Mark Sunner, chief technology officer of MessageLabs. MessageLabs security experts predict that 2007 will be the year of true convergence, between spam, viruses and spyware and also across business communication protocols, a trend that started to appear in 2006. Instant messaging (IM) threats will become more aggressive as more IM ecosystems open their networks to each other in 2007, like Yahoo! and MSN did in 2006. Attacks against social networking sites such as MySpace and professional sites like LinkedIn and Plaxo are expected to continue due to useful and accessible contact information and user interests, making it easier to launch targeted attacks. “Next year will certainly bring more targeted and sophisticated attacks as the bad guys continue to sharpen their tools. Companies need to take a layered and proactive security approach by fighting against cyber-criminals from ‘in the cloud’ at the Internet level,” predicts Sunner. The report highlights the top trends in 2006Spam: In 2006 the annual average spam rate was 86.2 percent, with botnets responsible for 80 percent of all spam in circulation. MessageLabs Skeptic technology identified that 63.4 percent of spam came from new and unknown sources. Geek spam, using technology buzzwords hidden in the body of the spam to dupe traditional anti-spam tools, was a new development. Viruses: With the exception of the Nyxem.E virus (otherwise known as MyWife.D, Blackworm or Kama Sutra) in January 2006, no major virus outbreaks took place this year. MessageLabs intercepted more than four million copies of the virus during the first week of the outbreak. The annual average virus rate in 2006 was 1 in 67.9, a significant drop from 1 in 36.2 in 2005. View the report in its entirety on the MessageLabs website. Image-Spam Contributes to ProblemInternet gateway security provider, IronPort Systems, has found the average spam message size has grown from 8.9 kB to 13 kB. This 46 percent increase is due to the rise in image-based spam. Messaging News reported on the topic in the recent article, When Filters Fail: The Continuing Saga of Image-Based Spam. The article states the reason image-based spam works so well is that, by subtly altering each message -- adding or subtracting pixels, background color, or embedded images -- traditional spam technologies (like file or hash matching) can not detect it. Even more advanced solutions such as Optical Character Recognition (OCR) technologies, designed to identify email content, are unable to tag image-based spam due to its constant, randomized modifications. If you are not a subscriber to the hardcopy magazine, go to our website and look for the article appearing soon. Security for Back Door ApplicationsLast month, FaceTime Communications, a provider of solutions for securing and managing greynets, announced FaceTime Internet Security Edition to provide enterprises with security and control over Web and real-time Internet communications. The company describes greynets as real-time communication applications, which are often brought in the back door by employees. Greynets use highly evasive techniques to circumvent the network security infrastructure designed primarily for email and protocol-conforming Web traffic. As a result, FaceTime reports, they pose myriad network and information security risks because they provide new vectors for malware, intellectual property loss, identity theft and compliance risks. Nonetheless, employees find the productivity benefits of these applications compelling. In fact, 83 percent of all employees are using one or more of these applications, according to a recent survey by NewDilligence and FaceTime, November 2006. The company says by combining core gateway security capabilities such as Web filtering and anti-spyware with security for today's greynet applications on a single platform with common policy and management, FaceTime Internet Security Edition reduces complexity and increases efficiency of the enterprise security infrastructure to reduce overall total cost of ownership. "Organizations realize that having multiple layers of protection is the only way to protect against the many threats that lurk in the shadows when people use the Web,” says Mark Levitt, vice president for Collaborative Computing and the Enterprise Workplace at IDC. "Building on FaceTime's expertise in enabling instant messaging to be used safely and securely in the workplace, FaceTime Internet Security Edition is designed to enable workers to use the Web for online meetings, file sharing, voice calls and other business purposes in a safe and productive manner." Pricing and AvailabilityFaceTime Internet Security Edition starts at US$7,125 and became available from FaceTime and its authorized distributors and partners worldwide on November 30, 2006. IN THE NEWSThe Cost of Migrating Between Email SystemsDavid Ferris from Ferris Research writes the following: Mergers and acquisitions often bring together enterprises that have different email infrastructures -- typically Lotus Notes and Microsoft Exchange. IT organizations are then faced with the question, "Should we migrate users from one system to the other to establish consistency?" It's generally quite difficult to make a reasonable business case for converting all the users in an organization from Notes to Exchange or vice versa. However, a single organization with both systems presents a more clear-cut opportunity. Enterprises maintaining more than one email system must deal with a number of factors that increase overall total cost of ownership (TCO) and may make a migration worthwhile. For example:
The costs to complete an email migration are significant (budget around US$200 per user). But the negative impact the factors noted above have on an organization's TCO for messaging is significant as well. Organizations with large communities of both Exchange and Notes should carefully analyze their operating costs. The main focus of the analysis should be to determine how long it would take for any projected cost reductions to offset the investment required for a migration. If this "time to payback" is reasonably short -- say two to three years -- a migration to one platform may make financial sense. Happy Holidays from all of us at Messaging News! We welcome your ideas and your news for Messaging Newswire’s News & Trends in Email Security. Let us know what you think by sending your comments to editorial@messagingnews.com. Written or compiled by Stephanie Jordan. All trademarks are the property of their respective owners. For marketing information on this newsletter or other Messaging News newsletter products contact jvictor@messagingnews.com |
 |