Two New Email Security Features to Combat Rising Tide of Targeted Attacks: Cisco IronPort Outbreak Filters and Business Class Email

Related Articles

• No School Like the Old School: Vintage Virus Tactics Yield Results
• IT Community Offers 2011 Predictions
• Web Trends Thus Far for 2011 Include Outdated Plug-ins, Social Media Policy Struggles, Facebook Domination and Botnets

Subscription Options

Subscribe Newswire

Widgets & RSS Feeds

In “Who Will Be Next Victim in Breach and Hacks? Nintendo Joins List Including Google, RSA Security, PBS, Lockheed Martin, Sony” I reviewed a few of the many breaches reported in 2011, all of which confirms there is a tremendous amount of data out there that is insufficiently protected. Well-known brands and Fortune 1000 companies entrusted with employee and consumer data, including email addresses, are under attack by persons unknown (and in some cases known or at least strongly suspected). What is happening with the stolen data? Online security experts, like Cisco, are reporting an increase in spear phishing—highly targeted and personally aimed attacks. Is this a coincidence of timing? According to Cisco’s latest report: Email Attacks: This Time It’s Personal the answer would be: probably not.

“Personalized and targeted attacks that focus on gaining access to more lucrative corporate bank accounts and valuable intellectual property are on the rise,” observes Nick Edwards, director of Cisco’s Security Technology Business Unit. “Law enforcement efforts are making mass spam attacks less appealing to cybercriminals.” As a result, Edwards says more time and effort is being directed towards different types of spear phishing and targeted attacks.

Key Findings from Email Attacks: This Time, It’s Personal

• Returns from mass email-based attacks declined by more than 50 percent from US$1.1 billion in June 2010 to $500 million in June 2011.
• Mass spam volumes plummeted from 300 billion daily spam messages to just 40 billion between June 2010 and June 2011.
• There is an increase in spear phishing and personalized scams and malicious attacks.
• Spear phishing attacks have increased threefold, while scams and malicious attacks have increased fourfold.
• The overall cost of targeted attacks to organizations worldwide is $1.29 billion annually.

At a Cisco media and analyst event held June 30 to review the study, Cisco Fellow Patrick Peterson commented that, “The tide has turned tremendously from large scale criminal attacks.” He cites botnets being hassled or taken offline as another key reason for the shift. Others that watch the space have similarly reported that mass attacks are on the decline—recent data has shown spam is at an all time low since 2008. The study is an interesting read as the authors try to offer annualized projections for 2011, using numbers from the first half of the year. Peterson acknowledged that it was a challenge and that some of the estimates are a bit soft. Regardless, the ambitious approach of the paper is worth review.

Solutions to Address Targeted Attacks

Cisco IronPort Outbreak Filters

As part of the media event, Cisco previewed one of the ways the company plans to address the increase in sophisticated personalized attacks, which usually tries to entice users to click or download malicious content. Edwards began by saying that the approach must go beyond SMTP and went on to describe Cisco IronPort Outbreak Filters, which the company publicly announced yesterday at its Cisco Live! event happening in Las Vegas. The solution is a result of IronPort technology and technology from ScanSafe, a company acquired by Cisco at the end of 2009 for its software-as-a-service Web security offering. The Outbreak Filters identify those messages most likely to be low-volume targeted attacks and protects users by rewriting URLs embedded in those messages. Once the user clicks on the link, the Web content runs through Cisco’s cloud environment and is scanned to identify any malicious data. By deferring scanning until links are clicked, users are protected against fast-changing content on malicious sites and blocked from dangerous downloads.

Edwards points out that this dual approach of email and Web is essential. “How can you solve this problem, if you only look at Web or only look at email,” he asks.

Business Class Email

Also previewed at the briefing and publicly announced yesterday is Cisco Business Class Email (BCE), which offers enhanced security for email accessed by any PC, smartphone or tablet. With BCE users can take advantage of existing corporate credentials (userID and password) to access most of their cloud applications with a single user sign-on.

In addition, BCE has embedded email controls that allows for secure forwarding, which controls where a forwarded email can be directed, message expiration, and the ability for users to disable recalled messages, so that recipients can no longer read them.

“What do you do the moment you get a message recall notice?” Edwards queries.  “Take an immediate look at the message that was sent, right?” Thus making message recall counter productive. With BCE the key to decrypt the message expires, disabling access.

BCE is offered through dedicated plug-in’s designed individually for PC’s, tablets, and smartphones. In the briefing, Edwards noted that iOS is ready now, and Android would be available toward the end of the year. Because the price structure is by user seat, BCE is suitable for everyone from small business to enterprise level.