 Happy Bastille Day! Just a quick note that the latest quarterly Internet threats report from our Zero-Hour Anti-Virus partner, Commtouch is now available for download.
In this Q2 2009 edition of the report, Commtouch reports on a number of email spam, virus and web malware threats that were observed over the last 3 months, including:
A rise in email-borne viruses that evade detection by many signature-based anti-virus systems; current events-themed spam; healthcare sites manipulated by phishing schemes; a rise in image-based spam; Brazil as a significant contributor to new bots/zombies.
You can register to download the complete, 17-page report here:
Proofpoint/Commtouch Q2 2009 Internet Threats Trend Report
And, as a reminder, Proofpoint is holding a live web seminar tomorrow (Wednesday, July 15th) on a similar topic, describing some of the latest techniques spammers and scammers are using to evade anti-spam solutions, steal personal data and infect desktop systems with increasingly-aggressive malware. There's still time to register to attend by visiting the following link:
Webinar registration: "No Summer Vacation from Spam"
We just completed a poll on LinkedIn, asking users with IT titles about the mostimportant factor they consider when buying email security solutions. Unsurprisingly, "effectiveness/accuracy" was the number one factor, cited by 61% of respondents as the most important. Click the graphic for a link to the poll on LinkedIn where you can also see results sorted by respondents' job titles, company sizes and other demographic factors.
As several folks posted in comments on the survey, unless an email security solution is effective, its relative ease of administration or other factors hardly matter. Admittedly, the best way to do a survey like this would be to ask respondents to stack rank the various factors under consideration, but LinkedIn surveys currently only support "select one" type polls.
That being said, it's interesting to see that 21% of respondents said that "Ease of administration" was their #1 criterionwhen buying email security solutions. This jibes with our experience at Proofpoint where we find that ease of use and low ongoing administrative costs are extremely important to enterprise IT departments, where IT staffers would much rather spend time on more strategic IT initiatives, rather than chasing down spam and other messaging security problems.
8% of respondents cited cost as their #1 criterion (and who can blame them in today's cost-sensitive environment?). Bringing up the rear, 4% and 3% of respondents cited availability of specific deployment form factors (e.g., appliance versus SaaS) and vendor brand reputation, respectively.
Caveats aside, it's pretty interesting to see this question answered by so many respondents (more than 500) with a pretty good distribution across companies of all sizes. Based on how easy it was to field this survey on LinkedIn, I suspect you'll be seeing quite a few more of these polls in future Proofpoint blog posts! BTW, if you'd like to connect with me on LinkedIn, you can find me here.
Link - Proofpoint survey on the most important email security buying criteria:
http://polls.linkedin.com/poll-results/45466/mtsgu
 I hadn't chimed in at all yet this week about the botnet-delivered denial-of-service attacks — which many have said are coming from North Korea or groups sympathetic to North Korea - which have affected many different US and South Korean web sites this week. The event was very widely covered and I didn't have any special insights to share.
However, today there are a couple of pretty interesting developments in this situation:
First off, PC World reports that Korean security software vendor AhnLab, which has been providing free cleaning tools for the virus, says that PCs infected with the virus are at risk of having their computers essentially wiped clean of data. Says the article:
From midnight local time (3 p.m. GMT Thursday) the virus, which has been attacking prominent U.S. and South Korean government and commercial Web sites all week, has been programmed to encrypt user data or reformat the hard drive of the PC.
There are still ways to save an infected PC, although if the owners have ignored security requests so far they might be unlikely to follow AhnLab's recommendations. These involve starting Windows in safe-mode by using the boot menu accessed through the F8 key at start-up, setting the clock to before July 10 and then rebooting the PC normally and updating anti-virus software or performing a free scan to erase the virus.
Wow! Talk about a blast from the past. Recent viruses have been all about stealth - "taking over" a machine, making it a part of a botnet and using it to send spam, distribute malware, launch DDOS attacks, etc. without the end-user knowing that this is even happening. The last thing most viruses want to do is "destroy" a machine because the whole idea is to "steal" that machine's computing power and use it for illegal commercial gain.
But back in the early days of malware, before it essentially became a tool for organized crime, viruses that would cause great inconvenience or attempt to wipe an infected machine's disk clean were pretty common.
I checked with Patrik Runald, Chief Security Advisor at F-Secure, who confirmed AhnLab's claim. He says the virus gzips the contents of the machine's drive, puts a passwork on the gzip and makes the system unusable.
I guess the data is being held hostage? Interesting stuff... and yet another reminder to always have those desktop systems protected by a good A/V system (personally, I use F-Secure for my home machines)...
Secondly, analyst firm Gartner has a free research note out today titled 'North Korean' Attacks Show Lack of Basic Internet Protections, by analyst John Pescatore. He advises enterprises and government agencies to requre DDoS protection for all internet connections that require reliable connectivity, and notes that:
The targets of these attacks, and the differences in their ability to protect themselves, are actually much more interesting than the attacks themselves. The malicious code used appears not to be very sophisticated, and the scope of the attack — with approximately 50,000 PCs apparently compromised — is not very large, compared with many other DDoS attacks in recent years.
 Proofpoint's Andres Kohn and compliance expert Robert Duchouquette are quoted in a very interesting Search Security Channel article today by Neil Roiter. In "Compliance, Web Threats, Change Email Security Market, Opportunities," Neil explains that email security is -- and has been for some time -- about much more than blocking spam and viruses, explaining the compliance risks and web-based threats (blended threats) that are driving new email security opportunities.
In the article, Robert Duchouquette explains that, while large-scale data loss prevention (DLP) efforts have sometimes scared off customers because of the high costs and complexity of deployment, there's a great opportunity for companies to take a "DLP lite" or "pragmatic DLP" approach and focus on the most risky data loss channel -- which continues to be email.
That contention is backed up by Forrester's Chenxi Wang, who explains that "email is the biggest thing" especially for companies that are dealing with PCI (payment card industry) or HIPAA data protection requirements.
The article goes on to talk about the trend toward SaaS and hybrid email security deployments, a direction that Proofpoint advocates for companies of all sizes.
You can read the full article at Search Security Channel.
 Coincidentally, we also just a great new Osterman Research whitepaper online that explains the new regulations (such as the enhanced HIPAA provisions in the economic stimulus bill [aka "ARRA"] and state privacy/encryption laws) that are making outbound email protection and email encryption a requirement for nearly any enterprise, regardless of industry or size. Register and download a free copy here:
TechTarget's got a good IT security tip article today about email security for mid-market companies, explaining the advantages of Software-as-a-Service solutions for anti-spam. The focus is on small- to mid-size companies in this article, but many of the same advantages translate to larger companies as well.
One of the sources in the article is Forrester analyst Jonathan Penn, who explains that mid-size enterprise IT departments, "don't want to have to go through fine-tuning and tweaking filters. They'd rather spend the money hiring someone who's savvy in something else that has a lot more relevance."
As Forrester analyst Chenxi Wang also told us recently, Penn says that there's really no reason for mid-size companies to not go with SaaS for anti-spam. He says:
"Really a no-brainer to go into direction of service providers. There's really no good reason these days for a smaller organization that doesn't have that kind of expertise in-house already, that kind of staffing, that kind of competency dedicated to email management to go with a product."
You can read the full TechTarget article here:
Software-as-a-service a good choice for fighting spam
As the article notes, pricing differences between appliance and SaaS anti-spam solutions are often not as large as they once were. (Of course, Proofpoint offers both types of deployment options.) However, the SaaS model for email security almost always offers lower total-cost-of-ownership over time, along with many additional benefits. You can learn more about that topic in the following whitepaper from Proofpoint and Osterman Research:
Using SaaS to Reduce the Costs of Email Security
 Back in May, I posted a note about a widespread spam campaign spoofing Western Union that included a malicious attachment that was harboring the Zbot Trojan - malware that tries to steal online banking information (see: High Volumes of Western Union Transfer Spam with Trojan Attachments).
Our anti-virus partner, F-Secure, was on the leading edge of detecting this particular threat and tipped us off to this blended threat. Now our zero-hour anti-virus partner Commtouch has an interesting report out about this general class of threats whereby Trojans are widely spammed with "aggressive" new variants.
See this Proofpoint/Commtouch Malware Outbreak Report for more detail, but the main theme of the report is that over May and June there was a sharp rise in the number of new viruses being distributed via email that were not caught in a timely fashion by many of the major signature-based anti-virus engines. (The illustration in this blog post shows a qualitative view of this trend.)
As we've seen in the past, messages like the Western Union spam that I noted are sent with many different Trojan variants -- an attempt by the malware distributors to bypass anti-virus engines. It takes time for anti-virus signatures to be updated to accurately detect each new variant and, during that time, email recipients are open to attack. One technique that signature-based virus vendors have been using to counter this problem is to use so-called "generic" signatures to block all variants of a given virus. The Commtouch report suggests that this isn't always effective.
I'm not going to argue the merits of signature-based A/V engines versus behavior- or pattern-based systems as both have their place in protecting enterprises from today's rapidly-changing malware threats. Proofpoint makes both types of protection available to customers. For signature-based anti-virus, the Proofpoint Virus Protection module can be deployed with a choice of two different A/V engines. For protection against emerging viruses (before signature updates are available), we offer the Proofpoint Zero-Hour Anti-Virus module, which is powered by Commtouch's Recurrent Pattern Detection technology.
Proofpoint's own recommendation as a best practice for malware defense is to have both signature and zero-hour virus protection in place at the email gateway. In fact, in our SaaS email security solution, Proofpoint ENTERPRISE and Proofpoint PROTECT, customers get both types of protection and we encourage our appliance customers to do the same.
As a reminder, our next live webinar (coming up Wednesday, July 15th at 2:00 p.m. ET / 11:00 a.m. PT) will cover some of the latest spam and malware distribution techniques. Please join us if you're interested in these topics! Register for "No Summer Vacation from Spam" here.
|
 Subscribe
Follow us on Twitter @Proofpoint_Inc
|
