Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

New approach to handling e-mails could prevent high profile breaches

Network Box : 20 January, 2010  (New Product)
E-mail behavioural analysis approach brings greater security levels and reduced likelihood of major breaches to company networks according to Network Box
Until organisations take a different approach to securing email, we will continue to see high profile security breaches such as the one that befell Google and Hotmail last year, and the US law firm Gipson Hoffman & Pancione at the weekend, according to managed security firm, Network Box.

Simon Heron, internet security analyst for Network Box says: "These attacks have followed a similar pattern: emails appearing to be from known contacts that trick recipients into clicking on a link within the text. Because they appear to be from a friend or known contact, Most email filtering systems will accept the email address on face value and so allow the email through.

"We need a different approach to preventing spam. One of the features of the proprietary 'eMail Relationship' system created by Network Box matches the source IP address to the email address of every known contact. In both these cases of spoofed mail, the IP address would have been different to that recorded by the email relationship system, and so would have been blocked.

"It is no longer enough to rely on traditional anti-spam methods. We need systems that are intelligent enough to learn from the behaviour of both the sender and recipient, and understands the relationship between them, based on more than just an email address. As attacks get more sophisticated - and the threat of state involvement in security breaches indicates that they will - security needs to match up."

Network Box's eMail Relationship Manager analyses and learns from the behaviour of the sender and recipient of an email, to give a score to the email which is applied in addition to traditional anti-spam filter analysis. It works by:

1 Maintaining a central database to store existing email accounts managed by Network Box on behalf of the email recipient (so genuine email from addresses kept in a users address book will be white-listed, assuming their content passes the traditional filter analysis which naturally includes the reputation of the sender). This records and analyses historical information about the relationship in order to judge the likelihood of that email containing malware or unwanted content. The database can be queried and adjusted at any time by Network Box, the organisation's administrator, or the user. It is continually updated with every email passing through the system, and will challenge new behaviour, flagging up when a whitelisted email address changes its shape - for example, if a contact in Hong Kong suddenly starts sending emails from Russia.

2 All relationships are defined using a score based on sender + recipient + type analysis, and given a score based on the trust and strength of the relationship.

3 The system also learns from user behaviour. For example, if the email user A sends an email to email user B, then the system understands that user A trusts user B, and therefore will strengthen the score of trust in that relationship.

4 If an email relationship is scored as low, then there are number of options open to the system, depending on its configuration. It can quarantine the email and notify the recipient (it can be released with a single click from the recipient if required); challenge the sender to confirm their identity; or defer the email.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo