Posts

The Protection We Are Missing

Data ProtectionBack in 2006, the big problem with email was SPAM.  Unwanted messages pushing “healthy pills” and cell phone deals inundated our mailboxes and clogged our Internet connections.  At times, over 90% of all email traffic reaching our local servers was unwanted junk. We fought back and, for a long time, won the battle. With tools like Postini (purchased by Google and part of Gmail since 2008), we were able to block spam and email viruses “in the cloud” before they reached our email servers and services. And while spammers became more sophisticated, our technologies were able to keep up.

Over the past year or so, however, we have clearly lost ground. It feels like we are back to square one.

Spam and malware attacks via email are on the rise. This time around, the consequences can be disastrous. Blocking unwanted emails about supplements is still needed, but cryptolocker, ransomware, and destructive malware can destroy your data and your business.

What happened?

We see a convergence of several factors leading to the increase in successful malware attacks.

The IT Industry Became Complacent

Antivirus and email security vendors wrongly assumed that their existing models of protection were capable of keeping up with new types of threats.  For nearly a decade, this assumption held true. Cyber-criminals study and understand how to exploit weaknesses in our existing protections; they build malware that goes undetected by our traditional methods of discovery. Our industry was slow to recognize that systemic changes were needed to stay on top, and ahead, of the game.

We Face New Threats

To stay ahead of anti-virus protections, malware has grown up. A new class of malware, known as Advanced Persistent Threats, exists. On average, APTs sit on systems and networks for more than 4 months before activating. During this time, they periodically test the system security and protections. They learn how to act to avoid detection. While our legacy protections are watching the doors and windows, the threat is hiding under the bed.

Humans Deliver the Goods

Cyber-criminals have learned that human nature is easier to exploit than technology. They now send us messages and present web pages that look and feel valid. We are willing but unknowing accomplices when click links and install malware on our systems from fake emails and web sites. The human instincts to help and trust readily betray us when we are not careful.

We Assume our Vendors do the Work

Both Microsoft and Google tell our customers that their email and other information in the cloud gets backed up. What they do say is that these backups are to maintain service reliability and not to protect us from damage or loss due to application or human error. We hear “data backup” and we assume our protection is greater than the reality. This assumption holds true when we are told about built-in protections against cyber-threats.

We focus on Cost not Value

Cloud computing drives down cost perception faster than it drives down cost. Major cloud players wage periodic price wars. Cloud services like Office 365 and G Suite continually add new capabilities without increasing prices. We do not expect, and do not want, to pay for extras. You are as likely to fall victim to ransomware from a corrupt or hacked web site than by clicking on an email attachment. While nearly all of our customers protect email, fewer than 5% protect web traffic. Web protection is added cost that does not appear to have value until after the cyber attack.

Good News: We Have Solutions

While we have created a bit of a mess, we do have options. Innovative vendors have built new solutions that affordable confront and address the new wave of threats. Using the power of cloud, some vendors have radically improved their solutions while others have taken a step back and built new, strategic solutions. To protect your business, you need to protect your email service and your web browsing.

  • Web protection should scan and analyze all web traffic, intended (page you click) and unintended (the auto-start video stream, cookie update, etc.) for all web traffic from any device you use.
  • Email protection should pre-screen (open and validate) links and attachments in a sandbox (safe environment) before allowing messages to reach your inbox.

The solutions are affordable, are easy to manage, and can be up and running in no time. A dollar of cost can protect against thousands of dollars loss.


For more information, or a free assessment and set of recommendations for your business, contact us today.


 

Return of the Message Center and More


As Google continues to migrate Google Message Security and Message Discovery customers from the old Postini infrastructure, our clients have been concerned about functional and performance equivalency.   While filters and settings have been comparable for a while, and Google had previously added the quarantine notification, Google today announced the new Message Center.

Specifically for users that forward some or all of their email to on-premise servers or other email services, the Message Center lets users and administrators:

  • View and search 30 days of clean/spam mail
  • Mark single or multiple messages as spam or not spam
  • Deliver messages that are not spam to the on-premise mailbox
  • Add and remove contacts for whitelisting purposes
  • Bookmark URLs for searches and individual messages

This expanded functionality coincides with a series of upgrades to the SMTP relay service in Google Apps.   These updates help administrators in several ways:

  • Multiple authentication configurations: Admins can now configure multiple sets of authentication rules. For instance, you can specify that messages sent from one IP address are always allowed, messages from another IP address are only allowed if encrypted with TLS, and messages from another IP address range require SMTP AUTH.
  • SMTP AUTH: This newly supported authentication method uses Google “application-specific passwords” to allow admins to configure clients to authenticate to the relay service. This feature is available for registered Google Apps users only.
  • IP range description field: To manage IP addresses more efficiently, admins can enter descriptions in text fields for each IP address or range that you use to set authentication rules.
  • Selective enable/disable of IP ranges: Admins can selectively enable/disable IP ranges approved for relay as needed
  • Increased rate-limits for certain customers: In special circumstances, admins may increase the rate limits of 2,000 emails/user/day and 2,000 recipients/user/day by calling customer support. Requests need justification and are reviewed on a case-by-case basis.

With these enhancements, Google continues to increase the robustness of the Google Apps Platform, and reduces the need for most GMS and GMD customers to move to other spam, virus, and archiving solutions.

 

 

 

Special Bulletin: Message Security, aka Postini, Goes Native in Google Apps

A major change is underway within Google Apps for Business / Education / Government editions. Google is fully integrating the spam and virus protection of Google Message Security (GMS, aka Postini) into Google Apps and the cPanel.

While the transition starts in February, there are some caveats to the consolidation. As such, some organizations will want to maintain their stand-alone GMS service.

Currently, the newly integrated service provides for white list, black list, content filters, message filters, and spam sensitivity settings. The integrated service, however, does not have some of the features on which many of our customer rely. If you want/need any of the following, it is necessary to continue running stand-alone GMS for now.

  • Daily Quarantine Messages
  • Addition of Message Archive & Discovery and Message Encryption
  • Policy-Based TLS Encryption
  • Delivery Manager
  • Log Search
  • Reporting

The latter three are more of an issue for the IT folks, and TLS Encryption is transparent to the user.

The biggest user impact is the replacement of the daily quarantine message with the “Spam” label in Gmail.  Some users like the digest structure and the ability to deliver from within the message.  In using the Spam label, users can mark messages as “Not Spam” or can manage them from within the folder.

Also, until we are able to connect the Message Archive & Discovery and Message Encryption services directly to Google Apps, the stand-alone GMS environment will be needed.

If you have questions or concerns, do not hesitate to contact us.

An Epidemic is Underway

Hopefully, you did not notice.  Hopefully, your computer has been inoculated from zero-day viruses and the viruses that follow them.  If not, today is the day to update your virus protection and deep scan your systems.

Why? A virus outbreak continues to plague the Internet.

Starting Friday afternoon EST, we began seeing an large increase in the number of Virus Outbreak warnings for our clients covered by Google Postini Services (as part of Google Apps or protecting their internal email servers).  A Virus Outbreak alert reaches us when a large number of virus infected emails are being sent and blocked.

We cover thousands of mailboxes for hundreds of companies.  In a typical day, we see about five (5)  Virus Outbreak alerts.  Since Friday, we are seeing about 400 per day, an increase of nearly 8000%.  Unprotected systems are more than vulnerable, they are targets.

If you have questions about your level of protection, or you know of a business that needs better protection from spam and viruses, please contact us.  We are happy to help.

When it Comes to Phishing, is Honesty the Best Policy?

Those of us in the anti-spam business have been scratching our heads recently as the number of messages getting through some of the best spam filters has jumped in recent weeks.  Many of these messages are phishing attempts with something in common.

The phishing messages do not attempt to hide their motive.

Huh?

That’s right.  The majority of the message is classic phishing.  Realistic sounding text (often without the grammatical issues) about account validation requirements and legitimate links to a real institution’s web sites.  The “action” link, however, is not hidden.  Recipients see that the link is to some weird URL that in no way looks like the organization supposedly sending the message.

Since spam filters are on the lookout for obfuscated URLs, having the URLs in the open seems to let the phishing messages fly just under the radar.

And clearly, those behind the phishing attack believe the enough recipients will click on the bad URL even though it doesn’t even look safe.  And, the sad fact is, they are probably right.

Recipient Beware.