Analysis: Anti-virus players sink teeth into spam 

Charging into a heavily congested battlefield to help customers shed the escalating burden of spam infestations, AV (anti-virus) vendors are fine-tuning their security offerings to supply organizations with new tools or services to restore e-mail gateway boundary protection to a manageable front.

Trend Micro, the latest AV stalwart aggressively pursuing this goal, introduced its Spam Prevention Service (SPS) this week. The product borrows technology from e-mail security provider Postini’s heuristics rule engine to filter spam by different and configurable category types, notes Jeanie Boots, global product manager for content technology and anti-spam at Cupertino, Calif.-based Trend Micro.

Hot on Trend Micro’s heels, Symantec will introduce its own enterprise anti-spam product later this month. A spokesman for the Internet security company declined to offer further details of the upcoming announcement.

Trend Micro officials plan to utilize its Active Update Server structure to let customers tweak SPS’ heuristic engine with the latest spam attack or patterns updates just as they would for downloading the most current virus signatures.  Eventually, value-added services including real-time spam monitoring, sophisticated quarantining, and policy management could be added as part of SPS’ software subscription service, Boots added.

Trend Micro’s SPS offering shipping this week supports Sun Solaris servers. The security vendor plans to offer SPS for Microsoft Windows NT in May, followed by a Linux version by June.

Despite getting the earliest jump on its AV brethren by acquiring anti-spam maker Deersoft at the start of 2003, Network Associates may have the toughest road ahead to enable coordinated spam protection at the network gateway, server, and desktop level.

The AV and content security behemoth may be faced with extensive engineering to enable the desktop-oriented Deersoft SpamAssassin to be enterprise-ready and co-exist with McAfee and Network Associates technology, said Maurene Grey, research director at Stamford, Conn.-based Gartner.

According to the Gartner analyst, customers are flocking toward anti-spam products to re-acquire strong operational efficiency and implement a “security guard” at the e-mail environment boundary to simultaneously oversee spam protection, virus protection, and content filtering chores – a trend that AV vendors have likewise targeted.

“The [market] consolidation is being carried out by the leading players in the space of e-mail boundary protection and that gets us to Trend Micro, Symantec, and NAI,” said Grey. “They’re already well known and already have a stake. This provides [customers with] licenses bundling and benefits to the enterprise.”

Spam concerns traditionally range from loss of user productivity and rising infrastructure costs to legitimate threats of lawsuits and hostile work environments due to oftentimes inappropriate content. The problem is forecasted to only get worse. Gartner predicts that in 2004, 50 percent of all e-mail will be spam-related.

Exacerbating the problem, competition for customers’ affections is fierce.  Organizations must decide if they want to entrust their spam protection to a services model offered by Postini and MessageLabs, a licensed software approach from vendors such as honey pot-probe network based BrightMail as well as SurfControl, or a hardware “box” perspective from CipherTrust.

“Everybody is using a combination of different techniques. This is the added layer of complexity. It’s all gotten very confusing to the enterprise [customer] to figure out first what is the right partnering approach to ensure that two years from now when consolidation is over, we have a vendor that is still in business,” Grey remarked.

For some customers, however, the AV vendor-centric spam route proved unfulfilling. Jeffrey Deason, project lead in IT for Atlanta-based food vendor Chick-Fil-A, said his organization switched to CipherTrust’s IronMail product after previously running a software AV product featuring spam word and domain delegation options in conjunction with content filtering.

Deason said the AV application did not prove stable or flexible enough to allow his company to base specific rules in accordance with its business model.  After entertaining the notion of outsourcing its e-mail and spam needs, Chick-Fil-A opted to go with CipherTrust’s hardware-based solution for greater in-house control and ease of administration to correct false positives.

“At the gateway level we want to be able to control what type of content can get into our system. We have found with IronMail it’s very flexible for guys to configure rules to allow for things and disallow things,” said Deason. “Our previous solution just didn’t prove as stable because it was an application running on a generic Windows box. It’s the nature of beast.”

Chick-Fil-A features 1,000 business units in 36 states within the United States.  Of those stores, CipherTrust guards 1,600 mailboxes for spam and e-mail protection.

Fighting the war on spam has reached a fever pitch over the last few weeks and months as regulatory efforts to curb and penalize unrelenting spam attacks is a project very much still in the works.

MailFrontier recently unwrapped its Anti-Spam Gateway, which aims to stop spam at the corporate boundary using a combination of spam-blocking techniques. The MailFrontier Anti-Spam Gateway unities blacklists, content filters, peer-to-peer network technology, and dynamic whitelists. Designed to combat the problem of false positives, whitelists are safe lists of trusted partners whose e-mail messages can safely pass through filters, according to Pavni Diwanji, CEO of MailFrontier inPalo Alto, Calif.

“We think these techniques stacked up together maximize the effectiveness of spam blocking,” she said.

Meanwhile, San Bruno, Calif.-based IronPort announced a new service dubbed SenderBase, which is designed to establish the credit-worthiness of incoming e-mail messages. Rather than blocking IP addresses one at a time, the SenderBase service lets IT managers do background checks on IP addresses affiliated with spam loads, according to IronPort officials. IT managers can then block unwanted addresses or add accepted IP addresses to a whitelist. The service is offered standalone or as part of the company’s IronPort Messaging Gateway.

Lastly, Louisville, Ky.-based Web hosting provider Invotion has rolled out IntelliMail, a filtering system that scans incoming e-mail traffic for both computer viruses and unsolicited e-mail messages. IntelliMail quarantines suspicious e-mail in a Web-based message center where end-users can choose to safely view infected messages. The spam-filtration levels can be adjusted from lenient to aggressive, according to Invotion.

Cathleen Moore contributed to this report.