Michael Osterman, president of Osterman Research, discusses with Websense the email threat landscape, the latest developments in the war on spam, and the future of cloud computing.
1) We saw an enormous decrease in spam with the shutdown of ISP McColo on November 11th - the amount of spam quickly bounced back though in subsequent days. What do you think spammers learned from this experience and do you think they will change their hosting/tactics in the future?
I believe one of the key lessons learned by spammers and others was not to rely so heavily on a single point of distribution in their network. The fundamental lesson of the McColo shutdown that I think spammers will take to heart is to distribute their content distribution among several sources so that taking down a single ISP will not have a major impact on their activities. In short, spammers will treat the McColo incident like a natural disaster - they will learn to have multiple sources of content distribution, just like a large company or an ISP would operate more than one data center to be able to survive natural disasters, power outages and the like.
2) Converged threats with Spam and malicious emails that contain links to malicious Web sites are on the rise and now encompass the majority of email threats (vs. attachments) - why do you think spammers and cybercriminals have adopted this method?
A key part of the reason is that malware-filtering technologies have, for the most part, become quite good at capturing various threats, and so separating the malicious payload from the distribution vehicle has become more effective than, for example, sending malware as an attachment in an email. Plus, using an embedded Web link in an email allows malware authors to use social engineering techniques to get people to click on the link, such as Facebook requests, calendar invitations, etc.
3) What suggestions do you have for your customers who are trying to maintain their email security while budgets are being cut?
Three suggestions: first, use vendors that have an excellent track record and a proven ability to block malicious content - security should still be a higher priority than budget, given the enormous cost of allowing malicious content to get through. Second, vendor consolidation can reduce costs simply because purchasing all capabilities from a single vendor is generally cheaper than purchasing one capability from each of many vendors. Third, consider hosting some or all parts of the security infrastructure - hosting avoids capital expenditures and allows more predictable pricing over the long term.
4) Saas or hosted email security is quickly gaining adoption, but what are the benefits of saas or "in the cloud" email security vs. on-premise and vice versa?
There are a number of benefits of the SaaS model, including lower up-front costs and more predictable costs (particularly for smaller and/or distributed organizations), lower expenditures on storage and bandwidth, often better uptime, the ability to redeploy IT personnel to projects that will provide greater value to the organization than managing the security infrastructure, and faster deployment of new capabilities. The benefits of the on-premise model can be lower costs for very large organizations, greater variety among vendors and the greatest degree of flexibility in provisioning.
5) Do you have any messaging security industry predictions for 2009?
Spam and Web-oriented threats will definitely get worse, driven in part by the weak economy - spammers and other cybercriminals will experience something of an economic downturn, as well, and will become more aggressive in order to maintain their revenues. Threats will become more sophisticated and will increasingly rely on social engineering techniques. Expect a significant increase in attacks directed against social networking sites like Facebook and LinkedIn.
6) Nevada has already enacted a law requiring the companies use encryption technology when sending out emails with personally identifiable information. Do you think that this legislation will be adopted by more states? If so, what is the impact on organizations?
There will be many more states adopting privacy and encryption laws. Just like most states have adopted consumer privacy laws following the lead of California's SB-1386, many states will adopt privacy laws to protect all sorts of sensitive information flowing through email, Web 2.0 tools and the like. The impact will be higher costs for businesses as they will need to be more serious about deploying encryption capabilities. There will also be some level of confusion given the differences between the laws and interpretations about how they should be applied. For example, the law in Nevada is not as strict as the one in Massachusetts, requiring businesses either to follow the strictest standard or to follow multiple laws.
Michael Osterman is the principal of Osterman Research, Inc., founded in 2001. Since that time, the company has become one of the leading analyst firms in the messaging and collaboration space, providing research, analysis, white papers and other services to companies like Microsoft, America Online, Sun Microsystems, Google, Network Appliance, EMC, Tumbleweed, Hewlett Packard and many others. Michael is a frequent speaker at industry and vendor-sponsored events on the topics of archiving, instant messaging, presence and other messaging- and collaboration-focused issues. He is also the author of a twice weekly column on unified communications issues for Network World Fusion.
Find more information on Websense Hosted Email Security here.
English (US)