Some things to keep in mind as you evaluate your email security options.If you are hosting your own Exchange server, you no doubt have some email security application in place for anti-malware, anti-phishing and spam detection. Hosted email security services can reduce some of the administrative burden. Here are some things to keep in mind as you evaluate your email security options.
There is no shortage of security risks associated with email. Messages with viruses, trojans, and other malware along with spam and phishing lures can make up a substantial portion of your incoming email stream. For decades, anti-malware and anti-spam developers have had something of a cat and mouse pattern with attackers and spammers.
The latter will come up with some way to avoid current defenses and soon the former responds with a new measure to block the latest threat. This pattern of frequent change in security software requires system administrators to constantly update their anti-malware databases and applications (an old trick among malware developers is that once a device is infected one of the first operations is to block updates to the resident anti-virus software).Since the consequences of even a single infected machine can be substantial, a common practice is to deploy anti-malware software on client devices and to scan email traffic before it reaches the email server.
This practice can work well in many cases, but there are some issues to watch for. The speed of the email traffic scanner should be sufficient to not adversely affect your email service.During peak periods or if email volumes grow significantly over time, you may find that the anti-malware and anti-spam scanners can become a bottleneck.
Another issue to keep in mind is the need to patch and update the email scanning system. This may be automated to a large degree but alerts must be in place to notify the email administrator in cases where an update fails.Failures of any kind in the email scanning system create difficult issues. Is the failure sufficient to warrant blocking all messages until the problem is resolved? Should you block only incoming messages while allowing outgoing messages on the assumptions that there is no malicious content in outgoing messages?
Email systems are often essential applications and there is little room for downtime in either the email server or supporting services, such as anti-malware/anti-spam scanners. This can lead you to implement potentially costly failover solutions that are rarely used.
Alternatively, you could use a service based email or email security service.
Dan SulivanDan Sullivan is an author, systems architect, and consultant with over 20 years of IT experience with engagements in systems architecture, enterprise security, advanced analytics and business intelligence. He has worked in a broad range of industries, including financial services, manufacturing, pharmaceuticals, software development, government, retail, gas and oil production, power generation, life sciences, and education. Dan has written 16 books and numerous articles and white papers about topics ranging from data warehousing, Cloud Computing and advanced analytics to security management, collaboration, and text mining.
See here for all of Dan's Tom's IT Pro articles.
Check Out These IT Videos