ACCESS V. CONTENT SECURITY
Access security Firewall = passport control
Content security MIMEsweeper= customs control
What enters or leaves the network
Who enters or leaves the network

Service Level (s)
The Business logical service levels are targeted at businesses (large or small) that own their own domain or can be identified by a specific sub-domain. These service levels can be offered as managed or unmanaged by the Service Provider. If they are unmanaged, the end-user business will have to have nominated an administrator who configures the e-Sweeper service, defines reports and monitors quarantined mail for the business.

The ability to attach legal disclaimers to inbound and outbound e-mail can help in reducing corporate liability in cases where employees send defamatory or other inappropriate material via e-mail.

Business Considerations
Additional business considerations need to be accounted for;

The following section helps you assess this question by determining how important Content Security is to your business.

• General Security Policy – How aware are you of Security in general?
  
• e-Mail Security Policy
  
• Anti-Virus Policy – Typically the highest profile issue
  
• Policy on E-mail Content Types – How information can leak in and out
  
• Liability Policy – A policy is not enough! It must be enforced.
  
• Junk E-mail / Spam and Spoof Security – Annoying and cost incurring

GENERAL SECURITY POLICY

• "What security policy do you have in place for e-mail usage?"
  
• "What mechanisms do you have for monitoring that policy?"
  
• "Do you have a corporate-wide policy regarding ownership and liability of Internet content?"
  
• "Are there authorization procedures that control how certain staff members send and receive confidential documents such as management reports and accounting information?"
  
• organizations are increasingly liable for the use made of e-mail by their employees
  
• organizations need information security policies that include Content Security
  
• e-Sweeper lets you control, scan, log and audit your e-mail traffic to ensure the policy is adhered to.

"... organizations need information security policies that include Content Security"

Anti-Virus Policy

Q "How is our network protected from e-mail-based virus attacks?"
A e-Sweeper understands all the key ways viruses can be transported via e-mail.
It breaks down the traffic to its original state before passing to an anti-virus tool to detect the virus

"... e-Sweeper lets you determine what can be sent by whom and received from whom"

Policy on E-mail Content Types

Q "How can we implement our policy on circulation of pornographic material, games, or potentially dangerous file types?"
A "How do we prevent the transfer of oversize files that can congest or crash the network?"

e-Sweeper lets you:

• limit the ability to send and/or receive attached movie, image, executable and document file types. These files may be used for the transfer of pornographic material or games, or may contain hidden viruses. You can also vary this by individual or group e.g. Marketing are allowed to send and receive video and executable files, because their work demands it, but Accounts, Sales and Admin aren’t
  
• set limits for file size, and specify whether large files e.g. over 2MB, should be blocked or logged.
  

Liability Policy

Q "How do we protect ourselves against staff sending out libelous or defamatory comments by e-mail?"
A "What disclaimers can we attach to e-mails sent from our organization?"

e-Sweeper lets you limit your exposure to legal liability by:

• enforcing effective implementation of an acceptable e-mail usage policy
  
• scanning for key phrases
  
• attaching disclaimers to e-mails.
  

Even if breaches occur, taking these steps as part of your security policy demonstrates responsibility, diligence and care in monitoring e-mail usage. This in turn strengthens your defense against charges of negligent behavior.

Junk E-mail / Spam and Spoof Security
Q "What measures can we have in place to stop our network from being bombarded with unsolicited e-mail (spam) attacks?"
"What capability do we have for checking whether e-mails really are from the person claiming to send them (spoofing)?"
A e-Sweeper lets you:

• scan for typical junk e-mail and spam phrases.
  
• block known spam addresses
  
• identify telltale signs of possible spoofing.
  and it does all this before the Spam is sent to your network!

"... stop your network from being bombarded with unsolicited e-mail (spam) attacks"

Other Considerations

"Content threats pass through firewalls"

Firewalls are designed and built to control those IP addresses, which are (or are not) allowed through, and on which port (TCP/IP application). Apart from the source and destination addresses and application type, firewalls have no knowledge of what is buried within the data stream. Firewalls are only concerned with either allowing or denying access and performing this function as quickly as possible without compromising security. Compare the firewall role with that of e-Sweeper, which has been designed and built to break down e-mail data recursively to analyze and make decisions, based on the results of the validation stage.

"You need Access Security and Content Security for complete network protection"

Firewalls are needed to control access and e-Sweeper is needed to control content.

"Content Security is NOT just about anti-virus scanning"

Although virus-based threats from Internet e-mail and Web downloads are well-recognized, other content-based threats and management issues are fast emerging. Virus scanning products do not deal effectively with these other content-based threats. Anti-virus vendors are shipping vendor-specific e-mail Internet scanning solutions. Clearly, e-Sweeper has the advantage in all aspects being based on the Unique MIMEsweeper engine.

"Don’t get caught out by hoping new legislation will work in your favor"

New legislation, both in the US and Europe is being enacted at an increasing pace to try to regulate the Internet. Most of this actually protects the employer to a certain extent. It is a fact that actual case law sometimes contradicts the safety provisions that were thought to exist in a given law. However, it is widely agreed that implementing some form of regulatory system such as e-Sweeper can only help in establishing that a Service Provider/End-User business has taken due care in attempting to stop illicit use of e-mail.

"... e-Sweeper has been designed and built to break down e-mail data recursively"

Counting the Cost

CASE STUDIES AND EXAMPLES
If only they’d implemented e-Sweeper ...

Spam Attacks ISPs NetMatters and Colloquium: suffered system crashes, loss of service and losses of over $150,000 through concerted spam attacks involving over 300,000 e-mails each hour over an eleven hour period.

Legal Liability

Norwich Union: forced to pay out $700,000 in an out of court settlement after defamatory and libelous e-mails had been circulated internally speculating that a competitor, Western Provident, was in financial difficulties. Norwich Union was unable to show that it had taken reasonable care in ensuring its employees did not misuse its system.

Inappropriate Internet Usage

Royal and Sun Alliance: 10 staff sacked and 77 suspended over the distribution of lewd e-mails

Norton Rose: 5 law firm employees disciplined for forwarding smutty e-mails.

Seagram drinks suppliers: a number of managers fired in 1998 for inappropriate messages sent by e-mail.

Ericsson: staff suspended for taking porn off the Internet and e-mailing it to each other.

Harassment

Citibank: sued in a class action in which black employees alleged that white supervisors and managers exchanged racist e-mail.
Morgan Stanley: employees disciplined for distributing racist jokes via e-mail.
Nissan: $250,000 paid out in compensation after the circulation of sexually explicit e-mail.

Breach of Confidentiality
Nixdorf: over several months unintentionally sent confidential internal e-mails to a local workers trade association.

FAQs

Q. We already have anti-virus in-house protecting our servers and desktops. Why do we need e-Sweeper?
A. We’re sure you are aware that simple anti-virus checking doesn’t cover the whole issue. Content Security as addressed by e-Sweeper spans e-mail attachments, spam, spoofs, hoaxes, bandwidth sapping unauthorized attachments of video, image and commercially sensitive material as well as misuse of e-mail exposing users to legal liability. Our service offers all this and more. Because we recursively decompose e-mail into it’s base form and then recognize file signatures we can find threats buried many levels deep in zip files or compound documents. We think you will agree that any service you subscribe to should effect the very best protection in the industry, e-Sweeper delivers exactly that.

Also, e-Sweeper doesn’t do away with the need for your desktop anti-virus tools as viruses can find their way into you network by means other than your e-mail!

Q. How do I know your service will detect all viruses in our e-mail?
A. Well, you don’t, and we would never claim a 100% detection rate. What we do claim is that our anti-virus checking partners are among the most accurate, aggressive and timely in the industry. Combine this with the fact that we check for new signatures from our partners continuously and we believe that we offer the most cost-effective e-mail virus scanning solution that also manages other content threats too. We also have the added benefit of being able to find content threats buried many levels deep in zip files and attachments. Alternative solutions using only anti-virus tools will miss these threats.

Q. We feel comfortable using this service. Is there a way in which we can advertise the fact that we are a forward thinking and responsible company?
A. You certainly can. Our standard anti-virus service allows you to define a legal disclaimer that can be attached to all your outbound mail indicating that you have an investment in responsible dissemination of e-mail within the business community.

Q. My company has more than one domain for sending and receiving e-mail can you handle this?
A. No problem! When you log in with the user name and password supplied to you from your Service Provider you can access an administration area where you set up multiple domains.

Q. If I am sued for the consequences of an e-mail activity, can the fact that I have e-Sweeper help to improve my defense?
A. Yes, if you have a published internal policy about appropriate use of corporate e-mail, and you have e-Sweeper configured to block malicious use of your e-mail you are certainly demonstrating a level of commitment to minimizing e-mail misuse.

Q. If I have to take action against an employee for misuse of e-mail, can e-Sweeper make a difference in proving my case?
A. Yes, if your e-Sweeper service was configured to track the types of content breach that the employee committed you will have a record of what e-mail was quarantined or noted what was issued by the employee.

Q. Is anyone other then the intended recipient actually reading the mail?
A. No. At Enterprise level, inappropriate language and Spam are identified by scanning the entire e-mail for certain keywords. This automated procedure results in the mail be classified as either a threat or clean. At no time does anyone "read" the mail and no third party is acting as an editor.

Q. How do you handle Spam?
A. We currently use a lexical analysis of the e-mail itself against a series of common words and phrases that are found in Spam e-mail. This list has been produced in conjunction with CT’s Threat Lab. During our testing program we fine-tuned the weighting of some of the phrases and we believe we have a robust and accurate methodology. Threat Lab are also working on a radically new solution to Spam traffic which will be rolled directly into e-Sweeper.

If you have any queries please call sales@airtime.co.uk