The Impact of Messaging and Web Threats

Transcription

1 ! An Osterman Research White Paper Published April 2008 SPONSORED BY!! Osterman Research, Inc. P.O. Bx 1058 Black Diamnd, Washingtn Phne: Fax:

2 Messaging Security is Becming Mre Difficult THE IMPORTANCE OF ELECTRONIC COMMUNICATION is the mst critical cmmunicatin tl in the wrkplace, as evidenced by these results frm a February 2008 reprt published by Osterman Research: The average user in an rganizatin f up t 1,000 emplyees sends and receives 124 s n a typical wrkday; the average user in a larger rganizatin sends and receives 149 s each day. Cnsidering all f the cmmunicatin that emplyees send during a typical day , letters, instant messages, blg psts, wiki pstings, etc. accunts fr 74% f the ttal vlume f cntent sent. 58% f users reprt that is critical in helping them t get their wrk dne, while anther 35% believe that is imprtant. Because is s critical, and because ther cmmunicatin tls instant messaging, wikis, blgs, VIP, cllabratin tls and ther Because 58% find t be critical in getting their wrk dne, and because ther cmmunicatin tls are becming mre widely used, attacks directed against these capabilities threaten the very ability f individuals and cmpanies t cmmunicate r prtect their sensitive data. capabilities are becming mre widely used, attacks directed against these channels threaten the very ability f individuals and cmpanies t cmmunicate r prtect their sensitive data. SPAMMERS AND HACKERS ARE MOTIVATED BY PROFIT While early spammers, virus develpers and hackers were mtivated primarily by ntriety and the challenge f spreading their wares; mdern-day attacks are mtivated mstly by prfit. Spammers, fr example, can earn significant amunts f mney by selling prducts marketed thrugh spam such as stck pump-and-dump schemes r by directing peple t advertising-laden sites n which they earn a cmmissin fr clickthrughs. Virus writers, phishers, develpers f keystrke lggers and thers can make mney by stealing it frm bank accunts r via fraudulent credit card transactins; r they can simply sell this accunt infrmatin t thers. The prfit mtive has dramatically exacerbated the threats faced by messaging and Web users. Because significant prfits are available t spammers, phishers, criminal netwrks and thers, many peple have been attracted t this market. Further, because prfits frm malicius activities are substantial, they can be used t fund newer and better methds fr circumventing defenses against their attacks Osterman Research, Inc. 1

3 BOTNETS ARE A CRITICAL PROBLEM In the past, spammers sent large numbers f messages frm a small number f surces that were fairly easy t identify and blck. Mre recently, hwever, spammers have created btnets that cnsist f millins f zmbie cmputers cmputers in hmes and the wrkplace that are infected with a virus, wrm r Trjan that permits them t be cntrlled by a remte entity. Accrding t Cmmtuch, mre than 85% f spam messages and nearly 100% f malware messages are sent frm zmbie machines. As f early 2008, Ggle Message Security had tracked a 62% increase in the daily number f unique IP addresses that are blcked by its netwrk cmpared t early This is a clear indicatin f the grwth f btnets. Spammers can rent btnets fr cntent-distributin campaigns. Using btnets, a small number f messages can be sent frm each f thusands f cmputers, effectively hiding each zmbie frm detectin by ISPs r netwrk administratrs using cnventinal tls. Btnets are a critical prblem nt nly because they are respnsible fr the vast majrity f spam sent acrss the Internet tday, but als because they are used fr a wide range f purpses beynd just spam delivery. These include hsting malware sites, perpetrating distributed denial-f-service attacks, click fraud and credit card fraud. Btnets can be hard t detect and hard t remve. WEB-BASED THREATS ARE A SERIOUS PROBLEM, AS WELL There has been a huge increase in malicius Web-brne cntent, including messages that cntain links t dangerus Web sites, attachments that are little mre than stage-ne dwnladers f ther malicius cde frm the Web, malware that installs and pens a cmmunicatin channel t the attacking surce, and ther explits. Typically, these malware sites succeed in creating mre zmbie bts that keep feeding the vicius cycle f spam and viruses. Spam and Web-based threats are being used tgether increasingly in crdinated attacks. Fr example, Ggle has identified mre than three millin unique URLs n mre than 180,000 Web sites that autmatically install malware n visitrs machines spam ften is used t drive traffic t these sites simply fr the purpse f installing malware fr later use. Further, Web 2.0 Web sites that include dynamic cntent, such as cmplex mashups that change cntinually, make it difficult t accurately determine whether a particular site is safe r risky at any pint in time. This makes the need fr real-time assessments and reputatin mre critical than ever befre. OTHER TECHNIQUES ABOUND Amng the techniques that spammers, phishers and thers use t distribute their attacks are: Spam filter-avidance techniques The simpler f these techniques invlves text bfuscatin, such as misspelling keywrds; Bayesian pisning (the prcess f including specific keywrds int spam messages in an attempt t trick Bayesian filters int thinking a message is legitimate); intrducing valid text int spam messages; using varius HTML techniques t fl 2008 Osterman Research, Inc. 2

4 filters int nt recgnizing ffensive cntent; and ther techniques. These techniques typically can bypass many traditinal cntent-filters, and thse using a Bayesian apprach. Newer types f spam Starting in earnest in early 2006, spammers began using newer spamming techniques in an effrt t defeat spam-filtering technlgies. Fr example: Image-based spam Text is represented as ne r mre images that typically use nn-standard fnts, backgrund snw, randmized backgrunds, slanted lines f text, blurriness and ther distrtins t defeat mre cnventinal spam-filtering technlgies, as shwn in the example at right. Image spam is a particularly serius prblem fr mail servers and recipients, since each message is typically much larger than a cnventinal, text-based spam message. Image spam, while still used by spammers, is less f a prblem tday than it was in Spam with attachments Similar t image spam, but using PDF files, spreadsheets r ZIP files as paylads t carry the spam cntent. An even newer technique is t send calendar invitatins as malicius attachments. Alternative spam languages Spammers will ften target their cntent t users wh speak specific languages. There is a grwing trend fr mre lcalized distributin with diversified languages. Audi spam In Octber 2007, the first MP3 spam was fund n the Internet advertising a stck pump-and-dump scheme. These audi messages, recrded at a relatively lw bit rate, typically run fr less than ne minute and tend t be much larger than cnventinal, text-based spam. Mdular Trjans This frm f attack, als knwn as multi-stage dwnladers, perate n a simple principle: a small Trjan first disables lcal anti-virus sftware r ther security defenses. Once thse tls are disabled, a secnd-stage f the attack dwnlads any f a variety f threats, including keystrke lggers, wrms r ther sftware typically designed t take cntrl f the platfrm. Attackers wh successfully disable anti-virus defenses are free t dwnlad virtually any srt f malware, including ld viruses and 2008 Osterman Research, Inc. 3

5 ther threats, since these will n lnger be detected. Serial variants / server-side plymrphic malware An effective attack technique is t create a series f variants f a single threat, each f which has been prepared prir t the intrductin f the first variant. Each variant is launched at pre-determined intervals and is able t take advantage f netwrks lack f signatures t deal with each new instance f the attack. Fr example, if each variant were launched at intervals f 12 hurs, 100 variants f the same attack wuld leave pen a 50-day windw f vulnerability. Phishing Phishing is becming mre targeted, spfing businesses that have smaller custmer bases (e.g., lcal banks) t increase the effectiveness f the scial engineering tricks used. Phishing will als cntinue t expand beynd nline banks t include mre retailers, nline gaming and ther nline surces that prcess cnfidential accunt infrmatin. Phishing is becming mre targeted, spfing businesses that have smaller custmer bases t increase the effectiveness f the scial engineering tricks used. Instant messaging threats Instant messaging explits, which ften are blended threats, take the frm f either scial engineering techniques that will direct victims t an infected Web site; r via viruses, spyware r ther malicius cntent that are delivered directly t the instant messaging client via a dwnladed file. Instant messaging threats are particularly insidius, since the pt-in nature f instant messaging cntact lists mtivates recipients t trust that messages they receive are frm valid senders whm they have previusly authrized t send them cntent. Cmbinatin, r blended threats Cmbinatin threats are paylads that mix several delivery mdes (such as and Web) and ften cntain multiple cmpnents, such as: Spam Phishing Viruses Wrms Trjans Further, these threats can cmbine prtcls, such as s that link t malicius Web sites. Scial engineering Increasingly sphisticated techniques are being emplyed t trick users int thinking an and the assciated links are legitimate. Whereas spam aiming t sell a 2008 Osterman Research, Inc. 4

6 prduct is relatively easy t spt, spam cntaining security threats frm phishing, viruses, spyware, and ther malware is difficult t detect when bscured in this manner. This is a particularly serius prblem fr instant messaging-brne threats, as nted abve, since instant messaging systems are inherently mre trustwrthy because recipients f these cmmunicatins must first allw individuals t send them cntent. If smene receives a wrm-generated instant message, there is a much greater likelihd that the recipient will assume the message is valid and pen it withut hesitatin. In general, threats are becming mre reginalized, mre targeted t specific rganizatins and grups, and mre difficult t thwart. The entire malware industry is becming mre sphisticated, driven increasingly by criminal netwrks and a greater emphasis n traditinal business mdels. Fr example, spammers can purchase lists f fresh addresses, rent a btnet fr distributin f their cntent that will prvide service-level guarantees, and achieve measurable rates f return n their investments. In shrt, the prblems assciated with malware are becming much wrse. What are the Risks and Csts f These Attacks? There are a variety f prblems caused by the threats discussed abve: Business risks The security risks frm spam are very real they are n lnger just a nuisance. The grwing variety f keystrke lggers, passwrd-stealing Trjans and ther threats means that crprate data is increasingly at risk. Data theft can include sensitive cntent like usernames and passwrds, but als financial data, custmer data, trade secrets and ther types f cnfidential infrmatin. The increasing end gals f stealing infrmatin (persnal and crprate), hijacking systems fr a wide range f purpses and launching additinal malicius attacks all have serius business implicatins, in additin t the mre traditinal (but still real) impacts t bandwidth, infrastructure and ther csts. Bandwidth cnstraints Spam and ther malicius cntent that enters the crprate netwrk cnsumes netwrk bandwidth that culd therwise be used fr legitimate purpses. As the vlume and file size f this cntent increases, bandwidth is cnsumed fr nn-legitimate purpses, in many cases requiring the deplyment f larger data pipes at greater cst simply t maintain acceptable system perfrmance, message delivery times, Web access times and the like. Strage requirements As mre malicius cntent cmes int a netwrk, mre f this cntent must be stred fr review in quarantines and archives. Given that this cntent is nrmally preserved fr at least 30 days in rder t give emplyees time t review it fr false psitives, increases in malicius cntent entering a netwrk inevitably lead t increased strage requirements. Further, strage spikes add significant vlatility t strage needs, making 2008 Osterman Research, Inc. 5

7 it difficult t plan strage capacity accurately. Fr cmpanies with strict data retentin plicies that need t maintain a reliable recrd f cmmunicatin fr cmpliance purpses r because f anticipated litigatin requirements, even quarantined data may need t be stred fr several years, further blating strage requirements. Many rganizatins als stre all accepted by the messaging infrastructure based n the cmpany s use plicy, as well as e- discvery and ther legal requirements. Lss f prductivity While sme believe that spam causes a majr lss f emplyee prductivity, Osterman Research has fund that this is actually a real, but relatively minr, prblem in the verall cntext f the spam prblem, particularly fr rganizatins that have rbust spam-filtering defenses. That said, Web-brne threats r attacks that reach end users via can cause very serius prblems, including emplyee identity theft, lss f data r damage t cmputer hardware. Hwever, malware can cause significant lsses f IT prductivity, since IT staff members must ften spend extra time remediating prblems caused by malware, mre FTE staff must be available t address unfreseen prblems, etc. Other prblems There are a variety f ther prblems related t malicius cntent, including sme emplyees spending time perusing prducts and services ffered in spam, links cntained in messages that culd direct users t harmful r ffensive Web sites, and ther prblems. OUTBOUND CHALLENGES Electrnic cmmunicatin carries with it the substantial risk that emplyees might cmmunicate in ways that vilate crprate plicies, varius statutes r best practices. Fr example, the ease with which an r instant message can be sent means that trade secrets r ther sensitive infrmatin can be sent in ways that are cntrary t Hsted services are increasing in ppularity and ffer anther ptin fr rganizatins t implement a variety f threatprtectin capabilities. the best interests f an rganizatin. While mst data breaches are unintentinal emplyees will ften send cnfidential data inadvertently there are sme emplyees that may intentinally vilate crprate data cnfidentiality plicies. An Osterman Research survey fund that if a data breach were t ccur in which disclsure f the breach wuld have t be made t custmers and ther external cntacts, nearly tw-thirds f rganizatins estimated that a single breach wuld cst their rganizatin at least $100,000, as well as ther peratinal csts, damage t their brand and ther prblems Osterman Research, Inc. 6

8 Fr the mst part, rganizatins have almst universally deplyed systems that prtect against inbund threats, such as viruses, wrms and spam. Far fewer rganizatins have deplyed systems that mnitr utbund cntent. Hwever, the grwing use f and instant messaging, cupled with the grwing variety f ther cmmunicatin tls available t emplyees, makes the mnitring and management f utbund cntent increasingly imprtant. This means that rganizatins must fcus n data leakage prtectin (DLP), cupled with autmatic encryptin f sensitive cntent t prtect themselves frm a wide variety f data breaches. Anther utbund threat is the danger that the rganizatin itself may becme a surce f spam r malware, due t infectin, r even malicius behavir by an authrized user. Besides wasting the IT resurces f the rganizatin, becming a spam r malware surce has ther, mre damaging effects: it can harm the rganizatin s prfitability due t blcked legitimate cmmunicatin r breaches in missin-critical systems, and it can expse the rganizatin t ptential litigatin due t damage it caused by unwittingly being a surce f spam r malware. Cnsidering Delivery Mdels There are a variety f ways in which messaging and Web security capabilities can be managed, including: Gateway-Based Systems Gateway security stps threats at the earliest pssible pint in the n-premise mail infrastructure and is a best practice fr rganizatins that manage n-premise defenses. Server-Based Systems On-premise slutins deplyed at the server level reslve many f the prblems assciated with client-side systems by allwing easier deplyment and management capabilities, as well as the ability t mre easily enfrce crprate plicies and changes thrugh a centralized management interface. Mail server security centrally prtects internal , incming (e.g., POP3 frwarded t Outlk) that bypasses the gateway and the mail stre. Client-Based Systems Client-based systems, such as URL filtering tls, anti-virus tls, spyware blckers and the like prvide useful capabilities and can be very effective at preventing a variety f threats client-side anti-virus tls, fr example, are an imprtant best practice fr any rganizatin. Client-side capabilities can be relatively inexpensive and are ften prvided as part f desktp prtectin suites that include anti-virus, anti-spam and ther capabilities. While client-side systems are effective in smaller rganizatins, they ften d nt scale well. They are time-cnsuming t install and update fr large numbers f users and can be quite expensive t deply in larger rganizatins. Particularly fr larger rganizatins, 2008 Osterman Research, Inc. 7

9 centralized management and deplyment capabilities are essential t cst-effectively install, update and enfrce crprate plicies using client-based systems. SaaS and Hsted Services SaaS and hsted services are increasing in ppularity and ffer anther ptin fr rganizatins t implement a variety f threat-prtectin capabilities. The primary advantages f this mdel are that n investments in infrastructure are required, up-frnt csts are minimal, nging csts are predictable, and all management and upgrades f the system are prvided by the SaaS r hsted service. The disadvantage f SaaS r hsted services is that their csts can be higher than fr npremise systems in sme situatins, althugh they will nt necessarily be mre expensive. Fr example, SaaS vendrs merely rent space n a server, prviding a very inexpensive methd fr accessing sftware and infrastructure technlgies. Althugh rganizatins may pay mre t a SaaS r hsted security vendr than they wuld fr an n-site slutin, the value f the hsted infrastructure and administratin prvided by the third party vendr can prvide a lwer Ttal Cst f Ownership. SaaS vendrs merely rent space n a server, prviding a very inexpensive methd fr accessing sftware and infrastructure technlgies. Managed Services Managed services are similar in cncept t hsted services, but a third party either with staff n-site r via a remte service manages the n-premise infrastructure, installs upgrades, updates signature files and the like. Csts can vary widely fr managed services depending n the size f the rganizatin, whether third-party management persnnel are lcated npremise r in the third party s data center, and ther factrs. Hybrid Offerings A newer apprach that is increasingly ffered by vendrs is t cmbine n-premise infrastructure with hsted services. Fr example, a vendr may prvide a spam-filtering appliance n-site, but cuple this with a hsted spam-filtering service that acts as a srt f pre-filter; r they may rely n a hsted anti-virus service and desktp anti-virus tls. The fundamental advantage f this apprach is that the n-premise infrastructure is prtected frm spikes and verall increases in the vlume f malicius traffic ver time, thereby preserving the n-premise investment and maintaining acceptable perfrmance f their messaging and Web infrastructure Osterman Research, Inc. 8

10 New Appraches Are Needed MULTIPLE LAYERS OF DEFENSE ARE REQUIRED The mst effective apprach t dealing with spam, viruses, Trjans, wrms and ther frms f malware is t emply a layered defensive strategy that will deal with all threats at a variety f venues. Furthermre, t be truly effective against tday s sphisticated attacks, each layer must prvide an integrated defense against multiple types f attacks. Perimeter defense that blcks cnnectins based n the sender s reputatin can eliminate the majrity f malicius traffic befre it ever enters the rganizatin s netwrk. A real-time dynamic reputatin service that identifies zmbie btnets as they are activated will significantly reduce these rgue cmputers threat. Gateway technlgies, such as reputatin services, are critical t blcking the bulk f threats befre they even enter the netwrk and will preserve bandwidth and reduce strage requirements fr quarantines and archives. Other technlgies can blck threats at the gateway befre they penetrate the netwrk and negatively impact the messaging infrastructure. Servers are als a critical venue n which apprpriate defenses must be installed, effectively creating a rbust defense fr threats that make it past the gateway. These defenses include systems t inspect fr and detect viruses, wrms, Trjans, intrusin attempts and ther Just as multiple physical layers f defense are required, multiple threatdetectin and remediatin techniques are als needed. and Web-brne threats. The mail server can prvide anther layer f threat prtectin and is the nly central pint that will catch internal s harbring threats. Als, as the nly lcatin that filters interffice as well as utbund , the mail server is the mst effective pint at which t deply DLP and cmpliance filtering fr messaging. Outging cntent inspectin/dlp is becming increasingly imprtant t prevent the leakage f sensitive data, typically by users wh inadvertently send this cntent thrugh , instant messaging systems, Webmail, wikis, blgs, etc. These systems can prtect an rganizatin frm intentinal attempts t circumvent crprate plicies and the much mre cmmn inadvertent transmissin f sensitive data. It is critical t cuple DLP with encryptin t ensure that sensitive data is encrypted autmatically befre it is sent utside the rganizatin. Outbund detectin can als prevent the rganizatin frm becming a surce fr spam r malware. Client-side systems are critical t deal with malware that may be intrduced by users bringing in files n USB thumb drives, files that might be dwnladed t crprate servers frm a hme cmputer, etc. Client-side systems must be installed wherever threats might be intrduced: n desktp systems, laptps, mbile devices, hme cmputers, etc Osterman Research, Inc. 9

11 Mre serius implicatins n the client side (and als n servers), hwever, are caused by the grwth f Web-based applicatins. Because mre capabilities are being intrduced int the client-side experience, cde is being executed within a Web brwser mre ften than used t be the case in the days f early Web sites and applicatins. This creates mre pprtunities fr hackers and thers t negatively impact users and the netwrks n which they perate in a variety f ways. MULTIPLE TECHNIQUES ARE REQUIRED Just as multiple physical layers f defense are required, multiple threat-detectin and remediatin techniques are als an imprtant best practice. These include Traditinal cntent-inspectin and pattern-detectin systems, as in the case f spam filtering. Signature-based systems t lk fr spam, viruses, wrms, Trjans and the like. Zer-day and zer-hur prtectin systems that can blck r quarantine suspect cntent that has nt previusly been detected. Reputatin and cnnectin management systems that will inspect further back in the traffic stream and prevent the delivery f suspect cntent r cntent frm nn-credible surces. A variety f in-the-clud services that will prvide detectin and remediatin capabilities befre cntent ever reaches a crprate netwrk. IDENTIFYING THE SOURCE IS BEST While identifying and blcking spam and ther malware at its destinatin is gd, stpping this unwanted cntent as far back in the delivery chain is significantly better. By identifying zmbies and ther surces f malware befre their cntent has been delivered, an rganizatin can dramatically reduce the amunt f CPU capacity, strage and bandwidth necessary t prcess unwanted cntent. This means that rganizatins shuld use reputatin analysis and cnnectin management systems where apprpriate t blck r thrttle cntent frm suspect surces. The Future f Messaging and Web Threats Osterman Research anticipates these trends in the messaging threat landscape: Cntinuing grwth f spam, sent primarily by grwing numbers f zmbie cmputers in btnets. While there are many entities that attempt t cmbat the grwth f btnets, user behavir and lax security prcedures particularly by hme users will ensure that malicius cde will find a platfrm frm which t perate. Increasing attacks against mbile devices will als be a key threat in 2008 and beynd as the number f mbile devices grws and as mbile-specific applicatins are 2008 Osterman Research, Inc. 10

12 develped t make these devices mre useful in a business cntext. The success f the Apple iphne, fr example, will attract a grwing number f hackers. Increasing attacks n scial netwrking sites in which users pages n these sites will have malware installed in rder t infect visitrs t these pages. The threat is particularly prblematic because scial netwrking sites are s ppular. Fr example, accrding t cmscre, in December 2007 MySpace had 38.3 millin page views and Facebk had 13.0 millin page views, t name but tw f the many ppular scial netwrking sites in use. Legitimate Web sites will als be targeted. Fr example, a number f legitimate Web sites have already been hacked t hst malware r t redirect visitrs t malware sites, including the German versin f Wikipedia in late 2006, the Asus Web site in April 2007, the Mnster.cm Web site in August 2007, and the Web site fr the UK s Frth Rad Bridge in February Increasing numbers f dynamic explits, whereby threats are mdified n the fly in an attempt t defeat signature-based defense mechanisms. These plymrphic viruses, wrms and ther explits can defeat sme anti-virus defenses. DLP systems, cupled with plicy-based encryptin, will becme mre widely deplyed as decisin makers realize their need t prtect the cnfidentiality f crprate data. Grwing numbers f instant messaging and ther real-time threats. Fr example, FaceTime reprted its discvery f 1,088 threats during 2007 directed against instant messaging, chat and peer-t-peer file sharing systems. Further, the cmpany fund that IRCfcused attacks are n the increase. Attacks directed against Internet telephny systems will becme mre cmmn. Althugh dating back t 2005, IP telephny threats were smewhat mre cmmn during 2007 and will be increasingly cmmn in 2008 and beynd. Fr example, Finjan discvered three separate Spam ver Internet Telephny (SPIT) attacks during Attacks against Skype users will becme mre cmmn. DLP systems, cupled with plicy-based encryptin, will becme mre widely deplyed as rganizatinal decisin makers realize their need t prtect the cnfidentiality f crprate data in respnse t data leaks, statutry requirements and ther mtivatrs. There will be increased numbers f URLs delivered via that take recipients t malicius websites. There will be mre reginalized attacks using lcal languages and mre targeted attack methds Osterman Research, Inc. 11

13 Alt-N Technlgies Apprach fr Addressing Security Alt-N Technlgies cmbines ver 10 years f server technlgy with awardwinning security features t deliver slid prtectin at the server and perimeter layers f the netwrk. As new frms f fraud and ther spam-related attacks cntinue t threaten legitimate cmmunicatins, the applicatin f authenticatin, certificatin, Defense Layer Custmizatin, and methds t address Data Leak Preventin becmes mre critical. T cmbat these threats, Alt-N Technlgies applies blended security techniques and multiple layers f defense with the pwerful SIEVE filtering language t simply and affrdably prtect frm spam, viruses, spfing, backscatter and ther frms f abuse. authenticatin techniques validate and sign messages t ensure that they are nt tampered with during transit ver the Internet. Authenticatin prvides an additinal layer f trust and prtectin t message recipients and als prvides message senders with a strnger means f brand prtectin. certificatin is supprted thrugh the integratin f the "Vuch By Reference" methd, which enables certificatin prviders t vuch fr the messages sent by thers, thus minimizing the bandwidth required by spam filters. Using Defense Layer Custmizatin, administratrs have a unique cntrl t priritize the rder f peratins a specific security rule will execute when analyzing the incming r utging traffic f an rganizatin. This technique can result in faster prcessing f by allwing the rejectin r quarantine f messages at the earliest pint during prcessing. Additinally, use f the pwerful SIEVE filtering language prvides simple and custmizable filtering rules t supprt Data Leak Preventin plicies. Summary Messaging, internal and Web-based threats are increasing in number and severity. Because the prfit mtive nw drives spammers, hackers and ther purveyrs f malicius cntent, as well as the develpment f mre sphisticated techniques t circumvent crprate defenses, rganizatins must cntinue t imprve their defenses. Plus, rganizatins must prtect against internal users frm sending cnfidential cntent ut f the rganizatin thrugh a variety f cmmunicatin tls, whether this activity is intentinal r accidental. The risks t rganizatins large and small are nt theretical there are real prblems that users and their emplyers face if they d nt establish adequate defenses against the grwing variety f malware, explits and ther threats that are directed against them. Organizatins must deply defenses at all f the physical venues at which threats may enter a netwrk r thrugh which users may intentinally r inadvertently send sensitive cntent; and they must implement a layered defensive strategy t prtect against all types f threats Osterman Research, Inc. 12

14 Spnsr f this White Paper Alt-N Technlgies is a leading develper f messaging, security and cllabratin prducts that are ffered in sftware r appliance platfrms. Since 1996, the MDaemn Server has prvided small and medium-sized businesses arund the wrld with a secure, reliable and affrdable messaging platfrm. The prduct is installed in minutes, includes the latest security authenticatin technlgies, and requires minimal supprt and maintenance t perate. The MDaemn Server is ne f the mst widely used Windws-based platfrms supprting ver 5 millin mailbxes in ver 90 cuntries arund the wrld. Fr custmers wh require a cst effective security gateway filter t prtect any SMTP server at the perimeter layer, SecurityGateway fr Exchange/SMTP Servers prvides slid prtectin t prduce a 99% spam blcking rate and achieve nearly zer false psitive results. Available in early 2Q08, SecurityGateway cmbines Alt-N Technlgies expertise in security with its award-winning security features that delivers simple administratin, pwerful filtering and reprting, and accurate results. Alt-N Technlgies, Ltd SW Grapevine Parkway Suite 150 Grapevine, TX Osterman Research, Inc. All rights reserved. N part f this dcument may be reprduced in any frm by any means, nr may it be distributed withut the permissin f Osterman Research, Inc., nr may it be resld r distributed by any entity ther than Osterman Research, Inc., withut prir written authrizatin f Osterman Research, Inc. Osterman Research, Inc. des nt prvide legal advice. Nthing in this dcument cnstitutes legal advice, nr shall this dcument r any sftware prduct r ther ffering referenced herein serve as a substitute fr the reader s cmpliance with any laws (including but nt limited t any act, statue, regulatin, rule, directive, administrative rder, executive rder, etc. (cllectively, Laws )) referenced in this dcument. If necessary, the reader shuld cnsult with cmpetent legal cunsel regarding any Laws referenced herein. Osterman Research, Inc. makes n representatin r warranty regarding the cmpleteness r accuracy f the infrmatin cntained in this dcument. THIS DOCUMENT IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED REPRESENTATIONS, CONDITIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE DETERMINED TO BE ILLEGAL Osterman Research, Inc. 13