Spam Sentinels For a Network’s Edge

Messaging security hardware vendor CipherTrust is breaking out of the firewall with a new appliance and an enhancement to its flagship offering.

The Atlanta-based company said Monday that it launched a Web site called the TrustedSource Portal that shows near real-time information on spam, phishing attacks and fraudulent e-mails encountered worldwide.

The IronMail Edge is a rack-mounted, Intel-based, appliance that sits outside the corporate network’s firewall, the first of its kind in the CipherTrust product line.

Rather than check the contents of the e-mails passing through the appliance, IronMail Edge merely checks the IP address of the sending domain and checks it against a TrustedSource reputation rating.

It will act as a buffer between the Internet and the corporate e-mail gateway that has to check the content of each and every e-mail before sending it on to the end user.

Officials claimed the edge service would block 50 percent of objectionable e-mail that would otherwise have to be processed by the e-mail gateway server.

The inclusion of the edge appliance also expands the gateway’s lifetime and greatly improves performance. Also, a rejected message means less bandwidth consumption since the connection is dropped before the e-mail message can be downloaded.

Taking the load off the e-mail gateway will become more necessary as the volume of spam, trojans, viruses, phishing attacks and its like grows, said Alex Hernandez, CipherTrust director of advanced product development.

“It’s a lot of volume that needs to be dealt with at the gateway,” he said. “We’re blocking it at the edge with IronMail Edge and it doesn’t need a message to decide, it just needs a connection to the sender.”

TrustedSource is CipherTrust’s e-mail analytical engine and rates e-mails along a sliding scale from good to suspicious to bad. An e-mail’s IP address and domain are rated in two ways: general information provided by worldwide ISP abuse data, black/white lists and spam traps; and enterprise data collected from the 4,000 CipherTrust server nodes that pipe back e-mail reputation information based on user feedback, traffic patterns and complaints.

According to officials, CipherTrust’s TrustedSource engine handles 10 billion e-mails a month and blocks access to 170,000 zombies a day.

If the e-mail hitting IronMail Edge is rated bad by the reputation service, it blocks the e-mail from passing through to the network; suspicious- and good-rated e-mails are passed through for content processing by the e-mail gateway.

Although the IronMail Edge is optimized to run in conjunction with the IronMail Gateway, the edge system will work with any gateway sitting behind the firewall.

CipherTrust also enhanced its flagship Gateway appliance with version 6.0. Outside of convenience upgrades like a new setup wizard, with “best practice” configurations from previous customers, and customizable dashboards, IronMail Gateway 6.0 has boosted integration with the rest of the corporate network.

The new version comes with tighter LDAP integration, allowing systems administrators better group synchronization with Microsoft’s Active Directory and IBM’s Notes as well as being able to tell when the LDAP server fails.

IronMail Gateway administrators can also take a deeper look at the e-mails that pass or get rejected from the appliance. A new feature allows administrators to click on a single sender’s information to see its TrustedSource rating. Other new features in Gateway 6.0 include anti-spam enhancements, an outbreak indicator and advanced zombie detection and blocking.

Administrators can also now take the long view of TrustedSource reputations with a Web-based portal available to the public. From the site people can view current and historical data on the reputation of 95 percent of the world’s e-mail senders, from the sender’s country of origin, the network owners and hosts for known senders.

The TrustedSource Portal will also display the top e-mail sender by domain and IP address. The site will also show which senders are using DomainKeys, DomainKey Identified Mail (DKIM), Sender ID or Sender Policy Framework (SPF) to authenticate their e-mails.

IronMail Edge and Gateway 6.0 are available immediately starting at $9,995 and $5,995, respectively. The TrustedSource Portal can be found here.

News Around the Web