Say No to Spam!

DQI Bureau
New Update

On any given day, email users across the world receive hundreds of spam and

junk mails that eat into precious bandwidth and make for difficult management.

While many enterprises go for spam filters and blocking of unsolicited emails,

the problem continues as spam definitions keep changing and newer threat

scenarios keep emerging. Says Amuleek Bijral, country manager, RSA, Security

threats manifest in various formsviruses, worms, trojans, network hacks, data

loss, improper access control, phishing, social engineering, etc. Some of these

threats are easy to tackle, while some others are getting increasingly difficult

to address.


The magnanimity of the problem becomes quite evident as a 2006 study by the

Radicati Group estimated that spam constituted 70% of the total worldwide

messaging traffic, and this figure is expected to increase to 79% by 2010. The

total number of messages circulating worldwide is projected to be 442 bn, with

351 bn as spam.

Spam volumes are growing faster than expected due to the success of

image-based spam in bypassing anti-spam filters and of email sender identity

spoofing in getting higher response rates, says Mark Levitt, program vice

president for IDCs Collaborative Computing and Enterprise Workplace Research.

IDC estimates that the size of business email volumes sent annually worldwide in

2007 was close to five exabytes, nearly doubling the amount over the past two



Says Niraj Kaushik, country manager, Trend Micro, India and Saarc, Spam has

rapidly changed from a mere nuisance to a major security threat and financial

drain for organizations worldwide, as they attempt to stem the flood of

unsolicited bulk email while ensuring that legitimate correspondence is

delivered correctly. Earlier, spam was relatively easy to block through the use

of blacklists or basic content filtering techniques. But now, spamming methods

have advanced to a point that these technologies are no longer sufficient or


Security Concerns

The financial costs associated with spam are large and growing by every

passing day. Spam leads to loss of employee productivity due to time spent

managing their inboxes and junk email folders, requiring employees to delete

spam and block senders. What makes things unmanageable for businesses is that a

large volume of spam enters the companys networks, thereby choking mail servers

and occupying expensive space in email quarantines and storage archives.

Security has to be

multi-layered with unified threat managementwith firewall, intrusion

preventions, anti-virus, and content filtering

Rahul Gupta, MD, Xserve India

The best approach to preventing

the major-ity of todays spam from entering an organization is to block it

at the perimeter, before it even enters the gateway

Niraj Kaushik, country manager,

Trend Micro, India and Saarc


Deliberating on the threat spam poses, Niraj Kaushik, country manager, Trend

Micro, India and Saarc, says; The inundation of spam results in reduced

bandwidth, slower email delivery, and higher storage costs. To make matters

worse, spam is often a mechanism used to carry viruses, malware, and numerous

other security threats that can compromise sensitive information, damage the

network, and increase cost in terms of network downtimes and repairs to infected

systems. Finally, there is the challenge of successfully blocking spam while at

the same time avoiding the accidental deletion of valuable business emails.

Organizations are struggling to manage spam, which is considered one of the

major security threats, because of the absence of a comprehensive security

strategy. When we speak of spam, it directly impacts the end-point security. In

the whole security chain, end-points play a critical role in safeguarding

enterprise data. Says Vishal Dhupar, MD, Symantec India: The need for a

well-managed infrastructure, specifically around endpoint security, is a key

component of a security strategy. Proper security precautions must be put in

place to protect the growing number of endpointsfrom servers and PCs to laptops

and mobile phonesregularly accessed and utilized by todays highly mobile


As the threat landscape has evolved beyond viruses and worms, customers now

require a more comprehensive endpoint solution that combines anti-virus, anti-spyware,

firewall, intrusion prevention, and device and application control in a way that

is more easily manageable. Experts say that given these dynamics, it is not

surprising that security strategies have evolved within organizations to become

more strategic, more expensive, and more complex.


Security is no longer just an IT function, but touches every aspect of the

business. A September 2007 publication by Goldman Sachs states that the top

three drivers of enterprise security spend were IT policy compliance, data loss

prevention, and endpoint protection. These are significant challenges in

themselves and are highly interrelated, as they touch every aspect of the


Gone are the days of hacking for fifteen minutes of fame. Today, hacking is

a professional crime for financial benefits. Reflecting on this, Bhaskar

Bakthavatsalu, country manager, Sales, Check Point Software Technologies India

and Saarc, says: The increase of worldwide Internet usage and the always-on

connections have actually opened more corridors for security threats. Hackers

constantly uncover and exploit network vulnerabilities and dont wait for

upgrades. There is always a lag between the availability and installation, and

the new protections that the upgrades offer. This is precisely what hackers


Security threats manifest in

various forms. Some of these threats are easy to tackle while some are

getting increasingly difficult to address

Amuleek Bijral, country manager, RSA

The increase of worldwide

Internet usage and the always-on con-nections has actually opened more

corridors for security threats

Bhaskar Bakthavatsalu
, country sales manager, Check Point Software

Technologies, India and Saarc

The need for a well-managed

infra-structure, specifically around endpoint security, is a key component

of a security strategy


MD, Symantec India


Whats the Solution?

The fundamental issue that enterprises face today is that of unplanned

expansion and the so-called good enough fragmented security solution. Siloed

between departments and absence of a central control is an increasing concern.

This has resulted in many chinks in the security infrastructure and is being

exploited by unscrupulous elements for financial gains.

To overcome security challenges like spam, a comprehensive security policy is

needed which is proactive rather than reactive. Says Bakthavatsalu: It is vital

to ensure that the security strategy is seen as a business enabler not a

disabler. It is important to understand that even the smallest of business

changes may possibly throw open a wide array of security vulnerabilities for the


When we talk about a proactive security, what it means is that a security

strategy in its ambit must encompass all the threat scenarios and should

function in a complementary way. Says Rahul Gupta, MD, Xserve India: Security

has to be multi-layered with unified threat management with firewall, intrusion

preventions, anti-virus, and content filtering. Clearly, the panacea lies in an

effective strategy, and hence a strategy that is information centric and focuses

on the risks involved would be very effective in addressing various threats that

any organization faces today. For effective implementation of this strategy, it

also needs to be repeatable.


Says Bakthavatsalu: For any enterprise, it is pertinent to have synergetic

value between its business and security strategies. To avoid discord between

these strategies, the head of information security needs to keep up with

different strategies of the organization and its various departments. Any major

changes to the security strategy need to have a top down approach with support

from all key stakeholders and needs to be communicated across the enterprise.

The impact of spam is multi-dimensional. It cannot be treated in isolation

and it needs to be enmeshed with the security policy. Based on the threat

perception and the levels of protection, enterprises need to go in for solutions

that best work for them. A lot of user education also goes in creating a spam

free enterprise.

Shrikanth G