Feature Story

Secure Communications

Network Box Offers Email Security

To understand Network Box's (www.networkboxusa.com) philosophy on email security, just look to the company's white paper on anti-spam protection, which quotes noted military strategist Sun Tzu: "If you know yourself but not the enemy, for every victory gained you will also suffer a defeat." In other words, you must understand the nature of a spam threat to effectively protect against it. Network Box examines a threat's origin, construction, and execution in order to provide protection with an industry-leading spam detection rate and almost zero false-positives.

Unified Protection

Although many security providers offer standalone email solutions, Network Box doesn't "believe that protection of email is simply a lineup of antivirus software," says CTO Pierluigi Stella. "There's a lot more to protecting email than just filtering for viruses." Instead, Network Box integrates its anti-spam and anti-malware modules into its Managed Security Services solution, which provides 24/7/365 monitoring and proactive management over nearly 150 different security areas.

UTM (unified threat management) devices sitting at customers' Internet gateway entry points help oversee the protection, while patented PUSH technology sends anti-spam and anti- malware updates to UTMs within 45 seconds of availability. The combined result is protection much stronger than "separate pieces trying to talk to each and never achieving any synergy," Stella says.

By functioning as an email proxy that intercepts incoming SMTP (an email protocol) calls from reaching a remote server, Network Box's UTMs provide immediate protection against email server vulnerabilities. The device's firewall and IPS (intrusion prevention system) components then apply DoS (denial of service) protection, filter for known exploits, and prevent accidental misconfigurations that let spammers relay messages through the company's email server. The IPS module also verifies email recipients to prevent directory harvest attacks that result in receiving and scanning hundreds of messages sapping bandwidth and CPU resources. The feature is a "good example of interaction between modules—email protection and IPS working together to reduce the amount of spam," says Stella.

Finely Tuned Engines

Network Box's anti-spam protection uses 25 anti-spam engines and 12-plus techniques total, all backed by a database containing roughly 31 million anti- spam signatures. Among the engines is Z-Scan, a variation of the Network Box cloud-based antivirus engine. Z-Scan identifies zero-day spam outbreaks in seconds and recently elevated Network Box's spam-detection rate to 99.4% with almost no false-positives.

The anti-spam techniques include the open standard SPF (Sender Policy Framework), which reduces send-address forgery attempts, or spoofed email addresses. The continually learning Network Box Relationship system, meanwhile, uses a database to track sent messages and establish a score-based, trusted sender-receiver relationship used to enact various enforcements.

Network Box's malware protection uses roughly 1,000 malware- and policy-based techniques, with policy techniques safeguarding against various user actions, including those not requiring a mouse click. For example, if a message contains a hidden object that's activated when the user hovers the mouse cursor over it, protection is in place. "If there is anything hidden, the [device] will block the email, taking the approach of guilty before proven innocent—a legitimate email has no reason to contain anything hidden," Stella say.

The same "block first, ask questions later" approach applies to iFrames, scripts, binaries, executables disguised as something else, and more, Stella says. URLs that do make it through email filtering are checked against a Google database of URLs known to contain malware or spyware, categorized to determine if the customer's policy allows the URL, and scanned against more than 7 million signatures via three antivirus engines. Thus, "there's still a very high chance that the [UTM device] will stop the attack by blocking the website," Stella says.

Return to: 2012 Feature Stories