Safeguarding email from "vampires"
Peter Stephenson, technology editor, SC Magazine
I teach a concept I have dubbed “Stephenson's Theory of Vampires” to explain why otherwise well-secured networks still become infested with malware. In my theory, we understand that, mythologically, we are safe from vampires unless we invite them into our home. If we think of the enterprise as our home, we do all of the computing equivalences of protecting our home from vampires. We hang the garlic (firewalls), sprinkle the holy water (encryption) and hang out our best silver crucifixes (IPS). Then someone clicks on an email attachment or a phishing message and invites the vampire in.
This month, we have a couple of related product groups to add to our VPK (vampire prevention kit). Our first group, email security, allows us to protect the content of our emails, while the second group, email content management, protects us from virtual blood-suckers. These are, really, closely related product groups, and convergence is dictating that this probably will be the last year we look at them as separate groups.That may be a good thing, though, because one really needs both, and converging them into a single product may make some sense.SC Lab Manager Mike Stephenson and I performed the reviewing duties this month. Mike covered the larger group – email content management – while I picked apart the email security tools.
And there were some definite trends that we observed this month. The first is that we are getting fewer physical appliances in favor of virtual ones. The other trend is an extension of the first: virtualization. These are appliances that are intended specifically to go directly into a virtualized infrastructure. Since that architecture characterizes an ever-growing segment of the data center market, this is an excellent benefit for system admins who don't need another box. In fact, if this trend continues, I predict that physical appliances will become as rare as the proverbial hen's teeth.With this month's crop of solid email tools, one should be able both to secure messages from prying eyes on the internet – where email seems to be about as private as a postcard – and keep those pesky vampires at bay…two worthy and necessary objectives for any security administrator.