Ever vigilant

Receiving one or two pieces of spam e-mail aday used to be typical for municipal employeesin Fresno, Calif. Then, a littlemore than a year ago, thatnumber began to rise.First, it hit about 10 a day. Then it quicklyrose to as many as 20 or 30 unwantede-mail messages every day.For Fresno, the increase in spam waspotentially hurting employee productivity,besides exposing the city to security threats,such as phishing attempts, said Raj Nagra,the city's senior network systems specialist.The city's homegrown spam protectionsolution that had worked for years was finallystarting to lose the fight against unwantede-mail. Rather than try to fix the old systemor build a new one, city officials decided tobuy a spam protection appliance to stopjunk e-mail, Nagra said."It could have taken a few weeks to fix theexisting system, and we didn't want to wait,"Nagra said. "And we couldn't guarantee fixingwould stop all the spam. To get a guarantee,we had to spend the money and buy areal solution."After looking at several products and tryingtwo ?both ofwhicheffectivelyblocked spam ?city officials selecteda security gatewayappliance fromProofpoint Inc., ofSunnyvale, Calif.Other features,such asdaily digests of blocked e-mailand Web interfaces, were thedetermining factors between the two products."When it came down to it, it was some ofthe smaller features that won us overbecause the main features everybody had,"Nagra said.Fresno chose the Proofpoint MessagingSecurity Gateway, which is typically how customersuse the product, said Andrés Kohn,Proofpoint's vice president of product management.The gateway is also available as a virtualappliance running on VMware or as a hostedversion that runs in Proofpoint's data centers.The appliance sits at the perimeter of anorganization's infrastructure, typically withinthe first line of the network. It scans allinbound and outbound e-mail messages andapplies the appropriate policies that decidewhat gets through and what doesn't."So, for the city of Fresno, we're looking atall the inbound e-mail, detecting spam messagesand blocking them from coming in,"Kohn said. The system also scans for viruses.One of the biggest challenges organizationsface is a tremendous increase in the volume ofspam messages, along with a rise in virusesand malware. The sheer volume makes it difficultfor some anti-spam systems installed threeor more years ago to keep up with the demand."With the city of Fresno, since the beginningof the year until now, they've seen their e-mailvolume more than double," Kohn said. "Whatthat obviously means is if you bought a solutionthat was barely keeping up with demandwhen you first bought it, by now, it would behalf the power they need."Kohn has seen organizations that received10,000 e-mails a day three years ago nowreceive about 100,000 a day. That makes it important to find a system that can scale tomeet an ever-growing demand.Fresno's initial use of a homegrown systemis typical, especially in the government, Kohnsaid. However, it is difficult to continuallyupdate in-house systems to keep pace withincreasingly sophisticated spammers."It takes a lot of time and effort to keepthese filters up-to-date; you might even needprogramming skills," he said. "Even older-generationsolutions need to be constantlytweaked, which takes a lot ofmanpower."Proofpoint's appliances andsome of its competitors' offerings also helpagencies comply with privacy regulations byscanning outbound e-mail messages. The sameinfrastructure can detect such information asprivate health care and credit card data.One of the city's biggest concerns waswhether a system might block too muche-mail. City council members, for example,depend on the municipal e-mail system tointeract with citizens. Blocking legitimatemessages hasn't happened yet, and a digest ofblocked messages is available to employeeswho want to monitor the traffic."Some users would like more blocked andother people, just to be safe, want to let morein," Nagra said. "It's just that tightrope youhave to walk."Proofpoint's update serviceautomatically maintains spamprotection. It also has individuallycontrollable spam andadult content scores thatallow the organization toenforce policies againstpornographic spam.Proofpoint's multilingual spamdetection offers protection againstspam in any language, includinghard-to-analyze languagessuch as Japanese andChinese.For systems integrators workingwith government agencies incircumstances similar to Fresno's,Nagra recommends approachingonly those vendors willing to providedemonstration units.The best way to evaluate the products'effectiveness is to run them sideby side in a real environment,he said.