By Caroline Denslow
To counter hackers and virus writers, many companies are calling on security firms such as BlackSpider, led by CEO John Chenney, to police their e-mail
|~||~||~|E-mail has become an essential tool of communication in the business world. However, its popularity has also attracted hackers and virus writers, making it the most favoured target of security attacks.
And with an increasing amount of business being conducted via e-mail, the need for security and information integrity has become more pressing than ever.
While there are a multitude of anti-virus products available in the market to protect your e-mail, John Chenney, chief executive officer of BlackSpider, an e-mail security services company, argues that providing security as a service offers better protection than off-the-shelf products. He tells IT Weekly why.
How much importance do you give to e-mail in the enterprise?
Organisations now rely on e-mail as, in many cases, their predominant communications tool for talking to customers, partners and suppliers. Clearly, an effective e-mail infrastructure requires an effective e-mail security infrastructure; the two are mutually dependent.
All of our customers recognise that e-mail security is a fundamental part of their business, and the reason they come to BlackSpider is that we provide a more effective way of delivering e-mail security at a more cost-effective price.
How do you achieve that? What is the technology behind this?
We are fundamentally different from most solutions. We [offer] service rather than a product, and what we do is we process all the e-mails for our customers — both inbound and outbound to and from the internet — before they ever reach the customer’s network.
Today, we process 20 million messages a day and we are able to identify threats that appear inside those e-mails that you could not typically do with a [security] product.
The key benefits our customers receive is that we are able to identify threats ahead of the curve and much more quickly than traditional anti-virus vendors can do.
Over the last 18 months, we have blocked every single e-mail virus outbreak using our own technology before we even had a signature file available from one of the anti-virus vendors.
That level of protection is something you just cannot get by running a product-based solution on your own network.
This comes about because we are able to identify threats within the large volume of e-mails that we process.
What threats do firms face in Europe and the Middle East?
In broad terms the threats that enterprises face here are the same as in Europe.
E-mail is a very effective communication mechanism, and it also provides a very effective way for virus writers and hackers to try and infiltrate organisations’ networks. The costs associated with a virus outbreak in your business are very significant. It is not just the clean-up costs of getting guys in to come and fix it, but the fact that your users won’t be able to work while you take their PCs offline to fix the problem, and the potential loss of reputation if you start infecting other organisations. It is a really significant problem for companies, and I think they recognise that.
The other big issue is spam. Spam has grown from being an irritant over the last three or four years to being a significant problem for businesses.
Sixty-eight percent of the e-mail we process today is complete rubbish, and we never deliver it. That means, of the 20 million e-mail messages we process, about 12 million messages are not delivered to our customers’ networks because they are just rubbish e-mail messages.
The costs associated with downloading and processing those locally for businesses is major. It’s a combination of threats versus the productivity and infrastructure costs associated with unwanted e-mail messages. Those two issues combine to cause a problem for businesses, and what we do is provide an effective solution for dealing with that.
How do you keep up with viruses and spam?
We have the benefit of being able to process all e-mails and identify anomalies in e-mail traffic. For example, if we see an e-mail message that contains no dangerous content — just plain text — then we know that the message, on its own, does not contain a payload.
However, if we see a message that contains a binary executable file, and maybe we see three or four copies of the same message occurring in the last 30 seconds across different customers, then we know that that e-mail is being transmitted by a machine that is not a traditional e-mail server but by an IP address on a dial-up list.
The information, collectively, allows us to identify a suspicious e-mail.
We don’t know the name of the virus or what it does, but what we can do is identify a suspicious message and by blocking and quarantining that e-mail before it reaches our customer’s network, then it provides a much more effective way of dealing with the threat rather than waiting for a [virus] definition from an anti-virus vendor to capture it. That is key when it comes to identifying suspicious e-mails, rather than being dependent on a signature file to identify a particular virus.
We have a team of engineers that are constantly working on threat prevention capabilities and looking at new forms of spam filtering and how we can make them work.
From a spam perspective, what happens with our network is we work with customers to identify honeypots and e-mail addresses that are getting spammed and which they know aren’t real users.
Spammers will use sales, marketing or support — all those usual e-mail addresses — and in many companies they don’t exist. So what we can do is harvest those honeypots, which help us identify what spam messages our customers are receiving and also helps us identify which ones we didn’t stop, and then work out why we didn’t stop it and from there improve our spam protection capabilities.
How long does it take to analyse e-mail content for viruses and spam?
It takes about three seconds per message. We have our own operations centre here that monitors the system to make sure that it is performing appropriately. One of the key benefits of our approach is that we really allow the customers to define and control the way the service operates.
Through the web portal customers are able to create their policies, they are able to see which messages have been quarantined, and if appropriate, they can release or forward those messages.
We really try and deliver the same level of control you would get with a product solution even though we are a service offering.
And that’s a lesson we learnt as a business years ago. To make it really successful for both the customers and us, the key thing is to put the customer in control and allow them to identify and define their policies. We just implement this for them.
So is this the main benefit of a service-based model as opposed to a product?
What we provide is a much more cost-effective way of doing e-mail security with reduced risk. For example, e-mail volumes on our network have doubled in the last 12 months, so we now process twice as many e-mail per person per company than we did this time last year. For an IT manager that means a doubling of e-mail volumes, and it is likely to double again in the next 12 months.
As an IT manager you worry about things like bandwidth, hardware capacity and memory. Have I got enough infrastructures to deal with the growth in e-mail volumes I am expecting over the next 12 months? With us, you only have to pay a fixed fee per user per month and we’ll worry about all of those issues.
How do you deal with increased e-mail payloads?
Well, it grows in terms of e-mail volume and in terms of the number of customers we have on it. But we invest a lot of our R&D effort in being able to process e-mail very efficiently. And so one of our raison d’etres is to work out how quickly we can determine whether a message is junk e-mail and then quarantine it. Our costs are the time, CPU and memory required to process e-mail.
What we do in order to keep costs down for our customers is to invest in R&D to do that, and again it’s another benefit of the service model.
An individual organisation could never justify the R&D effort that we put into e-mail to make it efficient, but we can because we do it for many companies.
What about false positives (business e-mail that is classified with spam)? How common is that with BlackSpider?
There are two points. Firstly, our false positive rate runs is one in every 400,000 e-mail messages, and we are able to monitor that.
Most importantly, rather than statistics, what we do is allow end-users to be in control. Our customers receive an e-mail digest every single day that lists all the messages that have been blocked for you. If there’s an e-mail in that list that you want to access, there is a link in the e-mail digest that lets you access and release the message you have chosen.
We allow the end users to be in control because ultimately our customers’ spam are all subjective. Maybe one of them wants the latest airline ticket adverts coming in. Maybe some don’t.
But ultimately, you need to be in control. How our service differentiates itself is the fact that we allow the end users to release their own spam messages.
We allow them to create their own white and black lists using a very simple click-on-a -link approach, and we do that in multiple languages. It really allows you to tune the service to meet your own requirements.
What are your plans for the Middle East?
We think there is a real opportunity out here, and we have partnered with Tech Access to help us capitalise on that. Our sense is that the region is beginning to understand that working with a specialist third-party provider can add real value to the end customers’ businesses.
We have some early wins out here and we are looking to capitalise on this, and clearly, from a channel perspective and working with Tech Access, we think that the nature of our business, the fact that it is a recurring revenue stream, is a pretty attractive opportunity for partners.
We have had tremendous success in northern Europe in the last 18 months in recruiting and energising partners, and they are seeing the value of a recurring, predictable revenue stream in their business.
BlackSpider provides that revenue stream and also provides a great opportunity for partners to find new customers and engage with new customers in markets such as the Middle East.
What savings can companies see vis-à-vis a product approach?
It is really significant. We have just done a case study with a customer who is a large service provider. They estimated that our solution paid for itself after just three months of purchase.
Our customers are seeing between a 50% and 60% reduction in their IT e-mail security spend over a three-year period, and that is a combination of running less hardware but also the productivity benefits of using a third-party service.
So is this how anti-virus vendors are going to approach the market in future? Services rather than just products?
There certainly is a place for services. And in areas where there is no intrinsic value to the business, if I can make it more effective and cost effective then it makes an awful lot of sense to use a third-party product.
But there are certain aspects, certainly in IT security, where that is much more difficult to achieve because the security is intrinsic to the customer’s network or customer’s operations. There are some parts of the market that are very well geared towards third-party security like ours, and others less so.
How IT savvy are companies in the Middle East and how quickly will they understand your message?
One of the real benefits of our service is that you can try it free for 28 days. We have 90% conversion rate from trial, and so what we do with customers is ask, ‘Do you have effective security [measures]?’ They always say yes, but if you ask them how effective their security solution is — how many viruses has it stopped, how many spam messages has it caught — and they don’t know the answer to these questions, then it probably isn’t effective.
What we do is we offer them our service for 28 days, and at the end of that period, they get a management report that summarises how many viruses it has blocked, how many spam messages it has seized, the e-mail volume, and the top spammers attacking your company.
That report shows them how effective their current infrastructure becomes when they use our e-mail security service… and that is a pretty compelling message to customers. As I say, 68% of e-mails are complete rubbish and many organisations aren’t aware of that fact, because there is no one person looking at the e-mail infrastructure – often it is a combination of people.
By demonstrating the true extent of the issue in their business — and the fact that we deliver a much more cost-effective solution — that is pretty compelling.
To give you a sense of our growth rates, in January 2004 we had been selling for six months and we had 50 customers. Now, we have over 1000 and some of these companies are pretty big organisations.
On the issue of privacy and hosted e-mails, what reaction have you come across here?
Customers rightly ask the question, ‘Do I need to be concerned about my e-mail security?’ We say, ‘Yes, you should be concerned because that is an important thing to worry about.’ But actually today, their e-mail already comes through a third party.
All of the internet e-mail comes through an ISP connection provided by the ISP. The real difference between the ISP and BlackSpider is that we will give you a confidential IT agreement as part of our contract, whereas today you don’t have a confidentiality agreement with your ISP.
We are no different from the ISP in terms of the technology used, but what you do get from us is a guaranteed level of security and commitment to privacy, which you don’t typically get from an ISP.
What do customers say?
They understand that they need to be concerned about privacy.
They are happy to use a third-party company and we have announced our encryption service, which is the way for companies to address piracy concerns, and make sure that e-mails are encrypted between sender and recipient.||**||