Trend Micro and CipherTrust offer better online defences

Improved systems to help firms combat spam and web-based attacks

IT security vendors Trend Micro and CipherTrust have released new products and enhanced functionality to help firms fight increasing threats from spam and web-based attacks, but some have argued that organisations are focusing too much on perimeter defences.

Messaging security vendor CipherTrust has announced enhancements to its TrustedSource reputation system, which will enable it to track emails by the reputation of the sender's IP address, the content of the message and any URLs embedded within that message.

"It looks after all the different problem areas, managing them in an intelligent way by looking at the aspects that [the malicious senders] can't hide, like the origin of the message," said the CipherTrust's technical consultant Ed Rowley.

There has been a rapid increase in image-based spam in recent months because spammers have learned how to randomise images so that many detection tools cannot identify them. This has put a greater load on enterprise email and archiving systems, added Rowley.

And anti-spyware vendor Webroot has reported that 89 percent of UK consumers are infected with spyware, the largest percentage in Europe and matching infection rates not seen since 2004.

Meanwhile, internet security firm Trend Micro has launched a new secure content management (SCM) appliance for mid-sized firms, which sits behind the firewall, providing an extra layer of defence.

The InterScan Gateway Security Appliance (IGSA) can detect and block inbound threats as well as "phone home" attempts from spyware, and remediate infected desktops, according to Peter Craig of Trend Micro.

Like CipherTrust's offering, IGSA includes reputation-based technology to block spam before it is received by an organisation, saving valuable bandwidth and archiving space.

The appliance also includes a new IntelliTrap feature, which can spot malware that is a variant of a previous version by detecting the use of the popular compression application that hackers use to create variants.

"Medium-sized businesses usually don't have an enormous amount of IT resources; their staff tend to be IT generalists so we're trying to make their job easier," said Craig. "The IGSA is very straightforward and can get up and running in a very short time."

But Paul Gostick of security firm Tripwire argued that firms are focusing too much on their perimeter defences and neglecting greater risks that come from internal systems failures caused by unauthorised or unexpected changes to the software stack.

"Firms need [to be able to] detect any changes then reconcile them with the change management database," Gostick argued. "If they were not expected or anticipated changes they must be investigated."

This requires a cultural change within organisations driven from the top down, involving greater individual accountability and penalties for non-compliance with these procedures, Gostick added. "We’re missing the point of where many systems failures come from," he said. "By looking at change control firms can also eek out efficiencies [but] IT security and operations must see the bigger picture [and share more information] to make this possible."