Welcome to the security blog sponsored by Cisco. Security is now a boardroom conversation. The attack landscape is becoming more complex. And we’re beginning to realize the value of the Internet of Everything. Gain market insights and actionable steps for threat-centric security, reduce complexity and operationalizing security.
Spam continues to thrive thanks to ‘snowshoe’ strategy
BrandPosts are written and edited by members of our sponsor community. BrandPosts create an opportunity for an individual sponsor to provide insight and commentary from their point-of-view directly to our audience. The editorial team does not participate in the writing or editing of BrandPosts.
By CP Morey
Tech pundits and vendors have been prematurely declaring the death of email for over a decade. However, email remains the dominant form of communication for businesses and individuals around the world despite its shortcomings. A Radicati Group report claims that businesses sent and received nearly 110 billion—with a “B”—emails per day in 2014, and contrary to rumors of its demise, email is expected to grow to as high as 140 billion per day by 2018.
With some sources claiming that as much as 80 percent of the email traffic around the world is spam, this means that up to 88 billion messages per day are unwanted junk mail. As if that isn’t bad enough, the Cisco 2015 Annual Security Report indicates that the volume of spam messages skyrocketed 250 percent between January and November of 2014.
How is that spam remains such a huge threat to productive email communication after all these years? Attackers know that it is often easier to exploit users via email and use targeted campaigns to gain entry for more advanced attacks. The reality is that spam is a big business. Spammers have a vested interest in continuing to adapt and innovate to make sure their messages evade spam filters and reach the unsuspecting targets they’re intended for. Due to these trends, phishing and other spam tactics remain a valuable weapon and a persistent threat.
Detecting and blocking massive floods of spam from a single source is simple. Most organizations have some technology in place capable of identifying a high volume of email originating from a single IP address and rejecting those messages as spam. Spammers know this as well, which is why they’ve come up with a new strategy to circumvent that detection: the “snowshoe” strategy.
A snowshoe enables someone to walk on the surface of snow rather than falling through with each step because it distributes the weight across a wider area. When it comes to spamming, the snowshoe strategy takes a similar approach—spreading the attack across a more diverse range of IPs and avoiding broadcasting too many emails from a single source to make sure no red flags are tripped.
Blocking spam isn’t rocket science per se, but it is an ongoing struggle even though most of the best anti-spam systems block up to 99.9% of spam. Effective spam defense requires evolving tools and processes to stay a step ahead of new and innovative spam techniques – like the snowshoe strategy – that make up the .1% of attacks still getting through.
Email gateways are the obvious point at which to identify and block spam, but this alone is not enough. Email gateways will give incoming messages a simple “pass / fail” based on a single point in time. Spammers only need to figure out how to outsmart the email gateway once in order to overrun the network with spam.
Many organizations use a layered defense comprised of multiple tools from a variety of vendors that check and block spam at different points throughout the network. This is a more effective approach, based on the idea that spam missed by one tool will be blocked by the next. However, this approach also introduces some significant challenges. There can be duplication of effort between various spam-blocking tools and unnecessary complexity for IT admins trying to manage and correlate various tools from multiple vendors.
For truly effective protection against email threats, a multi-layered approach using diverse tools—and with a single, unified management console—is the best solution. You get the benefits of the layered defense, but with an integrated system of tools and simplified administration. An integrated solution can provide visibility and control across the entire attack continuum – before, during and after an attack – and offer the broadest set of enforcement and remediation options.
Regardless of what tools you use, the most important thing is to understand there is no “silver bullet” solution. Spammers will be working diligently to find new ways into your Inbox and it’s imperative that you continue to adapt as well to stay one step ahead of the deluge of unwanted emails.