This paper examine today's email threats, the current state of enterprise defenses, and plans to address emerging threats. Learn about a technology blueprint for enterprise email security called STAMP-McAfee's Seven Technologies for Advanced Email Protection.
White Paper
STAMPing out Email Risk:
Seven Technologies for Advanced
Mail ProtectionWhite Paper STAMPing out Email Risk: Seven Technologies for Advanced Mail Protection
Table of ContentsExecutive Summary 3Introduction 3Inbound Threats: This is Not Your Father's Spam 3Global spam volumes and spam as a percent of all mail continue to grow 4Enter the criminal element 4Storm clouds on the email horizon 4
Outbound Threats: Sensitive Data Leakage 6Email Security Today: Avoidable Risks Persist 7Safety and Savings: You Can Have it All 7Cost savings 7Productivity gain 8Tightening security, reducing cost 9New delivery models 10
Summary 10STAMP-McAfee's Seven Technologies for Advanced Mail Protection 10Multi-protocol reputation-based protection 10Global intelligence plus local knowledge 11Complete content detection, both structured and unstructured 11Robust encryption and other compliance actions with integrated policy 12Integrated for inbound and outbound 13Hybrid solution architecture 13Enterprise-class scalability, stability, ease-of-administration, and reporting 13
Summary 14McAfee Email Security Products 14McAfee Email Gateway 14TrustedSource 15McAfee's hybrid delivery architecture 15
Conclusion and Next Steps 15Endnotes 16White Paper STAMPing out Email Risk: Seven Technologies for Advanced Mail Protection
Executive SummaryEmail is today's primary medium of business communications. As such, it presents a rich target for hackers, spammers, and malware owners, and a vulnerability to careless or malicious insiders. Regulators have noted the importance of email in the enterprise, and have issued email-specific rules and regulations regarding privacy and intellectual property protection and archiving. In 1September of 2008, McAfee commissioned the analyst firm IDC to survey the state of email security at North American organizations with more than 500 employees. Given the threats and challenges we face, the results were dismaying. The survey revealed concern yet complacency, sub-optimal solution performance yet inaction.This paper examines today's email threats, the current state of enterprise defenses, and plans to address emerging threats. Most importantly, it provides a technology blueprint for enterprise email security called STAMP-McAfee's Seven Technologies for Advanced Email Protection.
IntroductionToday's email threats are far more dangerous than yesterday's. On the inbound side, blended email and web attacks masterminded by profit-seeking criminals are now the norm. Spam is no longer about selling, it's about stealing. Attacks are targeted and fast moving. The perpetrators are more sinister, organized, and sophisticated. Orchestrated botnet armies strike globally and quickly go dormant. Harmful payloads morph continuously to evade signature-based defenses, and are more often delivered through an embedded web link rather than a direct file attachment. Every malicious email that penetrates the perimeter carries dramatically more risk than ever before.On the outbound side, email is a primary egress point for sensitive and confidential information. More and more information is accessible to individuals within the organization, all of whom have email and web access. Combined with the temporary nature of the workforce, with contractors, consultants, and temporary workers continually coming and going, the risk of data leakage remains high. The potential costs of lost business, regulatory fines, lawsuits, and brand erosion can be staggering.IT security professionals, meanwhile, must contend with the budget and cost pressures of an uncertain economy, line of business concerns, and changing priorities such as green computing and outsourcing. Security often takes a back seat.The IDC survey sponsored by McAfee revealed both concern and complacency among IT professionals who manage email security for organizations in North America. Of the nearly 60 percent who were achieving sub-optimal inbound email security compared to best practices, only three percent were dissatisfied with that performance. And while almost 90 percent were very concerned about data leakage over email, less than a third had implemented a solution. In part, this inaction seems due to the lack of a framework for evaluating available solutions to select those that are both robust and cost-effective. TDrawing on customer experience, the IDC white pape... [download for more]
