Dmitri Alperovitch talks about reputation-based spam protection
With about 90 percent of all emails today being spam, it's hard for even the best anti-spam program to keep up. And what's worse is that spammers are constantly developing new techniques, such as image-based spam, to sidestep the filters. What if you could determine ahead of time, the intentions of everyone who sends you an email? Wouldn't it be wonderful to know, without a doubt, who the bad guys are? What if there were a central authority that knew the reputations of everyone who has ever sent an email? As it turns out, you don't have to be a mind-reader. Reputation-based security is very similar to what the financial services industry has created with credit agencies. Every person who has ever paid a bill or used a credit card has a credit score-a credit reputation, if you will. When you want to buy a new car, the finance company looks at your reputation, and then decides whether or not to let you past the gates and give you some money. We now have the same thing for people who send emails.
Dmitri Alperovitch, Chief Research Scientist at Secure Computing and developer of reputation-based security, talks about the evolution of spam, the next big thing in spam prevention, and how to identify the culprits before they bombard your email server.
Where did reputation based security come from?
It was an invention of CipherTrust, and since then, a variety of other companies have applied it to the email security area as well. When we were working on spam detection at CipherTrust, which was bought by Secure Computing, we realized early on that it made sense to aggregate information on a global level and to collect data from all of the customers that we had deployed at that time, and apply behavioral techniques not on an individual box, but on the cloud where you have a much broader view into email traffic.
You're the point man on reputation system development. What led to your development efforts in this direction? Was there an "aha" moment when you knew that you had to create a reputation system?
Spam was starting to take off in the early 2000s and we were developing antispam technology fairly early on. We realized that a lot of this analysis that we were trying to put on the spam gateway itself would really work much better if we had a view into more traffic. The only way to do that is to put it in the cloud, and have all of these devices talk to the cloud, report what they are seeing, and get information back from the cloud. So that was the "eureka" moment that we had, where we said, "hey, let's try to get as much data as possible." And the only way to do that is through this centralized authority. It's very much akin to a credit agency. If you're a store and someone comes in
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Enterprise 2.0 Implementation
By Aaron C. Newman, Jeremy Thomas
Published by McGraw-Hill
Learn more!
Deploying Cisco Wide Area Application Services
By Zach Seils, Joel Christner
Published by Cisco Press
Learn more!
