News Stay informed about the latest enterprise technology news and product updates.

Analyst: Stopping spam is for the security admin

SAN FRANCISCO -- Is spam a security administrator's problem? It is, according to Gartner Inc. Enterprise Messaging Research Director Maurene Grey. Grey recently gave a talk on spam filtering at a Sprint user event. Among the things she discussed were how Gartner believes that by, the second quarter of 2004, the 40-plus antispam companies will dwindle to 15 and that, by the fourth quarter of 2004, enterprises will think of spam filtering the same way they think of virus filtering, as "baseline" e-mail architecture. SearchSecurity.com technical editor Benjamin Vigil sat down with Grey to discuss the emerging and evolving spam-filtering industry.

Will antivirus vendors continue to lead in antispam software?
There are roughly 40 current vendors offering some type of spam filtering. We believe that number is declining. This is an emerging space and, just as with any emerging space, there is consolidation. The [antivirus] vendors are definitely playing a significant role in OEM relationships and acquisitions. Evidence to these consolidation efforts: We are already seeing Trend Micro with OEM Postini, and they are starting to roll out their combined solution. Network Associates has acquired a small company called Deersoft. The vendors definitely are making themselves players in this market, but they aren't the only players. What in the market has led companies that weren't traditionally concerned with IT security to try spam filtering?
Well, let me take that question a notch up from spam filtering to e-mail outsourcing. We predicted, some time ago, that the pure play ASPs were going to have a hard time doing hosting in the long term, doing mailbox hosting, that is. We said the long-term survivors were going to be the traditional outsourcers, EDS, etc., and the telcos. The telcos, everyone said, why the telcos? Well, the telcos have the bandwidth, not necessarily from the pipes -- they have that, too -- but they have the 'bandwidth.' We see the telcos as a likely player in providing outsourcing services of the infrastructure as an extension to the networking services they are providing. So if we understand that's the future, then it's natural that they are also providing spam protection.

Understand that they have, Sprint particularly, a wider-ranging offering called eSolutions. The spam protection is a tiny part of e-mail services, which is a tiny part of the eSolutions family. I look at this market as an opportunity. Spam is the low-hanging fruit to bring organizations into that eSolutions family. Who do you think is leading the industry in antispam offerings?
There are two types of offerings: the outsourced solutions and licensed software. In either model, the survivors will have a suite offering. Among the outsourced solutions are Sprint, Frontbridge and Postini. In the licensed software space is Tumbleweed, because they have a suite of solutions, and they have been providing e-mail security for some time. Everyone has to come in with a reputation, a brand awareness. In a year, everyone will have about the same product. Tumbleweed already has a reputation for e-mail security. Britemail, they have been in this space for more than five years, which is longer than everybody. They were doing spam prevention before anyone cared about it, particularly ISPs. They don't have a suite, but they are partnering with other companies. Also, Trend Micro, because they have a lot of traction in the e-mail server space and SMTP space, and with Postini, they have a spam solution. What is the biggest issue in the messaging industry? Second biggest?
Well, I think that from an enterprise messaging point of view, there are two top issues, and they are equal. One is spam, because it is so pervasive. People are in their infancy with dealing with spam. Today, people are at the same point they were two years ago with Melissa and ILoveYou. They know they have to do something about the problem. People are so much smarter today, by necessity.

The other is the whole issue of e-mail retention for regulatory and legislative compliance. This came to light particularly with Enron and accounting irregularities with Merrill Lynch and Martha Stewart, and so on. FCC regulates financial institutions and even specifies how long you need to keep certain records, and e-mail falls under these guidelines. Not only the financial markets, but other verticals are impacted. It is a huge, huge concern.

What is the biggest issue in the messaging industry? Second biggest?

SearchSecurity.com news exclusive: "Researcher chews fat on spam"

SearchSecurity.com technical tip: "What is spam good for?"

FEEDBACK: Tell us whether spam has truly become the domain of the security administrator inside your enterprise.
Send your feedback to the SearchSecurity.com news team.

Whose responsibility is spam?
Whose responsibility is it for eliminating it? If we are talking about enterprise spam, it is clearly an IT issue. The implications for business may be felt beyond IT, but it is a piece of technology, and it is IT's responsibility to eliminate it within the organization. I think the more interesting question is 'whose responsibility it is within the IT organization?', because we are seeing a real shift. Traditionally, spam fell to the messaging group or the network group, however we are seeing a shift in responsibility for spam avoidance from the messaging group over to the security group.

Dig Deeper on Spam, phishing and social engineering attacks

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchSecurity

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

ComputerWeekly.com

Close